FC (Fay) Stegerman
FC (Fay) Stegerman
> I think it should be able to either copy it It's part of the APK Signature Scheme v2 Block, so it's already being copied. > or strip it out...
> Here's some code that works with frosting that @U039b pointed me to: > https://bi-zone.medium.com/easter-egg-in-apk-files-what-is-frosting-f356aa9f4d1 That's the same link I posted [here](https://salsa.debian.org/reproducible-builds/diffoscope/-/issues/246#note_255463) :)
I've been working on [`apksigtool`](https://github.com/obfusk/apksigtool), which currently supports parsing the APK Signature Block and validating v2 (and to some extent) v3 signatures. It detects the frosting block, but doesn't "look...
We can "invent" our own signature block; I'd be happy to implement that in `apksigtool`.
```sh $ apksigtool parse original.apk | grep -v '^ ' PAIR ID: 0x7109871a APK SIGNATURE SCHEME v2 BLOCK SIGNER 0 VERIFIED PAIR ID: 0x504b4453 DEPENDENCY INFO BLOCK PAIR ID: 0x42726577...
That error should only happen when the unsigned APK isn't actually unsigned (i.e. contains existing v1 signature metadata files). But if you want to patch an APK with existing `*.(SF|RSA|DSA|EC)`...
I ran into this a while back. Changing ``` ## Header ``` to ``` Header ------ ``` fixed it. Only works for h1 and h2 though, but that was enough...
Update: I've released a new version that includes the "open in app" support.
Update: jiten has been accepted into the official F-Droid repository.
cc @eighthave