I do research on methods to modify .apk
in order to add some protection. I understand that all protection code can be removed, but at least it will temporarily protect against auto-patches, for example, patches for the ApkEditor or MT Manager apps.
One of the cases to modify is the PmsHookApplication
class (example of detection), which becomes a proxy for the Application
class to hook calls to PackageManager.getPackageInfo
and returns the original signature. This works for older Android APIs. Since version 28+, the GET_SIGNATURES
flag has been deprecated, so the old version of the hook does not work for the new GET_SIGNING_CERTIFICATES
flag. Is there any successor to this method? I have not been able to find any new ways. If you know of any, please let me know. It would be helpful to know what "traces" are left after APK re-signing.
My question is connected with the PmsHookApplication
patch. It gets the signature from the META-INF/.RSA
file and returns it with the call to PackageManager.getPackageInfo
. However, when I migrate the signing scheme from version 1 to 2, files like .RSA
and .SF
, do not appear in the META-INF
folder of the apk archive.
signingConfigs {
release {
storeFile file('.jks')
storePassword ''
keyAlias ''
keyPassword ''
enableV1Signing false
enableV2Signing true
enableV3Signing true
}
}
On the other hand the apksigner
tool tells that the apk was signed successfully. In the scheme version 2, where is the new place to store the signature that can be read by hacker? Because he can do the same thing: hook and return original signature. Or has something changed and this method is no longer possible?
> apksigner verify --verbose app-name.apk
Verifies
Verified using v1 scheme (JAR signing): false
Verified using v2 scheme (APK Signature Scheme v2): true
Verified using v3 scheme (APK Signature Scheme v3): true
Verified using v3.1 scheme (APK Signature Scheme v3.1): false
Verified using v4 scheme (APK Signature Scheme v4): false
Verified for SourceStamp: false
Number of signers: 1
You need to sign in to view this answers