[MOD][GUIDE]Remove Signature Verification for all devices

Search This thread

LilBlinx

Inactive Recognized Contributor
Jun 17, 2012
2,057
5,619
Skopje
Xiaomi Poco F3
In this post I’ll explain what is Superuser mod and how to enable it on your device. The Superuser mod disables the nasty signature verification for all apps. After applying this mod you can install apps with different signature like Xperia Z1 or newer Sony apps. Things that are needed in this process are the following:

  • Rooted device
  • Deodexed ROM (If you are using ODEXED ROM, just delete services.odex)
  • Services.jar from your device
  • Baksmali Manager; the one that I'm currently using and shown in this tutorial DOWNLOAD
  • Notepad++

Step 1) Decompile Services.jar file

You can pull the services.jar file via adb or using some file manager on phone. I recommend using ADB since it will be needed for the Baksmali app. Via ADB, type the command:
Code:
adb pull /system/framework/services.jar
After you pulled the file successfully copy it and paste it in the baksmali folder. Now, follow the steps on how to decompiling the file.

1. Open baksmali Manager.bat
2. Press 4 (Select file to work) and then press Enter.
3. Enter the number in which services.jar file is shown, in my case it's 3. Press 3 then Enter.
4. After you selected the file, press 1 to Baksmali. Wait until it finishes.

Step 2) Applying the MOD

This is the part we've waiting for, disabling the signature check. Follow the steps.

1. Go to the newly created services folder in the baksmali folder and enter this location; \com\android\server\pm\
2. Search for a file called PackageManagerService.smali and open it with Notepad++
3. Press CTRL+F and search for '.method static compareSignatures'
4. You will see something similar to this:

Code:
.method static compareSignatures([Landroid/content/pm/Signature;[Landroid/content/pm/Signature;)I
    .registers 9
    .parameter "s1"
    .parameter "s2"

    .prologue
    .line 2284
    if-nez p0, :cond_8

    .line 2285
    if-nez p1, :cond_6

    const/4 v6, 0x1

    .line 2304
    :goto_5
    return v6

    .line 2285
    :cond_6
    const/4 v6, -0x1

    goto :goto_5

    .line 2289
    :cond_8
    if-nez p1, :cond_c

    .line 2290
    const/4 v6, -0x2

    goto :goto_5

    .line 2292
    :cond_c
    new-instance v3, Ljava/util/HashSet;

    invoke-direct {v3}, Ljava/util/HashSet;-><init>()V

    .line 2293
    .local v3, set1:Ljava/util/HashSet;,"Ljava/util/HashSet<Landroid/content/pm/Signature;>;"
    move-object v0, p0

    .local v0, arr$:[Landroid/content/pm/Signature;
    array-length v2, v0

    .local v2, len$:I
    const/4 v1, 0x0

    .local v1, i$:I
    :goto_14
    if-ge v1, v2, :cond_1e

    aget-object v5, v0, v1

    .line 2294
    .local v5, sig:Landroid/content/pm/Signature;
    invoke-virtual {v3, v5}, Ljava/util/HashSet;->add(Ljava/lang/Object;)Z

    .line 2293
    add-int/lit8 v1, v1, 0x1

    goto :goto_14

    .line 2296
    .end local v5           #sig:Landroid/content/pm/Signature;
    :cond_1e
    new-instance v4, Ljava/util/HashSet;

    invoke-direct {v4}, Ljava/util/HashSet;-><init>()V

    .line 2297
    .local v4, set2:Ljava/util/HashSet;,"Ljava/util/HashSet<Landroid/content/pm/Signature;>;"
    move-object v0, p1

    array-length v2, v0

    const/4 v1, 0x0

    :goto_26
    if-ge v1, v2, :cond_30

    aget-object v5, v0, v1

    .line 2298
    .restart local v5       #sig:Landroid/content/pm/Signature;
    invoke-virtual {v4, v5}, Ljava/util/HashSet;->add(Ljava/lang/Object;)Z

    .line 2297
    add-int/lit8 v1, v1, 0x1

    goto :goto_26

    .line 2301
    .end local v5           #sig:Landroid/content/pm/Signature;
    :cond_30
    invoke-virtual {v3, v4}, Ljava/util/HashSet;->equals(Ljava/lang/Object;)Z

    move-result v6

    if-eqz v6, :cond_38

    .line 2302
    const/4 v6, 0x0

    goto :goto_5

    .line 2304
    :cond_38
    const/4 v6, -0x3

    goto :goto_5
.end method

5. Shrink the whole method so it looks like this:

FOR ANDROID LOWER THAN 4.4 (Donut, GingerBread, IceCreamSandwitch, All JellyBean versions, also there is a chance that will work on some KitKat ROMs if the second method doesn't work)

