copy/extract/patch android apk signatures & compare apks
Project description
apksigcopier
copy/extract/patch android apk signatures & compare apks
apksigcopier
is a tool for copying android APK signatures from a
signed APK to an unsigned one (in order to verify reproducible
builds). It can also
be used to compare two APKs with different signatures. Its
command-line tool offers four operations:
- copy signatures directly from a signed to an unsigned APK
- extract signatures from a signed APK to a directory
- patch previously extracted signatures onto an unsigned APK
- compare two APKs with different signatures
Extract
$ mkdir meta
$ apksigcopier extract signed.apk meta
$ ls -1 meta
8BEA2A77.RSA
8BEA2A77.SF
APKSigningBlock
APKSigningBlockOffset
MANIFEST.MF
Patch
$ apksigcopier patch meta unsigned.apk out.apk
Copy (Extract & Patch)
$ apksigcopier copy signed.apk unsigned.apk out.apk
Compare
This command requires apksigner
.
$ apksigcopier compare foo-from-fdroid.apk foo-built-locally.apk
$ apksigcopier compare --unsigned foo.apk foo-unsigned.apk
Help
$ apksigcopier --help
$ apksigcopier copy --help # extract --help, patch --help, etc.
$ man apksigcopier # requires the man page to be installed
Environment Variables
The following environment variables can be set to 1
, yes
, or
true
to override the default behaviour:
- set
APKSIGCOPIER_EXCLUDE_ALL_META=1
to exclude all metadata files - set
APKSIGCOPIER_COPY_EXTRA_BYTES=1
to copy extra bytes after data (e.g. a v2 sig)
Python API
>>> from apksigcopier import do_extract, do_patch, do_copy, do_compare
>>> do_extract(signed_apk, output_dir, v1_only=NO)
>>> do_patch(metadata_dir, unsigned_apk, output_apk, v1_only=NO)
>>> do_copy(signed_apk, unsigned_apk, output_apk, v1_only=NO)
>>> do_compare(first_apk, second_apk, unsigned=False)
You can use False
, None
, and True
instead of NO
, AUTO
, and
YES
respectively.
The following global variables (which default to False
), can be set
to override the default behaviour:
- set
exclude_all_meta=True
to exclude all metadata files - set
copy_extra_bytes=True
to copy extra bytes after data (e.g. a v2 sig)
FAQ
What kind of signatures does apksigcopier support?
It currently supports v1 + v2 + v3 (which is a variant of v2).
It should also support v4, since these are stored in a separate file (and require a complementary v2/v3 signature).
When using the extract
command, the v2/v3 signature is saved as
APKSigningBlock
+ APKSigningBlockOffset
.
Tab Completion
NB: the syntax for the environment variable changed in click >= 8.0,
use e.g. source_bash
instead of bash_source
for older versions.
For Bash, add this to ~/.bashrc
:
eval "$(_APKSIGCOPIER_COMPLETE=bash_source apksigcopier)"
For Zsh, add this to ~/.zshrc
:
eval "$(_APKSIGCOPIER_COMPLETE=zsh_source apksigcopier)"
For Fish, add this to ~/.config/fish/completions/apksigcopier.fish
:
eval (env _APKSIGCOPIER_COMPLETE=fish_source apksigcopier)
Installing
Debian
Official packages are available in Debian unstable and Ubuntu impish.
$ apt install apksigcopier
You can also manually build a Debian package using the debian/sid
branch, or download a pre-built .deb
via GitHub releases.
NixOS & Arch Linux
Official packages are also available in nixpkgs unstable and Arch Linux (and derivatives).
Using pip
$ pip install apksigcopier
NB: depending on your system you may need to use e.g. pip3 --user
instead of just pip
.
From git
NB: this installs the latest development version, not the latest release.
$ git clone https://github.com/obfusk/apksigcopier.git
$ cd apksigcopier
$ pip install -e .
NB: you may need to add e.g. ~/.local/bin
to your $PATH
in order
to run apksigcopier
.
To update to the latest development version:
$ cd apksigcopier
$ git pull --rebase
Dependencies
- Python >= 3.7 + click.
- The
compare
command also requiresapksigner
.
Debian/Ubuntu
$ apt install python3-click
$ apt install apksigner # only needed for the compare command
License
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for apksigcopier-1.0.2-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 42ea1427f0a4c0fd0a69f6319a68b5952874cd66ed8a6d58513d5660f72da1a2 |
|
MD5 | a35ac4a676bad6352226e796c3b487be |
|
BLAKE2b-256 | aff23e5548f38845cd5abdd01141b0bbc85dc33fb3e3f8dd34e42683793fd612 |