Fungsi dari Disable Signature Verification adalah untuk membebaskan kita menambahkan/memodif file apk yang ada di system dan data tanpa dipusingkan dengan segala macam signature yang selalu ada di file apk. Terutama sangat dibutuhkan jika kita ingin memodif file apk system yang berhubungan dengan AndroidManifest.
Disini saya berikan tutorial lengkapnya, termasuk disable signature miui yang biasanya sangat alot di bypass. Hingga setelah terapkan, kamu dapat menghapus app system bawaan miui yang tidak kamu butuhkan, seperti MiuiStore, etc. Tanpa takut bootloop.
Syarat:
- Rooted
- Deodexed ROM
Bahan:
- core-libart.jar (ambil dari /system/framework)
- services,jar (ambil dari /system/framework)
Langkah-langkah:
- Bagian core-libart
Buka /smali/java/security/Signature.smali
Cari:
.method public final verify([B)Z
Lalu didalam method tersebut, cari:
return v0
Tambahkan ini diatasnya:
const/4 v0, 0x1
Hingga hasilnya menjadi seperti ini:
.method public final verify([B)Z
.locals 2
.param p1, "signature" # [B
.annotation system Ldalvik/annotation/Throws;
value = {
Ljava/security/SignatureException;
}
.end annotation
.prologue
.line 449
iget v0, p0, Ljava/security/Signature;->state:I
const/4 v1, 0x3
if-eq v0, v1, :cond_0
.line 450
new-instance v0, Ljava/security/SignatureException;
const-string v1, "Signature object is not initialized properly"
invoke-direct {v0, v1}, Ljava/security/SignatureException;-><init>(Ljava/lang/String;)V
throw v0
.line 452
:cond_0
invoke-virtual {p0, p1}, Ljava/security/Signature;->engineVerify([B)Z
move-result v0
const/4 v0, 0x1
return v0
.end method
Masih di /smali/java/security/Signature.smali
Cari:
.method public final verify([BII)Z
Lalu didalam method tersebut, cari:
return v0
Tambahkan ini diatasnya:
const/4 v0, 0x1
Hingga hasilnya menjadi seperti ini:
.method public final verify([BII)Z
.locals 2
.param p1, "signature" # [B
.param p2, "offset" # I
.param p3, "length" # I
.annotation system Ldalvik/annotation/Throws;
value = {
Ljava/security/SignatureException;
}
.end annotation
.prologue
.line 481
iget v0, p0, Ljava/security/Signature;->state:I
const/4 v1, 0x3
if-eq v0, v1, :cond_0
.line 482
new-instance v0, Ljava/security/SignatureException;
const-string v1, "Signature object is not initialized properly"
invoke-direct {v0, v1}, Ljava/security/SignatureException;-><init>(Ljava/lang/String;)V
throw v0
.line 484
:cond_0
if-eqz p1, :cond_1
if-ltz p2, :cond_1
if-ltz p3, :cond_1
add-int v0, p2, p3
array-length v1, p1
if-le v0, v1, :cond_2
.line 486
:cond_1
new-instance v0, Ljava/lang/IllegalArgumentException;
invoke-direct {v0}, Ljava/lang/IllegalArgumentException;-><init>()V
throw v0
.line 488
:cond_2
invoke-virtual {p0, p1, p2, p3}, Ljava/security/Signature;->engineVerify([BII)Z
move-result v0
const/4 v0, 0x1
return v0
.end method
Buka /smali/java/security/MessageDigest.smali
Cari:
.method public static isEqual([B[B)Z
Lalu didalam method tersebut, cari:
return v2
Tambahkan ini diatasnya:
const/4 v2, 0x1
Hingga hasilnya menjadi seperti ini:
.method public static isEqual([B[B)Z
