Skip to content
/ CheckoutVerifier Public

Verify your In-App Purchase receipts & protect your Apps from hacking, patching used by Piracy Apps like Lucky Patcher.

License

Apache-2.0 license
64 stars 8 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ItzNotABug/CheckoutVerifier

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 Cannot retrieve latest commit at this time.

History

48 Commits
.idea
.idea
 
 
gradle/wrapper
gradle/wrapper
 
 
icon
icon
 
 
library
library
 
 
logo
logo
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
build.gradle
build.gradle
 
 
gradle.properties
gradle.properties
 
 
gradlew
gradlew
 
 
gradlew.bat
gradlew.bat
 
 
settings.gradle
settings.gradle
 
 

Repository files navigation

CheckoutVerifier

Codacy Badge

CheckoutVerifier helps you Verify your In-App Purchase receipts & protect your Apps from hacking, patching used by Piracy Apps like Lucky Patcher.
Since I was using these classes in every project, the copy / pasting of classes was annoying so thought of releasing it as a library which might be of help to others too!

How does it work?

Well, the library sends the Signed Json Response & Signature that you receive after a purchase is completed on a specified server url where it checks the signature of that response data with your BASE64 Key provided to you in your Developer Console.

Set Up

* Get Licensing API Key

Navigate to Developer Console & Select your App.
Go to Development Tools > Services & API.
Copy the BASE64 Licensing Key

* Creating a Verifying PHP File

Just a create a File & name it as verify.php or anything you want.
Paste the following code in it & Upload it to your server.

<?php
    $data = $_GET['jsonResponse'];
    $signature = $_GET['signature'];
    $key_64 = "YOUR BASE64 KEY THAT YOU GOT FROM DEVELOPER CONSOLE, THERE SHOULD BE NO SPACES!";

    $key =  "-----BEGIN PUBLIC KEY-----\n".
            chunk_split($key_64, 64,"\n").
            "-----END PUBLIC KEY-----";

    $key = openssl_get_publickey($key);

    $ok = openssl_verify($data, base64_decode($signature), $key, OPENSSL_ALGO_SHA1);
    if ($ok == 1) {
        echo "verified";
    } elseif ($ok == 0) {
        echo "unverified";
    } else {
        die ("fault, error checking signature");
    }

    openssl_free_key($key);
?>

* Implementing Library (Gradle)

Note: Add mavenCentral() in repositories block.

dependencies {
    // CheckoutVerifier now internally uses Kotlin Coroutines.
    implementation 'com.lazygeniouz:checkout-verifier:$library_version'
}

* CheckoutVerifier

Just pass on the required PurchaseBundle in the Constructor & call authenticate();
The authenticate() returns a Result object.

If the connection to the server was successful & a result was returned,
CompletionResult(isVerified: Boolean) is returned,
ErrorResult(exception: Exception) otherwise.


Example:

yourScope.launch {
    val purchaseBundle = PurchaseBundle(url, jsonResponse, signature)
    when (val result = CheckoutVerifier(purchaseBundle).authenticate()) {
        is CompletionResult -> {
            val verified = result.isVerified
            // Do something
        }
      is ErrorResult -> Log.d(TAG, result.exception.message)
    }
}

About

Verify your In-App Purchase receipts & protect your Apps from hacking, patching used by Piracy Apps like Lucky Patcher.

Topics

android android-security android-protect-apps android-protection android-in-app-billing android-iap android-in-app-purchase

Resources

Readme

License

Apache-2.0 license
Activity

Stars

64 stars

Watchers

4 watching

Forks

8 forks
Report repository

Releases 3

2.0.0 Latest
Jul 26, 2021
+ 2 releases

Packages

No packages published

Contributors 2

  •  
  •  

Languages