aimardcr
commented
2 years ago I have been thinking about it and I will find an idea for this, but because of this i also need to remake the APKSignReader tool to adapt to the newest source.
Closed timscriptov closed 1 year ago
aimardcr
commented
2 years ago I have been thinking about it and I will find an idea for this, but because of this i also need to remake the APKSignReader tool to adapt to the newest source.
jbro129
commented
2 years ago I have been thinking about it and I will find an idea for this, but because of this i also need to remake the APKSignReader tool to adapt to the newest source.
You could look into ApkSignatureKiller to see how you could implement this. The only problem is that many apps/games use techniques such as SignatureVerificationDemo which ApkSignatureKiller does not work against. ApkSignatureKiller stops the app from being able to detect invalid signatures via java, but fails when the checks are being done natively.
aimardcr
commented
2 years ago I've take a look at SignatureVerificationDemo and APKKiller should bypass it too, i have been working on a new system for storing signature outside lib.
aimardcr
commented
2 years ago Please check latest commit, now APKKiller is using BinaryReader to decode target app signatures in the APKKiller.java
The data are formatted into Base64, which consist these following structure:
struct SignData {
int size;
byte sign[size];
};
struct data {
int signCount;
SignData signData[signCount];
};Please let me know if it works fine for you.
Edit: Use APKSignReader to get the Base64 format from the target app.
If possible, move the hash to the dex , manifest or assets... To avoid compiling C++ code every time