TransWikia.com

apk crashed on launch when re-signed with debug key

Reverse Engineering Asked by garbb on December 26, 2020

I sometimes decompile and recompile apks and make changes (like changing graphics, text etc…) normally I use apktool to decompile and recompile and then use testsign.jar to resign the apk with the debug keys or uber apk signer since it supports v2/v3 signatures.

This usually works fine, however I found that if I resign a particular apk with debug keys then it will install fine but it will always crash when launched.
To be clear, for testing purposes what I am doing is: I am not even decompiling or recompiling it at all, just taking the original apk (which installs and runs OK) and then resigning it.

Here is the logcat from the crash:

12-04 15:44:57.364 11969 12006 W org.skvalex.cr: 0xebadde09 skipped times: 0
12-04 15:44:57.364 11969 12006 F libc    : Fatal signal 11 (SIGSEGV), code -6 (SI_TKILL) in tid 12006 (ComThread), pid 11969 (org.skvalex.cr)
12-04 15:44:57.378  1358  6828 D WifiPermissionsUtil: canAccessScanResults: pkgName = com.sec.android.sdhms, uid = 1000
12-04 15:44:57.386  1358  2047 D MdnieScenarioControlService:  packageName : org.skvalex.cr    className : org.skvalex.cr.LauncherActivity
12-04 15:44:57.386  1358  2047 V MdnieScenarioControlService: setUIMode from UI function(3)
12-04 15:44:57.412 12009 12009 I crash_dump64: obtaining output fd from tombstoned, type: kDebuggerdTombstone
12-04 15:44:57.412  1044  1044 I /system/bin/tombstoned: received crash request for pid 12006
12-04 15:44:57.413 12009 12009 I crash_dump64: performing dump of process 11969 (target tid = 12006)
12-04 15:44:57.419 12009 12009 F DEBUG   : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
12-04 15:44:57.419 12009 12009 F DEBUG   : Build fingerprint: 'samsung/starqltesq/starqltesq:9/PPR1.180610.011/G960USQS7CSK4:user/release-keys'
12-04 15:44:57.419 12009 12009 F DEBUG   : Revision: '14'
12-04 15:44:57.419 12009 12009 F DEBUG   : ABI: 'arm64'
12-04 15:44:57.419 12009 12009 F DEBUG   : pid: 11969, tid: 12006, name: ComThread  >>> org.skvalex.cr <<<
12-04 15:44:57.419 12009 12009 F DEBUG   : signal 11 (SIGSEGV), code -6 (SI_TKILL), fault addr --------
12-04 15:44:57.419 12009 12009 F DEBUG   :     x0  0000000000000000  x1  0000000000002ee6  x2  000000000000000b  x3  0000000072164fde
12-04 15:44:57.419 12009 12009 F DEBUG   :     x4  6361500000000000  x5  6361500000000000  x6  6361500000000000  x7  00000000ffffffff
12-04 15:44:57.419 12009 12009 F DEBUG   :     x8  0000000000000083  x9  6aab5bd0db3a37ff  x10 0000000000430000  x11 000000765cc9a6dc
12-04 15:44:57.419 12009 12009 F DEBUG   :     x12 000000765cc9a730  x13 000000765cc9a784  x14 000000765cc9a7e4  x15 0000000000000000
12-04 15:44:57.419 12009 12009 F DEBUG   :     x16 00000076df9706f0  x17 00000076df8f1f7c  x18 0000000070b57a48  x19 00000076566c2008
12-04 15:44:57.419 12009 12009 F DEBUG   :     x20 00000076566377d0  x21 000000765667fa50  x22 0000000000000000  x23 0000007646236128
12-04 15:44:57.419 12009 12009 F DEBUG   :     x24 0000007656631f00  x25 0000007656616d70  x26 000000765667fa50  x27 0000000000000003
12-04 15:44:57.419 12009 12009 F DEBUG   :     x28 0000000000000030  x29 0000007645cee330
12-04 15:44:57.419 12009 12009 F DEBUG   :     sp  0000007645cee330  lr  000000764623613c  pc  00000076df8f1f84
12-04 15:44:57.419 12009 12009 I unwind  : Malformed section header found, ignoring...
12-04 15:44:57.448   754   754 I SurfaceFlinger: Display 0 HWC layers:
12-04 15:44:57.448   754   754 I SurfaceFlinger:     type    |    handle    | flag |  format   |   source crop (l,t,r,b)    |         frame       | name 
12-04 15:44:57.448   754   754 I SurfaceFlinger: ------------+--------------+------+-----------+----------------------------+---------------------+------
12-04 15:44:57.448   754   754 I SurfaceFlinger:      Client | 0x7884e3ae80 | 0002 | RGBA_8888 |   0.0    0.0 1440.0 2960.0 |    0    0 1440 2960 | com.android.systemui.ImageWallpaper[1874]#0
12-04 15:44:57.448   754   754 I SurfaceFlinger:      Client | 0x788462fe00 | 0000 | RGBA_8888 |   0.0    0.0 1440.0 2960.0 |    0    0 1440 2960 | com.sec.android.app.launcher/com.sec[...].activities.LauncherActivity[2975]#0
12-04 15:44:57.448   754   754 I SurfaceFlinger:      Device | 0x7884e3a1d0 | 0000 | RGBA_8888 |   0.0    0.0 1440.0   96.0 |    0    0 1440   96 | StatusBar[1874]#0
12-04 15:44:57.448   754   754 I SurfaceFlinger:      Device | 0x788462f070 | 0000 | RGBA_8888 |   0.0    0.0 1440.0  192.0 |    0 2768 1440 2960 | NavigationBar[1874]#0
12-04 15:44:57.448   754   754 I SurfaceFlinger: 
12-04 15:44:57.479 12009 12009 F DEBUG   : 
12-04 15:44:57.479 12009 12009 F DEBUG   : backtrace:
