Apktool icon indicating copy to clipboard operation
Apktool copied to clipboard
verified publisher icon iBotPeaches

[BUG]Preserve original signature scheme v2, v3, v4 in modded APK

Open TechnoIndian opened this issue 1 year ago • 3 comments

Is it possible the original signature scheme (APK Sig Block 42PK) hidden in the APK can be extracted for later use and put it back in APK again? just to make a modded APK with original signature (Modders usually call it an unsigned APK), in order to be able to login with Google for rooted devices with CorePatch module?

This is how it looks like in hex editor, it's at near the bottom, but I don't understand much how it works in hex image

For example with preserving original signature:

  1. Extract APK Sig Block 42PK as a file using Apktool
  2. Modify files in APK without decompiling. Some tools require APK modification, so just decompiling apk wouldn't work
  3. Put back APK Sig Block 42PK block in APK using Apktool

The problem with unsigned APK: When making changes in an APK using ordinary zip utility like Winrar, it removes the (APK Sig Block 42PK) completely, breaking Google login on Android 9 and above because Android 9 expect signature scheme v2, v3, v4 (APK Sig Block 42PK). Android 8 and below ignores it and read signature scheme v1 (RSA, SF and MF files in META-INF). Also signature scheme v1 is getting deprecated, some APK doesn't come with v1 anymore

To install unsigned APK: Install Xposed and CorePatch https://github.com/LSPosed/CorePatch

TechnoIndian avatar Jan 23 '25 17:01 TechnoIndian

Maybe technically you could, but I would guess that invalidates the signature if any of those versions do a full-byte verify or at least more than the v1 iteration did.

https://source.android.com/docs/security/features/apksigning

However, I haven't dug into it.

iBotPeaches avatar Jan 27 '25 11:01 iBotPeaches

Fetching the APK Sig Block 42 block is unlikely to be feasible without some low-level APK/JAR ZIP pre-parsing. https://android.googlesource.com/platform/packages/modules/adb/+/refs/heads/main/fastdeploy/deployagent/src/com/android/fastdeploy/ApkArchive.java#162

IgorEisberg avatar Mar 07 '25 09:03 IgorEisberg

Maybe technically you could, but I would guess that invalidates the signature if any of those versions do a full-byte verify or at least more than the v1 iteration did.

https://source.android.com/docs/security/features/apksigning

However, I haven't dug into it.

https://github.com/REAndroid/APKEditor/discussions/3

TechnoIndian avatar Apr 10 '25 12:04 TechnoIndian