• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

[MOD][XPOSED] JAR Verification Spoofer

Search This thread

sweetlilmre

Member
Dec 27, 2006
26
19
Hi,

I've been doing some interesting reverse engineering work and came across this Xposed module:

http://forum.xda-developers.com/xposed/modules/xposed-disablesignaturecheck-t2783480 to disable signature checking.

This is a an awesome module, but didn't quite do what I needed in that I wanted to have the system believe that my patched APK was 100% original. To this end I built an Xposed module to spoof the JAR verification at a very low level, which allows for all sorts of interesting possibilities.

This is a research tool and should be used accordingly, as with any such subversion of system behaviour, this is not something you want to leave enabled!

I've added a UI based on the same mechanism of the DisableSignatureCheck module to enable / disable the spoofing behaviour.

The module source can be found on my GitHub page:
https://github.com/sweetlilmre/JARVerificationSpoofer

Comments and criticism are welcome, I hope that someone finds this useful.

-(e)
 
Last edited:

pyler

Senior Member
Jan 13, 2013
1,280
2,366
Awesome work!

@sweetlilmre I am developer of DisableSignatureCheck (now XInstaller) and it is open source. Maybe you would like contribute this feature to this module also?
 
Last edited:
  • Like
Reactions: CHEF-KOCH

Top Liked Posts

  • There are no posts matching your filters.
  • 7
    Hi,

    I've been doing some interesting reverse engineering work and came across this Xposed module:

    http://forum.xda-developers.com/xposed/modules/xposed-disablesignaturecheck-t2783480 to disable signature checking.

    This is a an awesome module, but didn't quite do what I needed in that I wanted to have the system believe that my patched APK was 100% original. To this end I built an Xposed module to spoof the JAR verification at a very low level, which allows for all sorts of interesting possibilities.

    This is a research tool and should be used accordingly, as with any such subversion of system behaviour, this is not something you want to leave enabled!

    I've added a UI based on the same mechanism of the DisableSignatureCheck module to enable / disable the spoofing behaviour.

    The module source can be found on my GitHub page:
    https://github.com/sweetlilmre/JARVerificationSpoofer

    Comments and criticism are welcome, I hope that someone finds this useful.

    -(e)
    2
    Thanks. I will try to send a pull request soon.
    1
    Hope you find it useful.
    1
    Source is on github.
    1
    Awesome work!

    @sweetlilmre I am developer of DisableSignatureCheck (now XInstaller) and it is open source. Maybe you would like contribute this feature to this module also?