Question

I'm checking the integrity of the Android app using SafetyNet.

It goes like this:

1. To get the response, I produce a nonce value on the server and transmit it to the SafetyNet service.
2. The server responds, and I receive it. I now want to check the server to confirm the outcome.

I get a base64 string. I decode it and get the response below.

{
    "evaluationType": "BASIC",
    "ctsProfileMatch": false,
    "apkPackageName": "com.test.safetynetproject",
    "apkDigestSha256": "CbU9JzwRzQneYqnEXewB56ZzPm1DgQ4LGUK0eGlWmyM=",
    "nonce": "U2FnYXI=",
    "apkCertificateDigestSha256": [
        "AJRBzWCfJIY7QD2cp4sv9t0cCGMRGdxuID9VdPLV1H4="
    ],
    "timestampMs": 1624099377557,
    "basicIntegrity": false
}

Now I want to verify the apkCertificateDigestSha256. The sha256 created from my system using cmd is -

C:\Program Files\Java\jdk-11.0.11\bin>keytool -list -v -alias androiddebugkey -keystore C:\Users\.android\debug.keystore
Enter keystore password:
Alias name: androiddebugkey
Creation date: October 25, 2022
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: C=US, O=Android, CN=Android Debug
Issuer: C=US, O=Android, CN=Android Debug
Serial number: 1
Valid from: Tue October 25 11:48:00 IST 2022 until: Thu October 18 11:48:00 IST 2051
Certificate fingerprints:
         SHA1: 43:16:E2:63:DB:2A:53:7C:7D:BB:E9:80:7B:05:1C:74:7C:84:66:A2
         SHA256: 00:94:41:CD:60:9F:24:86:3B:40:3D:9C:A7:8B:2F:F6:DD:1C:08:63:11:19:DC:6E:20:3F:55:74:F2:D5:D4:7E
Signature algorithm name: SHA1withRSA (weak)
Subject Public Key Algorithm: 2048-bit RSA key
Version: 1

Warning:
The certificate uses the SHA1withRSA signature algorithm which is considered a security risk. This algorithm will be disabled in a future update.

The SHA256

00:94:41:CD:60:9F:24:86:3B:40:3D:9C:A7:8B:2F:F6:DD:1C:08:63:11:19:DC:6E:20:3F:55:74:F2:D5:D4:7E

Question - I want to verify if the apkCertificateDigestSha256 is the same as the app certificate. But unable to find any way to do it.

Tries- I tried to base64 decode the AJRBzWCfJIY7QD2cp4sv9t0cCGMRGdxuID9VdPLV1H4= and got a random byte array that does not match with the sha256 created in cmd.

Code -

val decode =
    String(
        Base64.decode(
            responseJws!!.apkCertificateDigestSha256!![0],
            Base64.DEFAULT
        ),
        StandardCharsets.UTF_8
    )

The output -

This is not matching 43:16:E2:63:DB:2A:53:7C:7D:BB:E9:80:7B:05:1C:74:7C:84:66:A2.

Update-

Found some ref but don't really know how to achieve this. 

How do I do the matching?

Answer 1

You've missed a keyword in the download page:

You can verify the signing certificate on the APK matches this SHA256 fingerprint

Since APK files are really just ZIP files, open them with your preferred archive program (I prefer 7zip) and extract META-INFCERT.RSA from it. The certificate fingerprint can then be compared to what is stated on the website. Be aware that this differs from the hash of the entire certificate. To check it, you'll need to use keytool.

The Java JDK contains the keytool binary, which is located in the %ProgramFiles%Java jdk version>bin directory and can be used as follows:

keytool -printcert -file X:\Path\To\CERT.RSA

Output looks like this:

Owner: CN=Whisper Systems, OU=Research and Development, O=Whisper Systems, L=Pittsburgh, ST=PA, C=US
Issuer: CN=Whisper Systems, OU=Research and Development, O=Whisper Systems, L=Pittsburgh, ST=PA, C=US
Serial number: 4bfbebba
Valid from: Tue May 25 16:24:42 BST 2010 until: Tue May 16 16:24:42 BST 2045
Certificate fingerprints:
         MD5:  D9:0D:B3:64:E3:2F:A3:A7:BD:A4:C2:90:FB:65:E3:10
         SHA1: 45:98:9D:C9:AD:87:28:C2:AA:9A:82:FA:55:50:3E:34:A8:87:93:74
         SHA256: 29:F3:4E:5F:27:F2:11:B4:24:BC:5B:F9:D6:71:62:C0:EA:FB:A2:DA:35:AF:35:C1:64:16:FC:44:62:76:BA:26
         Signature algorithm name: SHA1withRSA
         Version: 3

As you can see, the SHA256 fingerprint corresponds to what we observed on the website.

Once this has been confirmed, you can proceed to install the APK on your Android device. You can rely on the Android operating system to verify that the APK is correctly signed since it won't let you load it unless you've confirmed that the signing certificate inside the APK matches the one that Signal expects you to see.