使用调试密钥重新签名时,apk 在启动时崩溃

逆向工程 安卓 apk
2021-07-10 02:17:56

我有时反编译和重新编译 apk 并进行更改(如更改图形、文本等...)通常我使用 apktool 反编译和重新编译,然后使用 testsign.jar 使用调试密钥或uber apk 签名者重新签名 apk,因为它支持 v2 /v3 签名。

这通常可以正常工作,但是我发现如果我使用调试密钥退出特定的 apk,那么它会安装正常,但在启动时总是会崩溃。需要明确的是,出于测试目的,我正在做的是:我什至根本没有反编译或重新编译它,只是获取原始 apk(安装和运行正常)然后重新签名。

这是崩溃的日志:

12-04 15:44:57.364 11969 12006 W org.skvalex.cr: 0xebadde09 skipped times: 0
12-04 15:44:57.364 11969 12006 F libc    : Fatal signal 11 (SIGSEGV), code -6 (SI_TKILL) in tid 12006 (ComThread), pid 11969 (org.skvalex.cr)
12-04 15:44:57.378  1358  6828 D WifiPermissionsUtil: canAccessScanResults: pkgName = com.sec.android.sdhms, uid = 1000
12-04 15:44:57.386  1358  2047 D MdnieScenarioControlService:  packageName : org.skvalex.cr    className : org.skvalex.cr.LauncherActivity
12-04 15:44:57.386  1358  2047 V MdnieScenarioControlService: setUIMode from UI function(3)
12-04 15:44:57.412 12009 12009 I crash_dump64: obtaining output fd from tombstoned, type: kDebuggerdTombstone
12-04 15:44:57.412  1044  1044 I /system/bin/tombstoned: received crash request for pid 12006
12-04 15:44:57.413 12009 12009 I crash_dump64: performing dump of process 11969 (target tid = 12006)
12-04 15:44:57.419 12009 12009 F DEBUG   : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
12-04 15:44:57.419 12009 12009 F DEBUG   : Build fingerprint: 'samsung/starqltesq/starqltesq:9/PPR1.180610.011/G960USQS7CSK4:user/release-keys'
12-04 15:44:57.419 12009 12009 F DEBUG   : Revision: '14'
12-04 15:44:57.419 12009 12009 F DEBUG   : ABI: 'arm64'
12-04 15:44:57.419 12009 12009 F DEBUG   : pid: 11969, tid: 12006, name: ComThread  >>> org.skvalex.cr <<<
12-04 15:44:57.419 12009 12009 F DEBUG   : signal 11 (SIGSEGV), code -6 (SI_TKILL), fault addr --------
12-04 15:44:57.419 12009 12009 F DEBUG   :     x0  0000000000000000  x1  0000000000002ee6  x2  000000000000000b  x3  0000000072164fde
12-04 15:44:57.419 12009 12009 F DEBUG   :     x4  6361500000000000  x5  6361500000000000  x6  6361500000000000  x7  00000000ffffffff
12-04 15:44:57.419 12009 12009 F DEBUG   :     x8  0000000000000083  x9  6aab5bd0db3a37ff  x10 0000000000430000  x11 000000765cc9a6dc
12-04 15:44:57.419 12009 12009 F DEBUG   :     x12 000000765cc9a730  x13 000000765cc9a784  x14 000000765cc9a7e4  x15 0000000000000000
12-04 15:44:57.419 12009 12009 F DEBUG   :     x16 00000076df9706f0  x17 00000076df8f1f7c  x18 0000000070b57a48  x19 00000076566c2008
12-04 15:44:57.419 12009 12009 F DEBUG   :     x20 00000076566377d0  x21 000000765667fa50  x22 0000000000000000  x23 0000007646236128
12-04 15:44:57.419 12009 12009 F DEBUG   :     x24 0000007656631f00  x25 0000007656616d70  x26 000000765667fa50  x27 0000000000000003
12-04 15:44:57.419 12009 12009 F DEBUG   :     x28 0000000000000030  x29 0000007645cee330
12-04 15:44:57.419 12009 12009 F DEBUG   :     sp  0000007645cee330  lr  000000764623613c  pc  00000076df8f1f84
12-04 15:44:57.419 12009 12009 I unwind  : Malformed section header found, ignoring...
12-04 15:44:57.448   754   754 I SurfaceFlinger: Display 0 HWC layers:
12-04 15:44:57.448   754   754 I SurfaceFlinger:     type    |    handle    | flag |  format   |   source crop (l,t,r,b)    |         frame       | name 
12-04 15:44:57.448   754   754 I SurfaceFlinger: ------------+--------------+------+-----------+----------------------------+---------------------+------
12-04 15:44:57.448   754   754 I SurfaceFlinger:      Client | 0x7884e3ae80 | 0002 | RGBA_8888 |   0.0    0.0 1440.0 2960.0 |    0    0 1440 2960 | com.android.systemui.ImageWallpaper[1874]#0
12-04 15:44:57.448   754   754 I SurfaceFlinger:      Client | 0x788462fe00 | 0000 | RGBA_8888 |   0.0    0.0 1440.0 2960.0 |    0    0 1440 2960 | com.sec.android.app.launcher/com.sec[...].activities.LauncherActivity[2975]#0
12-04 15:44:57.448   754   754 I SurfaceFlinger:      Device | 0x7884e3a1d0 | 0000 | RGBA_8888 |   0.0    0.0 1440.0   96.0 |    0    0 1440   96 | StatusBar[1874]#0
12-04 15:44:57.448   754   754 I SurfaceFlinger:      Device | 0x788462f070 | 0000 | RGBA_8888 |   0.0    0.0 1440.0  192.0 |    0 2768 1440 2960 | NavigationBar[1874]#0
12-04 15:44:57.448   754   754 I SurfaceFlinger: 
12-04 15:44:57.479 12009 12009 F DEBUG   : 
12-04 15:44:57.479 12009 12009 F DEBUG   : backtrace:
