Just An Application

August 7, 2014

And Another One: Part Three — For My Next Trick …

This is a very simple Android application which dumps its certificates to standard out

    package xper.android.app.saithe;
    
    import java.io.ByteArrayInputStream;
    import java.security.Principal;
    import java.security.cert.Certificate;
    import java.security.cert.CertificateFactory;
    import java.security.cert.X509Certificate;
    
    import android.os.Bundle;
    import android.app.Activity;
    import android.content.pm.PackageInfo;
    import android.content.pm.PackageManager;
    import android.content.pm.Signature;
    import android.view.Menu;
    
    public class MainActivity
                 extends
                     Activity
    {
        @Override
        protected void onCreate(Bundle savedInstanceState)
        {
            super.onCreate(savedInstanceState);
            setContentView(R.layout.activity_main);
    
            PackageManager pm = getPackageManager();
            try
            {
                PackageInfo pi = pm.getPackageInfo(
                                        "xper.android.app.saithe", 
                                        PackageManager.GET_SIGNATURES);
    
                dumpCertificates(pi.signatures);
    
            }
            catch (Exception e)
            {
                e.printStackTrace();
            }
        }
    
        @Override
        public boolean onCreateOptionsMenu(Menu menu)
        {
            // Inflate the menu; this adds items to the action bar if it is present.
            getMenuInflater().inflate(R.menu.main, menu);
            return true;
        }
	
        private void dumpCertificates(Signature[] theSignatures)
                     throws
                         Exception
        {
            CertificateFactory cf = CertificateFactory.getInstance("X.509");
    
            for (Signature s : theSignatures)
            {
                dumpCertificate(
                    cf.generateCertificate(
                           new ByteArrayInputStream(
                                   s.toByteArray())));
            }
        }
    
        private void dumpCertificate(Certificate theCertificate)
        {
            X509Certificate c = (X509Certificate)theCertificate;
    
            Principal issuer  = c.getIssuerDN();
            Principal subject = c.getSubjectDN();
    
            System.out.println(">> Certificate");
            System.out.println("Version:             " + c.getVersion());
            System.out.println("Serial number:       " + c.getSerialNumber());
            System.out.println("Signature Algorithm: " + c.getSigAlgName());
            System.out.println("Issuer:              " + issuer);
            System.out.println("Validity");
            System.out.println("    Not Before     : " + c.getNotBefore());
            System.out.println("    Not After      : " + c.getNotAfter());
            System.out.println("Subject:             " + subject);
            System.out.println("Raw");
            System.out.println(theCertificate);
            System.out.println("<< Certificate\n");
        }
    }

and this is what it outputs when run on a Nexus 7 running Android 4.3 (output slighly re-formatted)

    ...
    
    I/System.out( 3123): >> Certificate
    I/System.out( 3123): Version:             1
    I/System.out( 3123): Serial number:       16268562900721825114
    I/System.out( 3123): Signature Algorithm: SHA1WithRSA
    I/System.out( 3123): Issuer:              \
        CN=Adobe Systems Incorporated, OU=Information Systems, \
        O=Adobe Systems Incorporated, L=San Jose, ST=California, C=US
    I/System.out( 3123): Validity
    I/System.out( 3123):     Not Before     : Wed Aug 06 13:36:33 BST 2014
    I/System.out( 3123):     Not After      : Thu Aug 06 13:36:33 BST 2015
    I/System.out( 3123): Subject:             \
        CN=AndroidApplication Saithe, OU=AndroidApplication Saithe Group, \
        O=ASH Two, L=Emerald City, ST=Erehwon, C=OZ
    I/System.out( 3123): Raw
    I/System.out( 3123): Certificate:
    I/System.out( 3123):     Data:
    I/System.out( 3123):         Version: 1 (0x0)
    I/System.out( 3123):         Serial Number:
    I/System.out( 3123):             e1:c5:8b:c3:7f:9f:75:5a
    I/System.out( 3123):     Signature Algorithm: sha1WithRSAEncryption
    I/System.out( 3123):         Issuer: C=US
    I/System.out( 3123):         Validity
    I/System.out( 3123):             Not Before: Aug  6 12:36:33 2014 GMT
    I/System.out( 3123):             Not After : Aug  6 12:36:33 2015 GMT
    I/System.out( 3123):         Subject: C=OZ
    I/System.out( 3123):         Subject Public Key Info:
    I/System.out( 3123):             Public Key Algorithm: rsaEncryption
    I/System.out( 3123):                 Public-Key: (2048 bit)
    I/System.out( 3123):                 Modulus:
    I/System.out( 3123):                     00:8a:e3:50:64:5c:1c:40:1e:35:20:3b:35:d7:aa:
    I/System.out( 3123):                     b6:8e:c0:17:53:52:dc:72:df:ce:0a:27:f8:b6:cc:
    I/System.out( 3123):                     46:7b:86:a5:ea:13:7a:91:5b:9c:7b:ba:41:e3:26:
    I/System.out( 3123):                     88:2e:49:46:e6:13:25:f6:ed:63:f9:b6:85:83:7e:
    I/System.out( 3123):                     f8:b5:73:e8:fe:2b:90:a9:8d:c2:31:51:3e:2c:8e:
    I/System.out( 3123):                     9e:5a:ce:7d:c4:9f:fd:98:ce:b6:48:c5:e9:b6:db:
    I/System.out( 3123):                     ba:83:de:32:49:45:5c:61:ac:77:eb:95:c3:c7:c2:
    I/System.out( 3123):                     c0:bd:be:b6:c4:71:a5:66:bc:09:59:5a:dd:44:c7:
    I/System.out( 3123):                     0a:9c:08:01:b2:fa:81:e1:01:21:5c:b0:63:29:99:
    I/System.out( 3123):                     a0:fe:94:89:3d:58:57:fa:7c:30:79:a7:fa:f9:f8:
    I/System.out( 3123):                     c5:7c:25:67:ec:43:0a:6f:0a:85:5f:6a:76:bf:7a:
    I/System.out( 3123):                     d7:a8:e7:46:73:d4:07:bf:79:c8:c6:99:42:16:c9:
    I/System.out( 3123):                     f6:89:87:01:50:fd:2a:c1:c6:4a:cb:88:3d:b4:db:
    I/System.out( 3123):                     82:dc:6f:e1:65:17:ba:1f:cb:66:12:2d:de:fd:25:
    I/System.out( 3123):                     69:f6:07:8b:10:c5:94:21:ad:b3:02:68:4a:96:32:
    I/System.out( 3123):                     42:33:08:97:7c:fd:b7:55:33:d5:61:b9:73:43:bf:
    I/System.out( 3123):                     f5:db:25:e1:63:bb:03:0a:9e:f9:f5:e0:b7:d6:28:
    I/System.out( 3123):                     00:ff
    I/System.out( 3123):                 Exponent: 65537 (0x10001)
    I/System.out( 3123):     Signature Algorithm: sha1WithRSAEncryption
    I/System.out( 3123):          15:df:7e:12:13:d3:0c:08:9d:a0:11:35:74:66:90:c8:8b:cd:
    I/System.out( 3123):          9f:3f:be:e7:84:31:77:e5:cb:c8:51:0b:24:a3:b9:37:49:8e:
    I/System.out( 3123):          88:5c:d9:89:bf:e1:b7:92:6b:b7:29:be:15:8e:1e:d8:6d:81:
    I/System.out( 3123):          d0:01:38:ee:fa:a1:a7:7d:02:f1:22:09:e6:7b:e9:25:5e:2b:
    I/System.out( 3123):          07:d0:2f:3e:9b:cd:87:60:82:4d:dc:4c:0b:27:70:eb:54:b8:
    I/System.out( 3123):          83:c1:15:26:52:a7:61:f5:dd:b4:f9:4c:6f:cc:69:f9:16:a5:
    I/System.out( 3123):          74:e8:7d:84:35:46:b4:f1:d8:3b:97:4c:b7:4c:3a:62:7f:8c:
    I/System.out( 3123):          78:6d
    I/System.out( 3123): << Certificate
    I/System.out( 3123): >> Certificate
    I/System.out( 3123): Version:             3
    I/System.out( 3123): Serial number:       15549593810524997758
    I/System.out( 3123): Signature Algorithm: SHA1WithRSA
    I/System.out( 3123): Issuer:\
        CN=Adobe Systems Incorporated, OU=Information Systems, \
        O=Adobe Systems Incorporated, L=San Jose, ST=California, C=US
    I/System.out( 3123): Validity
    I/System.out( 3123):     Not Before     : Thu Oct 01 01:23:14 BST 2009
    I/System.out( 3123):     Not After      : Mon Feb 16 00:23:14 GMT+00:00 2037
    I/System.out( 3123): Subject:\
        CN=Adobe Systems Incorporated, OU=Information Systems, \
        O=Adobe Systems Incorporated, L=San Jose, ST=California, C=US
    I/System.out( 3123): Raw
    I/System.out( 3123): Certificate:
    I/System.out( 3123):     Data:
    I/System.out( 3123):         Version: 3 (0x2)
    I/System.out( 3123):         Serial Number:
    I/System.out( 3123):             d7:cb:41:2f:75:f4:88:7e
    I/System.out( 3123):     Signature Algorithm: sha1WithRSAEncryption
    I/System.out( 3123):         Issuer: C=US
    I/System.out( 3123):         Validity
    I/System.out( 3123):             Not Before: Oct  1 00:23:14 2009 GMT
    I/System.out( 3123):             Not After : Feb 16 00:23:14 2037 GMT
    I/System.out( 3123):         Subject: C=US
    I/System.out( 3123):         Subject Public Key Info:
    I/System.out( 3123):             Public Key Algorithm: rsaEncryption
    I/System.out( 3123):                 Public-Key: (2048 bit)
    I/System.out( 3123):                 Modulus:
    I/System.out( 3123):                     00:99:72:4f:3e:05:bb:d7:88:43:79:4f:35:77:76:
    I/System.out( 3123):                     e0:4b:34:0e:13:cb:1c:9c:cb:30:44:86:51:80:d7:
    I/System.out( 3123):                     d8:fe:c8:16:6c:5b:bd:87:6d:a8:b8:0a:a7:1e:b6:
    I/System.out( 3123):                     ba:3d:4d:34:55:c9:a8:de:16:2d:24:a2:5c:4c:1c:
    I/System.out( 3123):                     d0:4c:95:23:af:fd:06:a2:79:fc:8f:0d:01:8f:24:
    I/System.out( 3123):                     24:86:bd:bb:2d:bf:bf:6f:cb:21:ed:56:78:79:09:
    I/System.out( 3123):                     19:28:b8:76:f7:cc:eb:c7:bc:ce:f1:57:36:6e:be:
    I/System.out( 3123):                     74:e3:3a:e1:d7:e9:37:30:91:ad:ab:83:27:48:21:
    I/System.out( 3123):                     54:af:c0:69:3a:54:95:22:f8:c7:96:dd:84:d1:6e:
    I/System.out( 3123):                     24:bb:22:1f:5d:bb:80:9c:a5:6d:d2:b6:e7:99:c5:
    I/System.out( 3123):                     fa:06:b6:d9:c5:c0:9a:da:54:ea:4c:5d:b1:52:3a:
    I/System.out( 3123):                     97:94:ed:22:a3:88:9e:5e:05:b2:9f:8e:e0:a8:d6:
    I/System.out( 3123):                     1e:fe:07:ae:28:f6:5d:ec:e2:ff:7e:dc:5b:14:16:
    I/System.out( 3123):                     d7:c7:aa:d7:f0:d3:5e:8f:4a:4b:96:4d:bf:50:ae:
    I/System.out( 3123):                     9a:a6:d6:20:15:77:70:d9:74:13:1b:3e:7e:3a:bd:
