Closed kingp0dd closed 3 months ago
archon810
commented
3 months ago META-INF is only created/verified for APK signature v1 and v2. https://source.android.com/docs/security/features/apksigning/v2
v3 and above don't use META-INF anymore https://source.android.com/docs/security/features/apksigning/v3. We verify all signatures with the correct respective methods.
kingp0dd
commented
3 months ago Didn't know this, Thank you for teaching me!
On Thu, Mar 21, 2024 at 12:56 PM Artem Russakovskii < @.***> wrote:
META-INF is only created/verified for APK signature v1 and v2. https://source.android.com/docs/security/features/apksigning/v2
v3 and above don't use META-INF anymore https://source.android.com/docs/security/features/apksigning/v3. We verify all signatures with the correct respective methods.
— Reply to this email directly, view it on GitHub https://github.com/illogical-robot/apkmirror-public/issues/277#issuecomment-2011218435, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACGD6KSWJIPQMVZ4IGJNE53YZJR73AVCNFSM6AAAAABFARQF7SVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAMJRGIYTQNBTGU . You are receiving this because you authored the thread.Message ID: @.***>
kingp0dd
commented
3 months ago BTW, how are Certs read from V3? The following gives me an error:
$ apksigner verify --print-certs -v com.google.android.apps.walletnfcrel_24.8.612478558-931177943_minAPI24(arm64-v8a)(nodpi)_apkmirror.com\ (1).apk
DOES NOT VERIFY ERROR: APK Signature Scheme v3 signers supported min/max SDK versions do not cover the entire desired range. Found min: 24 max 32 WARNING: APK Signature Scheme v3 signer #1: Unknown additional attribute: ID 0x559f8b02
archon810
commented
3 months ago I believe you may need to pass some min or max or both params to the apksigner call for it to work properly in some cases, like this one.
kingp0dd
commented
3 months ago thanks again for your wisdom
On Thu, Mar 21, 2024 at 2:21 PM Artem Russakovskii @.***> wrote:
I believe you may need to pass some min or max or both params to the apksigner call for it to work properly in some cases, like this one.
— Reply to this email directly, view it on GitHub https://github.com/illogical-robot/apkmirror-public/issues/277#issuecomment-2011299291, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACGD6KVX3CGZJG3F3OBPEWLYZJ36HAVCNFSM6AAAAABFARQF7SVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAMJRGI4TSMRZGE . You are receiving this because you authored the thread.Message ID: @.***>
kingp0dd
commented
3 months ago I'm still having no luck.
apksigner verify --min-sdk-version 1 --max-sdk-version 32 --print-certs com.google.android.apps.walletnfcrel_2 4.10.616896757-931225767_minAPI24(arm64-v8a)(nodpi)_apkmirror.com.apk DOES NOT VERIFY ERROR: Missing META-INF/MANIFEST.MF WARNING: APK Signature Scheme v3 signer #1: Unknown additional attribute: ID 0x559f8b02
edit: i will check --max-sdk-version 34, maybe i don't have it
kingp0dd
commented
3 months ago i used the latest apksigner from SDK 34, but it's sitll not seeing the certificate:
/tmp/apk/build-tools/34.0.0$ ./apksigner verify --min-sdk-version 1 --max-sdk-version 34 --print-certs /tmp/apk/com.google.android.apps.walletnfcrel_24.10.616896757-931225767_minAPI24(arm64-v8a)(nodpi)_apkmirror.com.apk DOES NOT VERIFY ERROR: Missing META-INF/MANIFEST.MF
kingp0dd
commented
3 months ago This worked:
./apksigner verify --min-sdk-version 34 --max-sdk-version 34 --print-certs /tmp/apk/com.google.android.apps.walletnfcrel_24.10.616896757-931225767_minAPI24(arm64-v8a)(nodpi)_apkmirror.com.apk Signer (minSdkVersion=33, maxSdkVersion=2147483647) certificate DN: CN=Android, OU=Android, O=Google Inc., L=Mountain View, ST=California, C=US Signer (minSdkVersion=33, maxSdkVersion=2147483647) certificate SHA-256 digest: 77bd897c29730203a548d591a0783e08626c2a54bc22c80ea47ed8863697380c Signer (minSdkVersion=33, maxSdkVersion=2147483647) certificate SHA-1 digest: 4fec384b04037b94491dd1841e55272d728262ac Signer (minSdkVersion=33, maxSdkVersion=2147483647) certificate MD5 digest: 755070c484fc2235808dd411f4c762c9 Signer (minSdkVersion=24, maxSdkVersion=32) certificate DN: CN=Google NFC, OU=Android, O=Google Inc., L=Mountain View, ST=California, C=US Signer (minSdkVersion=24, maxSdkVersion=32) certificate SHA-256 digest: 1d47e51f53eb11c38b699400f518bdb6d6d27a1d61cc51e2a69ea828c3a2dbe8 Signer (minSdkVersion=24, maxSdkVersion=32) certificate SHA-1 digest: 82759e2db43f9ccbafce313bc674f35748fabd7a Signer (minSdkVersion=24, maxSdkVersion=32) certificate MD5 digest: c9e97121255de0156f3f5b24b1a8476a Source Stamp Signer certificate DN: CN=Android, OU=Android, O=Google Inc., L=Mountain View, ST=California, C=US Source Stamp Signer certificate SHA-256 digest: 3257d599a49d2c961a471ca9843f59d341a405884583fc087df4237b733bbd6d Source Stamp Signer certificate SHA-1 digest: b1af3a0bf998aeede1a8716a539e5a59da1d86d6 Source Stamp Signer certificate MD5 digest: 577b8a9fbc7e308321aec6411169d2fb
Expected behavior
Certificate located in META-INF
Actual behavior
No Certificate file inside META-INF I only looked at the last 3 versions as of date of writing
Steps to reproduce the problem
unzip com.google.android.apps.walletnfcrel_24.6.608672379-931132727_minAPI24(arm64-v8a)(nodpi)_apkmirror.com.apk -d dir2