发新帖

【轻量级】自动化去除签名校验工具LuckyPatchSign Ver1.0

  [复制链接]
299666 394
linsys    发表于 2016-1-25 17:37:24 | 显示全部楼层
软件修改名字后安装会闪退.试下这个签名看能不能安装成功

举报 使用道具

回复 支持 反对
xupeng    发表于 2016-1-26 14:25:23 | 显示全部楼层
正好需要,下载看看,谢谢分享!

举报 使用道具

回复 支持 反对
q1928900702    发表于 2016-1-26 17:10:33 | 显示全部楼层
66666大神

举报 使用道具

回复
linxun    发表于 2016-1-27 11:47:35 | 显示全部楼层
感谢分享,楼主辛苦了。

举报 使用道具

回复 支持 反对
漠之狼@雨田    发表于 2016-1-28 23:20:34 | 显示全部楼层
看看什么工具。

举报 使用道具

回复 支持 反对
kriestian    发表于 2016-1-31 02:00:53 | 显示全部楼层
这个是什么  看看学习下

举报 使用道具

回复 支持 反对
zzz30536    发表于 2016-1-31 14:31:48 | 显示全部楼层
支持大神感謝

举报 使用道具

回复 支持 反对
Super817    发表于 2016-1-31 14:33:13 | 显示全部楼层
本帖最后由 Super817 于 2016-1-31 14:36 编辑

問題回報:
                               =======LuckyPatchSign Ver1.0=======



适用范?:
1.Java?通?getPackageManager().getPackageInfo.signatures??取?名信息;
2.Native方法/DLL/Lua?本等通??取Java的context/Activity?象,反射?用getPackageInfo等??取?名;
3.首先?取apk的路?,定位到META-INF\*.RSA文件,?取其中的?名信息;

自我?得Lucky的几率Patch的方式?上到下依次降低!!

方法收集于网?,只是整合了一下!!Feat 小白、空道!!
Good Lucky!! 更多?迎?注新浪微博 @人生?NG

方式一:substrate框架libhooksig By空道
方式二:重??承?packageInfo和PackageManager By小白
方式三:重??承?,重置Sign信息;
方式四:??定位到具体RSA文件路??取?名的??方式;

??入 1,2,3,4 ??? Patch 的方式:
2
?取到的程序的包名:
com.magv.play

======反??操作======
I: 使用 ShakaApktool 2.0.0-RC4-1.2-20150410
I: 使用 Apktool 2.0.0-RC4 反編譯 magv185.apk
I: 正在加載資源列表...
I: 反編譯 AndroidManifest.xml 與資源...
I: 正在從框架文件載入資源列表: C:\Users\EaZy\apktool\framework\1.apk
I: 常規資源列表...
I: 反編譯資源文件...
I: 反編譯 values?? */* XMLs...
I: 反編譯 classes.dex...
testI: 複製 assets 和 libs...
I: 複製未知文件...
I: 複製原始文件...
======反??apk成功======

======?取的程序??信息======
?程序?Application
程序??的主Acitivity??:com.magv.play.GLLoading

======?取正版?名信息======
正版的?名信息?:3082022f30820198a00302010202044fcf0067300d06092a864886f70d0101050500305b310b30090603
55040613025457310b3009060355040813025457310f300d06035504071306746169706569310d300b060355040a13046d61
67763110300e060355040b1307616e64726f6964310d300b060355040313046d6167763020170d3132303630363037303135
395a180f32303637303331303037303135395a305b310b3009060355040613025457310b3009060355040813025457310f30
0d06035504071306746169706569310d300b060355040a13046d6167763110300e060355040b1307616e64726f6964310d30
0b060355040313046d61677630819f300d06092a864886f70d010101050003818d0030818902818100a9b7db0497aab84e10
8c9c0baaddb6f497fe793cadcb504d01cb224d9a449e8c33c4fe4eb2a84fb60eefb558b23ad7616cfc07b95ef13b636dac3b
e0416ad809a4e9d1abe239e12765c0527f6dfab11a9c057437903cec84e945b2a091500e14de624237d9fe26bb76804fdb18
c13b5e35efe761fe4fb710172a8863699609670203010001300d06092a864886f70d01010505000381810091ce55cfc834f2
3daf7ab5a3c3ed533c7b21d903322b4563d14376cde9377477689be91b9e93b28864aa8a78b0fe111717b81e84151cc4bf08
9bb3195a362c02a12eb283f06ccff37999c5725b1f162f9e77e48a5712e3b8ea9963ee27beb0a71c7341daea735a52f8bf74
e6de1e13e5a60d9e8bb9d915fcad608747ca7280f9


======?始复制文件======
目的目?不存在,准??建。。。
目的目?不存在,准??建。。。
正在复制:C:\Sign\SDK\ByXiaobai\smali\com\example\hook\Diaoyong.smali
正在复制:C:\Sign\SDK\ByXiaobai\smali\com\example\hook\MainActivity.smali
正在复制:C:\Sign\SDK\ByXiaobai\smali\com\example\hook\MyAPP.smali
正在复制:C:\Sign\SDK\ByXiaobai\smali\com\example\hook\MyContext.smali
正在复制:C:\Sign\SDK\ByXiaobai\smali\com\example\hook\MyContextWrapper.smali
正在复制:C:\Sign\SDK\ByXiaobai\smali\com\example\hook\MypackageInfo$1.smali
正在复制:C:\Sign\SDK\ByXiaobai\smali\com\example\hook\MypackageInfo.smali
正在复制:C:\Sign\SDK\ByXiaobai\smali\com\example\hook\MypackageManger.smali

复制Smali文件成功!

======在???中添加?承======
程序??的主Acitivity??:com.magv.play.GLLoading
在???中添加引用方法成功!

======修改外引用?的包名和?名信息======
更?正版?名信息成功!
======Smali修改完成======

回??及?名...
I: 使用 ShakaApktool 2.0.0-RC4-1.2-20150410
I: 使用 Apktool 2.0.0-RC4
I: 編譯 smali 到 classes.dex...


=============================
反編譯 已簽名的APK

查看  MypackageInfo.smali

.class public Lcom/example/hook/MypackageInfo;
.super Landroid/content/pm/PackageInfo;
.source "MypackageInfo.java"


# static fields
.field public static final INSTALL_LOCATION_AUTO:I = 0x0

.field public static final INSTALL_LOCATION_INTERNAL_ONLY:I = 0x1

.field public static final INSTALL_LOCATION_PREFER_EXTERNAL:I = 0x2

.field public static final INSTALL_LOCATION_UNSPECIFIED:I = -0x1


# instance fields
.field public activities:[Landroid/content/pm/ActivityInfo;

.field public applicationInfo:Landroid/content/pm/ApplicationInfo;

.field public configPreferences:[Landroid/content/pm/ConfigurationInfo;

.field public firstInstallTime:J

.field public gids:[I

.field public installLocation:I

.field public instrumentation:[Landroid/content/pm/InstrumentationInfo;

.field public lastUpdateTime:J

.field public packageName:Ljava/lang/String;

.field public permissions:[Landroid/content/pm/PermissionInfo;

.field public providers:[Landroid/content/pm/ProviderInfo;

.field public receivers:[Landroid/content/pm/ActivityInfo;

.field public reqFeatures:[Landroid/content/pm/FeatureInfo;

.field public requestedPermissions:[Ljava/lang/String;

.field public services:[Landroid/content/pm/ServiceInfo;

.field public sharedUserId:Ljava/lang/String;

.field public sharedUserLabel:I

.field public versionCode:I

.field public versionName:Ljava/lang/String;


# direct methods
.method public constructor <init>(Ljava/lang/String;)V
    .locals 4
    .param p1, "string"    # Ljava/lang/String;

    .prologue
    const/4 v0, 0x1

    .line 21
    invoke-direct {p0}, Landroid/content/pm/PackageInfo;-><init>()V

    .line 215
    iput v0, p0, Lcom/example/hook/MypackageInfo;->installLocation:I

    .line 22
    iput-object p1, p0, Lcom/example/hook/MypackageInfo;->packageName:Ljava/lang/String;

    .line 23
    new-array v0, v0, [Landroid/content/pm/Signature;

    iput-object v0, p0, Lcom/example/hook/MypackageInfo;->signatures:[Landroid/content/pm/Signature;

    .line 24
    iget-object v0, p0, Lcom/example/hook/MypackageInfo;->signatures:[Landroid/content/pm/Signature;

    const/4 v1, 0x0

    new-instance v2, Lcom/example/hook/MypackageInfo$1;

    .line 25
    const-string v3, "308202c9308201b1a003020102020428e9dc2f300d06092a864886f70d01010b05003015311330110603550403130a477265617420546f776e301e170d3134313031343038343133315a170d3339313030383038343133315a3015311330110603550403130a477265617420546f776e30820122300d06092a864886f70d01010105000382010f003082010a028201010095abf94f6404c70a375b1264d026be2b56c2efa2336155b4810ab78eb7d29291364527aa4e2c20e7c5a34d62642810f3fa1745ffff456975b0525cc7a542371c4d9cfc1e80c834351e0c45144def39ad4d6f4ba651450feb7abe9fabf90fd1d4bfe740a12b9e1065ec34f9a62ede0fe26faa3f674a52029f28999b57e243e2212409dc124bb10b7744c391e6ea8a449732b780587f8ccaf6a660ab8a7e53c0db2c7c1668af266e6ca4a3471fb0da9b069776fc830e9503044c139a585637ad0a15fe6721c04d5fd30731481433573d8c0fdd02861829e223eebc0c05cf89213f4d2053be0f78a8e8127ffe7c3a9b0a94d80e60659f0b0911bc35d5195b0616d10203010001a321301f301d0603551d0e041604149b1c251d751ca61020f2db0dd2355789a76e8d51300d06092a864886f70d01010b05000382010100040243e2abf253632ffca821391064e447af1c26c0d4972d5a880f47c71af6cf00697feafb841a92ddfc95878ea7133b69ff264b23edc2e29453bc078a6e44b42b9d0c92f6fdc49f1047e79360a787fb1fd6c42cf8c82723bf22bfbf433b1c1e504ca07e923db396b86fc0534b93f852fba53b67f907c0582b85eb716e46c282a232eeb83c017ac868e8bff7a88c84bc67cde407048d03e9043cac7a27b9cceb9b521ee022d6e2b35a44015e450c817efbf08c894f677a99d7ce538150c66b87cd4e1c5b2fd024eb27454e6d556b3d678b73910c4fcd905d0b73c2468c979a5a12ad3ad4ac339c9a21e960954e8b6b0a8ee440082e2d9fc622bacf78ba2aff02"

    invoke-direct {v2, p0, v3}, Lcom/example/hook/MypackageInfo$1;-><init>(Lcom/example/hook/MypackageInfo;Ljava/lang/String;)V

    .line 24
    aput-object v2, v0, v1

    .line 41
    sget-object v0, Ljava/lang/System;->out:Ljava/io/PrintStream;

    const-string v1, "开始调用签名"

    invoke-virtual {v0, v1}, Ljava/io/PrintStream;->println(Ljava/lang/String;)V

    .line 42
    return-void
.end method

.method public constructor <init>(Ljava/lang/String;Landroid/content/pm/PackageInfo;)V
    .locals 1
    .param p1, "string"    # Ljava/lang/String;
    .param p2, "oldInfopac"    # Landroid/content/pm/PackageInfo;

    .prologue
    .line 45
    invoke-direct {p0}, Landroid/content/pm/PackageInfo;-><init>()V

    .line 215
    const/4 v0, 0x1

    iput v0, p0, Lcom/example/hook/MypackageInfo;->installLocation:I

    .line 46
    return-void
.end method


更?正版?名信息成功??

正版簽名信息與MypackageInfo.smali檔案內容不一樣

==================================
程序??的主Acitivity??:com.magv.play.GLLoading
在???中添加引用方法成功!

添加引用方法錯誤

# virtual methods
.method public getPackageManager()Landroid/content/pm/PackageManager;
    .locals 2

    .prologue
    new-instance v0, Lhehe/NewPackageManager;

    invoke-super {p0}, Landroid/app/Application;->getPackageManager()Landroid/content/pm/PackageManager;

    move-result-object v1

    invoke-direct {v0, v1}, Lhehe/NewPackageManager;-><init>(Landroid/content/pm/PackageManager;)V

    return-object v0
.end method

.method protected onCreate(Landroid/os/Bundle;)V
    .locals 9

举报 使用道具

回复 支持 反对
lizhipu1989    发表于 2016-1-31 14:54:09 | 显示全部楼层
谢谢分享

举报 使用道具

回复
bbsv    发表于 2016-1-31 20:59:36 | 显示全部楼层
支持啊,谢谢分享

举报 使用道具

回复 支持 反对
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

快速回复 返回顶部 返回列表