    I/System.out( 3123):                     6d:16:3d:65:75:8e:2f:08:22:db:9c:88:59:8b:9d:
    I/System.out( 3123):                     b6:26:3d:96:3d:13:94:2c:91:fc:5e:fe:34:fc:1e:
    I/System.out( 3123):                     06:e3
    I/System.out( 3123):                 Exponent: 3 (0x3)
    I/System.out( 3123):         X509v3 extensions:
    I/System.out( 3123):             X509v3 Subject Key Identifier:
    I/System.out( 3123):                 5A:F4:18:E4:19:A6:39:E1:65:7D:B9:60:99:63:64:A3:7E:F2:0D:40
    I/System.out( 3123):             X509v3 Authority Key Identifier:
    I/System.out( 3123):                 keyid:5A:F4:18:E4:19:A6:39:E1:65:7D:B9:60:99:63:64:A3:7E:F2:0D:40
    I/System.out( 3123):                 DirName:\
        /C=US/ST=California/L=San Jose/O=Adobe Systems Incorporated/OU=Information Systems/CN=Adobe Systems Incorporated
    I/System.out( 3123):                 serial:D7:CB:41:2F:75:F4:88:7E
    I/System.out( 3123):             X509v3 Basic Constraints:
    I/System.out( 3123):                 CA:TRUE
    I/System.out( 3123):     Signature Algorithm: sha1WithRSAEncryption
    I/System.out( 3123):          76:c2:a1:1f:e3:03:35:96:89:c2:eb:c7:b2:c3:98:ef:f8:c3:
    I/System.out( 3123):          f9:ad:54:5c:db:ac:75:df:63:bf:7b:53:95:b6:98:8d:18:42:
    I/System.out( 3123):          d6:aa:15:56:d5:95:b5:69:2e:08:22:4d:66:7a:4c:9c:43:8f:
    I/System.out( 3123):          05:e7:49:06:c5:3d:d8:01:6d:de:70:04:06:88:66:f0:18:46:
    I/System.out( 3123):          36:5e:fd:14:6e:9b:fa:a4:8c:9e:cf:65:7f:87:b9:7c:75:7d:
    I/System.out( 3123):          a1:1f:22:5c:4a:24:17:7b:f2:d7:18:8e:6c:ce:2a:70:a1:e8:
    I/System.out( 3123):          a8:41:a1:44:71:eb:51:45:73:98:b8:a0:ad:dd:8b:6c:8c:15:
    I/System.out( 3123):          38:ca:8f:1e:40:b4:d8:b9:60:00:9e:a2:2c:18:8d:28:92:48:
    I/System.out( 3123):          13:d2:c0:b4:a4:d3:34:b7:cf:05:50:7e:1f:cf:0a:06:fe:94:
    I/System.out( 3123):          6c:7f:fc:43:5e:17:3a:f6:fc:3e:34:00:64:37:10:ac:c8:06:
    I/System.out( 3123):          f8:30:a1:47:88:29:1d:46:f2:fe:ed:9f:b5:c7:04:23:ca:74:
    I/System.out( 3123):          7e:d1:57:2d:75:28:94:ac:1f:19:f9:39:89:76:63:08:57:93:
    I/System.out( 3123):          93:fa:bb:43:64:9a:a8:80:6a:31:3b:1a:b9:a5:09:22:a4:4c:
    I/System.out( 3123):          24:67:b9:06:20:37:f2:da:0d:48:4d:9f:fd:8f:e6:28:ee:ea:
    I/System.out( 3123):          62:9b:a6:37
    I/System.out( 3123): << Certificate
        
    ...

As you can see I have been quite clever, although I say so myself, and have managed to get the hard-wired self-signed Adobe certificate used by the android.web.PluginManager as one of the application’s certificates

Just as well I have no ambitions to load any plugins into a WebView !


Copyright (c) 2014 By Simon Lewis. All Rights Reserved.

Unauthorized use and/or duplication of this material without express and written permission from this blog’s author and owner Simon Lewis is strictly prohibited.

Excerpts and links may be used, provided that full and clear credit is given to Simon Lewis and justanapplication.wordpress.com with appropriate and specific direction to the original content.

Advertisements

1 Comment »

  1. […] is a modified version of the original application which uses the java.security.certificate.Certificate verify method to verify its certificates as […]

    Pingback by Another One: Part Sixteen — Spot The Deliberate Mistake | Just An Application — August 16, 2014 @ 7:12 am


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: