-
Welcome to B4X forum!
B4X is a set of simple and powerful cross platform RAD tools:
- B4A (free) - Android development
- B4J (free) - Desktop and Server development
- B4i - iOS development
- B4R (free) - Arduino, ESP8266 and ESP32 development
B4J Question Is there a way for the app to checksum itself (.class)?
- Thread starter wonder
- Start date
- Similar Threads Similar Threads
As a whole, I suspect not. You would have to hard-code the correct hash into the jar and then have the program run the hash on the jar file and compare it to the hard-coded, known-to-be-correct hash. But you (the programmer) can't know the correct hash until you run the hash on the completed jar file which means you can't hard-code the correct hash until you've run a hash on the completed jar file. But the jar file isn't completed until it has the hard-coded hash inside it. Chicken and the egg. (note that changing a single bit of a file will alter the hash; that's the whole point of hashing)
A method that will work, though, is to have the correct hash stored on a server or something and the program would get its own hash and compare it to the one stored on the server.
You CAN hard-code the hashes for a bunch of individual files inside the jar (remember, the jar file is just a zip). You could do this for .class file, images, database files, etc... You just won't be able to do it, I think, for the individual file that contains all the correct hashes for the reason described above.
Also, note that MD5 isn't considered secure, anymore.
A method that will work, though, is to have the correct hash stored on a server or something and the program would get its own hash and compare it to the one stored on the server.
You CAN hard-code the hashes for a bunch of individual files inside the jar (remember, the jar file is just a zip). You could do this for .class file, images, database files, etc... You just won't be able to do it, I think, for the individual file that contains all the correct hashes for the reason described above.
Also, note that MD5 isn't considered secure, anymore.
Upvote
0
Oh yes, any particular class file can be hashed, so long as it isn't expected to store its own known-correct hash. A Java program can inspect its own jar by unzipping it. Check out any of the Archiver libraries. You can manually unzip a jar to see what's inside, and what the file structure is. A Java program can also access certain resources in the jar via
B4X:
File.DirAssets
[\CODE]
You can do the same with Android apps and their apk files (which are also just zips) but you might run into some problems getting permission to access /data/apps, where all the apks are stored.
Upvote
0
