Search This thread

CNexus

Senior Member
May 17, 2012
9,009
13,993
~/android
Now there are guides out there that will disable signature checking (such as THIS one)

But no guides (as far as I know) show you how to FULLY disable signature checking...including for user apps that have been modified and so had their original signatures broken

Here I will show you how to do just that :good:

Let's get started.


You will need the following:
  • core.jar from your rom (use core-libart.jar if you are on Lollipop)
  • services.jar
  • apktool/baksmali+smali

[SIZE=+1]Part 1: Allows installing apps with broken/mismatched signatures [/SIZE]
[SIZE=+1]Modding core.jar (or core-libart.jar if on Lollipop)[/SIZE]
  • Decompile core.jar and navigate to java/security
  • Open MessageDigest.smali and find the following method
    Code:
    .method public static isEqual([B[B)Z
  • At the beginning you will find code like this:
    Code:
        const/4 v1, [color=red]0x0[/color]
    
        array-length v2, p0

    Change the 0x0 to 0x1 so that it becomes

    Code:
        const/4 v1, [color=blue]0x1[/color]
    
        array-length v2, p0
  • Now save and close MessageDigest.smali
  • In the same directory, open Signature.smali
  • Find the method
    Code:
    .method public final verify([B)Z
  • Find this code at the very end of the method:
    Code:
        invoke-virtual {p0, p1}, Ljava/security/SignatureSpi;->engineVerify([B)Z
    
        [color=red]move-result v0[/color]
    
        return v0

    Change the move-result v0 to the following:

    Code:
        invoke-virtual {p0, p1}, Ljava/security/SignatureSpi;->engineVerify([B)Z
    
        [color=blue]const/4 v0, 0x1[/color]
    
        return v0
  • Now find the method
    Code:
    .method public final verify([BII)Z
  • Scroll to the end of the method and find this code:
    Code:
        invoke-virtual {p0, p1, p2, p3}, Ljava/security/SignatureSpi;->engineVerify([BII)Z
    
        [color=red]move-result v0[/color]
    
        return v0

    And replace it with this:

    Code:
        invoke-virtual {p0, p1, p2, p3}, Ljava/security/SignatureSpi;->engineVerify([BII)Z
    
        [color=blue]const/4 v0, 0x1[/color]
    
        return v0
  • Now save and close Signature.smali
  • Recompile core.jar (core-libart.jar for Lollipop)

[SIZE=+1]Now move on to step 2[/SIZE]
 
Last edited:

CNexus

Senior Member
May 17, 2012
9,009
13,993
~/android
[SIZE=+1]Part 2: Allows installing older versions on top of newer versions[/SIZE]

[SIZE=+1]Modding services.jar[/SIZE]
  • Decompile services.jar and navigate to com\android\server\pm
  • Open PackageManagerService$InstallParams.smali and find the following method
    Code:
    .method private installLocationPolicy(Landroid/content/pm/PackageInfoLite;I)I
  • Scroll down until you find code that looks like the following
    Code:
        if-nez v7, :cond_1
    
        iget v7, p1, Landroid/content/pm/PackageInfoLite;->versionCode:I
    
        iget v8, v3, Landroid/content/pm/PackageParser$Package;->mVersionCode:I
    
        [color=red]if-ge v7, v8, :cond_1[/color]
    
        const-string v4, "PackageManager"
    
        new-instance v5, Ljava/lang/StringBuilder;
    
        invoke-direct {v5}, Ljava/lang/StringBuilder;->()V
    
        const-string v7, "Can\'t install update of "

    And change the highlighted part above to this (register numbers may vary, but just make sure that you change it to if-ge vXX, vXX)

    Code:
       if-nez v7, :cond_1
    
        iget v7, p1, Landroid/content/pm/PackageInfoLite;->versionCode:I
    
        iget v8, v3, Landroid/content/pm/PackageParser$Package;->mVersionCode:I
    
        [color=blue]if-ge v8, v8, :cond_1[/color]
    
        const-string v4, "PackageManager"
    
        new-instance v5, Ljava/lang/StringBuilder;
    
        invoke-direct {v5}, Ljava/lang/StringBuilder;->()V
    
        const-string v7, "Can\'t install update of "
  • Recompile services.jar. This is conjunction with disabling signature checking in services.jar (shown here for example) allows you to FULLY disable ALL app verification. Mod away :victory:

[SIZE=+1]Note that this mod also lets you install unsigned versions over other current versions, as well as installing older versions on top of newer versions of an app[/SIZE]
 
Last edited:

Flashalot

Senior Member
Jun 7, 2012
2,463
2,668
Chicago
yda3y9y3.jpg
 

marcran75

Senior Member
Jul 22, 2013
1,318
1,561
Syracuse,NY
Just updated to TW 4.4.2 and am wondering if this method would help with Google Play Services not playing nicely with some of my TBO themed apps?

Sent from my SPH-L710 using XDA Premium 4 mobile app
 

Thebear j koss

Senior Member
  • Oct 24, 2012
    12,330
    21,043
    NYC
    www.designrifts.com
    Just updated to TW 4.4.2 and am wondering if this method would help with Google Play Services not playing nicely with some of my TBO themed apps?

    Sent from my SPH-L710 using XDA Premium 4 mobile app

    Nope. It's caused by something in Google itself. Signatures are an easy fix as most of the time original signatures are used. The problem lies between gmail and the new updated Google settings.

    [email protected]'$ [email protected]@XY- eliminate white backgrounds and any form of ics/holo blue.
     

    TechBurner

    Senior Member
    Jul 11, 2012
    588
    662
    Delhi
    techburner.in
    Mod updated...accidentally left out the second part :silly:
    @tdunham @Chad The Pathfinder...if you guys have already implemented, sorry but add the second part :eek:

    Hello Sir i have a problem with lewa rom.
    When i try this method http://forum.xda-developers.com/showthread.php?t=1698352
    my phone starts to bootloop and as you mentioned in the second part there is no such code that matches in the method
    Here is the method
    Code:
    .method private installLocationPolicy(Landroid/content/pm/PackageInfoLite;I)I
        .locals 8
        .parameter "pkgLite"
        .parameter "flags"
    
        .prologue
        const/4 v5, 0x2
    
        const/4 v4, 0x1
    
        .line 5949
        iget-object v2, p1, Landroid/content/pm/PackageInfoLite;->packageName:Ljava/lang/String;
    
        .line 5950
        .local v2, packageName:Ljava/lang/String;
        iget v0, p1, Landroid/content/pm/PackageInfoLite;->installLocation:I
    
        .line 5951
        .local v0, installLocation:I
        and-int/lit8 v6, p2, 0x8
    
        if-eqz v6, :cond_34
    
        move v1, v4
    
        .line 5953
        .local v1, onSd:Z
        :goto_b
        iget-object v6, p0, Lcom/android/server/pm/PackageManagerService$InstallParams;->this$0:Lcom/android/server/pm/PackageManagerService;
    
        iget-object v6, v6, Lcom/android/server/pm/PackageManagerService;->mPackages:Ljava/util/HashMap;
    
        monitor-enter v6
    
        .line 5954
        :try_start_10
        iget-object v7, p0, Lcom/android/server/pm/PackageManagerService$InstallParams;->this$0:Lcom/android/server/pm/PackageManagerService;
    
        iget-object v7, v7, Lcom/android/server/pm/PackageManagerService;->mPackages:Ljava/util/HashMap;
    
        invoke-virtual {v7, v2}, Ljava/util/HashMap;->get(Ljava/lang/Object;)Ljava/lang/Object;
    
        move-result-object v3
    
        check-cast v3, Landroid/content/pm/PackageParser$Package;
    
        .line 5955
        .local v3, pkg:Landroid/content/pm/PackageParser$Package;
        if-eqz v3, :cond_46
    
        .line 5956
        and-int/lit8 v7, p2, 0x2
    
        if-eqz v7, :cond_56
    
        .line 5958
        iget-object v7, v3, Landroid/content/pm/PackageParser$Package;->applicationInfo:Landroid/content/pm/ApplicationInfo;
    
        iget v7, v7, Landroid/content/pm/ApplicationInfo;->flags:I
    
        and-int/lit8 v7, v7, 0x1
    
        if-eqz v7, :cond_3b
    
        .line 5959
        if-eqz v1, :cond_36
    
        .line 5960
        const-string v4, "PackageManager"
    
        const-string v5, "Cannot install update to system app on sdcard"
    
        invoke-static {v4, v5}, Landroid/util/Slog;->w(Ljava/lang/String;Ljava/lang/String;)I
    
