You've already forked ReZygisk
mirror of
https://github.com/PerformanC/ReZygisk.git
synced 2025-09-06 06:37:01 +00:00
add: misaki.sig for zip-level build integrity
This commit adds Misaki, a new ReZygisk system to help improve safety in the root community, by allowing users to check whether a build is official or not with the use of tools like SignSee. Name credits for Anonymous, in The PerformanC Organization Telegram chat.
This commit is contained in:
ThePedroo
@@ -93,7 +93,6 @@ androidComponents.onVariants { variant ->
|
|||||||
|
|
||||||
doLast {
|
doLast {
|
||||||
if (file("private_key").exists()) {
|
if (file("private_key").exists()) {
|
||||||
println("=== Guards the peace of Machikado ===")
|
|
||||||
val privateKey = file("private_key").readBytes()
|
val privateKey = file("private_key").readBytes()
|
||||||
val publicKey = file("public_key").readBytes()
|
val publicKey = file("public_key").readBytes()
|
||||||
val namedSpec = NamedParameterSpec("ed25519")
|
val namedSpec = NamedParameterSpec("ed25519")
|
||||||
@@ -115,6 +114,35 @@ androidComponents.onVariants { variant ->
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* INFO: Misaki is the file that holds signed hash of
|
||||||
|
all files of ReZygisk module, to ensure the
|
||||||
|
zip (runtime and non-runtime) files hasn't
|
||||||
|
been tampered with.
|
||||||
|
*/
|
||||||
|
fun misakiSign() {
|
||||||
|
sig.initSign(privKey)
|
||||||
|
|
||||||
|
val filesToProcess = TreeSet<File> { f1, f2 ->
|
||||||
|
f1.path.replace("\\", "/")
|
||||||
|
.compareTo(f2.path.replace("\\", "/"))
|
||||||
|
}
|
||||||
|
|
||||||
|
root.asFile.walkTopDown().forEach { file ->
|
||||||
|
if (!file.isFile) return@forEach
|
||||||
|
|
||||||
|
val fileName = file.name
|
||||||
|
if (fileName == "misaki.sig") return@forEach
|
||||||
|
|
||||||
|
filesToProcess.add(file)
|
||||||
|
}
|
||||||
|
|
||||||
|
filesToProcess.forEach { file -> file.sha(file) }
|
||||||
|
|
||||||
|
val misakiSignatureFile = root.file("misaki.sig").asFile
|
||||||
|
misakiSignatureFile.writeBytes(sig.sign())
|
||||||
|
misakiSignatureFile.appendBytes(publicKey)
|
||||||
|
}
|
||||||
|
|
||||||
fun getSign(name: String, abi: String, is64Bit: Boolean) {
|
fun getSign(name: String, abi: String, is64Bit: Boolean) {
|
||||||
val set = TreeSet<Pair<File, File?>> { o1, o2 ->
|
val set = TreeSet<Pair<File, File?>> { o1, o2 ->
|
||||||
o1.first.path.replace("\\", "/")
|
o1.first.path.replace("\\", "/")
|
||||||
@@ -154,11 +182,32 @@ androidComponents.onVariants { variant ->
|
|||||||
signFile.appendBytes(publicKey)
|
signFile.appendBytes(publicKey)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* INFO: Machikado is the name of files that holds signed hash of
|
||||||
|
all runtime files of ReZygisk module, to ensure the
|
||||||
|
runtime files hasn't been tampered with.
|
||||||
|
*/
|
||||||
|
println("=== Guards the peace of Machikado ===")
|
||||||
|
|
||||||
getSign("machikado.arm64", "arm64-v8a", true)
|
getSign("machikado.arm64", "arm64-v8a", true)
|
||||||
getSign("machikado.arm", "armeabi-v7a", false)
|
getSign("machikado.arm", "armeabi-v7a", false)
|
||||||
|
|
||||||
getSign("machikado.x86_64", "x86_64", true)
|
getSign("machikado.x86_64", "x86_64", true)
|
||||||
getSign("machikado.x86", "x86", false)
|
getSign("machikado.x86", "x86", false)
|
||||||
|
|
||||||
|
fileTree(moduleDir).visit {
|
||||||
|
if (isDirectory) return@visit
|
||||||
|
|
||||||
|
val md = MessageDigest.getInstance("SHA-256")
|
||||||
|
file.forEachBlock(4096) { bytes, size ->
|
||||||
|
md.update(bytes, 0, size)
|
||||||
|
}
|
||||||
|
|
||||||
|
file(file.path + ".sha256").writeText(Hex.encodeHexString(md.digest()))
|
||||||
|
}
|
||||||
|
|
||||||
|
println("=== At the kitsune's wedding ===")
|
||||||
|
|
||||||
|
misakiSign()
|
||||||
} else {
|
} else {
|
||||||
println("no private_key found, this build will not be signed")
|
println("no private_key found, this build will not be signed")
|
||||||
|
|
||||||
@@ -167,15 +216,19 @@ androidComponents.onVariants { variant ->
|
|||||||
|
|
||||||
root.file("machikado.x86_64").asFile.createNewFile()
|
root.file("machikado.x86_64").asFile.createNewFile()
|
||||||
root.file("machikado.x86").asFile.createNewFile()
|
root.file("machikado.x86").asFile.createNewFile()
|
||||||
}
|
|
||||||
|
|
||||||
fileTree(moduleDir).visit {
|
fileTree(moduleDir).visit {
|
||||||
if (isDirectory) return@visit
|
if (isDirectory) return@visit
|
||||||
val md = MessageDigest.getInstance("SHA-256")
|
|
||||||
file.forEachBlock(4096) { bytes, size ->
|
val md = MessageDigest.getInstance("SHA-256")
|
||||||
md.update(bytes, 0, size)
|
file.forEachBlock(4096) { bytes, size ->
|
||||||
|
md.update(bytes, 0, size)
|
||||||
|
}
|
||||||
|
|
||||||
|
file(file.path + ".sha256").writeText(Hex.encodeHexString(md.digest()))
|
||||||
}
|
}
|
||||||
file(file.path + ".sha256").writeText(Hex.encodeHexString(md.digest()))
|
|
||||||
|
root.file("misaki.sig").asFile.createNewFile()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user