Does anyone know if there's a way of disabling certificate checking, perhaps just for a single app? My phone's rooted, so at least theoretically it *should* be possible, but it could be difficult, and maybe nobody knows how to do it...
Or maybe there's some other way of achieving what I want to do, which is a mod to Phone.apk. I'm using apktool to decompile and recompile, then resigning with my own signature, but the system objects to that (is this because Phone.apk is set up to use a shared user id?), and fails to launch the Phone application on restart ("No SIM inserted", it tells me... I've seen more accurate error messages).
Don't resign it. Copy signatures and AndroidManifest.xml file from original apk and Android won't notice other files were modified. If you replace system app, Android checks AndroidManifest.xml signature only.
Related
As the subject line states: I've signed (successfully?) my custom ROM zip file using various programs/methods. Each of them claims a successful signed zip at the end. However, when I try applying my ROM via CWM, I get the standard E:sig verification failed error msg. (Of course, disabling the verification check in CWM allows my ROM to be installed, error-free).
Yes, I've been through all the signing tutorials (that I could find) on this board. A couple were quite useful, but all they did was confirm I was doing the procedure correctly.
Here's a bit of background on my ROM:
It's actually a collection of 4 types of APKs:
some stock, Sense stuff... presumably signed by HTC
some 3rd party (Market) APKs... presumably signed by the appropriate author
some of my own APKs (signed by me, with my own SSL key)
some of my own APKs (not signed at all)
I've also gone in and modified some existing stock HTC APKs.
I tell you this info because I think this is where the problem might be.
Is it possible to sign a ROM file only at the ZIP level (and thereby encompass all the APKs within it)?
If not, do I have to go inside the ROM and sign each APK individually? Do I need to sign them all, or only those that have changed? And which key do I sign it with? (mine? generic test?) Is there ever a scenario where I have to remove/replace an existing signature from an APK with my own signature? Do I need to remove any existing META-INF folders before attempting to sign anything?
These are the questions to which I could find no answers.
Any help would be greatly appreciated.
Thanks,
- Anthony
Tigger31337 said:
As the subject line states: I've signed (successfully?) my custom ROM zip file using various programs/methods. Each of them claims a successful signed zip at the end. However, when I try applying my ROM via CWM, I get the standard E:sig verification failed error msg. (Of course, disabling the verification check in CWM allows my ROM to be installed, error-free).
Yes, I've been through all the signing tutorials (that I could find) on this board. A couple were quite useful, but all they did was confirm I was doing the procedure correctly.
Here's a bit of background on my ROM:
It's actually a collection of 4 types of APKs:
some stock, Sense stuff... presumably signed by HTC
some 3rd party (Market) APKs... presumably signed by the appropriate author
some of my own APKs (signed by me, with my own SSL key)
some of my own APKs (not signed at all)
I've also gone in and modified some existing stock HTC APKs.
I tell you this info because I think this is where the problem might be.
Is it possible to sign a ROM file only at the ZIP level (and thereby encompass all the APKs within it)?
If not, do I have to go inside the ROM and sign each APK individually? Do I need to sign them all, or only those that have changed? And which key do I sign it with? (mine? generic test?) Is there ever a scenario where I have to remove/replace an existing signature from an APK with my own signature? Do I need to remove any existing META-INF folders before attempting to sign anything?
These are the questions to which I could find no answers.
Any help would be greatly appreciated.
Thanks,
- Anthony
Click to expand...
Click to collapse
Here is something that works if you decompile and recompile a apk take the res folder out the part you tweaked and throw it in one that wasn't tweaked or extracted and the Sig will be good.
Sent from my PG86100 using xda premium
reaper24 said:
Here is something that works if you decompile and recompile a apk take the res folder out the part you tweaked and throw it in one that wasn't tweaked or extracted and the Sig will be good.
Sent from my PG86100 using xda premium
Click to expand...
Click to collapse
Okay, so you're saying that signing at the level of the ROM ZIP simply isn't enough. (I wish the guides would say that).
You're saying, I will need to preserve the sigs on the original APKs? I get that. But now that raises more questions:
- when you say "decompile" an APK, I assume this is a simple unzip/extract? That's all I've been doing so far (I use 7-Zip).
- Say I now have an extracted APK (assume it was an HTC stock), I can inject my modified files. Piece of cake. I now have an HTC APK with my own data in there. But what about all the other APKs that make up my entire ROM? Do they ALL have to been signed the same way? (In this example, do they ALL have to be HTC signed?) I'm guessing NO, because there are apps in the data/apps directory from the Market, with their own vendor sigs. I can't see why I would have to re-sign those APKs using the HTC sig.
- So, we're back to my original question: can't you sign a ROM at the ZIP level, or do I have to go back into each individual APK inside that ROM and re-sign them all? Why would the original signature work, but not my own? I have generated my own SSL keys, so in theory I should be able to unzip a APK, tweak it, and re-sign it as my own.
Why does my ROM keep failing the signature test in CWM? I am looking for the necessary and sufficient conditions to allow my ROM (any ZIP file, really) to pass the signature verification check.
No one on this board has been able to answer that, so far.
Thanks so much,
- Anthony
UPDATE:
I was able to get apktool running on my Windows partition. After decompiling SystemUI.apk, I was able to find the strings.xml under res/values. But there's now a new problem, which is the fact that all of the quick settings labels here are in the correct cases whereas on the device they display in allcaps. What could be causing this?
Original post:
Currently I'm using an HDC G900F phone (Galaxy S5 clone) running rooted Android 4.2.2, and trying to change some text in the notifications panel quick settings. In the attached image, you can see that all of the toggle labels are in ALLCAPS and some of them have English spelling mistakes. What I want to do is change the text to correct upper/lower cases and correct the spelling errors (also rearrange them, if possible).
As I understand it, I need to modify some files under res/values in SystemUI.apk but the problem is that when I extract SystemUI.apk and decompress it (with Stuffit or any online APK decompiler), there is no "values" folder under res/ and none of the files from any of the SystemUI.apk modding guides I read seem to exist in my apk. What I want to ask is why these files don't seem to exist and what I can do to achieve the above objectives of correcting the toggle labels?
PS. Installing and using apktools on my Mac is not an option. When I run the installer from the Home Directory, it behaves as if apktools is already installed and takes me directly to the main menu but whenever I select any of the menu options, it says that the relevant command is not found, indicating that apktools is not installed. Clearly something has gone horribly wrong somehow here.
UPDATE:
Never mind. I give up.
So far something has gone wrong every step of the way and it's just too much of a hassle. Mac installation failed and won't let me reinstall, Windows installation failed to detect Java, Java reinstallation failed to be recognised by the system, apktool failed to install the framework, apktool failed to decompile the apt, apktool then fails to build the modded apt. Every step I've had to manually fix things and it's simply too much trouble for just changing a few strings of text on my device.
With a track record for having problems absolutely everywhere, I just uninstalled and deleted everything in case the next step blew up my computer or something.
I know the feeling....
Them feels...tho!
Hello,
I a quite new to Android development/hacking and need some clarification regarding signing system apps.
I did not find any answer yet that fully helped me solve my problem...yes, I did use search on the forum and even Google :laugh:
Scenario:
Let's assume I wanted to modify some system apks (in /priv-app or /app doesn't matter).
All those apks I want to modify do rely on the same framework.apk.
As far as I know, if I modify a system apk all other system apks that rely on the same framework.apk have to be resigned using the same certificate.
1) Is this correct (any pitfalls there)?
2) Do I have to resign the used framework.apk with the same certificate also?
3) Do I have to take other files/things into consideration that would have to be changed / resigned / etc.?
Thanks in advance! :good:
Regards
Markus
deomaki said:
Hello,
I a quite new to Android development/hacking and need some clarification regarding signing system apps.
I did not find any answer yet that fully helped me solve my problem...yes, I did use search on the forum and even Google :laugh:
Scenario:
Let's assume I wanted to modify some system apks (in /priv-app or /app doesn't matter).
All those apks I want to modify do rely on the same framework.apk.
As far as I know, if I modify a system apk all other system apks that rely on the same framework.apk have to be resigned using the same certificate.
1) Is this correct (any pitfalls there)?
2) Do I have to resign the used framework.apk with the same certificate also?
3) Do I have to take other files/things into consideration that would have to be changed / resigned / etc.?
Thanks in advance! :good:
Regards
Markus
Click to expand...
Click to collapse
All system apps have to be signed the same way, yes. You can sometimes mod your services.jar to turn off signature verification but that can leave you a bit more open to malware.
When you mod a system app, you just have to make sure you use the original signature in the new version. The only exception to this is if you change anything in the manifest. Then you will need a new signature, which means either signing everything else with that signature or doing the services.jar I mentioned earlier.
Hello Ticklefish,
first of all: Thanks a lot!
To summarize your answer:
1) Modding services.jar is out of the question! Would never have done this anyway...(risky from a malware point of view)
2) In case I modify a system apk WITHOUT altering the manifest.xml I can reuse the old apk signature for my new apk (the whole META-INF folder has to be copied over to the new apk?)
Nothing else has to be adjusted?
I suppose I still can do a zipalign afterwards in that case?
3) In case of modifying the manifest.xml I would have to resign ALL system apks.
All of them or only those that rely on the same framework as the modded apk?
Do I have to resign the framework apk as well?
I am asking, because I will have to mod several apks relying on different frameworks: At least one where I have to alter manifest.xml...
Thanks in advance
Markus
deomaki said:
Hello Ticklefish,
first of all: Thanks a lot!
To summarize your answer:
1) Modding services.jar is out of the question! Would never have done this anyway...(risky from a malware point of view)
2) In case I modify a system apk WITHOUT altering the manifest.xml I can reuse the old apk signature for my new apk (the whole META-INF folder has to be copied over to the new apk?)
Nothing else has to be adjusted?
I suppose I still can do a zipalign afterwards in that case?
3) In case of modifying the manifest.xml I would have to resign ALL system apks.
All of them or only those that rely on the same framework as the modded apk?
Do I have to resign the framework apk as well?
I am asking, because I will have to mod several apks relying on different frameworks: At least one where I have to alter manifest.xml...
Thanks in advance
Markus
Click to expand...
Click to collapse
If you're modifying an APK without changing the manifest, the best method is to use 7zip or similar to open the new APK and drag the modded files over to the original APK. That way you're still using the same META-INF at the same compression ratio.
Or use Tickle My Android (https://forum.xda-developers.com/showthread.php?t=1633333) to do it for you....cough...cough...
You can zipalign afterwards, just remember that any further changes will affect that zipaligning so you'll have to do it again.
As far as resigning the APK goes, all I know is that you have to change every file that uses the same key/signature as the app you resigned so that they all match.
I have to confess that I've never actually done this. I rarely change the manifest myself and, when I do, I disable signature verification. Yes, it makes you more prone to malware but as long as you're careful about what you install you should be okay.
deomaki said:
Hello,
I a quite new to Android development/hacking and need some clarification regarding signing system apps.
I did not find any answer yet that fully helped me solve my problem...yes, I did use search on the forum and even Google :laugh:
Scenario:
Let's assume I wanted to modify some system apks (in /priv-app or /app doesn't matter).
All those apks I want to modify do rely on the same framework.apk.
As far as I know, if I modify a system apk all other system apks that rely on the same framework.apk have to be resigned using the same certificate.
1) Is this correct (any pitfalls there)?
2) Do I have to resign the used framework.apk with the same certificate also?
3) Do I have to take other files/things into consideration that would have to be changed / resigned / etc.?
Thanks in advance! :good:
Regards
Markus
Click to expand...
Click to collapse
I usually use Mixplorer, (if you use your phone to de/re-compile). Click on compiled apk, select 'explore' and a new tab opens with the contents of the apk. Delete the manifest that was created in recompile, then go to folder with decompiled apk, /original, and long-press to select android manifest xml, and META-INF folder. Choose copy, and paste them into new apk.
Hi, I'm trying to modify /system/framework/framework-res.apk (on the stock Samsung Oreo ROM), more exactly config_locationProviderPackageNames in res/values/arrays.xml so that I can add org.microg.nlp as location provider. I've used the latest apktool (2.3.4) to unpack and repack the apk. I'm replacing it from TWRP and I checked that it has the same owner and rights. And after rebooting the device never finishes booting up (stuck at Samsung logo and blue led).
If I boot back to recovery and put back the original framework-res.apk the system boots fine.
What else do I need to do to make it accept the modified framework?
hey
Are you ONLY modifying the apk?
I would say there is a lot of things to check. It could be that the apk is being rejected by your handling of it. Compare both versions by 7zip lz4 without extracting. Try and use the best tools during the process.
Also more than likely you're conflicting with a service or permission that a perfect apk can't fix.
Have you tried a search in your ROM to see if any files might be associated with the result you want?
Stuff like...
com.android.location.provider.jar
com.android.location.provider.odex
com.android.location.provider.xml
Try doing all the work from your phone without any windows apps. FX explorer and symlink the apk.
Now that everything I said was probably wrong, someone else can tell you how. I'd try fx and symlink, though. It may just align the planets for you
I'm only modifying one XML resource file, but I don't know what else apktool is doing to the apk.
I'm replacing the original framework-res.apk from TWRP, by cat-ing the modified apk over the original, and I've double checked that the ownership and permissions are unchanged.
I guess I can try using another unpack/repack tool and see if it turns out any better, but I've been told that apktool is as good as it gets.
Perhaps it's because the ROM expects the apk to be signed with a certain key? I don't suppose that the key used by Samsung is available somewhere inside the ROM is it?
wirespot said:
I'm only modifying one XML resource file, but I don't know what else apktool is doing to the apk.
I'm replacing the original framework-res.apk from TWRP, by cat-ing the modified apk over the original, and I've double checked that the ownership and permissions are unchanged.
I guess I can try using another unpack/repack tool and see if it turns out any better, but I've been told that apktool is as good as it gets.
Perhaps it's because the ROM expects the apk to be signed with a certain key? I don't suppose that the key used by Samsung is available somewhere inside the ROM is it?
Click to expand...
Click to collapse
@wirespot - Did you ever solve the problem you described in this thread?
Not really. My last attempt was to use Runtime Resource Overlays (RROs) to override certain framework values in order to allow org.microg.nlp to run side by side with Google's service.
I will provide them below but it ultimately didn't work. The RRO apk was installed correctly, I could access the NLP settings in the system settings but the main app still could not detect or connect to the service and none of the apps that use location would work.
If anybody else wants to build or use the RRO apk I'm attaching the relevant files as well as the apk. Please note that the built apk only has "org.microg.nlp" as service in arrays.xml (but I provide an arrays.xml with all three services).
apktool.yml is provided as txt file because it wouldn't let me upload it otherwise, remove the .txt. It's used if you build the package with apktool. Remember that you'll also have to generate your own certificate and sign the package in order to install it.
Also some links that may help:
https://forum.xda-developers.com/t/guide-how-to-make-gsis-overlay-file-for-your-phone.3878974/
https://github.com/ReinhardStrauch/framework-res-overlay-sample
https://android.stackexchange.com/questions/110927/how-to-mount-system-rewritable-or-read-only-rw-ro
https://source.android.com/devices/architecture/rros#configuring-overlays
https://source.android.com/devices/automotive/hmi/car_ui/appendix
https://source.android.com/devices/automotive/hmi/car_ui/rro#step_6_dump_the_idmap
https://dzone.com/articles/customizing-android-devices-using-the-runtime-reso
https://dzone.com/articles/android-solution-install-parse-1
https://stackoverflow.com/questions...s-not-recognized-internal-or-external-command
https://github.com/lineageos4microg/android_prebuilts_prebuiltapks/issues/22
wirespot said:
I guess I can try using another unpack/repack tool and see if it turns out any better, but I've been told that apktool is as good as it gets.
