Of Stack

Batch re signing of Android and iOS packets

  • 2021-09-16 08:12:55
  • OfStack

In this paper, we share the specific codes of batch re-signing of Android and iOS packages for your reference. The specific contents are as follows

Android

Environmental requirements

1 Install winrar, and then configure the environment variables of winrar, using winrar instruction

2 Configure the bin directory of java to the environment variable, and use the jarsigner instruction

Description of re-signature steps:

1 Copy 1 child package from parent package

2 Delete the signature file META-INFO of the subpackage

3 Modify sub-package files as needed, such as channel number files

4-signature subpackage

Corresponding python script 


import os
import sys
import shutil
import json
 
ORIGINAL_APK=' Mother bag .apk'
UNSIGN_APK='unsign.apk'
SIGNED_APK={"\" Subpackage 1.apk\"":1,"\" Subpackage 2.apk\"":2,"\" Subpackage 3.apk\"":3,"\" Subpackage 4.apk\"":4}
 
KEY_STORE='keystore Documents .keystore'
KEY_PASS='key Password '
STORE_PASS='store Password '
 
def copy_apk(src_f,dst_f):
 if not os.path.isfile(src_f):
 print("%s not exist"%(src_f))
 else:
 fpath,fname=os.path.split(dst_f)
 shutil.copyfile(src_f,dst_f)
 print("copy %s -> %s"%(src_f,dst_f))
 
 
def zip_del_file(apk_f,del_f):
 os.system("winrar d %s %s"%(apk_f,del_f))
 print('zip_del_file:'+del_f)
 
def zip_add_file(apk_f,channel):
 del_dir("assets")
 os.makedirs("assets")
 f=open("assets\\AppParamSetting.txt",'w')
 f.write('{"channel":%s,"bundleIdentifier":""}'%(channel))
 f.close()
 os.system("winrar a -ad %s %s"%(apk_f,"assets\\AppParamSetting.txt"))
 
def del_file(f):
 os.remove(f)
 print('del_file:'+f)
 
def del_dir(f_dir):
 if os.path.exists(f_dir):
 shutil.rmtree(f_dir)
 print("del_dir:"+f_dir)
 
def sign_app(unsigned_app, signed_app):
 signcmd='jarsigner -verbose -keystore %s -keypass %s -storepass %s -signedjar %s -digestalg SHA1 -sigalg MD5withRSA %s sfish' % (KEY_STORE,KEY_PASS,STORE_PASS,signed_app,unsigned_app)
 os.system(signcmd)
 print(signcmd)
 
if __name__ == '__main__':
 cur_dir=os.getcwd()
 print('cur_dir'+cur_dir)
 copy_apk(ORIGINAL_APK,"tmp_"+ORIGINAL_APK)
 zip_del_file("tmp_"+ORIGINAL_APK,"META-INF")
 for key in SIGNED_APK.keys():
 channel=SIGNED_APK[key]
 zip_add_file("tmp_"+ORIGINAL_APK,channel)
 sign_app("tmp_"+ORIGINAL_APK,key)
 del_dir("assets")
 del_file("tmp_"+ORIGINAL_APK)
 input("Done")

iOS

Environmental requirements:

1 mac machine

2 certificate file, open: Launchapd (rocket icon)- > Others- > Keychain access, right there

3. mobileprovision file

Description of re-signature steps:

1 Generate the entitlements. plist file from the. mobileprovision file

2 Extract ipa, you will get 1 Payload directory, and then inside is 1 xxx. app, which shows the contents of the package and can see the contents inside

3 Delete the signature file, namely: Payload/xxx.app/_CodeSignature directory

4 Modify files as needed, such as channel files

5-fold signature

6 compressed ipa

Corresponding python script 


#!/usr/bin/python
 
import os
import sys
import json
 
ORIGINAL_IPA=' Mother bag .ipa'
SIGNED_APK={"\" Subpackage 1.ipa\"":1,"\" Subpackage 2.ipa\"":2,"\" Subpackage 3.ipa\"":3,"\" Subpackage 4.ipa\"":4}
CERT_FILE=' Certificate file '
MOBILE_PROVISION_UUID = 'mobileprovision Adj. uuid'
 
def get_mobile_provision_dir():
 return os.path.join(os.getenv('HOME'),'Library/MobileDevice/Provisioning Profiles/')
 
def get_mobile_provision_file(uuid):
 return os.path.join(get_mobile_provision_dir(), uuid + ".mobileprovision")
 
def unzip_app():
 os.system('unzip -qo ./%s -d ./'%(ORIGINAL_IPA))
 print('unzip_app %s done!'%(ORIGINAL_IPA)) 
 
def del_code_signature():
 os.system("rm -rf ./Payload/sfish.app/_CodeSignature")
 print('del_code_signature done!')
 
def resign_app():
 os.system('/usr/bin/codesign --continue -f -s "%s" --entitlements "%s" "%s"'%(CERT_FILE,'./entitlement.plist','./Payload/sfish.app'))
 print('resign_app done!')
 
def zip_app(f_ipa):
 os.system('zip -r %s ./Payload'%(f_ipa))
 print('zip_app done!')
 
def del_payload():
 os.system('rm -r ./Payload')
 
def gen_entitlements(uuid, out_file_name):
 os.system('security cms -D -i "%s" > entitlement_full.plist '%(get_mobile_provision_file(uuid) ))
 os.system('/usr/libexec/PlistBuddy -x -c \'Print:Entitlements\' entitlement_full.plist > "%s" '%( out_file_name))
 
def rep_emb_file(uuid):
 os.system('cp "%s" ./Payload/sfish/embedded.mobileprovision' % (get_mobile_provision_file(uuid)))
 
def update_channel_file(channel):
 f_channel='./Payload/xxx.app/Data/Raw/channel.txt'
 fr=open(f_channel,'r')
 txt=fr.read()
 fr.close()
 js=json.loads(txt)
 js['channel_id']=channel
 fw=open(f_channel,'w')
 fw.write(json.dumps(js))
 fw.close()
 
if __name__ == '__main__':
 gen_entitlements( MOBILE_PROVISION_UUID, "entitlement.plist" )
 unzip_app()
 del_code_signature()
 for key in SIGNED_APK.keys():
 channel=SIGNED_APK[key]
 update_channel_file(channel)
 resign_app()
 zip_app(key)
 del_payload()
Related articles: