Skip to content

Latest commit

 

History

History
47 lines (38 loc) · 1.58 KB

Repackaging-Detection.md

File metadata and controls

47 lines (38 loc) · 1.58 KB
Raw

Repackaging detection

Repackaging detection is a security feature that detects if the application was modified and re-signed with a different signing certificate.

iOS Setup

To properly configure the repackage detection, you need to get the Base64 encoded string of your signing certificate:

  1. Open the Keychain Access application.
  2. Find a certificate that will be used to sign your application, for example, "Apple Development: Jan Tester (c)".
  3. Right-click on the item and click "Export...".
  4. Export the certificate in the .cer format.
  5. Open up the terminal and cd into the folder with your exported certificate.
  6. Encode the certificate in Base64 with cat your_exported.cer | base64.
  7. Copy the output of the command and use it as a parameter for the repackage detection configuration:
const configuration = {
    apple: {
        rasp: {
            repackage: { 
                action: "NOTIFY",
                trustedCertificates: [ "BASE64" ] 
            }
        }
    }
}

Android Setup

The same feature can be configured also for Android platform. At first, follow the steps from Obtaining Signature Hash document available from the Malwarelytics for Android SDK.

Once you have the signature hash, then alter your configuration:

const configuration = {
    android: {
        rasp: {
            repackage: {
                action: 'NOTIFY',
                signatureHash: [ "HEXADECIMAL-HASH" ]
            }
        }
    }
}