You've already forked ReZygisk
mirror of
https://github.com/PerformanC/ReZygisk.git
synced 2025-09-06 06:37:01 +00:00
add: misaki.sig for zip-level build integrity
This commit adds Misaki, a new ReZygisk system to help improve safety in the root community, by allowing users to check whether a build is official or not with the use of tools like SignSee. Name credits for Anonymous, in The PerformanC Organization Telegram chat.
This commit is contained in:
ThePedroo
@@ -93,7 +93,6 @@ androidComponents.onVariants { variant ->
|
||||
|
||||
doLast {
|
||||
if (file("private_key").exists()) {
|
||||
println("=== Guards the peace of Machikado ===")
|
||||
val privateKey = file("private_key").readBytes()
|
||||
val publicKey = file("public_key").readBytes()
|
||||
val namedSpec = NamedParameterSpec("ed25519")
|
||||
@@ -115,6 +114,35 @@ androidComponents.onVariants { variant ->
|
||||
}
|
||||
}
|
||||
|
||||
/* INFO: Misaki is the file that holds signed hash of
|
||||
all files of ReZygisk module, to ensure the
|
||||
zip (runtime and non-runtime) files hasn't
|
||||
been tampered with.
|
||||
*/
|
||||
fun misakiSign() {
|
||||
sig.initSign(privKey)
|
||||
|
||||
val filesToProcess = TreeSet<File> { f1, f2 ->
|
||||
f1.path.replace("\\", "/")
|
||||
.compareTo(f2.path.replace("\\", "/"))
|
||||
}
|
||||
|
||||
root.asFile.walkTopDown().forEach { file ->
|
||||
if (!file.isFile) return@forEach
|
||||
|
||||
val fileName = file.name
|
||||
if (fileName == "misaki.sig") return@forEach
|
||||
|
||||
filesToProcess.add(file)
|
||||
}
|
||||
|
||||
filesToProcess.forEach { file -> file.sha(file) }
|
||||
|
||||
val misakiSignatureFile = root.file("misaki.sig").asFile
|
||||
misakiSignatureFile.writeBytes(sig.sign())
|
||||
misakiSignatureFile.appendBytes(publicKey)
|
||||
}
|
||||
|
||||
fun getSign(name: String, abi: String, is64Bit: Boolean) {
|
||||
val set = TreeSet<Pair<File, File?>> { o1, o2 ->
|
||||
o1.first.path.replace("\\", "/")
|
||||
@@ -154,11 +182,32 @@ androidComponents.onVariants { variant ->
|
||||
signFile.appendBytes(publicKey)
|
||||
}
|
||||
|
||||
/* INFO: Machikado is the name of files that holds signed hash of
|
||||
all runtime files of ReZygisk module, to ensure the
|
||||
runtime files hasn't been tampered with.
|
||||
*/
|
||||
println("=== Guards the peace of Machikado ===")
|
||||
|
||||
getSign("machikado.arm64", "arm64-v8a", true)
|
||||
getSign("machikado.arm", "armeabi-v7a", false)
|
||||
|
||||
getSign("machikado.x86_64", "x86_64", true)
|
||||
getSign("machikado.x86", "x86", false)
|
||||
|
||||
fileTree(moduleDir).visit {
|
||||
if (isDirectory) return@visit
|
||||
|
||||
val md = MessageDigest.getInstance("SHA-256")
|
||||
file.forEachBlock(4096) { bytes, size ->
|
||||
md.update(bytes, 0, size)
|
||||
}
|
||||
|
||||
file(file.path + ".sha256").writeText(Hex.encodeHexString(md.digest()))
|
||||
}
|
||||
|
||||
println("=== At the kitsune's wedding ===")
|
||||
|
||||
misakiSign()
|
||||
} else {
|
||||
println("no private_key found, this build will not be signed")
|
||||
|
||||
@@ -167,16 +216,20 @@ androidComponents.onVariants { variant ->
|
||||
|
||||
root.file("machikado.x86_64").asFile.createNewFile()
|
||||
root.file("machikado.x86").asFile.createNewFile()
|
||||
}
|
||||
|
||||
fileTree(moduleDir).visit {
|
||||
if (isDirectory) return@visit
|
||||
|
||||
val md = MessageDigest.getInstance("SHA-256")
|
||||
file.forEachBlock(4096) { bytes, size ->
|
||||
md.update(bytes, 0, size)
|
||||
}
|
||||
|
||||
file(file.path + ".sha256").writeText(Hex.encodeHexString(md.digest()))
|
||||
}
|
||||
|
||||
root.file("misaki.sig").asFile.createNewFile()
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user