12-04 15:44:57.479 12009 12009 F DEBUG   :     #00 pc 0000000000070f84  /system/lib64/libc.so (tgkill+8)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #01 pc 0000000000027138  /data/data/org.skvalex.cr/files/callrecorder (deleted)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #02 pc 00000000000342e8  /data/data/org.skvalex.cr/files/callrecorder (deleted)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #03 pc 000000000004e0c0  /data/data/org.skvalex.cr/files/callrecorder (deleted)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #04 pc 000000000003483c  /data/data/org.skvalex.cr/files/callrecorder (deleted)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #05 pc 0000000000033590  /data/data/org.skvalex.cr/files/callrecorder (deleted)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #06 pc 0000000000034cec  /data/data/org.skvalex.cr/files/callrecorder (deleted)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #07 pc 000000000002df94  /data/data/org.skvalex.cr/files/callrecorder (deleted)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #08 pc 00000000000298e4  /data/data/org.skvalex.cr/files/callrecorder (deleted)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #09 pc 0000000000035090  /data/app/org.skvalex.cr-sCqMqKZxZt2LSttfu5oWig==/oat/arm64/base.odex (offset 0x33000) (org.skvalex.cr.Native.a+208)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #10 pc 000000000055784c  /system/lib64/libart.so (art_quick_invoke_static_stub+604)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #11 pc 00000000000cfce8  /system/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+232)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #12 pc 0000000000280438  /system/lib64/libart.so (art::interpreter::ArtInterpreterToCompiledCodeBridge(art::Thread*, art::ArtMethod*, art::ShadowFrame*, unsigned short, art::JValue*)+344)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #13 pc 000000000027a440  /system/lib64/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+968)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #14 pc 00000000005281b0  /system/lib64/libart.so (MterpInvokeStatic+204)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #15 pc 0000000000549d94  /system/lib64/libart.so (ExecuteMterpImpl+14612)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #16 pc 00000000004e0fc4  /data/app/org.skvalex.cr-sCqMqKZxZt2LSttfu5oWig==/oat/arm64/base.vdex (org.skvalex.cr.Native.oooooooo+12)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #17 pc 0000000000254144  /system/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEb.llvm.1714131630+488)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #18 pc 0000000000259c38  /system/lib64/libart.so (art::interpreter::ArtInterpreterToInterpreterBridge(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame*, art::JValue*)+216)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #19 pc 000000000027a424  /system/lib64/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+940)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #20 pc 00000000005281b0  /system/lib64/libart.so (MterpInvokeStatic+204)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #21 pc 0000000000549d94  /system/lib64/libart.so (ExecuteMterpImpl+14612)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #22 pc 000000000022d2c0  /data/app/org.skvalex.cr-sCqMqKZxZt2LSttfu5oWig==/oat/arm64/base.vdex (o.IIIIooIl$1.oooooooI+16)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #23 pc 0000000000254144  /system/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEb.llvm.1714131630+488)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #24 pc 0000000000259c38  /system/lib64/libart.so (art::interpreter::ArtInterpreterToInterpreterBridge(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame*, art::JValue*)+216)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #25 pc 000000000027a424  /system/lib64/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+940)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #26 pc 0000000000527fec  /system/lib64/libart.so (MterpInvokeDirect+296)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #27 pc 0000000000549d14  /system/lib64/libart.so (ExecuteMterpImpl+14484)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #28 pc 000000000022d294  /data/app/org.skvalex.cr-sCqMqKZxZt2LSttfu5oWig==/oat/arm64/base.vdex (o.IIIIooIl$1.oooooooo)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #29 pc 0000000000254144  /system/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEb.llvm.1714131630+488)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #30 pc 0000000000259c38  /system/lib64/libart.so (art::interpreter::ArtInterpreterToInterpreterBridge(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame*, art::JValue*)+216)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #31 pc 000000000027a424  /system/lib64/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+940)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #32 pc 0000000000529cf0  /system/lib64/libart.so (MterpInvokeVirtualQuick+584)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #33 pc 000000000054d994  /system/lib64/libart.so (ExecuteMterpImpl+29972)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #34 pc 000000000022d588  /data/app/org.skvalex.cr-sCqMqKZxZt2LSttfu5oWig==/oat/arm64/base.vdex (o.IIIIooIl$oooooooo.oooooool)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #35 pc 0000000000254144  /system/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEb.llvm.1714131630+488)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #36 