What do you mean "it gets jar verified"? On Tue, Nov 16, 2010 at 6:31 AM, tera tellence <[email protected]>wrote:
> Could you explain what you mean "outside of it" here?? > > Oh btw I tried hexediting the .apk(this time not touching the header ares) > and each time it gets jar verified :( :( > > > > On Tue, Nov 16, 2010 at 9:32 AM, tera tellence <[email protected]>wrote: > >> Is there a way to show that when an APK is modified without tampering with >> the signature so that the verification fails (due to signature mismatch)?? >> >> >> >> On Mon, Nov 15, 2010 at 11:45 PM, Yuliy Pisetsky < >> [email protected]> wrote: >> >>> A first guess is that you happened to modify a part of the headers >>> which pointed to the certificates so that it could not detect a valid >>> certificate or signature in the APK, and thus gave that error. In >>> general I wouldn't expect predictable results by randomly modifying >>> the APK, outside of it no longer being a valid signed APK. >>> >>> On Mon, Nov 15, 2010 at 4:22 PM, tera tellence <[email protected]> >>> wrote: >>> > Dear All, >>> > I was trying to see when the android package installer allows/rejects >>> .apk. >>> > My first attempt was to simply "hexedit" on a .apk and see what happens >>> > during : >>> > adb install xxx.apk >>> > I get this error: INSTALL_PARSE_FAILED_NO_CERTIFICATES >>> > which surprises me. I thought it would fail at the verification of >>> JAR.. >>> > So I would like somebody throw light on the whole process: >>> > A JAR file of the .apk(the App) creates an archive file which is then >>> signed >>> > with the private key of the creator of JAR and the signature of the JAR >>> is >>> > verified with the public key. >>> > The certificate is a statement from the owner of the private key that >>> the >>> > public key in the pair has a particular value so the person using the >>> public >>> > key can be assured the public key is authentic. >>> > How is changing a hex value on the apk ( I would assume as manipulating >>> the >>> > apk, and therefore would not be verified well) giving such an error as >>> > above? >>> > >>> > Thanks in advance >>> > >>> > -- >>> > You received this message because you are subscribed to the Google >>> Groups >>> > "Android Security Discussions" group. >>> > To post to this group, send email to >>> > [email protected]. >>> > To unsubscribe from this group, send email to >>> > [email protected]<android-security-discuss%[email protected]> >>> . >>> > For more options, visit this group at >>> > http://groups.google.com/group/android-security-discuss?hl=en. >>> > >>> >>> -- >>> You received this message because you are subscribed to the Google Groups >>> "Android Security Discussions" group. >>> To post to this group, send email to >>> [email protected]. >>> To unsubscribe from this group, send email to >>> [email protected]<android-security-discuss%[email protected]> >>> . >>> For more options, visit this group at >>> http://groups.google.com/group/android-security-discuss?hl=en. >>> >>> >> > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To post to this group, send email to > [email protected]. > To unsubscribe from this group, send email to > [email protected]<android-security-discuss%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/android-security-discuss?hl=en. > -- Dianne Hackborn Android framework engineer [email protected] Note: please don't send private questions to me, as I don't have time to provide private support, and so won't reply to such e-mails. All such questions should be posted on public forums, where I and others can see and answer them. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