        .line 5961
        const/4 v4, -0x3
    
        monitor-exit v6
    
        .line 5994
        :goto_33
        return v4
    
        .line 5951
        .end local v1           #onSd:Z
        .end local v3           #pkg:Landroid/content/pm/PackageParser$Package;
        :cond_34
        const/4 v1, 0x0
    
        goto :goto_b
    
        .line 5963
        .restart local v1       #onSd:Z
        .restart local v3       #pkg:Landroid/content/pm/PackageParser$Package;
        :cond_36
        monitor-exit v6
    
        goto :goto_33
    
        .line 5988
        .end local v3           #pkg:Landroid/content/pm/PackageParser$Package;
        :catchall_38
        move-exception v4
    
        monitor-exit v6
        :try_end_3a
        .catchall {:try_start_10 .. :try_end_3a} :catchall_38
    
        throw v4
    
        .line 5965
        .restart local v3       #pkg:Landroid/content/pm/PackageParser$Package;
        :cond_3b
        if-eqz v1, :cond_40
    
        .line 5967
        :try_start_3d
        monitor-exit v6
    
        move v4, v5
    
        goto :goto_33
    
        .line 5970
        :cond_40
        if-ne v0, v4, :cond_44
    
        .line 5972
        monitor-exit v6
    
        goto :goto_33
    
        .line 5973
        :cond_44
        if-ne v0, v5, :cond_4b
    
        .line 5988
        :cond_46
        monitor-exit v6
    
        .line 5991
        if-eqz v1, :cond_59
    
        move v4, v5
    
        .line 5992
        goto :goto_33
    
        .line 5977
        :cond_4b
        #calls: Lcom/android/server/pm/PackageManagerService;->isExternal(Landroid/content/pm/PackageParser$Package;)Z
        invoke-static {v3}, Lcom/android/server/pm/PackageManagerService;->access$2000(Landroid/content/pm/PackageParser$Package;)Z
    
        move-result v7
    
        if-eqz v7, :cond_54
    
        .line 5978
        monitor-exit v6
    
        move v4, v5
    
        goto :goto_33
    
        .line 5980
        :cond_54
        monitor-exit v6
    
        goto :goto_33
    
        .line 5985
        :cond_56
        const/4 v4, -0x4
    
        monitor-exit v6
        :try_end_58
        .catchall {:try_start_3d .. :try_end_58} :catchall_38
    
        goto :goto_33
    
        .line 5994
        :cond_59
        iget v4, p1, Landroid/content/pm/PackageInfoLite;->recommendedInstallLocation:I
    
        goto :goto_33
    .end method
    I dont know how to take logcat when phone is bootlooping so i am sorry for that but i hope that you can help me.
     

    Top Liked Posts

    • There are no posts matching your filters.
    • 36
      Now there are guides out there that will disable signature checking (such as THIS one)

      But no guides (as far as I know) show you how to FULLY disable signature checking...including for user apps that have been modified and so had their original signatures broken

      Here I will show you how to do just that :good:

      Let's get started.


      You will need the following:
      • core.jar from your rom (use core-libart.jar if you are on Lollipop)
      • services.jar
      • apktool/baksmali+smali

      [SIZE=+1]Part 1: Allows installing apps with broken/mismatched signatures [/SIZE]
      [SIZE=+1]Modding core.jar (or core-libart.jar if on Lollipop)[/SIZE]
      • Decompile core.jar and navigate to java/security
      • Open MessageDigest.smali and find the following method
        Code:
        .method public static isEqual([B[B)Z
      • At the beginning you will find code like this:
        Code:
            const/4 v1, [color=red]0x0[/color]
        
            array-length v2, p0

        Change the 0x0 to 0x1 so that it becomes

        Code:
            const/4 v1, [color=blue]0x1[/color]
        
            array-length v2, p0
      • Now save and close MessageDigest.smali
      • In the same directory, open Signature.smali
      • Find the method
        Code:
        .method public final verify([B)Z
      • Find this code at the very end of the method:
        Code:
            invoke-virtual {p0, p1}, Ljava/security/SignatureSpi;->engineVerify([B)Z
        
            [color=red]move-result v0[/color]
        
            return v0

        Change the move-result v0 to the following:

        Code:
            invoke-virtual {p0, p1}, Ljava/security/SignatureSpi;->engineVerify([B)Z
        
            [color=blue]const/4 v0, 0x1[/color]
        
            return v0
      • Now find the method
        Code:
        .method public final verify([BII)Z
      • Scroll to the end of the method and find this code:
        Code:
            invoke-virtual {p0, p1, p2, p3}, Ljava/security/SignatureSpi;->engineVerify([BII)Z
        
            [color=red]move-result v0[/color]
        
            return v0

        And replace it with this:

        Code:
            invoke-virtual {p0, p1, p2, p3}, Ljava/security/SignatureSpi;->engineVerify([BII)Z
        
            [color=blue]const/4 v0, 0x1[/color]
        
            return v0
      • Now save and close Signature.smali
      • Recompile core.jar (core-libart.jar for Lollipop)

      [SIZE=+1]Now move on to step 2[/SIZE]
      29
      [SIZE=+1]Part 2: Allows installing older versions on top of newer versions[/SIZE]

      [SIZE=+1]Modding services.jar[/SIZE]
      • Decompile services.jar and navigate to com\android\server\pm
      • Open PackageManagerService$InstallParams.smali and find the following method
        Code:
        .method private installLocationPolicy(Landroid/content/pm/PackageInfoLite;I)I
      • Scroll down until you find code that looks like the following
        Code:
            if-nez v7, :cond_1
        
            iget v7, p1, Landroid/content/pm/PackageInfoLite;->versionCode:I
        
            iget v8, v3, Landroid/content/pm/PackageParser$Package;->mVersionCode:I
        
            [color=red]if-ge v7, v8, :cond_1[/color]
        
            const-string v4, "PackageManager"
        
            new-instance v5, Ljava/lang/StringBuilder;
        
            invoke-direct {v5}, Ljava/lang/StringBuilder;->()V
        
            const-string v7, "Can\'t install update of "

        And change the highlighted part above to this (register numbers may vary, but just make sure that you change it to if-ge vXX, vXX)

        Code:
           if-nez v7, :cond_1
        
            iget v7, p1, Landroid/content/pm/PackageInfoLite;->versionCode:I
        
            iget v8, v3, Landroid/content/pm/PackageParser$Package;->mVersionCode:I
        
            [color=blue]if-ge v8, v8, :cond_1[/color]
        
            const-string v4, "PackageManager"
        
            new-instance v5, Ljava/lang/StringBuilder;
        
            invoke-direct {v5}, Ljava/lang/StringBuilder;->()V
        
            const-string v7, "Can\'t install update of "
      • Recompile services.jar. This is conjunction with disabling signature checking in services.jar (shown here for example) allows you to FULLY disable ALL app verification. Mod away :victory:

      [SIZE=+1]Note that this mod also lets you install unsigned versions over other current versions, as well as installing older versions on top of newer versions of an app[/SIZE]
      6
      Mod updated...accidentally left out the second part :silly:
      @tdunham @Chad The Pathfinder...if you guys have already implemented, sorry but add the second part :eek:
      5
      Nice. Did your brain explode today from all the genius it possessed? Lol. May give this a try tomorrow. Hangouts update killed me...

      [email protected]'$ [email protected]@XY- eliminate white backgrounds and any form of ics/holo blue.
      3
      Mod updated...accidentally left out the second part :silly:
      @tdunham @Chad The Pathfinder...if you guys have already implemented, sorry but add the second part :eek:

      2 parts? This is getting out of hand. Lol

      [email protected]'$ [email protected]@XY- eliminate white backgrounds and any form of ics/holo blue.
    Our Apps
    Get our official app!
    The best way to access XDA on your phone
    Nav Gestures
    Add swipe gestures to any Android
    One Handed Mode
    Eases uses one hand with your phone