FORUMS

CloudPlayer: DIY HiFi Music Streaming Solution

In our Helpful Guide to Music Streaming Services, we mentioned several different services … more

Optimize Battery Life with This Useful App

Battery life is an important aspect of your smartphone, especially if you use it for more … more

The OnePlus 2 & The Year of Smartphone Compromises

We are very close to entering the last third of 2015, and we have now seen many of … more

OnePlus 2 Teardown, Major Android Vulnerability – XDA TV

The OnePlus 2 has been officially released. That and much more news is … more

Re-signing the system

2,051 posts
Thanks Meter: 874
 
By Renate NST, Recognized Contributor / Recognized Developer on 28th June 2012, 03:39 PM
Post Reply Subscribe to Thread Email Thread
11th February 2015, 10:01 AM |#31  
Member
Thanks Meter: 38
 
More
Lightbulb [Q] Resigning revisited, re-simplified
Thank you for this very interesting thread and discussion. I've simplified the problem for myself a little. Namely:
  1. I'm patching the APKs before they're even installed. At that time there's no /data/system/packages.xml (in fact there's no /data anything), so the whole endeavour to fix the metadata there is moot. I just let Android create it with whatever values it is happy with.
  2. I sign all the APKs with the same key. I guess it's probably not a great idea security-wise but then so is running Android 2.1 in 2015 in the first place, so if it's just this, I find the associated "risks" acceptable.
  3. I use the Android debug testkey.{pk8,x509.pem} so that I don't need to bother creating my own keys.
So far it appears to work and the logcat seems clean but I didn't debug it extensively. I'd appreciate some feedback on the above. Are there any caveats I have failed to notice so far?

Plus two minor questions:
  • What is this JDK7 "bug" thing? Is it about JDK7 using SHA256withRSA by default, or is there something else?
  • Perhaps not too important in terms of advancing the topic but why does everyone here seem to use Jarsigner and not SignApk?
Comments are appreciated.
 
 
14th February 2015, 01:30 AM |#32  
Renate NST's Avatar
OP Recognized Contributor / Recognized Developer
Boston
Thanks Meter: 874
 
More
Quote:
Originally Posted by Aqq123

What is this JDK7 "bug" thing? Is it about JDK7 using SHA256withRSA by default, or is there something else?

I believe that the real problem was in the dx.bat conversion of JVM 7 code to Dalvik code.
It appears that the current build tools can now do that without a problem.
Newer Android can accept signing with SHA256.
Older versions still can only use SHA1.
I don't know where the dividing line between old and new is.
The Following User Says Thank You to Renate NST For This Useful Post: [ View ]
Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes