Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Resigning system.img on a device

I am working on an automatic app updating solution for devices (LG p509 - Optimus 1) which we deploy to our customers. We have control of these devices and currently install a custom kernel on them (but not a full custom ROM). Since we are trying to do auto-updating of our app on the device, we need the system to be signed by a key which we control so we can sign our apps with the same key (to get the INSTALL_PACKAGES permission).
I have been having a few issues running AOSP builds on the device (using the LG released source for the device), and am trying to take a step back and evaluate our options. I have a few questions:

  1. Is it viable to just pull the system.img off the phone and resign the contents? If so, where is the system apk located? I poked through the PackageManager source and it uses a systempackage (seemingly called "android") to compare apps with to see if they are allowed to have system permissions.
  2. Has anyone here created a custom ROM for the device that could offer some advice on how just get our signature be the system signature?

Any insight would be appreciated.

like image 231
natez0r Avatar asked Feb 28 '12 02:02

natez0r


2 Answers

Ok, so we figured it out. I am not going to go into full detail (too much writing), but here is the basic gist for anyone who stumbles on this:

If you want change the key which the system is signed with, you need to do the following steps:

  • Extract /system/ dir from the running phone
  • Inspect the .apk files (from /system/app and /system/framework) to figure out which ones are signed by the same key as the framework-res.apk. I used a modified version of the script linked here to figure out which APKs to sign.
  • If the APKs in /system/app which share the signing key with framework-res.apk are odexed, you need to de-odex them.
  • resign the APKs and the framework-res.apk and pack them in an update.zip (google how to do that).

On my specific device I had to resign both /system/framework/framework-res.apk and /system/framework/lge-res.apk from /system/framework and also had to de-odex and sign 20 .apks from the /system/app folder in order to get everything running smoothly.

like image 90
natez0r Avatar answered Oct 09 '22 08:10

natez0r


The "system apk" is /system/framework/framework.jar. I've never tried to re-sign the system image but I've written code which was part of the system image (not within a normal apk project) and it became part of this jar. There are additional jars in this directory which may need to be re-signed also.

The signature is created randomly and placed in two files in your build environment, build/target/product/security/platform.pk8 and build/target/product/security/platform.x509.pem. I don't know how to extract these from a normal key store, however I've been able to copy them from one firmware build to another to ensure that both images had the same platform key. Also, I've been able to change the signature of APKs with this command: java -jar signapk.jar platform.x509.pem platform.pk8 Old.apk New.apk. You'll find signapk.jar in your build, at out/host/linux-x86/framework/signapk.jar

like image 44
mah Avatar answered Oct 09 '22 08:10

mah