pc 0000000000259c38  /system/lib64/libart.so (art::interpreter::ArtInterpreterToInterpreterBridge(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame*, art::JValue*)+216)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #37 pc 000000000027a424  /system/lib64/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+940)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #38 pc 0000000000527fec  /system/lib64/libart.so (MterpInvokeDirect+296)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #39 pc 0000000000549d14  /system/lib64/libart.so (ExecuteMterpImpl+14484)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #40 pc 000000000022d5a4  /data/app/org.skvalex.cr-sCqMqKZxZt2LSttfu5oWig==/oat/arm64/base.vdex (o.IIIIooIl$oooooooo.oooooooo)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #41 pc 0000000000254144  /system/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEb.llvm.1714131630+488)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #42 pc 0000000000259c38  /system/lib64/libart.so (art::interpreter::ArtInterpreterToInterpreterBridge(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame*, art::JValue*)+216)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #43 pc 000000000027a424  /system/lib64/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+940)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #44 pc 00000000005281b0  /system/lib64/libart.so (MterpInvokeStatic+204)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #45 pc 0000000000549d94  /system/lib64/libart.so (ExecuteMterpImpl+14612)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #46 pc 000000000022d470  /data/app/org.skvalex.cr-sCqMqKZxZt2LSttfu5oWig==/oat/arm64/base.vdex (o.IIIIooIl$oooooooo$1.run+4)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #47 pc 0000000000254144  /system/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEb.llvm.1714131630+488)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #48 pc 0000000000517540  /system/lib64/libart.so (artQuickToInterpreterBridge+1020)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #49 pc 00000000005606fc  /system/lib64/libart.so (art_quick_to_interpreter_bridge+92)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #50 pc 0000000000b224cc  /system/framework/arm64/boot-framework.oat (offset 0x41e000) (android.os.Handler.dispatchMessage+76)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #51 pc 0000000000b25630  /system/framework/arm64/boot-framework.oat (offset 0x41e000) (android.os.Looper.loop+1264)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #52 pc 0000000000b244d4  /system/framework/arm64/boot-framework.oat (offset 0x41e000) (android.os.HandlerThread.run+548)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #53 pc 0000000000557588  /system/lib64/libart.so (art_quick_invoke_stub+584)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #54 pc 00000000000cfcc8  /system/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+200)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #55 pc 000000000045e1ec  /system/lib64/libart.so (art::(anonymous namespace)::InvokeWithArgArray(art::ScopedObjectAccessAlreadyRunnable const&, art::ArtMethod*, art::(anonymous namespace)::ArgArray*, art::JValue*, char const*)+104)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #56 pc 000000000045f2a8  /system/lib64/libart.so (art::InvokeVirtualOrInterfaceWithJValues(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jmethodID*, jvalue*)+424)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #57 pc 000000000048a6c8  /system/lib64/libart.so (art::Thread::CreateCallback(void*)+1120)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #58 pc 0000000000083840  /system/lib64/libc.so (__pthread_start(void*)+36)
12-04 15:44:57.479 12009 12009 F DEBUG   :     #59 pc 0000000000023d80  /system/lib64/libc.so (__start_thread+68)
12-04 15:44:57.543  3504  3504 I SKBD    : anc isTosAccept false
12-04 15:44:57.682  1044  1044 E /system/bin/tombstoned: Tombstone written to: /data/tombstones/tombstone_09
12-04 15:44:57.683  1358 12012 W ActivityManager: crash : org.skvalex.cr,0

Does anyone have any idea what could be going wrong here or why it might crash from only changing the signature?
I tried googling some of the errors in here but only found results for developers debugging their apps.

This is a paid app so it ocurred to me that this may be some sort of tamper-protection or something like that?

androidapk

One Answer

The app could be checking if its signature matches the signature of the key used to sign it.

Refer to this SO post on how an android app can perform such a check.

One way you may try to bypass the signature is to replace the reference signature in the apk with that of your key, after doing some reverse engineering of the apk. You may get information related to the signing key through the command line.

Answered by auspicious99 on December 26, 2020

Add your own answers!

Ask a Question

Get help from others!

Recent Questions

Recent Answers

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP