The dname extraction logic fails on some unconventional APK certs

[acordeonmorado]

Hello, i have a problem with this:

[!]failed to generate RSA key or also recompiling original project with backdoor, with others apk files.

apktool version 2.20 java version 1.8.0_102 I have 32 bit libraries ia32libs both files in usr/local/bin and are executable.

any solution?? Thanks anyway

[dana-at-cp]

@acordeonmorado Does this occur with a particular APK file or with all APK files on your system?

[acordeonmorado]

with all files, except a flash.apk (facebook)from aptoide. With the newest versions doesnt work. Thanks

[dana-at-cp]

@acordeonmorado Can you share your run.log file after one of these failures?

[meblack]

same problem here @dana-at-cp run.txt

[dana-at-cp]

@meblack Thanks for sharing your run.log file. Can you share the APK that you used as well?

I see this message in the run.log file that gives me some useful information:

dname value: Owner: O=Tree Co.
keytool error: java.io.IOException: Invalid keyword "OWNER: O"
Forcing cleanup due to a failure or error state!

[meblack]

@dana-at-cp thank for your response here is the link of apk for download http://dl.apktops.ir/games/2014/08/aftabe-v1.4.3-apktops.ir.apk

[dana-at-cp]

@meblack The existing code doesn't like the dname value in the original APK certificate.

root@kali:~/Android# keytool -printcert -jarfile aftabe-v1.4.3-apktops.ir.apk 
Signer #1:

Signature:

Owner: O=Tree Co.
Issuer: O=Tree Co.
Serial number: 1c69b056
Valid from: Fri Apr 04 03:51:57 EDT 2014 until: Tue Mar 29 03:51:57 EDT 2039
Certificate fingerprints:
     MD5:  E0:32:90:C8:EC:8A:88:A9:1C:DB:96:2A:15:EE:0B:E3
     SHA1: 19:BD:28:CD:66:62:C2:79:3B:71:AA:00:D0:A0:F9:6A:1B:76:41:C0
     SHA256: 54:2E:96:5E:3E:FA:0C:A3:9F:5F:AB:60:CE:ED:E5:39:AC:D9:58:D4:06:23:3D:E3:A2:C2:0D:B1:7B:A3:3F:9B
     Signature algorithm name: SHA256withRSA
     Version: 3

Extensions: 

#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 00 0A 71 FE 81 62 2D 61   69 B6 3C EB 88 80 28 11  ..q..b-ai.<...(.
0010: 82 E7 A2 C1                                        ....
]
]

root@kali:~/Android#

I know how to fix it and will get it done ASAP.

[polloditu]

Hi , first of all, thank you for sharing your talents. I don't know any programming but I have a natural skill for using reason and solving problems . So I will share an alternate solution for users and a suggestion for Dana

Looking at the log , I've found an error with the "dname" variable . The output looked something like this ..

dname= Owner: Name EMAIL=blah@bla CN=Anon Nymous, OU=Animation llc, O=Animation llc

Seems like it got mixed and the characters = and @ were not accepted as part of the name

I tried assigning a value to the dname variable myself by doing this

dname= CN=Anon Nymous, OU=Animation llc, O=Animation llc, L=New york, ST=New York, C=NY

But unfortunately I don't know any programming languages and THIS IS NOT the correct way to assign the value to that variable. So my solution was to stop the script right before the Signing Module and Signed it my self .

( For those who cannot wait for Dana to fix it )

1- Make a backup copy of the Backup-Apk.sh script in case you mess up 2- Delete all the signing and verifying modules ( from line 490 after " fi " ---> All the way to the line before the end ( right above exit 0 ) ... DO NOT delete " exit 0 " ... 3- Go to the dist folder and make a copy of the recompiled APK ( unsigned ) and paste it on the folder containing the keys or the tools your're going to use to sign it yourself 4- There are many tutorials on how to sign APK online , try to find the ones that already provide you with the key , signapk.jar and certificate.pem ( look for download link ) 5- You can also find many Signing Scripts on GitHub like this one ... https://github.com/appium/sign 6- Sign and Smile :)

For Dana

I think a quick fix to this issue would be

If value of dname is invalid , then assign a universal default value to the variable ( one that you know is going to work ) or simply have a premade key and certificate on your project folders and use those to sign these possible scenarios where the value of dname is invalid.

Thank you for this tool Dana ... I hope my comments can help your users as well as you ...

I think I would've been a good developer if I knew how to code ... :)

[dana-at-cp]

@polloditu Thanks for sharing your workaround; however, there is a proper fix on the 'develop' branch now. The fix will be part of the 0.1.8 release.

[dana-at-cp]

@acordeonmorado @meblack @polloditu This is now fixed in version 0.1.8 on the master branch.

[catosx]

on 1.0.9 can't Original dname value: CN=Adobe Systems Incorporated, OU=Adobe Reader, O=Adobe Systems Incorporated, L=San Jose, ST=California, C=US Original valid from line: Valid from: Tue May 04 18:00:23 UTC 2010 until: Sat Sep 19 18:00:23 UTC 2037 Original from date: Tue May 04 18:00:23 UTC 2010 Normalized from date: Tue May 04 18:00:23 2010 Original to date: Sat Sep 19 18:00:23 UTC 2037 Normalized to date: Sat Sep 19 18:00:23 2037 Value of from_date_str: 2010/05/04 18:00:23 Value of validity: 10000 keytool error: java.lang.Exception: Key pair not generated, alias already exists Retrying RSA key generation without original APK cert from date and validity values keytool error: java.lang.Exception: Key pair not generated, alias already exists Forcing cleanup due to a failure or error state!

• The apk using Adobe-reader Last Version.

[dana-at-cp]

@catosx Simple fix. Run the cleanup.sh script before you run backdoor-apk.sh again.