search

Lanchon / haystack

Signature Spoofing Patcher for Android
GNU General Public License v3.0
234 stars 45 forks source link

'Verification timed out' when installing package with spoofed signature #19

Closed ViRb3 closed 6 years ago

ViRb3 commented 6 years ago

First of all I want to say incredible job on haystack and DexPatcher!!

I just applied the patches on my OnePlus 5T running OxygenOS (stock), Android 8.0. I ran your signature spoof test app and it confirmed that everything is working. I then proceeded to installing my target app (a PlayStore stub), which I modified to include the fake signature in the values resource, as well as the permission in AndroidManifest.xml. When installing the final APK, however, I get the following in logcat:

03-15 13:52:05.052: I/PackageManager(1410): Verification timed out for file:///data/app/vmdl887285932.tmp
03-15 13:52:05.053: I/PackageManager(1410): Continuing with installation of file:///data/app/vmdl887285932.tmp
03-15 13:52:05.177: W/PackageManager(1410): Package com.android.vending signatures do not match the previously installed version; ignoring!
03-15 13:52:05.177: W/PackageManager(1410): [ 03-15 13:52:05.194   976:  976 E/         ]
03-15 13:52:05.177: W/PackageManager(1410): Couldn't opendir /data/app/vmdl887285932.tmp: No such file or directory
03-15 13:52:05.194: E/installd(976): Failed to delete /data/app/vmdl887285932.tmp: No such file or directory
03-15 13:52:05.196: I/PackageManager(1410): error while grant permission
03-15 13:52:05.196: W/System.err(1410): java.lang.NullPointerException: Attempt to read from field 'android.content.pm.ApplicationInfo android.content.pm.PackageParser$Package.applicationInfo' on a null object reference
03-15 13:52:05.196: W/System.err(1410):     at com.android.server.pm.PackageManagerService$PackageHandler.doHandleMessage(PackageManagerService.java:1796)
03-15 13:52:05.196: W/System.err(1410):     at com.android.server.pm.PackageManagerService$PackageHandler.handleMessage(PackageManagerService.java:1536)
03-15 13:52:05.196: W/System.err(1410):     at android.os.Handler.dispatchMessage(Handler.java:105)
03-15 13:52:05.196: W/System.err(1410):     at android.os.Looper.loop(Looper.java:164)
03-15 13:52:05.196: W/System.err(1410):     at android.os.HandlerThread.run(HandlerThread.java:65)
03-15 13:52:05.196: W/System.err(1410):     at com.android.server.ServiceThread.run(ServiceThread.java:46)

Obviously the fake signature I added is the same as the APK currently installed on the device.

Am I doing anything wrong? Thanks!

Lanchon commented 6 years ago

sig spoof only alters the signature android attests of an app to other apps. android itself does not believe the fake signature, so app signing security continues to be enforced.

PM is rejecting the install:

03-15 13:52:05.177: W/PackageManager(1410): Package com.android.vending signatures do not match the previously installed version; ignoring!

you seem to have a legitimate play store installed and android is enforcing the same sig update rule. delete the vending app (possibly from system) then retry. you might want to use a tool for that, or at least delete its data and reboot.

ViRb3 commented 6 years ago

Got it, thank you!