Like and follow, no longer get lost, your support means a lot to me!

๐Ÿ”ฅ Hi, I am Ugly. This article has been collected by GitHub ยท Android-Notebook. Welcome to grow with Peng Chouchou. (Contact info on GitHub)

preface

  • When making a production package, you must sign the APK, so do you know why you should sign the application?
  • In this article, I will analyze the Android APK signature mechanism, and introduce the principles and evolution of the v1, V2, and V3 installation package signature schemes. Please be sure to like and follow if you can help, it really means a lot to me.

series

  • The Android | mountain, can offend jade! Read an article/v1 / v2 v3 signature mechanism”

Related articles

  • The cryptography | sense! From the global to understand the message digest, encryption, signature and digital certificate”

directory

1. An overview of the

1.1 Why Do I Need to Sign an Application?

The application of APK is actually a special Zip compression package, there is no way to avoid malicious attackers decompress/decompile modified content, what is the solution to this problem? Other mountain stone, can attack jade – digital signature algorithm. Signature application is one of the application scenarios of the digital signature algorithm, which is similar to other application scenarios. The purpose is as follows:

  • certification

Every application running on the Android platform must be signed by the developer. When installing an application, the package manager verifies that the APK has been properly signed, and the installation program rejects an application that attempts to install without being signed.

  • Verify integrity

The package manager verifies the application digest before installing the application. If the attacker modifies the contents of the APK, the digest no longer matches and the validation fails (see the verification process below).

Tip: The advantage of using digital signatures is that the authentication process does not require complex interfaces and permissions, but only needs to be validated on the machine.

1.2 Digital Signature and verification model

Before I wrote an article, I have been analyzing digital signature & validation model: the cryptography | sense!, signature and digital certificates are?” . Here I repeat it briefly:

  • 1. Private key signature: The message digest algorithm is used to digest the original message, and then the private key is used to sign the digest.
  • 2. Public key verification: Use the public key to verify the signature and check whether it is the digest value of the message.

1.3 Digital certificate signature & verification model

Editting…

It is important to note that Android does not provide CA authentication for application certificates. Applications can be signed by third parties (Oems, carriers, and other application markets) or signed by themselves.

1.4 Application Signature Scheme Evolution

As of Android 11, Android supports the following three application signature schemes:

  • V1 signature scheme: based on Jar signature;
  • V2 signature scheme: improved verification speed and coverage (introduced in Android 7.0 Nougat)
  • V3 signature scheme: implement key rotation (introduced in Android 9.0 Pie).

To improve compatibility, signature schemes must be adopted in the order of V1, V2, and V3. Platforms of earlier versions ignore additional data added to APK by signature schemes of earlier versions.

Citing the source.android.com/security/ap… – the Android Developers

2. Signature scheme v1

The V1 signature scheme is a Jar based signature.

2.1 Signature Products

First, we analyze the signature product. After v1 is signed, the meta-INF folder will be added, which will contain the following three files. The file names may vary depending on the certificate and signature, so you just have to pay attention to the suffix of the file:

META-INF Exercises โ”€โ”€ MANIFEST.MF Exercises โ”€โ”€ cert.sf Exercises โ”€โ”€ cert.rsaCopy the code
file describe
MANIFEST.MF Record the “summary for every file in APK” (except for the meta-INF folder)
*.SF Record “a summary of the manifest.mf file” and “a summary of each block in the Manifest.mf”
*.RSA Contains “signature of *.sf file” and “Developer certificate with public key”

Tip: If the APK has a large number of files and a long file name, the manifest.mf and *.sf files will become very large. Is there a way to optimize it? See section 5.1. Optimize summary record file size.

