copy/extract/patch android apk signatures & compare apks
Project description
apksigcopier
copy/extract/patch android apk signatures & compare apks
apksigcopier
is a tool for copying android APK signatures from a
signed APK to an unsigned one (in order to verify reproducible
builds). It can also
be used to compare two APKs with different signatures. Its
command-line tool offers four operations:
- copy signatures directly from a signed to an unsigned APK
- extract signatures from a signed APK to a directory
- patch previously extracted signatures onto an unsigned APK
- compare two APKs with different signatures
Extract
$ mkdir meta
$ apksigcopier extract signed.apk meta
$ ls -1 meta
8BEA2A77.RSA
8BEA2A77.SF
APKSigningBlock
APKSigningBlockOffset
MANIFEST.MF
Patch
$ apksigcopier patch meta unsigned.apk out.apk
Copy (Extract & Patch)
$ apksigcopier copy signed.apk unsigned.apk out.apk
Compare
This command requires apksigner
.
$ apksigcopier compare foo-from-fdroid.apk foo-built-locally.apk
$ apksigcopier compare --unsigned foo.apk foo-unsigned.apk
Help
$ apksigcopier --help
$ apksigcopier copy --help # extract --help, patch --help, etc.
$ man apksigcopier # requires the man page to be installed
Environment Variables
The following environment variables can be set to 1
, yes
, or
true
to override the default behaviour:
- set
APKSIGCOPIER_EXCLUDE_ALL_META=1
to exclude all metadata files - set
APKSIGCOPIER_COPY_EXTRA_BYTES=1
to copy extra bytes after data (e.g. a v2 sig)
Python API
>>> from apksigcopier import do_extract, do_patch, do_copy, do_compare
>>> do_extract(signed_apk, output_dir, v1_only=NO)
>>> do_patch(metadata_dir, unsigned_apk, output_apk, v1_only=NO)
>>> do_copy(signed_apk, unsigned_apk, output_apk, v1_only=NO)
>>> do_compare(first_apk, second_apk, unsigned=False)
You can use False
, None
, and True
instead of NO
, AUTO
, and
YES
respectively.
The following global variables (which default to False
), can be set
to override the default behaviour:
- set
exclude_all_meta=True
to exclude all metadata files - set
copy_extra_bytes=True
to copy extra bytes after data (e.g. a v2 sig)
FAQ
What kind of signatures does apksigcopier support?
It currently supports v1 + v2 + v3 (which is a variant of v2).
It should also support v4, since these are stored in a separate file (and require a complementary v2/v3 signature).
When using the extract
command, the v2/v3 signature is saved as
APKSigningBlock
+ APKSigningBlockOffset
.
Tab Completion
For Bash, add this to ~/.bashrc
:
eval "$(_APKSIGCOPIER_COMPLETE=source_bash apksigcopier)"
For Zsh, add this to ~/.zshrc
:
eval "$(_APKSIGCOPIER_COMPLETE=source_zsh apksigcopier)"
For Fish, add this to ~/.config/fish/completions/apksigcopier.fish
:
eval (env _APKSIGCOPIER_COMPLETE=source_fish apksigcopier)
Requirements
- Python >= 3.5 + click.
- The
compare
command also requiresapksigner
.
Debian/Ubuntu
$ apt install python3-click
$ apt install apksigner # only needed for the compare command
Installing
Debian
An official package is available in Debian unstable:
$ apt install apksigcopier
You can also manually build a Debian package using the debian/sid
branch, or download a pre-built .deb
via GitHub releases.
NixOS & Arch Linux
Official packages are also available in nixpkgs unstable and Arch Linux (and derivatives).
Using pip
$ pip install apksigcopier
NB: depending on your system you may need to use e.g. pip3 --user
instead of just pip
.
From git
NB: this installs the latest development version, not the latest release.
$ git clone https://github.com/obfusk/apksigcopier.git
$ cd apksigcopier
$ pip install -e .
NB: you may need to add e.g. ~/.local/bin
to your $PATH
in order
to run apksigcopier
.
To update to the latest development version:
$ cd apksigcopier
$ git pull --rebase
License
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for apksigcopier-1.0.1-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 9cd9970bbd8ed7bbd28a02c124300b7a0ff581e71a6351512110c1d89b8dd94b |
|
MD5 | a0ea4309751f0020a908a9c90f363ee5 |
|
BLAKE2b-256 | 361708d6068a521b5f552c64d8820fc2db6e6988555b9174d229e7a28e430f5a |