如何在不更改签名信息的情况下反向工程解析 APK。

huangapple go评论87阅读模式
英文:

How to reverse engineer an apk without changing its siging information

问题

假设我有一个apk,我想要进行逆向工程,但是在此过程中有一些小问题。例如,如果应用程序使用Google签名机制来在应用程序中进行登录,那么在修改apk后我将无法登录!还有其他一些原因,不建议使用自定义密钥库重新签名apk。

是否有可能?
还有其他问题需要解决吗?

英文:

Suppose I have an an apk that I want to reverse engineer but there are some small problems regarding this. For instance if the application uses Google siging mechanism to signin into the app then I would not be able to signin after modifying the apk!
There are also couple of other reasons that why not to modify an apk with resigning it with custom keystore...!

Is it possible?
Or is there any other problem to tackle this?

答案1

得分: 2

无法在不使签名无效的情况下修改 APK。这就是签名的全部意义所在。

然而,APK 的签名和 Google 的登录服务是不同的东西。"签名" 和 "登录" 是不同的词,具有不同的含义。从理论上讲,一个已被修改的 APK 应该仍然能够成功使用 Google 登录。

以下是关于 APK 数字签名及其工作原理的一些背景链接:


<sup>1 - 至少目前为止是这样。如果有人设法破解用于实现签名的 "加密",那么一切都无法保证。但可能在未来几年内我们还是安全的... </sup>

英文:

It is not possible<sup>1</sup> to modify an APK without invalidating the signature. That is the whole point of the signature.

However, the APK signature and Google's Sign-in service are different things. "Signing" and "sign-in" are different words with different meanings. From a theoretical standpoint (at least) an APK that has been modified should still be able to successfully use Google Sign-in.

Here are some background links on APK digital signatures and how they work:


<sup>1 - At least not currently. If someone manages to break the "crypto" that is used to implement the signature, then all bets are off. But we are probably OK for a few years ... </sup>

huangapple
  • 本文由 发表于 2020年9月19日 10:44:47
  • 转载请务必保留本文链接:https://go.coder-hub.com/63964798.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定