Database Users

Re-signing with test-keys issue

I have been breaking my head on this one for a while, so hopefully someone can give me some pointers...
I'm having troubles re-signing a stock ROM with testkeys.
When I re-sign ALL apk files (in app and the one in framework) with test-keys I get the error : "ERROR/Sync(125): Google login service not found." at boot.
When I don't sign anything the ROM boots fine...
Code:
08-17 20:48:39.326: ERROR/Sync(125): Google login service not found
08-17 20:48:39.326: ERROR/Sync(125): com.google.android.googlelogin.GoogleLoginServiceNotFoundException: The Google login service cannot be verified.
08-17 20:48:39.326: ERROR/Sync(125): at com.google.android.googlelogin.GoogleLoginServiceBlockingHelper.checkGoogleLoginServiceVerificationLocked(GoogleLoginServiceBlockingHelper.java:271)
08-17 20:48:39.326: ERROR/Sync(125): at com.google.android.googlelogin.GoogleLoginServiceBlockingHelper.getLoginService(GoogleLoginServiceBlockingHelper.java:260)
08-17 20:48:39.326: ERROR/Sync(125): at com.google.android.googlelogin.GoogleLoginServiceBlockingHelper.getAccounts(GoogleLoginServiceBlockingHelper.java:347)
08-17 20:48:39.326: ERROR/Sync(125): at com.google.android.googlelogin.GoogleLoginServiceBlockingHelper.getAccounts(GoogleLoginServiceBlockingHelper.java:329)
08-17 20:48:39.326: ERROR/Sync(125): at com.google.android.providers.AbstractGDataSyncAdapter.onSyncStarting(AbstractGDataSyncAdapter.java:1178)
08-17 20:48:39.326: ERROR/Sync(125): at com.android.providers.contacts.ContactsSyncAdapter.onSyncStarting(ContactsSyncAdapter.java:1219)
08-17 20:48:39.326: ERROR/Sync(125): at android.content.TempProviderSyncAdapter$SyncThread.sync(TempProviderSyncAdapter.java:236)
08-17 20:48:39.326: ERROR/Sync(125): at android.content.TempProviderSyncAdapter$SyncThread.run(TempProviderSyncAdapter.java:210)

You don't need to resign the APK's.
The full update.zip should be enough =)

Though it is still quite a mystery why the Google Login won't work when signed with a test-key.

maxisma said:
You don't need to resign the APK's.
The full update.zip should be enough =)
Click to expand...
Click to collapse
That is correct, the ROM works fine when I sign the full update.zip
I just would like to know why this it is giving problems when you resign everything... I would be nice to know the exact reason behind this issue.

Is there any advantage to signing all the apks, or is this just an academic exercise? I tried (and obviously failed) when messing with the T-Mobile stock ROM but like you said it works fine without.

Amon_RA did you ever find away to get this to work? I'm asking because I've tried re-signing all the apk's in /system/app & /system/framework on my Rogers build so I could include irrenhaus' Advanced Launcher v17 as a HTCLauncher replacement. If it's flashed as an "update" after the the rom is setup, running, etc. It works fine. But as soon as you wipe, you start getting boot loops. When you resign every apk, it'll flash in the build fine, but you can't access the market or sign into google. It's not only me, but Soulife & Enomther have spent quite a bit of time looking into this also. So, before someone say's just throw it into the /system/app directory & re-sign the update.zip, you can't it because it won't work properly. Any suggestions would be appreciated! Thanks.

kb7sqi said:
Amon_RA did you ever find away to get this to work? I'm asking because I've tried re-signing all the apk's in /system/app & /system/framework on my Rogers build so I could include irrenhaus' Advanced Launcher v17 as a HTCLauncher replacement. If it's flashed as an "update" after the the rom is setup, running, etc. It works fine. But as soon as you wipe, you start getting boot loops. When you resign every apk, it'll flash in the build fine, but you can't access the market or sign into google. It's not only me, but Soulife & Enomther have spent quite a bit of time looking into this also. So, before someone say's just throw it into the /system/app directory & re-sign the update.zip, you can't it because it won't work properly. Any suggestions would be appreciated! Thanks.
Click to expand...
Click to collapse
Some of the google apps have a "Signature" that is checks against itself to see if it's been modified - you'd need toedit that to make them work

Amon_RA said:
That is correct, the ROM works fine when I sign the full update.zip
I just would like to know why this it is giving problems when you resign everything... I would be nice to know the exact reason behind this issue.
Click to expand...
Click to collapse
its because it needs a release keys signature to login not test keys ;-)
idk where i read it but i do believe it originated it in a thread by stericson having to do with theming android and why test keys wont sign some apps or files for them to work they need to be signed with a release keys version like the actual Google signature not their open source signature they give us to sign apk's etc

Hello everyone - I do development on the myTouch Slide, but I have a question related to this post: how do we re-sign the HTC resources file (com.htc.resources.apk) with test keys? I've essentially decompiled it and built it back (using apktool), then signed the resulting APK with signapk.jar using the test keys, but when Android is being loaded it's unable to find the 'Resources'. (I haven't even arrived at this so-called 'Google Login' error - the GUI won't even load due to an error in HTCLockScreen not finding the resources).
The reason this all came about is because I'm looking for an easy way to edit the file and perform any changes I want to it. The 7-zip method is hackish and is specific to Windows - I am looking for a way where I can go as far as to edit the XML files in the package, but the 7-zip method doesn't work for that (because the XML files are compiled).
Any ideas? Can people link posts related to this? Thanks.
EDIT: Ok, some people are probably going to point out that I can hex edit the file through 7zip, but I would rather not do that, especially since I do not run Windows for my Android development.

