APKKiller icon indicating copy to clipboard operation
APKKiller copied to clipboard

Published 20 hours ago verified publisher icon aimardcr

apk_signature hash

Open timscriptov opened this issue 2 years ago • 4 comments

If possible, move the hash to the dex , manifest or assets... To avoid compiling C++ code every time

timscriptov avatar Apr 14 '22 03:04 timscriptov

I have been thinking about it and I will find an idea for this, but because of this i also need to remake the APKSignReader tool to adapt to the newest source.

aimardcr avatar Apr 14 '22 11:04 aimardcr

I have been thinking about it and I will find an idea for this, but because of this i also need to remake the APKSignReader tool to adapt to the newest source.

You could look into ApkSignatureKiller to see how you could implement this. The only problem is that many apps/games use techniques such as SignatureVerificationDemo which ApkSignatureKiller does not work against. ApkSignatureKiller stops the app from being able to detect invalid signatures via java, but fails when the checks are being done natively.

jbro129 avatar Apr 15 '22 05:04 jbro129

I've take a look at SignatureVerificationDemo and APKKiller should bypass it too, i have been working on a new system for storing signature outside lib.

aimardcr avatar Apr 15 '22 10:04 aimardcr

Please check latest commit, now APKKiller is using BinaryReader to decode target app signatures in the APKKiller.java

The data are formatted into Base64, which consist these following structure:

struct SignData {
   int size;
   byte sign[size];
};
struct data {
  int signCount;
  SignData signData[signCount];
};

Please let me know if it works fine for you.

Edit: Use APKSignReader to get the Base64 format from the target app.

aimardcr avatar Apr 15 '22 12:04 aimardcr