12-04 15:44:57.479 12009 12009 F DEBUG   :     #00 pc 0000000000070f84  /system/lib64/libc.so (tgkill+8)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #01 pc 0000000000027138  /data/data/org.skvalex.cr/files/callrecorder (deleted)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #02 pc 00000000000342e8  /data/data/org.skvalex.cr/files/callrecorder (deleted)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #03 pc 000000000004e0c0  /data/data/org.skvalex.cr/files/callrecorder (deleted)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #04 pc 000000000003483c  /data/data/org.skvalex.cr/files/callrecorder (deleted)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #05 pc 0000000000033590  /data/data/org.skvalex.cr/files/callrecorder (deleted)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #06 pc 0000000000034cec  /data/data/org.skvalex.cr/files/callrecorder (deleted)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #07 pc 000000000002df94  /data/data/org.skvalex.cr/files/callrecorder (deleted)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #08 pc 00000000000298e4  /data/data/org.skvalex.cr/files/callrecorder (deleted)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #09 pc 0000000000035090  /data/app/org.skvalex.cr-sCqMqKZxZt2LSttfu5oWig==/oat/arm64/base.odex (offset 0x33000) (org.skvalex.cr.Native.a+208)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #10 pc 000000000055784c  /system/lib64/libart.so (art_quick_invoke_static_stub+604)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #11 pc 00000000000cfce8  /system/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+232)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #12 pc 0000000000280438  /system/lib64/libart.so (art::interpreter::ArtInterpreterToCompiledCodeBridge(art::Thread*, art::ArtMethod*, art::ShadowFrame*, unsigned short, art::JValue*)+344)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #13 pc 000000000027a440  /system/lib64/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+968)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #14 pc 00000000005281b0  /system/lib64/libart.so (MterpInvokeStatic+204)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #15 pc 0000000000549d94  /system/lib64/libart.so (ExecuteMterpImpl+14612)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #16 pc 00000000004e0fc4  /data/app/org.skvalex.cr-sCqMqKZxZt2LSttfu5oWig==/oat/arm64/base.vdex (org.skvalex.cr.Native.oooooooo+12)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #17 pc 0000000000254144  /system/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEb.llvm.1714131630+488)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #18 pc 0000000000259c38  /system/lib64/libart.so (art::interpreter::ArtInterpreterToInterpreterBridge(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame*, art::JValue*)+216)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #19 pc 000000000027a424  /system/lib64/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+940)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #20 pc 00000000005281b0  /system/lib64/libart.so (MterpInvokeStatic+204)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #21 pc 0000000000549d94  /system/lib64/libart.so (ExecuteMterpImpl+14612)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #22 pc 000000000022d2c0  /data/app/org.skvalex.cr-sCqMqKZxZt2LSttfu5oWig==/oat/arm64/base.vdex (o.IIIIooIl$1.oooooooI+16)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #23 pc 0000000000254144  /system/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEb.llvm.1714131630+488)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #24 pc 0000000000259c38  /system/lib64/libart.so (art::interpreter::ArtInterpreterToInterpreterBridge(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame*, art::JValue*)+216)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #25 pc 000000000027a424  /system/lib64/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+940)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #26 pc 0000000000527fec  /system/lib64/libart.so (MterpInvokeDirect+296)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #27 pc 0000000000549d14  /system/lib64/libart.so (ExecuteMterpImpl+14484)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #28 pc 000000000022d294  /data/app/org.skvalex.cr-sCqMqKZxZt2LSttfu5oWig==/oat/arm64/base.vdex (o.IIIIooIl$1.oooooooo)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #29 pc 0000000000254144  /system/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEb.llvm.1714131630+488)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #30 pc 0000000000259c38  /system/lib64/libart.so (art::interpreter::ArtInterpreterToInterpreterBridge(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame*, art::JValue*)+216)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #31 pc 000000000027a424  /system/lib64/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+940)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #32 pc 0000000000529cf0  /system/lib64/libart.so (MterpInvokeVirtualQuick+584)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #33 pc 000000000054d994  /system/lib64/libart.so (ExecuteMterpImpl+29972)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #34 pc 