[MOD] PackageParser Patch

Search This thread

a9y

Member
Nov 5, 2013
14
7
This patch is against framework.jar for Android 4.4 (KRT16M) and allows you to modify system packages without them being verified.

Why would you want this?

Re-signing isn't possible with many google packages as they check their own certificates at runtime (GooglePlayServices). This patch allows you to make any modifications you like to system packages, while keeping the original certificates.

Isn't it unsafe to not verify packages?

Yes. However, this patch only applies to system packages. Those downloaded from the market are still verified as usual. The /system filesystem is read-only by default. The only way for a package to be infected is if an application has root privileges (via SuperSU or similar). Of course you should assume that after giving an application elevated privileges it could infect packages with or without this patch.

How does it work?

Packages in android are loaded by PackageParser. The method collectCertificates attempts to read the file AndroidManifest.xml from system packages, which causes the underlying JarFile to verify it against the embedded signature. If everything was successful it returns the certificate. This patch changes collectCertificates to load and return the certificate directly, without trying to read AndroidManifest.xml.

You must delete META-INF/CERT.SF and META-INF/MANIFEST.MF from any package you modify. This patch doesn't change the underlying JarFile code, which by default uses those files to check entries as they're read from the archive. You should leave META-INF/CERT.RSA alone as that's the certificate this patch loads.


The patch was produced against framework.jar from the factory image KRT16M using baksmali v2.0 .


SHA1

Code:
433eeec32008015a1f54964bf036f4eaddb3864b framework-jar-KRT16M-raw-certificates.patch
75b5999203f355cf45387a424246e988440c3068 framework.jar
 

Attachments

  • framework-jar-KRT16M-raw-certificates.patch
    5.4 KB · Views: 24
  • framework.jar
    3.5 MB · Views: 18
Last edited:

lukakas

Senior Member
Jun 11, 2012
477
380
São Paulo - SP
Thanks for this great mod.. Modify system packages works but when add new apk system (like sony apps to my CM 11 device), ktkat won't accept as app installed, even when I don't modify anything in apk.
Sent from my Xperia Mini Pro using Tapatalk
 

Top Liked Posts

  • There are no posts matching your filters.
  • 3
    This patch is against framework.jar for Android 4.4 (KRT16M) and allows you to modify system packages without them being verified.

    Why would you want this?

    Re-signing isn't possible with many google packages as they check their own certificates at runtime (GooglePlayServices). This patch allows you to make any modifications you like to system packages, while keeping the original certificates.

    Isn't it unsafe to not verify packages?

    Yes. However, this patch only applies to system packages. Those downloaded from the market are still verified as usual. The /system filesystem is read-only by default. The only way for a package to be infected is if an application has root privileges (via SuperSU or similar). Of course you should assume that after giving an application elevated privileges it could infect packages with or without this patch.

    How does it work?

    Packages in android are loaded by PackageParser. The method collectCertificates attempts to read the file AndroidManifest.xml from system packages, which causes the underlying JarFile to verify it against the embedded signature. If everything was successful it returns the certificate. This patch changes collectCertificates to load and return the certificate directly, without trying to read AndroidManifest.xml.

    You must delete META-INF/CERT.SF and META-INF/MANIFEST.MF from any package you modify. This patch doesn't change the underlying JarFile code, which by default uses those files to check entries as they're read from the archive. You should leave META-INF/CERT.RSA alone as that's the certificate this patch loads.


    The patch was produced against framework.jar from the factory image KRT16M using baksmali v2.0 .


    SHA1

    Code:
    433eeec32008015a1f54964bf036f4eaddb3864b framework-jar-KRT16M-raw-certificates.patch
    75b5999203f355cf45387a424246e988440c3068 framework.jar
    1