4

The basic steps for editing a system APK:

  1. Make a backup of the APK.
  2. Decompile working APK.
  3. Makes changes.
  4. Recompile working APK.
  5. Copy/paste both the META-INF folder and AndroidManifest.xml from the backup APK (which was never decompiled) into the recompiled working APK. Done!

META-INF contains the signature: that makes sense. But, what is the purpose of AndroidManifest.xml in retaining the original signature? I have tested this myself and Android would not load the APK with a recompiled AndroidManifest.xml (i.e. not an original AndroidManifest.xml).

Many guides state the necessity of copying both META-INF and AndroidManfest.xml from the original APK to the modded APK.

The closest answer I have found is that recompiling corrupts the AndroidManifest.xml (see http://rootzwiki.com/topic/268-guide-newbies-how-to-port-themes/), but I compared an original and post-recompiling AndroidManifest.XML and they're identical (says WinMerge and they have identical MD5 and SHA1 hashes). Another individual (http://miuiandroid.com/community/threads/q-remove-miui-torch-app.16013/) speculates that META-INF and AndroidManifest.xml are somehow tied to each other.

Everyone does this, but does anyone know why?

ikjadoon
  • 143
  • 1
  • 5

1 Answers1

1

When verifying a system APK, Android checks the signature of a subset of the files in the APK to ensure that they haven't been tampered with. These files include AndroidManifest.xml, classes.dex, and others. If the SHA-1 digests (stored in META-INF/MANIFEST.MF and META-INF/CERT.SF) of the original files don't match the digests of the files in the modified APK, then Android will refuse to load the APK.

acj
  • 4,821
  • 4
  • 34
  • 49
  • Thanks for the answer! :) However, I checked the SHA1 of both the original AndroidManifest.xml and the one after I recompiled: they were identical! And many of the guides I've looked at that ask to copy AndroidManifest.xml don't explicitly modify AndroidManifest.xml. Is it your understanding that it can be modified (i.e. change its SHA1 digest) even if a user does not directly open it? – ikjadoon Jan 27 '13 at 04:12
  • If you're seeing identical digests (but different behavior) before and after recompiling, then the difference must lie elsewhere. Have you tried comparing the original contents of `META_INF` against the contents from your modified APK? Are your tools automatically updating the digests in `CERT.SF` when you rebuild the APK? – acj Jan 27 '13 at 04:37
  • 1
    Both META-INF folders are identical: CERT.SF, CERT.RSA, and MANIFEST.MF. :/ When zipped, the hashes are different between the two--but that may be a difference in dictionary words when archiving. I'm unsure if the digests are being updated in CERT.SF, but they should be identical, right? They are, either way... I'm using an IDE, Virtuous Ten Studios. Currently, it only adds back the original META-INF folder, but that isn't enough. Let me try to manually re-add the AndroidManifest.XML to my modded SystemUI.apk and confirm that that is exactly the issue. – ikjadoon Jan 27 '13 at 19:44
  • Hmph! I replaced both the AndroidManifest.XML and META-INF folder myself and it worked perfectly! The APK loaded perfectly...what is it?! – ikjadoon Jan 27 '13 at 20:43
  • Just to recap: If I understand correctly, using VTS to repackage the APK (which only preserves `META-INF`) doesn't work. But repackaging the APK manually and preserving *both* `META-INF` and `AndroidManifest.xml` works fine. We know that `AndroidManifest.xml` is unchanged. Do you see *any* differences (however small) between any of the files inside of `META-INF` after VTS repackages them? Separately, if you repackage manually and preserve only `META-INF` (but not `AndroidManifest.xml`), what happens? – acj Jan 28 '13 at 03:27
  • 1
    You're understanding is perfect. I discovered this, yesterday, though! [AndroidManifest.XML _is_ modified!](http://www.prntscr.com/qnjb9) I have no idea how, but the modified dates are different here! Does it happen sometimes, maybe? I'm unsure if hashes take into account different modified dates. -- I checked the META-INF folder: same hashes for all three files. :( When zipped as the entire folder, it's different, but that may be a dictionary word choice difference in compression. Thank you hugely for your help; it's helped me a lot. I've sent this info to the VTS developer, too! :) – ikjadoon Jan 28 '13 at 22:26
  • That's a good observation. It's possible that Android checks the modification date (as well as the contents) of each file. I'll dig into the code to check this if I get some time. If you hear back from the VTS developers, please post an update. Cheers! – acj Jan 29 '13 at 22:13
  • Yes, I was surprised when I found it, too! Sure: the code won't tell lies, hehe. :D Sounds good, mate. Cheers! :D – ikjadoon Jan 30 '13 at 05:58
  • This is uber-old, but we never figured it out. VTS now just automatically copies both from the original into the modified! – ikjadoon Jun 27 '13 at 19:13
  • @IbrahimKhanJadoon: maybe I'm missing something, but how can `META-INF` be identical before and after changes ? At least `classes.dex` will change, hence it's SHA-1 will change too. Doesn't installer verify this ? – Alexander Malakhov Jul 04 '13 at 07:11
  • Yes, I also do not understand why the signature (i.e., META-INF) would not recognize that what it is signing has changed! As a signature mechanism, it seems a little weak. – ikjadoon Jul 05 '13 at 00:11