I am researching on Android application repackaging. I know the original developer self-signs the APK. Is it possible for a hacker to fake the signature and make it appear as the original signature when repackaging?
Asked
Active
Viewed 4,320 times
4
-
3Nope.. Unless you have his private key.. – feral_fenrir Sep 06 '16 at 10:38
-
... or there is an implementation error regarding signatures - like the "master key" bugs from years ago. – domen Sep 06 '16 at 13:47
2 Answers
2
If you have access to the developer's private key, you can just sign the modified APK with their key and be done. If you don't, you won't be able to.
To create APK signatures, RSA and DSA is used. You won't get through them. However, this means nothing if you can find a hash collision because what's verified by a signature is not the message (which is the program along all its data in this case) but the hash of the message. It's possible to change the message and leave space for a part you don't care about and then to just iterate through the possible values of that field you created, hash the new message, move on to the next iteration if the hash isn't equal to the original hash, and stop and remember the modified message once the hash of it is the same as the original one.
The default hash for APKs is sha1. sha1 is weak. But not weak enough for anyone to find a second message with the same sha1 hash anytime soon. Furthermore, developers can use stronger hash functions than sha1 so finding a fitting second message becomes even more unlikely.
UTF-8
- 2,300
- 1
- 9
- 24
-
2Creating a collision implies you have control over both messages. In this case you don't. You only have the hashes of the APKs already signed, or hashes and their pre-images. What you need in this case is a second pre-image, or a second message that matches to an existing hash which is *much* harder than finding a collision. And SHA-1 isn't anywhere close to being that broken. – Xander Sep 06 '16 at 13:31
-
@Xander Thank you! I wasn't aware that that's what was being meant by that. I corrected my answer. – UTF-8 Sep 06 '16 at 15:54
-
1>In this case you don't. What about deterministic builds and pull-requests? For example a malicious developer finds a collision, transforms innocent-looking variant into source code and sends a pr. If a pr accepted he would have a package signed by the original developer which contents would be the same to innocent-looking part of collision. Luckily, this scenario is damn improbable. – KOLANICH Sep 06 '16 at 16:11
0
1 no, you can't fake apk digital signature without breaking the crypto.
2 Yes, you can repack the app, preserving its signature and its validity, but you need the contents of the apks be identical.
3 there are default private keys used to sign apks in custom forum-distributed firmware builds publicly available. Of course large projects usually change them, but enthusiasts making unofficial builds often don't care about it.
KOLANICH
- 892
- 6
- 14