Click to expand...
Click to collapse
For decompiling and building Android Oreo, I prefer version 2.3.1 of APKTool to other versions of APKTools.
wirespot said:
I'm only modifying one XML resource file, but I don't know what else apktool is doing to the apk.
...
Perhaps it's because the ROM expects the apk to be signed with a certain key? I don't suppose that the key used by Samsung is available somewhere inside the ROM is it?
Click to expand...
Click to collapse
wirespot said:
Hi, I'm trying to modify /system/framework/framework-res.apk (on the stock Samsung Oreo ROM), more exactly config_locationProviderPackageNames in res/values/arrays.xml so that I can add org.microg.nlp as location provider.
What else do I need to do to make it accept the modified framework?
Click to expand...
Click to collapse
I have not tried modifying framework-res.apk of a Samsung Android Oreo nor have I particularly tried the location services mod you are attempting (though I might get around to trying it someday) and do not know if it is valid to to accomplish what you want with it, but believe that the process should be similar to modding the file on LG Android Oreo. I shall try to guide you to how to prepare a framework-res.apk that is proper.
To answer your question about expecting a certain key. The answer to that is that that is usually the case. The signing scheme checks on system apps; however is usually not as thorough as non-system apps. framework-res.apk is also special in that it is not a running app and is instead used as a cache of system resources and system meta information. In the past, before Android Oreo, a rebuilt framework-res.apk may be made to work simply by including original signature files (META-INF) and corresponding AndroidManfest.xml file from the original framework-res.apk into the rebuilt fraemwork-res.apk file. The system would evaluate these files, and pass a check for valid platform signature. With Android Oreo, it appears that there is an additional check that was not present in the past; my best guess is that the system is checking for the V2 signing scheme signing block within the V2 Signing Scheme APK file structure. The check does not, however, thoroughly validate the signing block information.
Your mod seems rather simple and, given your previous posts, would only involve a modification to framework-res.apk "resources.arsc" member file (which contains the compiled "res/values/arrays.xml" file). If the rebuilt "resources.arsc" can be used to update ("Update" is an actual ZIP archive operation) the original framework-res.apk's member file, the updated framework-res.apk should work (and remained zip-aligned if originally zip-aligned), so long as the packed file size of the updated member file is less than or equal to the packed size of the original member file, plus up to 4 bytes depending on proximity to the next member file data if original framework-res.apk is zip-aligned as expected. If the packed modified member file(s) are larger, the original APK file structure would likely not be preserved, and a different method might have to be used. Also note that 7-Zip is not reasonable software to use for this, despite it being included with many tools on XDA to modify APK files; the software has had a history of rearranging unnecessarily zip file table entries when a change is made to an archive. Use a different tool that does not do this, such as WinRAR (I have tested version 5.61).
For normal apps, one may not copy over "resources.arsc" or resources from two different app builds and have things work correctly when the app runs; one would also need to make corresponding changes in the *.dex APK member files. framework-res.apk, not being an app the runs, has no corresponding *.dex files, and one need not worry about corrupting the relationship between the *.dex files and the resource files because none exists to corrupt.
Hi all,
I'm trying to fiddle with a Google apk file that I'm reskinning. Essentially there are multiple versions of the app in the wild already, but one has a dark grey background and I'm trying trying to make it all black.
I figure I need to change the xml file contained within the app. I guess I can just root and edit the xml file that way but I want to stay un-rooted if possible. That means editing the APK.
I downloaded Android Multitool and am trying to unpack the APK, make the necessary changes, and repack it. I'll probably run into signature issues down the road but currently I'm stil struggling with repacking. Specifically, I think I need a framework-res.apk, which I don't know how to find.
I'm assuming I need a stock Android framework-res.apk given the nature of the app, but I don't know where to find one....