转载请注明出处

根据已知Google证书的序列号来识别APK使用哪种证书签名的

目前只列出google原生签名，其他私有签名均视为presigned

#!/bin/bash

# Grab cert. info from APKs

# eric, 130628

CER_NAMES=(

# google key serial

google_platform

google_shared

google_media

google_testkey

# google devkeys

google_devkey

google_devkey_media

google_devkey_platform

google_devkey_shared

)

CER_SERIALS=(

# google key serial

B3998086D056CFFA

F2A73396BD38767A

F2B98E6123572C4E

936EACBE07F201DF

# google dev devkeys

BCDFE81405D5C69E

A1573D0F45BEA193

A3823FB27F6289B8

BE56E295629C3E3D

)

if [ -z $1 ]

then

   echo "usage: $0 <apks_dir>"

   exit 1

fi

echo "certificate, cert_serial, apk" >/dev/stderr

(

find $1 -name *.apk | while read apk

do

    # echo "=== $apk ==="

    apk_cert=$(unzip -p $apk META-INF/*.RSA | \

               openssl pkcs7 -inform DER -print_certs | \

  openssl x509 -noout -serial)

    if [ $? != 0 ]

    then

        echo "*** err: Cannot grab certs of '$apk'"

continue

    fi

    rsa_ser=${apk_cert#*=}

i=0

cert="presigned"

for v in ${CER_SERIALS[@]}

do

   if [ "$v" = "$rsa_ser" ]

   then

   cert=${CER_NAMES[$i]}

# echo "$i === $cert"

break

fi

i=$((i+1))

done

    echo "$cert, $rsa_ser, $apk"

done

) | sort

exit 0