2.2 Signature Process

The v1 signature process is as follows:

  • 1. Calculate the SHA-1 abstract of each file and write it into the manifest.mf file after BASE64 encoding;

Manifest.mf (Message Digest File)

Manifest-version: 1.0 Built-By: Generated- by-adt Created-By: Android Gradle 3.1.0 Name: Androidmanifest.xml SHA1 - Digest: 9 htsmrfzheeqc7v2wxbbtt3dmcy = abstract ใ€‘ ใ€ file...Copy the code
  • 2. Calculate the SHA-1 abstract of the entire manifest.mf file, and write it into the *.sf file after BASE64 encoding;
  • 3. Calculate the SHA-1 abstract of each piece of abstract in manifest.mf file, and write it into *.sf file after BASE64 encoding;

\*.sf (Signature File, Signature File)

Signature-version: 1.0 creation-by: 1.0 (Android) sha1-digest-manifest: MJQyZ0dc4dv7G9nlJPAMQLwEwbU = X - MANIFEST. Summary of MF file ใ€‘ ใ€ Android APK - Signed: 2 Name: AndroidManifest. XML SHA1 - Digest: IJioMmfD693T4qnUJcPKhq9woHQ = ใ€ abstract ใ€‘ the...Copy the code
  • 4, calculate the digital signature of the entire *.sf file (first digest and then private key encryption);
  • 5. Write the digital signature and x.509 developer digital certificate (public key) to the *.rsa file.

Tip: *.RSA file is encrypted, need to use the openSSL tool to open.

Citing the zhuanlan.zhihu.com/p/108034286 – wooden melody

2.3 Verification Process

The verification process can be divided into two steps: verifying signature and verifying integrity:

Step for verifying a signature:

  • 1. Take out the developer certificate contained in *.RSA;
  • 2. [Note: The developer certificate is not valid to the CA];
  • 3, use the public key in the certificate to decrypt the signature contained in *.RSA, get the abstract;
  • 4, calculate the summary of *.SF;
  • 5. Whether the summaries of (3) and (4) are consistent;

Integrity will be verified only if the above signature verification results are correct:

  • 1. Calculate the summary of manifest.MF;
  • 2. Compare the document summaries in *.SF records with the summaries in (1) for consistency;
  • 3, if the same, then use each piece of data in manifest.mf to check whether each file has been modified.

If any of the above steps fails, the entire APK fails.

2.4 Existing Problems

  • Insufficient integrity coverage: Some contents in the Zip file are not verified, such as the meta-INF folder.
  • Poor validation speed: The validator must decompress all compressed entries, which takes more time and memory.

To address these issues, Android 7.0 introduced the APK signature scheme V2.

3. Signature scheme v2

The V2 signature scheme is a full-file signature scheme, which can find all the changes made to the protected part of APK, and it is faster to verify and has wider integrity coverage than the V1 signature scheme.

Tip: To be compatible with earlier versions, use the V1 signature scheme as well as the V2 signature scheme.

3.1 Introduction to Zip Files

Before analyzing v2 signature schemes, let’s take a brief look at the Zip file format:

  • The main structure of a Zip file is divided into three parts: Item content area, Central directory area, and Central directory End area (EoCD).

  • The starting location of the central directory is recorded in the EoCD. Inserting additional data between the entry content area and the central directory area does not affect the Zip decompression.

3.2 Signature Products

First, we analyze the signature product. V2 will insert an APK Signing Block between the “item content area” and the “central directory area”.

Citing the source.android.com/security/ap… – the Android Developers

From left to right, we define blocks 1 to 4.

3.2 Signature Process

Compared with the V1 signature scheme, the V2 signature scheme does not compute the summary by file, but splits the file into consecutive chunks (chunks) in unit of 1 MB. The last chunk of each partition may be less than 1 MB.

The v2 signature process is as follows:

  • 1. Divide blocks 1, 3, and 4 into 1MB chunks.
  • 2. Calculate the summary of each block;
  • 3. Calculate the signatures of all abstracts in (2).
  • 4, add x.509 Developer Digital Certificate (public key)

Citing the source.android.com/security/ap… – the Android Developers

3.3 Verification Process

The verification process can be divided into two steps: verifying signature and verifying integrity:

  • Step: Verify the signature of block 2 with the public key;
  • Verify integrity step: Verify the digest of each piece of data with the “APK Data Digest set”.

Signature scheme v3

Signature scheme V3 supports key rotation, and applications can change their signature keys during APK update.

Tired, the back of the first not to write…

5. Derived application scenarios

In this section, we introduce a derivative application scenario based on the Android application signature mechanism.

5.1 Optimizing the Summary record file size

In the V1 scenario, manifest.mf and *.sf files record a large number of file names and file summaries. If the APK has a large number of files and a long file name, the two files will become very large. Using the AndResGuard tool, you can reduce the size of both files by converting the file name to a short path file name.

Citing the time.geekbang.org/column/arti… — By Zhang Shaowen

5.2 Multi-channel package

In practice, multiple channels of APK packages need to be generated. The traditional approach is to use the APKTool reverse tool, Flavor + BuildType, and other solutions. The disadvantage of these multi-channel packages is that they are time consuming. As the Android application signature scheme has evolved, different multi-channel packaging schemes have evolved:

Multi-channel packaging in the era of V1 scheme

  • Adding an empty file

In the V1 scheme, we mentioned that the integrity check does not overwrite the meta-INF folder. Some multichannel packaging schemes take advantage of this problem by adding an empty file to the meta-INF folder and using the name of the empty file as the unique identifier of the channel to save the packaging time and improve the speed of packing the channel package.

  • Zip Comment

In addition to the method of adding empty files, you can also add Zip Comment to APK to generate multi-channel packages (APK itself is a special Zip package).

Multi-channel packaging in the era of V2 solution

In the V2 signature scheme, almost the entire APK is protected. If you add an empty file or Zip Comment to the APK, the following error will be reported during installation:

Failure [INSTALL_PARSE_FAILED_NO_CERTIFICATES: 
Failed to collect certificates from base.apk: META-INF/CERT.SF indicates base.apk is signed using APK Signature Scheme v2, 
but no such signature was found. Signature stripped?]
Copy the code

In the new background, the multi-channel packaging scheme takes advantage of the characteristics of APK signature block (block 2) is not protected & the field is extensible, and adds the multi-channel information (ID-value) to the block, such as The multi-channel packaging scheme Walle of Meituan.

6. Summary

  • Signature applications serve two purposes: authentication & verification of integrity, i.e. authentication of the APK developer and verification of tampering with the APK content. As of Android 11, there are v1, V2, and V3 signature schemes.

  • V1 is a Jar – based signature scheme, which has two problems: insufficient integrity coverage & poor verification speed.

  • The V2 signature scheme for Android 7.0 optimizes both of these problems by inserting an APK Signing Block between the “item content area” and the “central directory area”.

  • The v3 version of Android 9.0 is the optimized version of the V2 solution, to meet the needs of key rotation.

The resources

  • Signed_JAR_File — Oracle
  • App Signature — Android Developers
  • Signing apps — Android Developers
  • APK Signature Scheme V2 — Android Developers
  • APK Signature Scheme V3 — Android Developers
  • Android Application Security and Reverse Analysis (Chapter 12). By Jiang Wei
  • “Principle of V1/V2/V3 Signature on Android” — Written with wooden melody (Alibaba Technical Team)
  • Analysis of Android V2’s New Signature Packaging Mechanism by Pisazzpan (Tencent Music Technology Team)
  • A new generation of Open Source Android Channel Package Generation Tool Walle by Jian Shuai Chen Tong (Meituan Technical Team)
  • “An Analysis of the Principle of Android V1 and V2 Signature” — a book by A snail (Netease Technical team)
  • Practice of Android App Package Slimming Optimization — written by Jian Shuai (Meituan Technical Team)
  • “Android Development Master class ยท Package Volume Optimization (part 2)” — Written by Zhang Shaowen (wechat technology team), geek Time
  • A Deep understanding of the Android kernel design Philosophy (Chapter 20). By Lin Xuesen

Creation is not easy, your “three company” is the biggest power of Ugly, we see next time!