Loading platform.jks 0 → 100644 +2.98 KiB File added.No diff preview for this file type. View file sign.sh 0 → 100755 +38 −0 Original line number Diff line number Diff line #!/bin/bash root_dir=$(dirname "$(readlink -f "$0")") input_apk=$1 cert=$2 ks_pass=$3 ks_alias=$4 if [ "$#" -ne 4 ]; then echo "Usage: $0 <input_apk_file> <ks_file> <ks_pass> <ks_alias>" exit 1 fi if [[ "$cert" != *.jks ]]; then echo ">> [$(date)] Error: Certificate file must have the extension .jks." exit 1 else echo ">> [$(date)] Patching apk." certdigest=$(openssl x509 -sha256 -fingerprint -noout -in $cert -passin pass:$ks_pass) fingerprint=$(echo $certdigest | awk -F'=' '{print $2}' | sed 's/://g' | tr '[:upper:]' '[:lower:]') python3 ${root_dir}/trichrome_patch.py $fingerprint $input_apk fi output_apk="${input_apk%.apk}_signed.apk" if [ -f "$input_apk.patched" ]; then echo ">> [$(date)] Zipaligning apk." zipalign -p -f 4 "$input_apk.patched" $output_apk rm "$input_apk.patched" else cp -r $input_apk $output_apk fi if [ -f "$output_apk" ]; then echo ">> [$(date)] Signing apk." apksigner sign --ks $cert --ks-pass pass:$ks_pass --ks-key-alias $ks_alias $output_apk fi trichrome_patch.py 0 → 100755 +44 −0 Original line number Diff line number Diff line #!/usr/bin/env python3 import os import sys import zipfile if len(sys.argv) < 3: print("Usage: python " + sys.argv[0] + ".py certdigest <input_apks>") sys.exit(1) certdigest = sys.argv[1] input_apks = sys.argv[2:] def patch_apk(infilename, new_certdigest): # Default for chromium apks orig_certdigest = "32a2fc74d731105859e5a85df16d95f102d85b22099b8064c5d8915c61dad1e0" # Check if the original and new certificate digests are the same if orig_certdigest == new_certdigest: return delete_apk = False with zipfile.ZipFile(infilename, 'r') as zin: # Initialize the output ZIP file outfilename = infilename + ".patched" with zipfile.ZipFile(outfilename, 'w') as zout: for info in zin.infolist(): data = zin.read(info.filename) if info.filename == 'AndroidManifest.xml': if new_certdigest.encode('utf-16-le') in data: delete_apk = True # Check if the original certdigest is found if orig_certdigest.encode('utf-16-le') in data: data = data.replace(orig_certdigest.encode('utf-16-le'), new_certdigest.encode('utf-16-le')) else: delete_apk = True zout.writestr(info, data) if delete_apk and os.path.exists(outfilename): os.remove(outfilename) for apk in input_apks: patch_apk(apk, certdigest) Loading
sign.sh 0 → 100755 +38 −0 Original line number Diff line number Diff line #!/bin/bash root_dir=$(dirname "$(readlink -f "$0")") input_apk=$1 cert=$2 ks_pass=$3 ks_alias=$4 if [ "$#" -ne 4 ]; then echo "Usage: $0 <input_apk_file> <ks_file> <ks_pass> <ks_alias>" exit 1 fi if [[ "$cert" != *.jks ]]; then echo ">> [$(date)] Error: Certificate file must have the extension .jks." exit 1 else echo ">> [$(date)] Patching apk." certdigest=$(openssl x509 -sha256 -fingerprint -noout -in $cert -passin pass:$ks_pass) fingerprint=$(echo $certdigest | awk -F'=' '{print $2}' | sed 's/://g' | tr '[:upper:]' '[:lower:]') python3 ${root_dir}/trichrome_patch.py $fingerprint $input_apk fi output_apk="${input_apk%.apk}_signed.apk" if [ -f "$input_apk.patched" ]; then echo ">> [$(date)] Zipaligning apk." zipalign -p -f 4 "$input_apk.patched" $output_apk rm "$input_apk.patched" else cp -r $input_apk $output_apk fi if [ -f "$output_apk" ]; then echo ">> [$(date)] Signing apk." apksigner sign --ks $cert --ks-pass pass:$ks_pass --ks-key-alias $ks_alias $output_apk fi
trichrome_patch.py 0 → 100755 +44 −0 Original line number Diff line number Diff line #!/usr/bin/env python3 import os import sys import zipfile if len(sys.argv) < 3: print("Usage: python " + sys.argv[0] + ".py certdigest <input_apks>") sys.exit(1) certdigest = sys.argv[1] input_apks = sys.argv[2:] def patch_apk(infilename, new_certdigest): # Default for chromium apks orig_certdigest = "32a2fc74d731105859e5a85df16d95f102d85b22099b8064c5d8915c61dad1e0" # Check if the original and new certificate digests are the same if orig_certdigest == new_certdigest: return delete_apk = False with zipfile.ZipFile(infilename, 'r') as zin: # Initialize the output ZIP file outfilename = infilename + ".patched" with zipfile.ZipFile(outfilename, 'w') as zout: for info in zin.infolist(): data = zin.read(info.filename) if info.filename == 'AndroidManifest.xml': if new_certdigest.encode('utf-16-le') in data: delete_apk = True # Check if the original certdigest is found if orig_certdigest.encode('utf-16-le') in data: data = data.replace(orig_certdigest.encode('utf-16-le'), new_certdigest.encode('utf-16-le')) else: delete_apk = True zout.writestr(info, data) if delete_apk and os.path.exists(outfilename): os.remove(outfilename) for apk in input_apks: patch_apk(apk, certdigest)
