Preserve original signature scheme v2, v3, v4 in modded APK

[ghost]

Is it possible the original signature scheme (APK Sig Block 42PK) hidden in the APK can be extracted for later use and put it back in APK again? just to make a modded APK with original signature (Modders usually call it an unsigned APK), in order to be able to login with Google for rooted devices with CorePatch module?

This is how it looks like in hex editor, it's at near the bottom, but I don't understand much how it works in hex

For example with preserving original signature:

1. Extract APK Sig Block 42PK as a file using APKEditor
2. Modify files in APK without decompiling. Some tools require APK modification, so just decompiling apk wouldn't work
3. Put back APK Sig Block 42PK block in APK using APKEditor

The problem with unsigned APK:
When making changes in an APK using ordinary zip utility like Winrar, it removes the (APK Sig Block 42PK) completely, breaking Google login on Android 9 and above because Android 9 expect signature scheme v2, v3, v4 (APK Sig Block 42PK). Android 8 and below ignores it and read signature scheme v1 (RSA, SF and MF files in META-INF). Also signature scheme v1 is getting deprecated, some APK doesn't come with v1 anymore

To install unsigned APK:
Install Xposed and CorePatch https://github.com/LSPosed/CorePatch

[REAndroid]

Interesting,

As on your hex dump just after "APK Sig Block 42PK" there are similar pattern hex bytes 01, 02, [... some block ...] {file-path}. I think this block is ApkSigningBlock. I guess this block holds check sum/digest of the signed files on the archive.

Can you reproduce this manually ? Like copy-paste this last hex bytes with hex editor

@Kirlif let's have your thoughts here

[ghost]

There are too many changes when a changes is made via zip utilities, so I don't think just copy-paste is a good idea

[Kirlif]

This idea was already used in the past when the v1 scheme was sufficient; requiring root and a modified android.jar to bypass signature verification, it was working great and easy to implement.

As far as I remember 'APK Sig Block 42' (magic) stands at the end of the signing block just before the central directory.
It should not be too difficult to recover the entire signing block, to write it in the archive with fixing the EOCD.
But maybe i'm going a little too far too fast :)

[AndnixSH]

[REAndroid]

I think I have the similar idea as well. Sadly some games block Google login these days because of missing signature scheme, just adding original META-INF is not enough. Can you guys automate this like exporting and importing signature scheme? I need this urgently

This is on progress at archive2

[REAndroid]

in case you didn't know, you can use apksig to analyze the logic of signature block https://android.googlesource.com/platform/tools/apksig/

Yes I am refereeing this class. I appreciate if you share your thoughts on which blocks should be copied/preserved in order to bypass google sign in, do you have any idea which specific block should be preserved ?

[REAndroid]

Yes copy pasting block don't work, you need to update also offsets.
Sig V3 will be a challenge bc it has digest of zip structure.
I am testing it right now, please share if you have apk for this purpose

[REAndroid]

Now dump and restore apk signature block is complete on ARSCLib.
Will update on APKEditor on coming days.

Check this commit

[REAndroid]

The implementation is just started here

[REAndroid]

Release with preserve APK Signature Block APKEditor-1.1.9

[REAndroid]

For now implemented on merge & decode options only.

However for your testing i make this build APKEditor-1.1.9-UPDATE-1.jar,

DUMP:
APKEditor-1.1.9-UPDATE-1.jar d -i your_file.apk -sig out_dir

RESTORE:
APKEditor-1.1.9-UPDATE-1.jar b -i your_file.apk -sig signatures_directory

[REAndroid]

Did you check APKEditor-1.1.9-UPDATE-1.jar ???