copy/extract/patch apk signatures
Project description
apksigcopier - copy/extract/patch apk signatures
apksigcopier
is a tool for copying APK signatures from a signed APK
to an unsigned one (in order to verify reproducible builds). Its
command-line tool offers three operations:
- copy signatures directly from a signed to an unsigned APK
- extract signatures from a signed APK to a directory
- patch previously extracted signatures onto an unsigned APK
Extract
$ mkdir meta
$ apksigcopier extract signed.apk meta
$ ls -1 meta
8BEA2A77.RSA
8BEA2A77.SF
APKSigningBlock
APKSigningBlockOffset
MANIFEST.MF
Patch
$ apksigcopier patch meta unsigned.apk out.apk
Copy (Extract & Patch)
$ apksigcopier copy signed.apk unsigned.apk out.apk
Python API
>>> from apksigcopier import do_extract, do_patch, do_copy, gen_dummy_key
>>> config = dict(apksigner_cmd=..., ...)
>>> do_extract(signed_apk, output_dir, v1_only=NO)
>>> do_patch(metadata_dir, unsigned_apk, output_apk, v1_only=NO,
... dummy_keystore=None, config=config)
>>> do_copy(signed_apk, unsigned_apk, output_apk, v1_only=NO,
... dummy_keystore=None, config=config)
>>> gen_dummy_key(keystore, alias="dummy", keyalg="RSA", keysize=4096,
... sigalg="SHA512withRSA", validity=10000,
... storepass="dummy-password", dname="CN=dummy",
... keytool_cmd=config["keytool_cmd"])
CAVEATS
Recent versions of the Android gradle plugin will use zipflinger --
which arranges the contents of the APK differently -- making
apksigcopier
fail to work when using --use-zip=yes
(the default is
no
). You can tell the plugin not to use zipflinger by setting
android.useNewApkCreator=false
in gradle.properties
.
Help
$ apksigcopier --help
Tab Completion
For Bash, add this to ~/.bashrc
:
eval "$(_SHTST_COMPLETE=source_bash apksigcopier)"
For Zsh, add this to ~/.zshrc
:
eval "$(_SHTST_COMPLETE=source_zsh apksigcopier)"
For Fish, add this to ~/.config/fish/completions/apksigcopier.fish
:
eval (env _SHTST_COMPLETE=source_fish apksigcopier)
Requirements
- Python >= 3.5 + click +
apksigner
.
Debian/Ubuntu
$ apt install python3-click apksigner
Installing
Using pip
$ pip install apksigcopier
NB: depending on your system you may need to use e.g. pip3 --user
instead of just pip
.
From git
NB: this installs the latest development version, not the latest release.
$ git clone https://github.com/obfusk/apksigcopier.git
$ cd apksigcopier
$ pip install -e .
NB: you may need to add e.g. ~/.local/bin
to your $PATH
in order
to run apksigcopier
.
To update to the latest development version:
$ cd apksigcopier
$ git pull --rebase
License
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for apksigcopier-0.2.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 266a87ed4bb6ab6ea033499eb30617b0fa0fc7562264ec0b1f08253769694075 |
|
MD5 | a40ad51dee3a9d0826ff916b1f6c3a23 |
|
BLAKE2b-256 | 21ce7db763e3e38936897a2fb6584e76dbf948ff81ad9761854a6ead53a5d13d |