- Sometimes, I got prebuilt package that should be resigned by several reasons. Finally, I found the way to re-sign 3rd party apk binary with my key.
- just use signapk.jar that comes from AOSP's out directory.
for example, "signapk.jar is located in "AOSP/out/host/linux-x86/framework/signapk.jar" - and it could be used like this way.
- $ java -jar signapk.jar platform.x509.pem platform.pk8 3rd_party.apk 3rd_party_my_key.apk
- and we can see that the sign key is changed.
- The Result~~~
- Origin 3rd party apk's sign information
$ jarsigner --verify --verbose --certs 3rd_party.apk
438 Thu Aug 21 17:13:34 KST 2008 META-INF/MANIFEST.MF
480 Thu Aug 21 17:13:34 KST 2008 META-INF/CERT.SF
1580 Thu Aug 21 17:13:34 KST 2008 META-INF/CERT.RSA
sm 5844 Thu Aug 21 17:13:34 KST 2008 AndroidManifest.xml
X.509, O=3rd_party
[certificate is valid from 08. 8. 22 오전 8:13 to 36. 1. 8 오전 8:13]
sm 323564 Thu Aug 21 17:13:34 KST 2008 classes.dex
X.509, O=3rd_party
[certificate is valid from 08. 8. 22 오전 8:13 to 36. 1. 8 오전 8:13]
sm 93351 Thu Aug 21 17:13:34 KST 2008 res/raw/nlp_metricmodel.bin
X.509, O=3rd_party
[certificate is valid from 08. 8. 22 오전 8:13 to 36. 1. 8 오전 8:13]
sm 76179 Thu Aug 21 17:13:34 KST 2008 res/raw/nlp_metricmodeljava.bin
X.509, O=3rd_party
[certificate is valid from 08. 8. 22 오전 8:13 to 36. 1. 8 오전 8:13]
sm 24756 Thu Aug 21 17:13:34 KST 2008 resources.arsc
X.509, O=3rd_party
[certificate is valid from 08. 8. 22 오전 8:13 to 36. 1. 8 오전 8:13]
s = signature was verified
m = entry is listed in manifest
k = at least one certificate was found in keystore
i = at least one certificate was found in identity scope
jar verified.
- re-signed 3rd party apk's sign information
438 Thu Sep 05 15:49:58 KST 2013 META-INF/MANIFEST.MF
480 Thu Sep 05 15:49:58 KST 2013 META-INF/CERT.SF
1141 Thu Sep 05 15:49:58 KST 2013 META-INF/CERT.RSA
sm 5844 Thu Sep 05 15:49:58 KST 2013 AndroidManifest.xml
X.509, O=my_key
[certificate is valid from 12. 9. 14 오후 4:39 to 40. 1. 31 오후 4:39]
sm 323564 Thu Sep 05 15:49:58 KST 2013 classes.dex
X.509, O=my_key
[certificate is valid from 12. 9. 14 오후 4:39 to 40. 1. 31 오후 4:39]
sm 93351 Thu Sep 05 15:49:58 KST 2013 res/raw/nlp_metricmodel.bin
X.509, O=my_key
[certificate is valid from 12. 9. 14 오후 4:39 to 40. 1. 31 오후 4:39]
sm 76179 Thu Sep 05 15:49:58 KST 2013 res/raw/nlp_metricmodeljava.bin
X.509, O=my_key
[certificate is valid from 12. 9. 14 오후 4:39 to 40. 1. 31 오후 4:39]
sm 24756 Thu Sep 05 15:49:58 KST 2013 resources.arsc
X.509, O=my_key
[certificate is valid from 12. 9. 14 오후 4:39 to 40. 1. 31 오후 4:39]
s = signature was verified
m = entry is listed in manifest
k = at least one certificate was found in keystore
i = at least one certificate was found in identity scope
jar verified.