Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,806,815 Members 40,887 Now Online
XDA Developers Android and Mobile Development Forum

Re-signing the system

Tip us?
 
ApokrifX
Old
#21  
Senior Member
Thanks Meter 47
Posts: 410
Join Date: May 2011
Quote:
Originally Posted by Renate NST View Post
Well, you seem to have a handle on all this.
I've never heard of pkcs7 or any of its friends.
You try it once, next time you know it all. Just in case, it’s all here: http://www.openssl.org/docs/apps/openssl.html

Quote:
Originally Posted by Renate NST View Post
Deleting packages.xml will result in the non-shared user ids to be assigned in order as the APKs are discovered by the PackageManager.
I.e. it won’t work in the case I mentioned?
Or it does check /data/data to see if a user was assigned already and reassigns it?
I guess, I should try it on emulator...

Quote:
Originally Posted by Renate NST View Post
User ids are only used for file permissions on /data/data as far as I know.
And /data/dalvik-cache too:
ls -l /data/dalvik-cache/*apk*

BTW: Some permissions are assigned in /system/etc/permissions/platform.xml, but for uid only.
dumpsys package shows some gids too,
I was wondering where are uid assigned to gids and can we use them too?

---------- Post added at 04:01 AM ---------- Previous post was at 03:48 AM ----------

Quote:
Originally Posted by ApokrifX View Post
I.e. it won’t work in the case I mentioned?
Or it does check /data/data to see if a user was assigned already and reassigns it?
Oops... Apparently, well known BugOrFeature: http://forum.xda-developers.com/showthread.php?t=522935
 
ApokrifX
Old
(Last edited by ApokrifX; 1st July 2012 at 05:36 AM.)
#22  
Senior Member
Thanks Meter 47
Posts: 410
Join Date: May 2011
From packages.xml
Code:
UserID	CertIndex
1000	13	com.google.android.providers.subscribedfeeds	/system/app/GoogleSubscribedFeedsProvider.apk	
1000	13	com.google.android.server.checkin	/system/app/GoogleCheckin.apk	
1000	4	android	/system/framework/framework-res.apk	
1000	4	com.android.providers.settings	/system/app/SettingsProvider.apk	
1000	4	com.android.providers.subscribedfeeds	/system/app/AccountAndSyncSettings.apk	
1000	4	com.android.settings	/system/app/Settings.apk	
1000	4	com.bn.app.crypto.server	/system/app/CryptoServer.apk	
1000	4	com.bn.authentication.svc	/system/app/BnAuthenticationService.apk	
1000	4	com.bn.demomode	/system/app/DemoMode.apk	
1000	4	com.bn.devicemanager	/system/app/DeviceManager.apk	
1000	4	com.bn.nook.quickstart	/system/app/QuickStartActivity.apk	
1000	4	com.bn.syschecksum	/system/app/SysChecksum.apk	
1000	4	com.bn.waveformdownloader.svc	/system/app/WaveformDownloader.apk
Apparently, (1000, 13) and (1000, 4) should be two different uses, right?
But according to "dumpsys package" output, they are same:

Code:
SharedUser [android.uid.system] (49e7f2a0):
    userId=1000 gids=[1015, 3003, 3002, 3001, 1007]
Code:
  Package [com.google.android.providers.subscribedfeeds] (49ee7390):
    userId=1000 gids=[]
    sharedUser=SharedUserSetting{49e7f2a0 android.uid.system/1000}
    pkg=Package{49f73f88 com.google.android.providers.subscribedfeeds}
    codePath=/system/app/GoogleSubscribedFeedsProvider.apk
    resourcePath=/system/app/GoogleSubscribedFeedsProvider.apk
    dataDir=/data/data/com.google.android.providers.subscribedfeeds
    targetSdk=7
    supportsScreens=[medium, large, small, resizeable, anyDensity]
    timeStamp=1292347460000
    signatures=PackageSignatures{49e403a0 [49eb4fd8]}
    permissionsFixed=false pkgFlags=0x1 installStatus=1 enabled=0
Code:
  Package [com.android.settings] (49ee50f8):
    userId=1000 gids=[]
    sharedUser=SharedUserSetting{49e7f2a0 android.uid.system/1000}
    pkg=Package{49eff728 com.android.settings}
    codePath=/system/app/Settings.apk
    resourcePath=/system/app/Settings.apk
    dataDir=/data/data/com.android.settings
    targetSdk=7
    supportsScreens=[medium, large, small, resizeable, anyDensity]
    timeStamp=1217592000000
    signatures=PackageSignatures{49ea84c8 [49ed6f38]}
    permissionsFixed=false pkgFlags=0x1 installStatus=1 enabled=0
Code:
# ls -l /data/data/com.google.android.providers.subscribedfeeds
drwxr-xr-x system   system            2012-01-22 17:34 lib
drwxrwx--x system   system            2012-07-01 00:03 databases
drwxrwx--x system   system            2012-01-22 20:00 files
drwxrwx--x system   system            2012-07-01 00:03 shared_prefs
Code:
# ls -l /data/data/com.android.settings
drwxr-xr-x system   system            2000-01-01 02:28 lib
drwxrwx--x system   system            2011-06-18 20:55 cache
drwxrwx--x system   system            2011-06-18 20:55 databases
drwx------ system   system            2012-01-22 17:46 files
drwxrwx--x system   system            2012-01-22 21:01 shared_prefs
 
rob.power
Old
(Last edited by rob.power; 15th September 2014 at 08:47 AM.)
#23  
Junior Member
Thanks Meter 6
Posts: 20
Join Date: Oct 2012
Quote:
Originally Posted by ApokrifX View Post
I dunno, they are trivially convertible, try for yourself:
Unzip CERT.RSA from stock Reader.apk
Obviously (or not), CERT.RSA is pkcs7 and certs in packages.xml are hex strings x509
Let’s convert pkcs7 -> x509
Code:
openssl pkcs7 -inform DER -in CERT.RSA  -out CERT.PEM -print_certs
openssl x509  -inform PEM -in CERT.PEM -outform DER -out CERT.x509.DER
Now open CERT.x509.DER is any hex editor:
Code:
0000000000: 30 82 04 96 30 82 03 7E │ A0 03 02 01 02 02 09 00
0000000010: CF 3F 93 2A 95 18 91 A5 │ 30 0D 06 09 2A 86 48 86
...
0000000480: BF 46 EB 99 2F F8 A8 9A │ 1F 66 2D 91 4F 0C 93 FE
0000000490: 44 7D 2F D0 C2 CC DC F7 │ 5E 84
And compare with packages.xml
Code:
<cert index="5" key="308204963082037ea003020102020900cf3f932a951891a5300d06092a864886
…
bf46eb992ff8a89a1f662d914f0c93fe447d2fd0c2ccdcf75e84" />
In the case of resigning in order to let a modified ReaderRMSDK.apk to run still using the B&N sharedId, I have a couple of doubts to clarify:
  1. Do I have to resign only the system apk that uses the same sharedId (10000, cert n. 4) or the whole system folder+framework?
  2. Would it work, instead of deleting packages.xml, if we change the B&N certs reference with the hex string output from the above commands obtained using our new CERT.RSA?

EDIT: I'm gonna give my theory a try and prepare a script to make the whole process automated in case it works fine. I'll write more tomorrow if it succeed.
The Following User Says Thank You to rob.power For This Useful Post: [ Click to Expand ]
 
thenookieforlife3
Old
#24  
thenookieforlife3's Avatar
Senior Member
Thanks Meter 38
Posts: 226
Join Date: Aug 2014
Location: Washington D.C.

 
DONATE TO ME
Quote:
Originally Posted by rob.power View Post
In the case of resigning in order to let a modified ReaderRMSDK.apk to run still using the B&N sharedId, I have a couple of doubts to clarify:
  1. Do I have to resign only the system apk that uses the same sharedId (10000, cert n. 4) or the whole system folder+framework?
  2. Would it work, instead of deleting packages.xml, if we change the B&N certs reference with the hex string output from the above commands obtained using our new CERT.RSA?

EDIT: I'm gonna give my theory a try and prepare a script to make the whole process automated in case it works fine. I'll write more tomorrow if it succeed.
That sounds great.

Let's hope that the people who made this thread 2 years ago are still interested in this topic!
Sent from my rooted Nook Simple Touch with GlowLight using Opera Mini

My works:

[NST/NSTG] Cool status bar modification!
[NST/NSTG] Framework Fixer!
Nook Glow Multitouch/USBHost Files

The best way to show someone on XDA that you're grateful for their post is to click/tap the button.

 
rob.power
Old
#25  
Junior Member
Thanks Meter 6
Posts: 20
Join Date: Oct 2012
Quote:
Originally Posted by thenookieforlife3 View Post
That sounds great.

Let's hope that the people who made this thread 2 years ago are still interested in this topic!
A brief update:
I still need to fix a few things. I'm quite conviced it should work well, but I'm still having invalid digest errors which lead to the apparent boot loop.
 
Code:
[...]
W/PackageParser(  992): Exception reading /system/framework/framework-res.apk
W/PackageParser(  992): java.lang.SecurityException: META-INF/CERT.SF has invalid digest for res/drawable-es-mdpi/c_quicknav_shop_normal_sm.png in /system/framework/framework-res.apk
W/PackageParser(  992): 	at java.util.jar.JarVerifier.verifyCertificate(JarVerifier.java:370)
W/PackageParser(  992): 	at java.util.jar.JarVerifier.readCertificates(JarVerifier.java:273)
W/PackageParser(  992): 	at java.util.jar.JarFile.getInputStream(JarFile.java:416)
W/PackageParser(  992): 	at android.content.pm.PackageParser.loadCertificates(PackageParser.java:327)
W/PackageParser(  992): 	at android.content.pm.PackageParser.collectCertificates(PackageParser.java:461)
W/PackageParser(  992): 	at com.android.server.PackageManagerService.collectCertificatesLI(PackageManagerService.java:2080)
W/PackageParser(  992): 	at com.android.server.PackageManagerService.scanPackageLI(PackageManagerService.java:2113)
W/PackageParser(  992): 	at com.android.server.PackageManagerService.scanDirLI(PackageManagerService.java:2051)
W/PackageParser(  992): 	at com.android.server.PackageManagerService.<init>(PackageManagerService.java:563)
W/PackageParser(  992): 	at com.android.server.PackageManagerService.main(PackageManagerService.java:336)
W/PackageParser(  992): 	at com.android.server.ServerThread.run(SystemServer.java:120)
I/PackageManager(  992): Failed verifying certificates for package:android
D/PackageManager(  992): Scanning app dir /system/app
I/PackageManager(  992): /system/app/AFfileDownloadService.apk changed; collecting certs
W/PackageParser(  992): Exception reading /system/app/AFfileDownloadService.apk
W/PackageParser(  992): java.lang.SecurityException: META-INF/CERT.SF has invalid digest for classes.dex in /system/app/AFfileDownloadService.apk
W/PackageParser(  992): 	at java.util.jar.JarVerifier.verifyCertificate(JarVerifier.java:370)
W/PackageParser(  992): 	at java.util.jar.JarVerifier.readCertificates(JarVerifier.java:273)
W/PackageParser(  992): 	at java.util.jar.JarFile.getInputStream(JarFile.java:416)
W/PackageParser(  992): 	at android.content.pm.PackageParser.loadCertificates(PackageParser.java:327)
W/PackageParser(  992): 	at android.content.pm.PackageParser.collectCertificates(PackageParser.java:461)
W/PackageParser(  992): 	at com.android.server.PackageManagerService.collectCertificatesLI(PackageManagerService.java:2080)
W/PackageParser(  992): 	at com.android.server.PackageManagerService.scanPackageLI(PackageManagerService.java:2113)
W/PackageParser(  992): 	at com.android.server.PackageManagerService.scanDirLI(PackageManagerService.java:2051)
W/PackageParser(  992): 	at com.android.server.PackageManagerService.<init>(PackageManagerService.java:569)
W/PackageParser(  992): 	at com.android.server.PackageManagerService.main(PackageManagerService.java:336)
W/PackageParser(  992): 	at com.android.server.ServerThread.run(SystemServer.java:120)
I/PackageManager(  992): Failed verifying certificates for package:com.bn.nook.affiledownloadservice
I/PackageManager(  992): /system/app/Accessories.apk changed; collecting certs
W/PackageParser(  992): Exception reading /system/app/Accessories.apk
W/PackageParser(  992): java.lang.SecurityException: META-INF/CERT.SF has invalid digest for res/drawable/s_icon_recommend.png in /system/app/Accessories.apk
[...]

