-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
APK signing/validation in pure python #313
Comments
Ref: #332 (comment) |
F-Droid would also love this feature, we're tracking it here: https://gitlab.com/fdroid/fdroidserver/issues/94 These two libraries also look promising: |
@shuxin maybe we can integrate your https://github.com/shuxin/apk-signature-verify into androguard? |
what would be the advantage of integrating it over having it a
standalone project? It would be nice to have a more standardized API
across all the androguard bits, so that might be one reason to do it.
|
Yes sure, i meant integrating by the means of using it as a module!
|
Yeah, If you like it, I'll port it to python3, and rewrite it with api friendly.
|
That would be amazing! fdroid would use it. In case you haven't seen it already, there is a nice collection of APKs for testing signature verification. Its part of the source repo for apksigner: |
Thanks for the testing information. try my new version. https://github.com/shuxin/apk-signature-verify |
It would be nice to be able to validate signatures of APKs using pure python code.
We would need to create the MANIFEST.MF file and check against the signature.
Then we could return all items that are not signed but in the APK or all items that are signed but create a wrong signature (e.g. wrong hash).
The text was updated successfully, but these errors were encountered: