Repackaging Detection

Repackaging detection is a security feature that detects if the application was modified and resigned with a different signing certificate.

Repackaging Detection for Apple Platforms

To properly configure the repackaging detection, you need to get the Base64-encoded string of your signing certificate:

  1. Open the Keychain Access application.
  2. Find a certificate that will be used to sign your application, for example, “Apple Development: Jan Tester (c)”.
  3. Right-click on the item and click “Export…”.
  4. Export the certificate in the .cer format.
  5. Open up the terminal and cd into the folder with your exported certificate.
  6. Encode the certificate in Base64 with cat your_exported.cer | base64.
  7. Copy the output of the command and use it as a parameter for the repackage detection configuration:
const configuration = {
    appleConfig: {
        raspConfig: {
            repackage: { 
                action: "EXIT",
                exitUrl: "https://wultra.com/repackaging"      // provide link to a web page explaining the app termination
                base64EncodedTrustedCertificates: [ "BASE64" ]
            }
        }
    }
}

Repackaging Detection for Android

To properly configure the repackaging detection, you have to get one or more Base64-encoded strings, each containing a SHA-1 hash of a signing certificate.

Detailed documentation about obtaining signature hash can be found in the documentation of Malwarelytics for Android.

Once the signature hash has been obtained, add it to the configuration:

const configuration = {
    androidConfig: {
        raspConfig: {
            repackage: {
                action: 'EXIT',
                exitUrl: "https://wultra.com/repackaging" // provide link to a web page explaining the app termination
                signatureHash: [ "BASE64-OF-SHA1-HASH" ]  // provide Base64-encoded string(s), each containing a SHA-1 hash of a signing certificate
            }
        }
    }
}
Last updated on Sep 22, 2023 (08:22) Edit on Github Send Feedback
Search

5.2.x

Malwarelytics for Cordova