.locals 5
.param p0, "digesta" # [B
.param p1, "digestb" # [B
.prologue
const/4 v2, 0x0
.line 303
array-length v3, p0
array-length v4, p1
if-eq v3, v4, :cond_1
.line 311
:cond_0
:goto_0
const/4 v2, 0x1
return v2
.line 307
:cond_1
const/4 v1, 0x0
.line 308
.local v1, "v":I
const/4 v0, 0x0
.local v0, "i":I
:goto_1
array-length v3, p0
if-ge v0, v3, :cond_2
.line 309
aget-byte v3, p0, v0
aget-byte v4, p1, v0
xor-int/2addr v3, v4
or-int/2addr v1, v3
.line 308
add-int/lit8 v0, v0, 0x1
goto :goto_1
.line 311
:cond_2
if-nez v1, :cond_0
const/4 v2, 0x1
goto :goto_0
.end method
Recompile core-libart
- Bagian services
Buka /smali/com/android/server/pm/PackageManagerService.smali
Cari:
.method static compareSignatures([Landroid/content/pm/Signature;[Landroid/content/pm/Signature;)I
Lalu didalam method tersebut, cari:
return v6
Tambahkan ini diatasnya:
const/4 v6, 0x0
Hingga hasilnya menjadi seperti ini:
.method static compareSignatures([Landroid/content/pm/Signature;[Landroid/content/pm/Signature;)I
.locals 11
.param p0, "s1" # [Landroid/content/pm/Signature;
.param p1, "s2" # [Landroid/content/pm/Signature;
.prologue
const/4 v6, 0x1
const/4 v8, -0x3
const/4 v7, 0x0
.line 4072
if-nez p0, :cond_1
.line 4073
if-nez p1, :cond_0
.line 4105
:goto_0
const/4 v6, 0x0
return v6
.line 4073
:cond_0
const/4 v6, -0x1
goto :goto_0
.line 4078
:cond_1
if-nez p1, :cond_2
.line 4079
const/4 v6, -0x2
goto :goto_0
.line 4082
:cond_2
array-length v9, p0
array-length v10, p1
if-eq v9, v10, :cond_3
move v6, v8
.line 4083
goto :goto_0
.line 4087
:cond_3
array-length v9, p0
if-ne v9, v6, :cond_5
.line 4088
aget-object v6, p0, v7
aget-object v9, p1, v7
invoke-virtual {v6, v9}, Landroid/content/pm/Signature;->equals(Ljava/lang/Object;)Z
move-result v6
if-eqz v6, :cond_4
move v6, v7
goto :goto_0
:cond_4
move v6, v8
goto :goto_0
.line 4093
:cond_5
new-instance v3, Landroid/util/ArraySet;
invoke-direct {v3}, Landroid/util/ArraySet;-><init>()V
....
....
.end method
Masih di /smali/com/android/server/pm/PackageManagerService.smali
Cari:
.method private compareSignaturesCompat(Lcom/android/server/pm/PackageSignatures;Landroid/content/pm/PackageParser$Package;)I
Lalu didalam method tersebut, dibawah param/line, seperti ini:
.param p1, "existingSigs" # Lcom/android/server/pm/PackageSignatures;
.param p2, "scannedPkg" # Landroid/content/pm/PackageParser$Package;
.prologue
.line 4126Tambahkan:
const/4 v14, 0x0
return v14
Hingga hasilnya menjadi seperti ini:
.method private compareSignaturesCompat(Lcom/android/server/pm/PackageSignatures;Landroid/content/pm/PackageParser$Package;)I
.locals 17
.param p1, "existingSigs" # Lcom/android/server/pm/PackageSignatures;
.param p2, "scannedPkg" # Landroid/content/pm/PackageParser$Package;
.prologue
.line 4126
const/4 v14, 0x0
return v14
move-object/from16 v0, p0
move-object/from16 v1, p2
invoke-direct {v0, v1}, Lcom/android/server/pm/PackageManagerService;->isCompatSignatureUpdateNeeded(Landroid/content/pm/PackageParser$Package;)Z
move-result v14
if-nez v14, :cond_0
....
....
.end method
Masih di /smali/com/android/server/pm/PackageManagerService.smali
Cari:
.method private compareSignaturesRecover(Lcom/android/server/pm/PackageSignatures;Landroid/content/pm/PackageParser$Package;)I
Lalu didalam method tersebut, cari:
return v2
Tambahkan ini diatasnya:
const/4 v2, 0x0
Hingga hasilnya menjadi seperti ini:
.method private compareSignaturesRecover(Lcom/android/server/pm/PackageSignatures;Landroid/content/pm/PackageParser$Package;)I
.locals 7
.param p1, "existingSigs" # Lcom/android/server/pm/PackageSignatures;
.param p2, "scannedPkg" # Landroid/content/pm/PackageParser$Package;
.prologue
const/4 v6, 0x4
const/4 v2, -0x3
.line 4168
invoke-direct {p0, p2}, Lcom/android/server/pm/PackageManagerService;->isRecoverSignatureUpdateNeeded(Landroid/content/pm/PackageParser$Package;)Z
move-result v3
if-nez v3, :cond_0
.line 4185
:goto_0
const/4 v2, 0x0
return v2
.line 4172
:cond_0
const/4 v1, 0x0
.line 4174
.local v1, "msg":Ljava/lang/String;
:try_start_0
iget-object v3, p1, Lcom/android/server/pm/PackageSignatures;->mSignatures:[Landroid/content/pm/Signature;
iget-object v4, p2, Landroid/content/pm/PackageParser$Package;->mSignatures:[Landroid/content/pm/Signature;
invoke-static {v3, v4}, Landroid/content/pm/Signature;->areEffectiveMatch([Landroid/content/pm/Signature;[Landroid/content/pm/Signature;)Z
move-result v3
if-eqz v3, :cond_1
.line 4175
const/4 v3, 0x4
new-instance v4, Ljava/lang/StringBuilder;
invoke-direct {v4}, Ljava/lang/StringBuilder;-><init>()V
const-string v5, "Recovered effectively matching certificates for "
invoke-virtual {v4, v5}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v4
....
....
.end method
Khusus ROM MIUI silahkan lanjutkan tutorialnya.
Buka /smali/com/miui/server/SecurityManagerService.smali
Cari:
.method private checkSysAppCrack()Z
Lalu didalam method tersebut, cari:
const/4 v8, 0x0
Tambahkan ini dibawahnya:
const/4 v3, 0x1
return v3
Hingga hasilnya menjadi seperti ini:
.method private checkSysAppCrack()Z
.locals 9
.prologue
const/4 v8, 0x0
const/4 v3, 0x1
return v3
.line 602
new-instance v1, Ljava/util/ArrayList;
invoke-direct {v1}, Ljava/util/ArrayList;-><init>()V
.line 603
.local v1, "appsTobeChecked":Ljava/util/ArrayList;, "Ljava/util/ArrayList<Lcom/miui/server/SecurityManagerService$AppItem;>;"
new-instance v5, Lcom/miui/server/SecurityManagerService$AppItem;
const-string v6, "com.miui.home"
const-string v7, "3082046c30820354a003020102020900e552a8ecb9011b7c300d06092a864886f70d0101050500308180310b300906035504061302434e3110300e060355040813074265696a696e673110300e060355040713074265696a696e67310f300d060355040a13065869616f6d69310d300b060355040b13044d495549310d300b060355040313044d495549311e301c06092a864886f70d010901160f6d697569407869616f6d692e636f6d301e170d3131313230363033323632365a170d3339303432333033323632365a308180310b300906035504061302434e3110300e060355040813074265696a696e673110300e060355040713074265696a696e67310f300d060355040a13065869616f6d69310d300b060355040b13044d495549310d300b060355040313044d495