[Feature] Disable signature block check

Question

[Feature] Disable signature block check

Opened this issue 3 years ago · 13 comments

Some unsigned APK I downloaded from a forum site doesn't work on my phone running Android 11, it crashes due to invalid signature block file, but it works fine on my older devices running Android 8, 7, 6, 5. ONLY Android 11 have this check. I have enabled all options in Core Patch.

Can you add an option to disable signature block check so the app can run?

java.lang.SecurityException: cannot verify signature block file META-INF/BNDLTOOL
	at sun.security.util.SignatureFileVerifier.processImpl(SignatureFileVerifier.java:295)
	at sun.security.util.SignatureFileVerifier.process(SignatureFileVerifier.java:268)
	at java.util.jar.JarVerifier.processEntry(JarVerifier.java:274)
	at java.util.jar.JarVerifier.update(JarVerifier.java:229)
	at java.util.jar.JarFile.initializeVerifier(JarFile.java:393)
	at java.util.jar.JarFile.getInputStream(JarFile.java:460)
	at libcore.io.ClassPathURLStreamHandler$ClassPathURLConnection.getInputStream(ClassPathURLStreamHandler.java:162)
	at java.net.URL.openStream(URL.java:1072)
	at java.lang.ClassLoader.getResourceAsStream(ClassLoader.java:989)
	at java.lang.Class.getResourceAsStream(Class.java:2215)
	at com.google.android.gms.common.internal.LibraryVersion.getVersion(Unknown Source:46)
	at com.google.firebase.iid.zzt.zzb(Unknown Source:143)
	at com.google.firebase.iid.zzt.zza(Unknown Source:0)
	at com.google.firebase.iid.zzs.run(Unknown Source:12)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
	at com.google.android.gms.common.util.concurrent.zza.run(Unknown Source:6)
	at java.lang.Thread.run(Thread.java:923)

Answer 1 · 2021-09-25T01:46:36.000Z

are you saying it crashed when starting the app not when installing?

Answer 2 · 2021-09-25T14:20:02.000Z

are you saying it crashed when starting the app not when installing?

It crashed when you launch the app. Link if you wanna test https://apkadmin.com/1bxx8oz4scxf/The_Walking_Dead__Our_World_17.1.0.5760_mod_unsigned.apk.html

Answer 3 · 2021-09-25T15:52:13.000Z

Looks like either google or the app itself is checking the signature identity and files contain them are broken.
This has nothing to with us as it does not interfere with installation(but maybe for purchase verification,not our job though). Maybe you can try replace the said file from the original apk.

Answer 4 · 2021-09-25T16:27:18.000Z

The title says it is unsigned. Maybe you can sign the apk yourself too.

Answer 5 · 2021-09-29T09:20:11.000Z

Looks like either google or the app itself is checking the signature identity and files contain them are broken. This has nothing to with us as it does not interfere with installation(but maybe for purchase verification,not our job though). Maybe you can try replace the said file from the original apk.

I don't really know what should i change to get it work
I asked if it's possible to bypass signature block check via CorePatch. Could be added as an option.

The title says it is unsigned. Maybe you can sign the apk yourself too.

But i can't login with Google if signed and signing can cause tampering detection. it has only option to login with Google

Answer 6 · 2021-09-29T10:22:07.000Z

Looks like either google or the app itself is checking the signature identity and files contain them are broken. This has nothing to with us as it does not interfere with installation(but maybe for purchase verification,not our job though). Maybe you can try replace the said file from the original apk.

I don't really know what should i change to get it work I asked if it's possible to bypass signature block check via CorePatch. Could be added as an option.

The title says it is unsigned. Maybe you can sign the apk yourself too.

But i can't login with Google if signed and signing can cause tampering detection. it has only option to login with Google

The signature data is required and no way to bypass, or the upper class that get the information(eg.google game) will simply crash and get NullPointerException. This is more likely a problem in the apk.

Answer 7 · 2021-10-01T09:09:34.000Z

The signature data is required and no way to bypass, or the upper class that get the information(eg.google game) will simply crash and get NullPointerException. This is more likely a problem in the apk.

Ok i will stick on older Android version till then

Answer 8 · 2021-10-07T06:36:37.000Z

Yeah, I believe this caused crashes on certain apks on my Android 11 phone too, but the apk worked fine on VMOS Pro which is running 7.1.2 with Core patch 2.x installed

It is unclear whether the app or the system makes it crash, but a way to bypass integrity it would be nice.

Answer 9 · 2021-12-06T10:49:25.000Z

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

Answer 10 · 2021-12-06T14:13:12.000Z

Keep it up

Answer 11 · 2021-12-09T11:41:22.000Z

Delete signature files in META-INF should work. Anyway, CorePatch only cares about installation. This problem should be handled by the one who provides the apk.

Answer 12 · 2021-12-10T11:56:59.000Z

Delete signature files in META-INF should work. Anyway, CorePatch only cares about installation. This problem should be handled by the one who provides the apk.

RIP
Without META-INF, Google login will not work and game signature check will not be able to verify. So I will keep using older Android version for that

Answer 13 · 2022-08-10T08:31:10.000Z

I just encounted this error when using my unsigned APK on Nox player running Android 9 but works fine on Mumu Android 6. Unfortunately, disabling signature check with Lucky Patcher via Xposed didn't help. I'll appriciate if you guys can bypass it because unsigned APK is really mandatory when it comes to Google/Facebook login