Code:
.method static compareSignatures([Landroid/content/pm/Signature;[Landroid/content/pm/Signature;)I
    .registers 9

    const/4 v0, 0x0

    return v0
.end method

FOR ANDROID HIGHER THAN 4.4 (including LolliPop, KitKat, M)

Code:
.method static compareSignatures([Landroid/content/pm/Signature;[Landroid/content/pm/Signature;)I
    .locals 11
    .param p0, "s1"    # [Landroid/content/pm/Signature;
    .param p1, "s2"    # [Landroid/content/pm/Signature;

    .prologue
    const/4 v7, 0x0

    .line 2934
    return v7
.end method

Now find

Code:
 invoke-static {v4, v0}, Lcom/android/server/pm/PackageManagerService;->compareSignatures([Landroid/content/pm/Signature;[Landroid/content/pm/Signature;)I

    move-result v4

    if-nez v4, :cond_c

    .line 5572
    new-instance v4, Lcom/android/server/pm/PackageManagerException;

    const/16 v5, -0x13

    const-string v11, "Cannot install platform packages to user storage!"

    invoke-direct {v4, v5, v11}, Lcom/android/server/pm/PackageManagerException;-><init>(ILjava/lang/String;)V

    throw v4

    .line 5578
    .end local v89    # "s1":[Landroid/content/pm/Signature;
    :cond_c

And include do the changes marked in red color

Code:
invoke-static {v4, v0}, Lcom/android/server/pm/PackageManagerService;->compareSignatures([Landroid/content/pm/Signature;[Landroid/content/pm/Signature;)I

    move-result v4

    [COLOR="Red"]if-eqz[/COLOR] v4, :cond_c

    .line 5572
    new-instance v4, Lcom/android/server/pm/PackageManagerException;

    const/16 v5, -0x13

    const-string v11, "Cannot install platform packages to user storage!"

    invoke-direct {v4, v5, v11}, Lcom/android/server/pm/PackageManagerException;-><init>(ILjava/lang/String;)V

    throw v4

    .line 5578
    .end local v89    # "s1":[Landroid/content/pm/Signature;
    :cond_c

6. Save the changes.

Step 3) Recompiling services.jar and pushing it back to system

We've come to the last piece of the puzzle. This is a bit tricky part but I'll make it simple for you, I recommend backing up your services.jar file in case something goes wrong.

1. Open baksmali again and choose services.jar as I previously explained.
2. Press 2 to smali the current work in classes.dex file.
3. In the baksmali folder you will find your services.jar and classes.dex file.
4. Open services.jar file with WinRAR (you can use other software) and replace the new (modified) classes.dex file with the new classes.dex file in the archive.


Capture.png


5. Push the services.jar file using ADB or copy it to system/framework using file manager. The command for adb is:
Code:
adb push services.jar /system/framework/
6. Set the permissions to rw- r-- r--
7. Reboot your phone.
8. Enjoy!

Thanks to eybee1970 for making the Xperia T Superuser mod and helping in this awesome tutorial. Also thanks to serajr for the KitKat method
 
Last edited:
@DavidMKD, thanks a lot for this! :D

By the way, I had a little problem with 3 apps that I integrated in system with Titanium Backup. They forcedly closed every time I tried to open them. But then I remembered that Titanium integrated them as odexed. I fixed it making them user app and integrating them again. After that, those apps seem to be still odexed but everything is working fine. Tried to reboot wiping caches to see if there could be any problem, but it wasn't. :D
 
Last edited:

gamer649

Senior Member
Feb 8, 2013
1,326
594
As it disables signature verification wouldn't that make your device(s) extremely insecure?
 

FunSucker

Senior Member
Nov 10, 2013
336
175
Paris Van Java
set permission

broo, I put the services.jar file that has been patched with the other framework files in the sd card (folder 'done_app'). then I did this command:

adb shell
su
stop
mount -o rw,remount /system/ /system/
cp /sdcard/done_frame/* /system/framework/
mount -o ro,remount /system/ /system/
reboot


that's already changed the 'set permissions' or not yet?
 

curiouso9

Senior Member
Dec 6, 2010
446
40
sadly stuck on error while decompiling :(

Sony Xperia ZU stock 4.2.2 doedex
 

Attachments

  • smali.jpeg
    smali.jpeg
    113.4 KB · Views: 1,675

funky0308

Inactive Recognized Themer
Aug 27, 2012
7,029
5,681
Osijek
@DavidMKD
Mate, there's no need to patch framework.jar?

I'm asking for Xperia Z1

Tnx mate

Sent from my C6903 using Tapatalk
 
Last edited:

LilBlinx

Inactive Recognized Contributor
Jun 17, 2012
2,057
5,619
Skopje
Xiaomi Poco F3
@DavidMKD
Mate, there's no need to patch framework.jar?

I'm asking for Xperia Z1

Tnx mate

Sent from my C6903 using Tapatalk

@alinolaw71
I haven't tried this method on 4.3 and 4.4 so far because I don't own a phone that is capable of doing so. I think that there is no need to patch framework.jar on 4.3 because it is based on Jellybean, for 4.4, haven't tried.
 

mnashfaq

Senior Member
Jul 9, 2013
60
23
Kandy
baksmali manager.bat ?

Bro @DavidMKD,
Can you upload baksmali manager again? the zippyshare file is down.. it says "File does not exist on this server" :/ and I can't find a classes.dex file when using the other tool.. upload it again? :(
 

Top Liked Posts

  • There are no posts matching your filters.
  • 89
    In this post I’ll explain what is Superuser mod and how to enable it on your device. The Superuser mod disables the nasty signature verification for all apps. After applying this mod you can install apps with different signature like Xperia Z1 or newer Sony apps. Things that are needed in this process are the following:

    • Rooted device
    • Deodexed ROM (If you are using ODEXED ROM, just delete services.odex)
    • Services.jar from your device
    • Baksmali Manager; the one that I'm currently using and shown in this tutorial DOWNLOAD
    • Notepad++

    Step 1) Decompile Services.jar file

    You can pull the services.jar file via adb or using some file manager on phone. I recommend using ADB since it will be needed for the Baksmali app. Via ADB, type the command:
    Code:
    adb pull /system/framework/services.jar
    After you pulled the file successfully copy it and paste it in the baksmali folder. Now, follow the steps on how to decompiling the file.

    1. Open baksmali Manager.bat
    2. Press 4 (Select file to work) and then press Enter.
    3. Enter the number in which services.jar file is shown, in my case it's 3. Press 3 then Enter.
    4. After you selected the file, press 1 to Baksmali. Wait until it finishes.

    Step 2) Applying the MOD

    This is the part we've waiting for, disabling the signature check. Follow the steps.

    1. Go to the newly created services folder in the baksmali folder and enter this location; \com\android\server\pm\
    2. Search for a file called PackageManagerService.smali and open it with Notepad++
    3. Press CTRL+F and search for '.method static compareSignatures'
    4. You will see something similar to this:

    Code:
    .method static compareSignatures([Landroid/content/pm/Signature;[Landroid/content/pm/Signature;)I
        .registers 9
        .parameter "s1"
        .parameter "s2"
    
        .prologue
        .line 2284
        if-nez p0, :cond_8
    
        .line 2285
        if-nez p1, :cond_6
    
        const/4 v6, 0x1
    
        .line 2304
        :goto_5
        return v6
    
        .line 2285
        :cond_6
        const/4 v6, -0x1
    
        goto :goto_5
    
        .line 2289
        :cond_8
        if-nez p1, :cond_c
    
        .line 2290
        const/4 v6, -0x2
    
        goto :goto_5
    
        .line 2292
        :cond_c
        new-instance v3, Ljava/util/HashSet;
    
        invoke-direct {v3}, Ljava/util/HashSet;-><init>()V
    
        .line 2293
        .local v3, set1:Ljava/util/HashSet;,"Ljava/util/HashSet<Landroid/content/pm/Signature;>;"
        move-object v0, p0
    
        .local v0, arr$:[Landroid/content/pm/Signature;
        array-length v2, v0
    
        .local v2, len$:I
        const/4 v1, 0x0
    
        .local v1, i$:I
        :goto_14
        if-ge v1, v2, :cond_1e
    
        aget-object v5, v0, v1
    
        .line 2294
        .local v5, sig:Landroid/content/pm/Signature;
        invoke-virtual {v3, v5}, Ljava/util/HashSet;->add(Ljava/lang/Object;)Z
    
        .line 2293
        add-int/lit8 v1, v1, 0x1
    
        goto :goto_14
    
        .line 2296
        .end local v5           #sig:Landroid/content/pm/Signature;
        :cond_1e
        new-instance v4, Ljava/util/HashSet;
    
        invoke-direct {v4}, Ljava/util/HashSet;-><init>()V
    
        .line 2297
        .local v4, set2:Ljava/util/HashSet;,"Ljava/util/HashSet<Landroid/content/pm/Signature;>;"
        move-object v0, p1
    
        array-length v2, v0
    
        const/4 v1, 0x0
    
        :goto_26
        if-ge v1, v2, :cond_30
    
        aget-object v5, v0, v1
    
        .line 2298
        .restart local v5       #sig:Landroid/content/pm/Signature;
        invoke-virtual {v4, v5}, Ljava/util/HashSet;->add(Ljava/lang/Object;)Z
    
