redongh
commented
6 years ago follow-up:
after trying to re-sign the apk with an own key (generated with keytool -genkey [...] -keyalg RSA [...]) through jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 [...] did for some (to me) weird reason not work as META-INF/CERT.RSA still was of type Signature Algorithm: sha256WithRSAEncryption while my META-INF/REL.RSA was indeed of type Signature Algorithm: sha1WithRSAEncryption.
Sidenote: info about the .RSA files obtained from openssl pkcs7 -in <filename>.RSA -inform DER -print_certs | openssl x509 -text -noout
so finally i ended up installing the (original) .apk though Lucky Patcher (Toolbox -> 'Patch to Android' -> 'Signature Verifikation Status always true' + 'Disable .apk Signature Verification' + 'only patch Dalvik Cache' set) which allows the installation of .apks without verifying signatures. this is of course a rather dirty workaround but might be helpful to someone ;)
important: dev-wise i'm quite a novice to android, please bear with me if i'm wrong!
while trying to get this surrogate-module (v1.1b5) to work within xposed on my good ol' samsung galaxy SII Plus (GT-I9105P) running stock-android 4.2.2 (rooted of course ;) ) i experienced troubles during the installation of
net.csu333.surrogate_v1_c38fdf.apkthrough adb as this yieldsFailure [INSTALL_PARSE_FAILED_NO_CERTIFICATES].to me this appears to be an issue with the apk's signature, so i used
uber-apk-signer(link) to verify the sig by issueing$ java -jar uber-apk-signer-0.8.0.jar -a ./net.csu333.surrogate_v1_c38fdf.apk -y --verbosewhich in turn yields in:guessing from this output i'd say that the apk is signed in a way where it cannot be used on older (ICS, 4.2.2, ...) devices. should users on such devices re-sign the apk or am i possibly the only one still using 4.2.2?