copy/extract/patch apk signatures
Project description
apksigcopier - copy/extract/patch apk signatures
apksigcopier is a tool for copying APK signatures from a signed APK
to an unsigned one (in order to verify reproducible builds). Its
command-line tool offers three operations:
- copy signatures directly from a signed to an unsigned APK
- extract signatures from a signed APK to a directory
- patch previously extracted signatures onto an unsigned APK
Extract
$ mkdir meta
$ apksigcopier extract signed.apk meta
$ ls -1 meta
8BEA2A77.RSA
8BEA2A77.SF
APKSigningBlock
APKSigningBlockOffset
MANIFEST.MF
Patch
$ apksigcopier patch meta unsigned.apk out.apk
Copy (Extract & Patch)
$ apksigcopier copy signed.apk unsigned.apk out.apk
Help
$ apksigcopier --help
$ apksigcopier copy --help # extract --help, patch --help, etc.
$ man apksigcopier # requires the man page to be installed
Environment Variables
The following environment variables can be set to 1, yes, or
true to overide the default behaviour:
- set
APKSIGCOPIER_EXCLUDE_ALL_META=1to exclude all metadata files - set
APKSIGCOPIER_COPY_EXTRA_BYTES=1to copy extra bytes after data (e.g. a v2 sig)
Python API
>>> from apksigcopier import do_extract, do_patch, do_copy
>>> do_extract(signed_apk, output_dir, v1_only=NO)
>>> do_patch(metadata_dir, unsigned_apk, output_apk, v1_only=NO)
>>> do_copy(signed_apk, unsigned_apk, output_apk, v1_only=NO)
You can use False, None, and True instead of NO, AUTO, and
YES respectively.
The following global variables (which default to False), can be set
to override the default behaviour:
- set
exclude_all_meta=Trueto exclude all metadata files - set
copy_extra_bytes=Trueto copy extra bytes after data (e.g. a v2 sig)
FAQ
What kind of signatures does apksigcopier support?
It currently supports v1 + v2 (+ v3, which is a variant of v2).
when using the extract command, the v2/v3 signature is saved as
APKSigningBlock + APKSigningBlockOffset.
Tab Completion
For Bash, add this to ~/.bashrc:
eval "$(_APKSIGCOPIER_COMPLETE=source_bash apksigcopier)"
For Zsh, add this to ~/.zshrc:
eval "$(_APKSIGCOPIER_COMPLETE=source_zsh apksigcopier)"
For Fish, add this to ~/.config/fish/completions/apksigcopier.fish:
eval (env _APKSIGCOPIER_COMPLETE=source_fish apksigcopier)
Requirements
- Python >= 3.5 + click.
Debian/Ubuntu
$ apt install python3-click
Installing
Debian
An official Debian package will hopefully be available soon. You can
also manually build one using the debian/sid branch, or download a
pre-built .deb via GitHub releases.
Using pip
$ pip install apksigcopier
NB: depending on your system you may need to use e.g. pip3 --user
instead of just pip.
From git
NB: this installs the latest development version, not the latest release.
$ git clone https://github.com/obfusk/apksigcopier.git
$ cd apksigcopier
$ pip install -e .
NB: you may need to add e.g. ~/.local/bin to your $PATH in order
to run apksigcopier.
To update to the latest development version:
$ cd apksigcopier
$ git pull --rebase
License
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for apksigcopier-0.5.0-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | a58741089d85d15a02d545bbc3c7623bf8cadc1560b8dc9e8630fe01ef917fbd |
|
| MD5 | e085cb6dae47c9c691629368793cb8b4 |
|
| BLAKE2b-256 | 152fa4e75dda2ad7201dacb1461f12bad71696671b872f9663b482fc45846cde |
