Could you explain what you mean "outside of it" here?? Oh btw I tried hexediting the .apk(this time not touching the header ares) and each time it gets jar verified :( :(
On Tue, Nov 16, 2010 at 9:32 AM, tera tellence <[email protected]>wrote: > Is there a way to show that when an APK is modified without tampering with > the signature so that the verification fails (due to signature mismatch)?? > > > > On Mon, Nov 15, 2010 at 11:45 PM, Yuliy Pisetsky <[email protected] > > wrote: > >> A first guess is that you happened to modify a part of the headers >> which pointed to the certificates so that it could not detect a valid >> certificate or signature in the APK, and thus gave that error. In >> general I wouldn't expect predictable results by randomly modifying >> the APK, outside of it no longer being a valid signed APK. >> >> On Mon, Nov 15, 2010 at 4:22 PM, tera tellence <[email protected]> >> wrote: >> > Dear All, >> > I was trying to see when the android package installer allows/rejects >> .apk. >> > My first attempt was to simply "hexedit" on a .apk and see what happens >> > during : >> > adb install xxx.apk >> > I get this error: INSTALL_PARSE_FAILED_NO_CERTIFICATES >> > which surprises me. I thought it would fail at the verification of JAR.. >> > So I would like somebody throw light on the whole process: >> > A JAR file of the .apk(the App) creates an archive file which is then >> signed >> > with the private key of the creator of JAR and the signature of the JAR >> is >> > verified with the public key. >> > The certificate is a statement from the owner of the private key that >> the >> > public key in the pair has a particular value so the person using the >> public >> > key can be assured the public key is authentic. >> > How is changing a hex value on the apk ( I would assume as manipulating >> the >> > apk, and therefore would not be verified well) giving such an error as >> > above? >> > >> > Thanks in advance >> > >> > -- >> > You received this message because you are subscribed to the Google >> Groups >> > "Android Security Discussions" group. >> > To post to this group, send email to >> > [email protected]. >> > To unsubscribe from this group, send email to >> > [email protected]<android-security-discuss%[email protected]> >> . >> > For more options, visit this group at >> > http://groups.google.com/group/android-security-discuss?hl=en. >> > >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Android Security Discussions" group. >> To post to this group, send email to >> [email protected]. >> To unsubscribe from this group, send email to >> [email protected]<android-security-discuss%[email protected]> >> . >> For more options, visit this group at >> http://groups.google.com/group/android-security-discuss?hl=en. >> >> > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