549311e301c06092a864886f70d010901160f6d697569407869616f6d692e636f6d30820120300d06092a864886f70d01010105000382010d00308201080282010100c786568a9aff253ad74c5d3e6fbffa12fed44cd3244f18960ec5511bb551e413115197234845112cc3df9bbacd3e0f4b3528cd87ed397d577dc9008e9cbc6a25fc0664d3a3f440243786db8b250d40f6f148c9a3cd6fbc2dd8d24039bd6a8972a1bdee28c308798bfa9bb3b549877b10f98e265f118c05f264537d95e29339157b9d2a31485e0c823521cca6d0b721a8432600076d669e20ac43aa588b52c11c2a51f04c6bb31ad6ae8573991afe8e4957d549591fcb83ec62d1da35b1727dc6b63001a5ef387b5a7186c1e68da1325772b5307b1bc739ef236b9efe06d52dcaf1e32768e3403e55e3ec56028cf5680cfb33971ccf7870572bc47d3e3affa385020103a381e83081e5301d0603551d0e0416041491ae2f8c72e305f92aa9f7452e2a3160b841a15c3081b50603551d230481ad3081aa801491ae2f8c72e305f92aa9f7452e2a3160b841a15ca18186a48183308180310b300906035504061302434e3110300e060355040813074265696a696e673110300e060355040713074265696a696e67310f300d060355040a13065869616f6d69310d300b060355040b13044d495549310d300b060355040313044d495549311e301c06092a864886f70d010901160f6d697569407869616f6d692e636f6d820900e552a8ecb9011b7c300c0603551d13040530030101ff300d06092a864886f70d010105050003820101003b3a699ceb497300f2ab86cbd41c513440bf60aa5c43984eb1da140ef30544d9fbbb3733df24b26f2703d7ffc645bf598a5e6023596a947e91731542f2c269d0816a69c92df9bfe8b1c9bc3c54c46c12355bb4629fe6020ca9d15f8d6155dc5586f5616db806ecea2d06bd83e32b5f13f5a04fe3e5aa514f05df3d555526c63d3d62acf00adee894b923c2698dc571bc52c756ffa7a2221d834d10cb7175c864c30872fe217c31442dff0040a67a2fb1c8ba63eac2d5ba3d8e76b4ff2a49b0db8a33ef4ae0dd0a840dd2a8714cb5531a56b786819ec9eb1051d91b23fde06bd9d0708f150c4f9efe6a416ca4a5e0c23a952af931ad3579fb4a8b19de98f64bd9"
invoke-direct {v5, v6, v7, v8}, Lcom/miui/server/SecurityManagerService$AppItem;-><init>(Ljava/lang/String;Ljava/lang/String;Z)V
invoke-virtual {v1, v5}, Ljava/util/ArrayList;->add(Ljava/lang/Object;)Z
....
....
.end method
Masih di /smali/com/miui/server/SecurityManagerService.smali
Cari:
.method private checkSystemSelfProtection(Z)V
Hapus semua text didalam method tersebut , lalu rubah hingga hasilnya menjadi seperti ini:
.method private checkSystemSelfProtection(Z)V
.locals 2
.param p1, "onlyCore" # Z
.prologue
.line 517
const-string v0, "SystemSelfProtection"
const-string v1, "bypassed by bamzzz@xda"
invoke-static {v0, v1}, Landroid/util/Log;->i(Ljava/lang/String;Ljava/lang/String;)I
.line 588
return-void
.end method
Recompile services
- Bagian Finishing
Salin kembali core-libart.jar dan services.jar ke dalam folder /system/framework, set permission files nya rw--r--r-- (0644).
Reboot system
Selesai
Demikianlah artikel ini dibuat, semoga bermanfaat.
Referensi: Forum Multirom
7 comments
Write commentsNambah ilmu 😅
ReplyMatur suwun tutorx 😂
Iya, sama²
ReplyThis comment has been removed by a blog administrator.
Replyga bisa gan gada namanya folder smali
ReplyPastikan rom nya udah deodex.. decompile menggunakan apktool
Replygan ini bisa di pake di nougat ga ya?
ReplyBisa
ReplySIlahkan komentar EmoticonEmoticon