0

The original post on Reddit with some more background about the issue.

I have re-signed all system apps of LineageOS with my own key and have replaced them all before the first boot. LineageOS boots normally but then all re-signed system apps crash with an error like:

SystemUI has stopped, Settings has stopped.

The screen stays dark. It seems that the re-signed system apps are unusable. Maybe I made some mistake or LineageOS has some anti-tampering check implemented?

What I have done: I opened all system apps with the WinRAR zip manager and removed the CERT.RSA and CERT.SF files in each META-INF folder and deleted all the names and SHA-256 digest entries in all MF manifest-files. Also, all other APK for example, in the framework folder, like the framework-res.apk file, I edited them like this. Then I created a keystore with Key, using the Java keytool, I think this is self-signed. Then I signed all APKs with the Uber Apk signet tool and successfully performed zip-aligning. Then I flashed Lineage OS with TWRP on the phone. Before the first boot, I deleted the system APKs with the TWRP file manager and replaced them with my self-signed ones. Uber-Sign-Tool: https://github.com/patrickfav/uber-apk-signer

I have now adapted with the TWRP terminal chmod with the following commands: Before I adapted chmod, I checked everything with ls -l. Then I adjusted everything as it is right in the system so for me: chmod 644 for system-apk's and the apk-folders and chmod 755 for the /system/app and /system/priv-app folders. Now I'm stuck again in bootloop when I edit chmod.

The chown-Settings were already on root. Also I tried chown 0.0 -R and chcon u: object_r: system_file: s0 (see also installing apk in /system/app with android 5.1 or higher (simple adb push doesn't work anynore) push does) I stuck again in bootloop when I edit chmod.

There are no Odex files available.

Why can I edit the AndroidManifest.xml from all Systemapps without problems if I keep the original signature except at the framework-res.apk? Does anyone know why it doesn't work with the framework-res.apk? The only way I find which works is to turn off signature verification in the whole system, but this is bad for the security.

Andrew T.
  • 15,988
  • 10
  • 74
  • 123
andromade7
  • 9
  • 2
  • Did you chmod and chown system/app recursively to fix permissions and ownership. --- If so.. Is the system deodexed or odexed, the odex files could be mismatched with the apks... Also.. I usually don't sign system apps at all, i find that they aren't usually signed anyway... i think signatures mainly matter for DATA apps, and apps that use shared userID's – Empire of E Dec 02 '18 at 01:45
  • Hmm, not sure if it still is the case in recent Android versions, but at least in Nougat what I did is keeping the original signature while modifying framework-res. apktool has the -c option for that, though yes you will lose AndroidManifest.xml changes, so it might not work for you. What I want to say is that the OS likely does check for that signature. – Andy Yan Dec 02 '18 at 02:21
  • I edited the Post – andromade7 Dec 05 '18 at 17:28

0 Answers0