make fix more precise, based on rapid7#2343

busterb · busterb · commit 4fec2e758d1d · 2018-03-01T08:59:55.000-06:00
diff --git a/lib/msf/core/payload/android.rb b/lib/msf/core/payload/android.rb
@@ -94,9 +94,11 @@ def sign_jar(jar)
     # certificate not_after times later than Jan 1st 2038, since long is 32-bit.
     # Set not_after to a random time 2~ years before the first bad date.
     #
-    # FIXME: this will break again in 2031, hopefully all 32-bit systems will
-    # be dead by then...
-    cert.not_after = Time.new("2034/01/01") + rand(3600 * 24 * 365 * 2)
+    # FIXME: this will break again randomly starting in late 2033, hopefully
+    # all 32-bit systems will be dead by then...
+    #
+    # The timestamp 0x78045d81 equates to 2033-10-22 00:00:01 UTC
+    cert.not_after = Time.at(0x78045d81 + rand(0x7fffffff - 0x78045d81))
 
     # If this line is left out, signature verification fails on OSX.
     cert.sign(key, OpenSSL::Digest::SHA1.new)
