feat: Add Spoof app signature patch
#5158
Conversation
|
By patch you can read the app manifest forvm the signature. Please try that |
Only in signature version below 3 (there are 4 different versions how to sign an apk by now). Try to look into the youtube.apk, you will notice no certs in META-INF (it uses version 3) If I had missed something, let me know Site note: the source stamp which exists in the apk root is something entirely different than the signer certificate |
|
In this case add a patch option to manually input the signature for the patch |
In addition or as replacement? |
|
I dont know what you mean by in addition but if v4 cant be obtained from inside a patch, you can still ask user to manually input it in a patch option |
MarkusTieger
force-pushed
the
spoof_signature
branch
2 times, most recently
from
793c0f2 to
b112417
Compare
MarkusTieger
changed the title
MarkusTieger
changed the title
Nuckyz
changed the title
Nuckyz
changed the title
patches/src/main/kotlin/app/revanced/patches/all/misc/spoof/SignatureSpoofPatch.kt
Outdated
Show resolved
Hide resolved
LisoUseInAIKyrios
changed the title
Spoof app signature patch
patches/src/main/kotlin/app/revanced/patches/all/misc/spoof/SignatureSpoofPatch.kt
Outdated
Show resolved
Hide resolved
MarkusTieger
force-pushed
the
spoof_signature
branch
2 times, most recently
from
e0407aa to
8752d06
Compare
patches/src/main/kotlin/app/revanced/patches/all/misc/spoof/SignatureSpoofPatch.kt
Show resolved
Hide resolved
patches/src/main/kotlin/app/revanced/patches/all/misc/spoof/BaseSignatureSpoofPatch.kt
Outdated
Show resolved
Hide resolved
patches/src/main/kotlin/app/revanced/patches/all/misc/spoof/SignatureSpoofPatch.kt
Outdated
Show resolved
Hide resolved
patches/src/main/kotlin/app/revanced/patches/all/misc/spoof/SignatureSpoofPatch.kt
Outdated
Show resolved
Hide resolved
patches/src/main/kotlin/app/revanced/patches/all/misc/spoof/SignatureSpoofPatch.kt
Show resolved
Hide resolved
patches/src/main/kotlin/app/revanced/patches/all/misc/spoof/SignatureSpoofPatch.kt
Outdated
Show resolved
Hide resolved
MarkusTieger
force-pushed
the
spoof_signature
branch
from
8752d06 to
dde4931
Compare
patches/src/main/kotlin/app/revanced/patches/all/misc/spoof/SignatureSpoofPatch.kt
Outdated
Show resolved
Hide resolved
MarkusTieger
force-pushed
the
spoof_signature
branch
from
dde4931 to
708a867
Compare
|
Yes a fix is needed. |
|
It might be proguard stripping away the library. Try running a full release (proguard is run there) and the issue may show up with using CLI tools. |
It probably doesn't get shaded in and only works, because the exact same lib is present in https://github.com/ReVanced/revanced-library, used by revanced-cli. |
Should I try to shade the dependency in or should I rather declare "apksig" as dependency that has to be present unobfuscated all the time? |
|
@oSumAtrIX what do you think? |
| } catch (_: IOException) { | ||
| } catch (_: InvalidPathException) { | ||
| } catch (_: ApkFormatException) { | ||
| } catch (_: NoSuchAlgorithmException) { | ||
| } catch (_: IllegalArgumentException) {} |
There was a problem hiding this comment.
Shouldve just used runCatching { }
| val manifest = document.getNode("manifest") as Element | ||
|
|
||
| val fakeSignaturePermission = document.createElement("uses-permission") | ||
| fakeSignaturePermission.setAttribute("android:name", "android.permission.FAKE_PACKAGE_SIGNATURE") |
|
|
||
| val fakeSignaturePermission = document.createElement("uses-permission") | ||
| fakeSignaturePermission.setAttribute("android:name", "android.permission.FAKE_PACKAGE_SIGNATURE") | ||
| manifest.appendChild(fakeSignaturePermission) |
There was a problem hiding this comment.
.let(manifest::appendChild) shouldve been used
| val child = document.createElement("application") | ||
| manifest.appendChild(child) | ||
| child |
There was a problem hiding this comment.
.also(manifest::appendChild) shouldve been used
| val fakeSignatureMetadata = document.createElement("meta-data") | ||
| fakeSignatureMetadata.setAttribute("android:name", "fake-signature") | ||
| fakeSignatureMetadata.setAttribute("android:value", optionToSignature(signature)) | ||
| application.appendChild(fakeSignatureMetadata) |
There was a problem hiding this comment.
apply and let shouldve been used here
| } | ||
| } | ||
|
|
||
| internal fun optionToSignature(signature: String?): String? { |
|
I meant, what do you think about the apksig issue with Manager. |
| } | ||
| } | ||
|
|
||
| internal fun optionToSignature(signature: String?): String? { |
There was a problem hiding this comment.
Validator should just check if input is a valid path, because a path is never a signature, not sure what is going on here.
This line shades apksig into the patches and thus is accessible from the patches classloader. |
|
I don't understand how it can be class not found |
|
Is proguard stripping away the library during release? |
|
The dependency is added to the gradle module where the java plugin is applied, not the android plugin, so I don't think proguard strips it away. Check the .dex file classes |
There are no dependencies in patches/build/revanced/classes.dex, haven't been able to open the .rvp file. |
|
Run the buildAndroid task, the final rvp has the dex in it |
Nope, the "rvp" from my build, nor the one from the release contains the dependency (or dependencies at all) |
|
Check the rvp file for .class files |
Nope, not in the classes.dex and also not as .class files. Steps to reproduce my results:
|
|
A patches jar is not a fat jar, so it is not containing the classes from dependencies jar. The reason that this patch is currently working on the ReVanced CLI is due to the coincidence that the ReVanced CLI depends on apksig. ReVanced Manager also depends on apksig, but unlike ReVanced CLI, ProGuard shrinks and obfuscates the apksig library except for "internal" package. |
Now to this question again I would prefer the second option. It is present anyway, it just has to be removed from every project (because then it would be duplicate) and added to the "revanced-patcher" as dependency, making it available to the patches as well as the cli and manager. It then also needs to be whitelisted in the revanced-manager in the proguard rules. |
Patches is using the java plugin: So all dependencies are shaded into the JAR. |
I am not sure, but applying the shadow plugin should make patches contain all dependencies. This can be added to the patches gradle plugin. However, how are duplicate classes handled? If its shaded into patches jar and cli also has it, I am not sure if any issues would occur. |
The java plugin doesn't shade dependencies. Thats why the "shadow" plugin exists. |
Now it would be great if this question could be answered |
Why not try using shadow plugin, and if it works with CLI then go with that. |
Ok, then with shadow. |
Some custom roms have a patch, that adds a "FAKE_PACKAGE_SIGNATURE" permission, which allows the app to be seen with an other signature by other apps.
It is used for example by MicroG (to pretend to be GooglePlayServices).
Not every custom rom has it by default, and some only with the microg signature hardcoded. If it is supported though, I think its a better alternative to the "Mount install".