apk_signature hash

Question

apk_signature hash

timscriptov opened this issue 2 years ago · 4 comments

If possible, move the hash to the dex , manifest or assets... To avoid compiling C++ code every time

Answer 1 · 2022-04-14T11:54:13.000Z

I have been thinking about it and I will find an idea for this, but because of this i also need to remake the APKSignReader tool to adapt to the newest source.

Answer 2 · 2022-04-15T05:32:30.000Z

I have been thinking about it and I will find an idea for this, but because of this i also need to remake the APKSignReader tool to adapt to the newest source.

You could look into ApkSignatureKiller to see how you could implement this. The only problem is that many apps/games use techniques such as SignatureVerificationDemo which ApkSignatureKiller does not work against. ApkSignatureKiller stops the app from being able to detect invalid signatures via java, but fails when the checks are being done natively.

Answer 3 · 2022-04-15T10:20:41.000Z

I've take a look at SignatureVerificationDemo and APKKiller should bypass it too, i have been working on a new system for storing signature outside lib.

Answer 4 · 2022-04-15T12:15:44.000Z

Please check latest commit, now APKKiller is using BinaryReader to decode target app signatures in the APKKiller.java

The data are formatted into Base64, which consist these following structure:

struct SignData {
   int size;
   byte sign[size];
};
struct data {
  int signCount;
  SignData signData[signCount];
};

Please let me know if it works fine for you.

Edit:
Use APKSignReader to get the Base64 format from the target app.