I've actually discovered that the reason 7zip works is because it technically doesn't follow zip format specifications. Once you edit a file from within 7zip and save the changes 7zip doesn't calculate the CRC of the new (updated) file. Android proceeds to load the APK because the CRC hashes in the zip file are still "correct", but really they're not.
While this doesn't answer my original question, it does provide a possibility of extending other (non-Windows) utilities with the sole intended function of hacking APKs.
EDIT: I'm not entirely sure this is correct information as I'm still trying to sort through the different actions that various programs (Android included) take on an APK, plus I can't find a specification of an APK file (other than people simply saying its "similar to a zip").

I been looking at this as well and hopefully can help. First look at my signature for a release key maker for those that wanna know. okay so this is just all theory but I been looking to resign all apks with the same signature my signature. Reason being is I'm helping to port froyo sense to sprint hero and there's alot of smali editing and resigning of apks. I have noticed while doing this that some proprietary apks have this in there android manifest xml "androidprotection:signature". I'm not a genious but i'm guessing that is what checks the signature or rathere requires it.
I also noticed that there is a keystore file in /system/bin (at least in sense roms ).
That might be where the signature is kept. But I'm thinking that if you disable the requirement for a signature in the android manifest you might be able to resign the apks I haven't tried this yet since I'm sure someone has some feedback annd it's 348 in the morning i'm going to bed

Need some keystore help.

My pc crashed the other day. I've rebuilt a new one and installed all my software, but the keystore directory to my android app was not backed up. I know the password, alias and directory it was all in, but after re-creating that directory, it still wants me to create a new keystore. What should I do? If I create a new keystore using the previous keystore's password/alias, will the market let me upload a new version of my app?

No. You're pretty much screwed. If you lose you private key, there is no way to recover it.

So what does that mean for my app in the market. What do I do the next time I have an update to upload?

I'm not sure. You'll have to ask them.

removed

Wow, so I lose my download count, comments, ratings, and confuse everyone that already has my app and has to download one with a different name. It seems like there should be a more efficient way to resolve this type of problem.

Read up on Public-key cryptography. There really is no other way. You must keep your private key and must keep it private for the system to work. Make a copy and burn it to a CD (maybe 2 CDs), then store it someplace safe.

So what's normally done here... do I delete my existing app and then publish a similarly named one with my new key, or do people just leave both the old and the new apps up?

...backed up my keystore just in case after reading this.

I do have a copy of my signed apk. If I re-create the directory that was my keystore (I do know the passwords and alias names) and put the signed apk in that directory...will that then let me build a properly signed apk using my existing key?

You didn't read the link I posted I see.
The answer is no. If your private key is gone, it's gone. You could try and brute-force it from your public key if you've got nothing better to do with a super computer for a few centuries.

So for the future, if I want to back up my keystore, what specifically do I need to back up? Is it the directory that I told Eclipse to put the signed apk in? I can't remember anything other than the apk being in the directory.

removed

Rename an apk so you can install it twice

I've been looking for a way to do this for the past couple days with no luck. Just to get any suspicions out of the way, I am not using this to steal someone else's work, it's for a workaround for a game that I'm trying to accomplish using two save files. I've tried going into the android manifest, editing the package name, and then resigning the apk with no luck (i just get parsing errors when I try to install). Is there any way that this can be done? or am I missing something?

It is not a simple matter.
APKs are managed by package name, not by file name, but you can't simply change the package name in the manifest of a compiled APK.
Even assuming you manage to do it without messing up the file, which is not a simple task, there will still be code referring to the package name, so the app will crash.
To put it simply, you would be better off getting your device rooted (if you don't already have root) and playing with the application data files if you want to cheat at some game.

Needing an .PK8 and .PEM for SignAPK

Im trying to upload a app to the market and when signing my APK`s im using signapk and I CANT do it. It says
Google Play does not accept apks signed with certificates issued by Android team. Create a new certificate that is valid for at least 50 years.
But I`m able to upload it without signing it, But then it DOESNT work it wont install.
Im able to sign it and get it to install on my phone but market place wont take it!
Can anyone Create me a key.pk8 and a certificite.pem? Cause I cant ive tried the past 5 hours. The only thing ive been able to do is make some keyfile using cmd. Can someone atleast create me one or PM me to create me one? using the Name Hunter under it.
Ive tried all guides with no luck

You should really make your own... instead of trusting strangers to handle your private key. I make my keystores using keytool, and sign using the Ant-based build process.
Incidentally: did you change the name of your package? I believe the Play store does not accept conflicting keys for the same package, for security reasons. Or maybe you need to remove the app completely and start over.

Hopefully this helps you out
http://developer.android.com/guide/publishing/app-signing.html

regaw_leinad said:
Hopefully this helps you out
http://developer.android.com/guide/publishing/app-signing.html
Click to expand...
Click to collapse
Nope. Already read. Goes right over my head
Sent from my SGH-I717R using xda premium

hyelton said:
Nope. Already read. Goes right over my head
Sent from my SGH-I717R using xda premium
Click to expand...
Click to collapse
Weel you said you already made your key w/ the keytool, so follow steps 3 & 4 EXACTLY. The JarSigner is part of the Java JDK, so you should already have that.
http://developer.android.com/guide/publishing/app-signing.html#signapp

regaw_leinad said:
Weel you said you already made your key w/ the keytool, so follow steps 3 & 4 EXACTLY. The JarSigner is part of the Java JDK, so you should already have that.
http://developer.android.com/guide/publishing/app-signing.html#signapp
Click to expand...
Click to collapse
can someone just make me one?
I`m about to give up. I was gonna use eclipse but NO couldn't down the add on had to do it manually. And now I gotta update a few other things which I cant cause the location im at is painfully slow at the moment

hyelton said:
can someone just make me one?
I`m about to give up. I was gonna use eclipse but NO couldn't down the add on had to do it manually. And now I gotta update a few other things which I cant cause the location im at is painfully slow at the moment
Click to expand...
Click to collapse
Well, it's your private key, and you don't want anyone else to get a hold of it, because if they do, they can release applications under your id. Without releasing that key to someone, there is no other way to have someone sign your apk with your private key.

regaw_leinad said:
Well, it's your private key, and you don't want anyone else to get a hold of it, because if they do, they can release applications under your id. Without releasing that key to someone, there is no other way to have someone sign your apk with your private key.
Click to expand...
Click to collapse
I know this. Thats why I would want to see if someone would make me one and Just PM me.

Hi
I am also try to create .pk8 and .pem file using my keystore .jks file.
I have created my .jks keystore file through android studio. But when i create .pem and .pk8 file using keystore tool and openssl tool, files created has some certification issue because when i try to sign the apk using these generated certificates got some signature exception.
Please help how can i create my private .pem and .pk8 file using generated .jks keystore file.

I am also try to create .pk8 and .pem file using my keystore .jks file.
I have created my .jks keystore file through android studio. But when i create .pem and .pk8 file using keystore tool and openssl tool, files created has some certification issue because when i try to sign the apk using these generated certificates got some signature exception.
Please help how can i create my private .pem and .pk8 file using generated .jks keystore file.

How can you guys know enough to develop an app, but can't figure out how to sign it??
Like he's trying to tell you oh, it would be like giving somebody your credit card number and CCV code. The purpose of a private key is just that, it's private.
Fire Hound 8.1

compile the below source and use according to usage.
I know that I am answering a 2012 thread, but it would be useful for others too.

[idea/need info] Update WMAppManifest.xml on phone?

I know that during the installation process, xaps are scanned for any "illegal" capabilities in the WMAppManifest.xml file. Does anyone know what purpose this file serves after an xap has been installed on the device?
My thought is this:
Install an app with a non-elevated WMAppMAnifest.xml. Then when you launch the installed app, it updates the xml file with additional capabilities (Interop Services, for example) and exits. Then when the app is relaunched, it will have access to the new capabilities in the xml file?
What do you guys think? Has this been done before? is that xml file only used during installation?

compu829 said:
I know that during the installation process, xaps are scanned for any "illegal" capabilities in the WMAppManifest.xml file. Does anyone know what purpose this file serves after an xap has been installed on the device?
My thought is this:
Install an app with a non-elevated WMAppMAnifest.xml. Then when you launch the installed app, it updates the xml file with additional capabilities (Interop Services, for example) and exits. Then when the app is relaunched, it will have access to the new capabilities in the xml file?
What do you guys think? Has this been done before? is that xml file only used during installation?
Click to expand...
Click to collapse
i think i tried this way and app returned failure error
i'm sure about that any app have to check capabalities during installation but in launch times i don't know that phone check caps again or no.
best work to test is changing this file in an interop unlock full fs phone and see the re-action

Caps are written to package manager database & global account database. WMAppManifest isn't used after installation is finished.

Yeah, this method was tried long, long ago.
Besides, even if it worked and the file was checked later, all that would mean is that you couldn't launch the app anymore. The capabilities-vs.-unlock-level appears to be checked at every startup, not just at install.

@GoodDayToDie @ultrashot I figured as much, thanks for the info.
On a semi-related note, I just received a completely different HTC 8x (T-Mobile branded) back from HTC (5th time in for repair). If this one really works, maybe I can have some fun with my Lumia 521 and/or try to figure out how to unbrand/mod the 8x. I really want to add WiFi calling to the 8x, but I need to add some certs, a missing dll, and some reg keys.