000000000022d588  /data/app/org.skvalex.cr-sCqMqKZxZt2LSttfu5oWig==/oat/arm64/base.vdex (o.IIIIooIl$oooooooo.oooooool)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #35 pc 0000000000254144  /system/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEb.llvm.1714131630+488)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #36 pc 0000000000259c38  /system/lib64/libart.so (art::interpreter::ArtInterpreterToInterpreterBridge(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame*, art::JValue*)+216)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #37 pc 000000000027a424  /system/lib64/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+940)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #38 pc 0000000000527fec  /system/lib64/libart.so (MterpInvokeDirect+296)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #39 pc 0000000000549d14  /system/lib64/libart.so (ExecuteMterpImpl+14484)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #40 pc 000000000022d5a4  /data/app/org.skvalex.cr-sCqMqKZxZt2LSttfu5oWig==/oat/arm64/base.vdex (o.IIIIooIl$oooooooo.oooooooo)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #41 pc 0000000000254144  /system/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEb.llvm.1714131630+488)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #42 pc 0000000000259c38  /system/lib64/libart.so (art::interpreter::ArtInterpreterToInterpreterBridge(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame*, art::JValue*)+216)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #43 pc 000000000027a424  /system/lib64/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+940)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #44 pc 00000000005281b0  /system/lib64/libart.so (MterpInvokeStatic+204)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #45 pc 0000000000549d94  /system/lib64/libart.so (ExecuteMterpImpl+14612)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #46 pc 000000000022d470  /data/app/org.skvalex.cr-sCqMqKZxZt2LSttfu5oWig==/oat/arm64/base.vdex (o.IIIIooIl$oooooooo$1.run+4)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #47 pc 0000000000254144  /system/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEb.llvm.1714131630+488)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #48 pc 0000000000517540  /system/lib64/libart.so (artQuickToInterpreterBridge+1020)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #49 pc 00000000005606fc  /system/lib64/libart.so (art_quick_to_interpreter_bridge+92)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #50 pc 0000000000b224cc  /system/framework/arm64/boot-framework.oat (offset 0x41e000) (android.os.Handler.dispatchMessage+76)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #51 pc 0000000000b25630  /system/framework/arm64/boot-framework.oat (offset 0x41e000) (android.os.Looper.loop+1264)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #52 pc 0000000000b244d4  /system/framework/arm64/boot-framework.oat (offset 0x41e000) (android.os.HandlerThread.run+548)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #53 pc 0000000000557588  /system/lib64/libart.so (art_quick_invoke_stub+584)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #54 pc 00000000000cfcc8  /system/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+200)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #55 pc 000000000045e1ec  /system/lib64/libart.so (art::(anonymous namespace)::InvokeWithArgArray(art::ScopedObjectAccessAlreadyRunnable const&, art::ArtMethod*, art::(anonymous namespace)::ArgArray*, art::JValue*, char const*)+104)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #56 pc 000000000045f2a8  /system/lib64/libart.so (art::InvokeVirtualOrInterfaceWithJValues(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jmethodID*, jvalue*)+424)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #57 pc 000000000048a6c8  /system/lib64/libart.so (art::Thread::CreateCallback(void*)+1120)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #58 pc 0000000000083840  /system/lib64/libc.so (__pthread_start(void*)+36)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #59 pc 0000000000023d80  /system/lib64/libc.so (__start_thread+68)
12-04 15:44:57.543  3504  3504 I SKBD    : anc isTosAccept false
12-04 15:44:57.682  1044  1044 E /system/bin/tombstoned: Tombstone written to: /data/tombstones/tombstone_09
12-04 15:44:57.683  1358 12012 W ActivityManager: crash : org.skvalex.cr,0

有谁知道这里可能出了什么问题,或者为什么只更改签名可能会导致崩溃?我尝试使用谷歌搜索这里的一些错误,但只找到了开发人员调试应用程序的结果。

这是一个付费应用程序,所以我觉得这可能是某种防篡改或类似的东西?

1个回答

该应用程序可能会检查其签名是否与用于对其进行签名的密钥的签名相匹配。

请参阅此 SO 帖子,了解 android 应用程序如何执行此类检查。

您可以尝试绕过签名的一种方法是在对 apk 进行一些逆向工程后,将 apk 中的参考签名替换为您的密钥的参考签名。您可以通过命令行获取与签名密钥相关的信息

其它你可能感兴趣的问题
上一篇提取未知文件格式的内容 下一篇IDA - 重命名地址/功能:说名称已经存在但它没有出现在任何地方