Is there a way to show that when an APK is modified without tampering with the signature so that the verification fails (due to signature mismatch)??
On Mon, Nov 15, 2010 at 11:45 PM, Yuliy Pisetsky <[email protected]>wrote: > A first guess is that you happened to modify a part of the headers > which pointed to the certificates so that it could not detect a valid > certificate or signature in the APK, and thus gave that error. In > general I wouldn't expect predictable results by randomly modifying > the APK, outside of it no longer being a valid signed APK. > > On Mon, Nov 15, 2010 at 4:22 PM, tera tellence <[email protected]> > wrote: > > Dear All, > > I was trying to see when the android package installer allows/rejects > .apk. > > My first attempt was to simply "hexedit" on a .apk and see what happens > > during : > > adb install xxx.apk > > I get this error: INSTALL_PARSE_FAILED_NO_CERTIFICATES > > which surprises me. I thought it would fail at the verification of JAR.. > > So I would like somebody throw light on the whole process: > > A JAR file of the .apk(the App) creates an archive file which is then > signed > > with the private key of the creator of JAR and the signature of the JAR > is > > verified with the public key. > > The certificate is a statement from the owner of the private key that > the > > public key in the pair has a particular value so the person using the > public > > key can be assured the public key is authentic. > > How is changing a hex value on the apk ( I would assume as manipulating > the > > apk, and therefore would not be verified well) giving such an error as > > above? > > > > Thanks in advance > > > > -- > > You received this message because you are subscribed to the Google Groups > > "Android Security Discussions" group. > > To post to this group, send email to > > [email protected]. > > To unsubscribe from this group, send email to > > [email protected]<android-security-discuss%[email protected]> > . > > For more options, visit this group at > > http://groups.google.com/group/android-security-discuss?hl=en. > > > > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To post to this group, send email to > [email protected]. > To unsubscribe from this group, send email to > [email protected]<android-security-discuss%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/android-security-discuss?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