        .line 2297
        add-int/lit8 v1, v1, 0x1
    
        goto :goto_26
    
        .line 2301
        .end local v5           #sig:Landroid/content/pm/Signature;
        :cond_30
        invoke-virtual {v3, v4}, Ljava/util/HashSet;->equals(Ljava/lang/Object;)Z
    
        move-result v6
    
        if-eqz v6, :cond_38
    
        .line 2302
        const/4 v6, 0x0
    
        goto :goto_5
    
        .line 2304
        :cond_38
        const/4 v6, -0x3
    
        goto :goto_5
    .end method

    5. Shrink the whole method so it looks like this:

    FOR ANDROID LOWER THAN 4.4 (Donut, GingerBread, IceCreamSandwitch, All JellyBean versions, also there is a chance that will work on some KitKat ROMs if the second method doesn't work)

    Code:
    .method static compareSignatures([Landroid/content/pm/Signature;[Landroid/content/pm/Signature;)I
        .registers 9
    
        const/4 v0, 0x0
    
        return v0
    .end method

    FOR ANDROID HIGHER THAN 4.4 (including LolliPop, KitKat, M)

    Code:
    .method static compareSignatures([Landroid/content/pm/Signature;[Landroid/content/pm/Signature;)I
        .locals 11
        .param p0, "s1"    # [Landroid/content/pm/Signature;
        .param p1, "s2"    # [Landroid/content/pm/Signature;
    
        .prologue
        const/4 v7, 0x0
    
        .line 2934
        return v7
    .end method

    Now find

    Code:
     invoke-static {v4, v0}, Lcom/android/server/pm/PackageManagerService;->compareSignatures([Landroid/content/pm/Signature;[Landroid/content/pm/Signature;)I
    
        move-result v4
    
        if-nez v4, :cond_c
    
        .line 5572
        new-instance v4, Lcom/android/server/pm/PackageManagerException;
    
        const/16 v5, -0x13
    
        const-string v11, "Cannot install platform packages to user storage!"
    
        invoke-direct {v4, v5, v11}, Lcom/android/server/pm/PackageManagerException;-><init>(ILjava/lang/String;)V
    
        throw v4
    
        .line 5578
        .end local v89    # "s1":[Landroid/content/pm/Signature;
        :cond_c

    And include do the changes marked in red color

    Code:
    invoke-static {v4, v0}, Lcom/android/server/pm/PackageManagerService;->compareSignatures([Landroid/content/pm/Signature;[Landroid/content/pm/Signature;)I
    
        move-result v4
    
        [COLOR="Red"]if-eqz[/COLOR] v4, :cond_c
    
        .line 5572
        new-instance v4, Lcom/android/server/pm/PackageManagerException;
    
        const/16 v5, -0x13
    
        const-string v11, "Cannot install platform packages to user storage!"
    
        invoke-direct {v4, v5, v11}, Lcom/android/server/pm/PackageManagerException;-><init>(ILjava/lang/String;)V
    
        throw v4
    
        .line 5578
        .end local v89    # "s1":[Landroid/content/pm/Signature;
        :cond_c

    6. Save the changes.

    Step 3) Recompiling services.jar and pushing it back to system

    We've come to the last piece of the puzzle. This is a bit tricky part but I'll make it simple for you, I recommend backing up your services.jar file in case something goes wrong.

    1. Open baksmali again and choose services.jar as I previously explained.
    2. Press 2 to smali the current work in classes.dex file.
    3. In the baksmali folder you will find your services.jar and classes.dex file.
    4. Open services.jar file with WinRAR (you can use other software) and replace the new (modified) classes.dex file with the new classes.dex file in the archive.


    Capture.png


    5. Push the services.jar file using ADB or copy it to system/framework using file manager. The command for adb is:
    Code:
    adb push services.jar /system/framework/
    6. Set the permissions to rw- r-- r--
    7. Reboot your phone.
    8. Enjoy!

    Thanks to eybee1970 for making the Xperia T Superuser mod and helping in this awesome tutorial. Also thanks to serajr for the KitKat method
    7
    The guide has been updated with latest backsmali and smali and to include steps for every android version for all roms
    4
    Sorry for asking this but I must ask. Why you caled your mod "Superuser" ? Sorry, but why not for example Signature mod? I entered this thread since I thinked your mod is like Superuser from CM11 but I see now it was totaly diferent thing. Thats like calling an car aka Lada Niva on Motor Show with new name aka Mercedes AMG :( Please do not get me wrong, its just sugestion only!
    3
    @DavidMKD
    Mate, there's no need to patch framework.jar?

    I'm asking for Xperia Z1

    Tnx mate

    Sent from my C6903 using Tapatalk

    @alinolaw71
    I haven't tried this method on 4.3 and 4.4 so far because I don't own a phone that is capable of doing so. I think that there is no need to patch framework.jar on 4.3 because it is based on Jellybean, for 4.4, haven't tried.