Primer paso de la investigacion. Se aportan el .apk, las carpetas con el apk extraido y el apk descompilado. El archivo API_DOCUMENTATION.md es un archivo donde se anotaran los descubrimientos del funcionamiento de la API, y los .py son scripts para probar la funcionalidad de la API con los métodos que vayamos encontrando. Finalmente, los archivos .js son scripts de Frida para extraer informacion de la APP durante la ejecucion.

2025-12-04 13:59:54 +01:00
parent f2fd1c3bf5
commit e0133d2ca2
10432 changed files with 1019085 additions and 1 deletions
--- a/apk_decompiled/sources/com/google/android/gms/common/GoogleSignatureVerifier.java
+++ b/apk_decompiled/sources/com/google/android/gms/common/GoogleSignatureVerifier.java
@@ -0,0 +1,167 @@
+package com.google.android.gms.common;
+
+import android.annotation.SuppressLint;
+import android.content.Context;
+import android.content.pm.ApplicationInfo;
+import android.content.pm.PackageInfo;
+import android.content.pm.PackageManager;
+import android.content.pm.Signature;
+import android.util.Log;
+import com.google.android.gms.common.annotation.KeepForSdk;
+import com.google.android.gms.common.internal.Preconditions;
+import com.google.android.gms.common.internal.ShowFirstParty;
+import com.google.errorprone.annotations.RestrictedInheritance;
+import java.util.Set;
+
+@ShowFirstParty
+@KeepForSdk
+@RestrictedInheritance(allowedOnPath = ".*java.*/com/google/android/gms/common/testing/.*", explanation = "Sub classing of GMS Core's APIs are restricted to testing fakes.", link = "go/gmscore-restrictedinheritance")
+/* loaded from: classes3.dex */
+public class GoogleSignatureVerifier {
+    private static GoogleSignatureVerifier zza;
+    private static volatile Set zzb;
+    private final Context zzc;
+    private volatile String zzd;
+
+    public GoogleSignatureVerifier(Context context) {
+        this.zzc = context.getApplicationContext();
+    }
+
+    @KeepForSdk
+    public static GoogleSignatureVerifier getInstance(Context context) {
+        Preconditions.checkNotNull(context);
+        synchronized (GoogleSignatureVerifier.class) {
+            try {
+                if (zza == null) {
+                    zzn.zze(context);
+                    zza = new GoogleSignatureVerifier(context);
+                }
+            } catch (Throwable th) {
+                throw th;
+            }
+        }
+        return zza;
+    }
+
+    public static final zzj zza(PackageInfo packageInfo, zzj... zzjVarArr) {
+        Signature[] signatureArr = packageInfo.signatures;
+        if (signatureArr == null) {
+            return null;
+        }
+        if (signatureArr.length != 1) {
+            Log.w("GoogleSignatureVerifier", "Package has more than one signature.");
+            return null;
+        }
+        zzk zzkVar = new zzk(packageInfo.signatures[0].toByteArray());
+        for (int i = 0; i < zzjVarArr.length; i++) {
+            if (zzjVarArr[i].equals(zzkVar)) {
+                return zzjVarArr[i];
+            }
+        }
+        return null;
+    }
+
+    public static final boolean zzb(PackageInfo packageInfo, boolean z3) {
+        if (z3 && packageInfo != null && ("com.android.vending".equals(packageInfo.packageName) || "com.google.android.gms".equals(packageInfo.packageName))) {
+            ApplicationInfo applicationInfo = packageInfo.applicationInfo;
+            z3 = (applicationInfo == null || (applicationInfo.flags & 129) == 0) ? false : true;
+        }
+        if (packageInfo != null && packageInfo.signatures != null) {
+            if ((z3 ? zza(packageInfo, zzm.zza) : zza(packageInfo, zzm.zza[0])) != null) {
+                return true;
+            }
+        }
+        return false;
+    }
+
+    @SuppressLint({"PackageManagerGetSignatures"})
+    private final zzx zzc(String str, boolean z3, boolean z4) {
+        zzx zzc;
+        ApplicationInfo applicationInfo;
+        if (str == null) {
+            return zzx.zzc("null pkg");
+        }
+        if (str.equals(this.zzd)) {
+            return zzx.zzb();
+        }
+        if (zzn.zzg()) {
+            zzc = zzn.zzb(str, GooglePlayServicesUtilLight.honorsDebugCertificates(this.zzc), false, false);
+        } else {
+            try {
+                PackageInfo packageInfo = this.zzc.getPackageManager().getPackageInfo(str, 64);
+                boolean honorsDebugCertificates = GooglePlayServicesUtilLight.honorsDebugCertificates(this.zzc);
+                if (packageInfo == null) {
+                    zzc = zzx.zzc("null pkg");
+                } else {
+                    Signature[] signatureArr = packageInfo.signatures;
+                    if (signatureArr == null || signatureArr.length != 1) {
+                        zzc = zzx.zzc("single cert required");
+                    } else {
+                        zzk zzkVar = new zzk(packageInfo.signatures[0].toByteArray());
+                        String str2 = packageInfo.packageName;
+                        zzx zza2 = zzn.zza(str2, zzkVar, honorsDebugCertificates, false);
+                        zzc = (!zza2.zza || (applicationInfo = packageInfo.applicationInfo) == null || (applicationInfo.flags & 2) == 0 || !zzn.zza(str2, zzkVar, false, true).zza) ? zza2 : zzx.zzc("debuggable release cert app rejected");
+                    }
+                }
+            } catch (PackageManager.NameNotFoundException e4) {
+                return zzx.zzd("no pkg ".concat(str), e4);
+            }
+        }
+        if (zzc.zza) {
+            this.zzd = str;
+        }
+        return zzc;
+    }
+
+    @KeepForSdk
+    public boolean isGooglePublicSignedPackage(PackageInfo packageInfo) {
+        if (packageInfo == null) {
+            return false;
+        }
+        if (zzb(packageInfo, false)) {
+            return true;
+        }
+        if (zzb(packageInfo, true)) {
+            if (GooglePlayServicesUtilLight.honorsDebugCertificates(this.zzc)) {
+                return true;
+            }
+            Log.w("GoogleSignatureVerifier", "Test-keys aren't accepted on this build.");
+        }
+        return false;
+    }
+
+    @ShowFirstParty
+    @KeepForSdk
+    public boolean isPackageGoogleSigned(String str) {
+        zzx zzc = zzc(str, false, false);
+        zzc.zze();
+        return zzc.zza;
+    }
+
+    @ShowFirstParty
+    @KeepForSdk
+    public boolean isUidGoogleSigned(int i) {
+        zzx zzc;
+        int length;
+        String[] packagesForUid = this.zzc.getPackageManager().getPackagesForUid(i);
+        if (packagesForUid != null && (length = packagesForUid.length) != 0) {
+            zzc = null;
+            int i4 = 0;
+            while (true) {
+                if (i4 >= length) {
+                    Preconditions.checkNotNull(zzc);
+                    break;
+                }
+                zzc = zzc(packagesForUid[i4], false, false);
+                if (zzc.zza) {
+                    break;
+                }
+                i4++;
+            }
+        } else {
+            zzc = zzx.zzc("no pkgs");
+        }
+        zzc.zze();
+        return zzc.zza;
+    }
+}