[apksigtool] handle "frosting" block in APK Signatures #46
Comments
It's part of the APK Signature Scheme v2 Block, so it's already being copied.
I'm considering that; but maybe that's more suited to |
That's the same link I posted here :) |
|
I like to make sure all the relevant stuff is in the issue so the implementer doesn't have to go on a wild goose chase to find it. For example, here's a Golang implemenatation which might have been posted elsewehre: |
|
Frosting detection implemented in Python: https://github.com/Pithus/bazaar/blob/master/bazaar/core/tasks.py#L326 |
|
I've been working on It detects the frosting block, but doesn't "look inside"; porting the Go code might be interesting if we have a use case for that. |
|
We'll definitely want to be able to strip the frosting block. Then if its
possible to have multiple app store signatures there, then being able to add an
additional one would be useful. Verifying that signature would also be useful.
|
|
We can "invent" our own signature block; I'd be happy to implement that in |
$ apksigtool parse original.apk | grep -v '^ '
PAIR ID: 0x7109871a
APK SIGNATURE SCHEME v2 BLOCK
SIGNER 0
VERIFIED
PAIR ID: 0x504b4453
DEPENDENCY INFO BLOCK
PAIR ID: 0x42726577
VERITY PADDING BLOCK
PAIR ID: 0x2146444e
GOOGLE PLAY FROSTING BLOCK
$ cp original.apk cleaned.apk
$ apksigtool clean cleaned.apk
$ apksigtool parse cleaned.apk | grep -v '^ '
PAIR ID: 0x7109871a
APK SIGNATURE SCHEME v2 BLOCK
SIGNER 0
VERIFIED
PAIR ID: 0x504b4453
DEPENDENCY INFO BLOCK
PAIR ID: 0x42726577
VERITY PADDING BLOCK
$ apksigner verify -v cleaned.apk | grep -v WARNING:
Verifies
Verified using v1 scheme (JAR signing): true
Verified using v2 scheme (APK Signature Scheme v2): true
Verified using v3 scheme (APK Signature Scheme v3): false
Number of signers: 1Fun fact: the verity padding block only provides the correct amount of padding after removing the "frosting" block. |
|
@U039b @eighthave I haven't worked or stayed up-to-date on this topic for a year, but I'm working on If you know of any new information or tools from the last year, I'd appreciate a link :) |
|
Great to see you around again! I don't have any new info on this topic.
|
obfusk
changed the title
The frosting block in the APK signature can include a separate signature that is tied to the app store that distributed the APK. apksigcopier should be aware of frosting, and have options to handle it. I think it should be able to either copy it, or strip it out when copying an APK signature.
Here's some code that works with frosting that @U039b pointed me to:
https://bi-zone.medium.com/easter-egg-in-apk-files-what-is-frosting-f356aa9f4d1
The text was updated successfully, but these errors were encountered: