INSTALL_PARSE_FAILED_NO_CERTIFICATES失败修改安装apk文件(无效的SHA1签名),甚至签约的jarsigner后 [英] INSTALL_PARSE_FAILED_NO_CERTIFICATES failure installing modified apk file (invalid SHA1 signature), even after signing with jarsigner
问题描述
我知道有很多其他人遇到INSTALL_PARSE_FAILED_NO_CERTIFICATES错误时也不忘签上自己的apk。这不是我所描述的问题。我将详细介绍我在做什么的几个步骤。
I know there are a lot of other people experiencing the INSTALL_PARSE_FAILED_NO_CERTIFICATES error when they forget to sign their apk. This is not the problem I'm describing. I will detail what I'm doing in several steps.
我有一个zipaligned,签署apk文件(AndroidWorld.apk)。我可以安装这个没有问题。到目前为止,一切都很好。
I have a zipaligned, signed apk file (AndroidWorld.apk). I can install this no problem. So far, so good.
接下来,我用反编译的apktool APK。此外,到目前为止好。
Next, I decompile the apk with apktool. Also, so far so good.
在这之后,我用asmdex修改classes.dex文件,并注入一些方法记录。在这一点上,如果我重新打包APK并尝试安装,它肯定会失败,因为classes.dex的签名不再匹配什么在签约清单。我意识到这一点。于是我重新打包APK,zipalign,然后用我自己的密钥库签名:
After that, I use asmdex to modify the classes.dex file and inject some method logging. At this point, if I were to repackage the apk and attempt to install, it would definitely fail, since the signature of classes.dex no longer matches what's in the signing manifest. I realize that. So I repackage the apk, zipalign it, and then sign it with my own keystore:
jarsigner -verbose -sigalg MD5withRSA -digestalg SHA1 -keystore "android_new_sample.keystore" -storepass mypass "C:\apk\AndroidWorld-release.apk" asample
Signing with keystore android_sample.keystore alias asample
adding: META-INF/MANIFEST.MF
adding: META-INF/ASAMPLE.SF
adding: META-INF/ASAMPLE.RSA
signing: assets/x.js
signing: assets/x.css
signing: assets/special_offers.html
signing: res/layout/displayjourneylist.xml
signing: res/layout/journey_row.xml
signing: res/layout/login.xml
signing: res/layout/searchjourney.xml
signing: res/layout/settings.xml
signing: res/layout/webview.xml
signing: res/layout/window_title.xml
signing: res/menu/option_menu.xml
signing: AndroidManifest.xml
signing: resources.arsc
signing: res/drawable-hdpi/header.png
signing: res/drawable-hdpi/ic_launcher.png
signing: res/drawable-ldpi/header.png
signing: res/drawable-ldpi/ic_launcher.png
signing: res/drawable-mdpi/header.png
signing: res/drawable-mdpi/ic_launcher.png
signing: classes.dex
signing: assets/x-runtime.properties
1 file(s) copied.
没有抱怨那里,对不对?它看起来像classes.dex已经签署,并没有抱怨。但现在,如果我检查签名的APK用的jarsigner -verify的完整性,这是不开心:
No complaints there, right? It looks like classes.dex has been signed and it didn't complain. But now, if I check the integrity of the signed apk with jarsigner -verify, it is not happy:
jarsigner.exe -verify -verbose -certs C:\apk\AndroidWorld-release-signed.apk
jarsigner: java.lang.SecurityException: invalid SHA1 signature file digest for classes.dex
我已经确定要卸载该设备上现有的应用程序,但在尝试安装这个apk仍然给我的INSTALL_PARSE_FAILED_NO_CERTIFICATES消息。我曾尝试使用Java JDK 1.6和1.7,因为我知道有一些变化的版本(的 http://developer.android.com/tools/publishing/app-signing.html )。正如你所看到的,我签约的时候指定sigalg和digestalg标志。
I have made sure to uninstall the existing app on the device, but attempting to install this apk still gives me the INSTALL_PARSE_FAILED_NO_CERTIFICATES message. I have tried this with Java JDK 1.6 and 1.7, since I know there were some changes to jarsigner between those versions (http://developer.android.com/tools/publishing/app-signing.html). As you can see, I am specifying the sigalg and digestalg flags when signing.
另一个奇怪的怪癖 - 如果我使用调试密钥库,这一切工作正常,
Another weird quirk - if I use a debug keystore, all of this works fine.
推荐答案
好了,有点挖后,这里就是我发现...
Ok, after a bit of digging, here's what I found...
在改编已previously签名的应用程序,但使用新的密钥库签字确认,有一个问题。具体而言,我们最终在\ META-INF多个签名清单,所有指向同一组文件。该应用程序安装失败,出现错误INSTALL_PARSE_FAILED_NO_CERTIFICATES。
When instrumenting a previously signed application, but using a new keystore to sign it, there is a problem. Specifically, we end up with multiple signing manifests in \meta-inf that all point to the same set of files. The app fails to install with the error INSTALL_PARSE_FAILED_NO_CERTIFICATES.
如果你看一下签字清单,你会看到两个文件:
If you look at the signing manifest, you see two files:
现在,我们修改classes.dex,并用我们自己的密钥库签署应用程序:
Now, we modify classes.dex and sign the app with our own keystore:
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore android_new_sample.keystore AndroidWorld-release-final.apk asample
Enter Passphrase for keystore: mypass
updating: META-INF/ASAMPLE.SF
updating: META-INF/ASAMPLE.RSA
signing: assets/x.js
signing: assets/xx.css
signing: assets/special_offers.html
signing: res/layout/displayjourneylist.xml
signing: res/layout/journey_row.xml
signing: res/layout/login.xml
signing: res/layout/searchjourney.xml
signing: res/layout/settings.xml
signing: res/layout/webview.xml
signing: res/layout/window_title.xml
signing: res/menu/option_menu.xml
signing: AndroidManifest.xml
signing: resources.arsc
signing: res/drawable-hdpi/header.png
signing: res/drawable-hdpi/ic_launcher.png
signing: res/drawable-ldpi/header.png
signing: res/drawable-ldpi/ic_launcher.png
signing: res/drawable-mdpi/header.png
signing: res/drawable-mdpi/ic_launcher.png
signing: classes.dex
signing: assets/xxx.properties
没有问题,到目前为止,我们都加入到清单中的新签名。但是,试图验证此apk文件的完整性现在的失败:
No problems so far, we have all of the new signatures added to the manifest. However, attempting to verify the integrity of this apk now fails:
jarsigner.exe -verify -verbose -certs C:\apk\AndroidWorld-release-signed.apk
jarsigner: java.lang.SecurityException: invalid SHA1 signature file digest for classes.dex
原因是,我们现在有在\ META-INF重复签名信息:
The reason is that we now have duplicate signing information in \meta-inf:
所以classes.dex有2个不同的签名,一个在Asample.sf,一个在Cert.sf:
So classes.dex has 2 different signatures, one in Asample.sf, and one in Cert.sf:
Name: classes.dex (ASample.cf)
SHA1-Digest: mTf659/NTkTqqsAEZc3gTlbRpW8=
Name: classes.dex (Cert.sf)
SHA1-Digest: hkAsCEcLyM52Q6gq2uQIqc/7Gh8=
这会导致验证和安装失败。如果我从档案中删除Cert.rsa和Cert.sf,它会验证并安装。因此,解决办法是修改压缩文件,并删除原签署的证书,只留下我自己的。
This causes verification and installation to fail. If I delete Cert.rsa and Cert.sf from the archive, it will verify and install. So the solution was to modify the zipfile and remove the original signing cert, leaving only my own.
这篇关于INSTALL_PARSE_FAILED_NO_CERTIFICATES失败修改安装apk文件(无效的SHA1签名),甚至签约的jarsigner后的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