By the way, when checking on my pc using "jarsigner -verify -verbose" I don't get any errors, just the same warnings I get if I check the original apks.
 
Code:
[ ... ]
This jar contains entries whose certificate chain is not validated.
This jar contains signatures that does not include a timestamp. Without a timestamp, users may not be able to validate this jar after the signer certificate's expiration date (2037-11-20) or after any future revocation date.
I've read around the internet that this could be due to a problem when signing using jdk7, as with this version they changed the default signing algorithm.
I will give it a try installing jdk6 to see if it works.

If somebody has more suggestions about the error, they are welcome.
 
rob.power
Old
#26  
Junior Member
Thanks Meter 6
Posts: 20
Join Date: Oct 2012
Really good news: I got it working!

I found how to correct the signature bug in JDK7. Then I had a few problem with packages.xml; I was trying to patch the old one directly with new signatures instead of just deleting it, but at first boot it underwent some weird changes becoming unable to load the UI.
Then just I changed the script to delete the file and it worked like charm, even if with some UID changes. Eventually, to avoid permissions errors, I pushed again the patched version, and now it's perfect.

Let me a day or two to review and debug the code, and hopefully before weekend it will available for download! I also want to add an option to completely automate even the previous steps of alternative dictionaries installation and maybe a way to automatically resolve any unmet dependencies.

Script is in bash, it will work on Ubuntu (and I'm quite sure any Debian-like distro, maybe even other Linux systems). Before anyone asks, I'm sorry but I'm not thinking about porting it to Windows; by the way, I'll release source code so anyone interested is welcome to port it.

Stay tuned!
The Following User Says Thank You to rob.power For This Useful Post: [ Click to Expand ]
 
thenookieforlife3
Old
#27  
thenookieforlife3's Avatar
Senior Member
Thanks Meter 38
Posts: 226
Join Date: Aug 2014
Location: Washington D.C.

 
DONATE TO ME
Quote:
Originally Posted by rob.power View Post
Really good news: I got it working!

I found how to correct the signature bug in JDK7. Then I had a few problem with packages.xml; I was trying to patch the old one directly with new signatures instead of just deleting it, but at first boot it underwent some weird changes becoming unable to load the UI.
Then just I changed the script to delete the file and it worked like charm, even if with some UID changes. Eventually, to avoid permissions errors, I pushed again the patched version, and now it's perfect.

Let me a day or two to review and debug the code, and hopefully before weekend it will available for download! I also want to add an option to completely automate even the previous steps of alternative dictionaries installation and maybe a way to automatically resolve any unmet dependencies.

Script is in bash, it will work on Ubuntu (and I'm quite sure any Debian-like distro, maybe even other Linux systems). Before anyone asks, I'm sorry but I'm not thinking about porting it to Windows; by the way, I'll release source code so anyone interested is welcome to port it.

Stay tuned!
Hooray! \o/

Staying tuned for sure!
Sent from my rooted Nook Simple Touch with GlowLight using Opera Mini

My works:

[NST/NSTG] Cool status bar modification!
[NST/NSTG] Framework Fixer!
Nook Glow Multitouch/USBHost Files

The best way to show someone on XDA that you're grateful for their post is to click/tap the button.


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes


Schedule Is Up for xda:devcon ’14

With xda:devcon ’14 just around the corner, and the venue close to selling out, there is a lot … more

aLogcat Returns Thanks to XDA Love

The developers of Android, that is Google, gave users several great debugging tools that can be used in … more

And the Winners in the XDA Pebble Development Challenge Are…

Almost two months ago, we set out with Pebble to findthree amazing … more

MediaTek Releases Full Kernel Source for First Android One Devices

Those who might have thought that MediaTek wouldnever release working … more