APKEditor icon indicating copy to clipboard operation
APKEditor copied to clipboard
verified publisher icon REAndroid

Invalid Signature Scheme v2 after restoring

Open ghost opened this issue 1 year ago • 5 comments

Describe the bug Signature Scheme v2 is invalid when restoring signature back to modded APK I dumped from original APK. Works perfectly fine with other games. I'm using CorePatch 4.5 for LSPosed 1.9.2 Zygisk

To Reproduce Steps to reproduce the behavior:

  1. Used version '1.3.8'
  2. Operating system 'Windows 11 23H2'
  3. Command java -jar H:\Temp\APKEditor-1.3.8.jar d -t sig -i "H:\Temp\CarX Drift Racing 2_1.31.1_apkcombo.com.apk" -sig H:\Temp\sig java -jar H:\Temp\APKEditor-1.3.8.jar b -t sig -i "H:\APK Tool GUI\Compiled APK\CarX Drift Racing 2_1.31.1_apkcombo.com.apk" -sig H:\Temp\sig

Log/Stacktrace Installing... adb: failed to install H:\APK Tool GUI\Compiled APK\CarX Drift Racing 2_1.31.1_apkcombo.com.apk_out.apk: Failure [INSTALL_PARSE_FAILED_NO_CERTIFICATES: Failed to collect certificates from /data/app/vmdl1213934018.tmp/base.apk using APK Signature Scheme v2: APK content size did not verify] Performing Streamed Install

Used apk file https://apkcombo.com/downloader/#package=com.carxtech.carxdr2&arches=armeabi-v7a

ghost avatar May 03 '24 15:05 ghost

I don't have good experience with signatures, I think you need to re-sign with your key after building/restoring signatures.

@Kirlif Can you help us here ?

REAndroid avatar May 03 '24 21:05 REAndroid

I don't have good experience with signatures, I think you need to re-sign with your key after building/restoring signatures.

No, otherwise I can't login with Google account. The purpose of restoring original signature is to be able to login with Google account with modded APK.

ghost avatar May 04 '24 14:05 ghost

[INSTALL_PARSE_FAILED_NO_CERTIFICATES: Failed to collect certificates using APK Signature Scheme v2: APK content size did not verify]

Checked the dumped blocks: it's okay. Checked APK signing block contents and alignment: it's okay. Seems to be just ok :) Need to know more about « APK content size did not verify » error and what does CorePatch excatly.

I get the same and the first time issue using my own tool :)

@Yehh22 , since the minSDK is 21, you can simply, for a temporary workaround, keep only the v1 scheme: decode the app, then delete the "signatures" folder from the working directory before rebuilding.

Kirlif avatar May 06 '24 16:05 Kirlif

[INSTALL_PARSE_FAILED_NO_CERTIFICATES: Failed to collect certificates using APK Signature Scheme v2: APK content size did not verify]

Checked the dumped blocks: it's okay. Checked APK signing block contents and alignment: it's okay. Seems to be just ok :) Need to know more about « APK content size did not verify » error and what does CorePatch excatly.

I get the same and the first time issue using my own tool :)

@Yehh22 , since the minSDK is 21, you can simply, for a temporary workaround, keep only the v1 scheme: decode the app, then delete the "signatures" folder from the working directory before rebuilding.

Well, I'm using Apktool for modifications since I'm getting too used to it. Recompiling APK and changing files makes v2 scheme disappear, that's why I wanted to restore it. It's very useful feature to restore signature anytime If I kept only v1 scheme A.K.A META-INF folder, the Google login only works on older devices.

CorePatch is a Xposed module to disable signature verification, allowing unsigned APK installation, overwrite apk with different signature, downgrade version, and more. Tutorial: https://www.andnixsh.com/2020/02/disable-signature-check-using-core.html

ghost avatar May 06 '24 20:05 ghost