Disable Signature Verification di ROM Android Termasuk MIUI

November 07, 2017
signature-hack
Fungsi dari Disable Signature Verification adalah untuk membebaskan kita menambahkan/memodif file apk yang ada di system dan data tanpa dipusingkan dengan segala macam signature yang selalu ada di file apk. Terutama sangat dibutuhkan jika kita ingin memodif file apk system yang berhubungan dengan AndroidManifest. Disini saya berikan tutorial lengkapnya, termasuk disable signature miui yang biasanya sangat alot di bypass. Hingga setelah terapkan, kamu dapat menghapus app system bawaan miui yang tidak kamu butuhkan, seperti MiuiStore, etc. Tanpa takut bootloop. Syarat:
  • Rooted
  • Deodexed ROM
Bahan:
  • core-libart.jar (ambil dari /system/framework)
  • services,jar (ambil dari /system/framework)
Langkah-langkah:
  • Bagian core-libart
Decompile core-libart.jar Buka /smali/java/security/Signature.smali Cari:


.method public final verify([B)Z
Lalu didalam method tersebut, cari:


    return v0
Tambahkan ini diatasnya:


    const/4 v0, 0x1
Hingga hasilnya menjadi seperti ini:


.method public final verify([B)Z
    .locals 2
    .param p1, "signature"    # [B
    .annotation system Ldalvik/annotation/Throws;
        value = {
            Ljava/security/SignatureException;
        }
    .end annotation

    .prologue
    .line 449
    iget v0, p0, Ljava/security/Signature;->state:I

    const/4 v1, 0x3

    if-eq v0, v1, :cond_0

    .line 450
    new-instance v0, Ljava/security/SignatureException;

    const-string v1, "Signature object is not initialized properly"

    invoke-direct {v0, v1}, Ljava/security/SignatureException;-><init>(Ljava/lang/String;)V

    throw v0

    .line 452
    :cond_0
    invoke-virtual {p0, p1}, Ljava/security/Signature;->engineVerify([B)Z

    move-result v0

    const/4 v0, 0x1

    return v0
.end method
Masih di /smali/java/security/Signature.smali Cari:


.method public final verify([BII)Z
Lalu didalam method tersebut, cari:


    return v0
Tambahkan ini diatasnya:


    const/4 v0, 0x1
Hingga hasilnya menjadi seperti ini:


.method public final verify([BII)Z
    .locals 2
    .param p1, "signature"    # [B
    .param p2, "offset"    # I
    .param p3, "length"    # I
    .annotation system Ldalvik/annotation/Throws;
        value = {
            Ljava/security/SignatureException;
        }
    .end annotation

    .prologue
    .line 481
    iget v0, p0, Ljava/security/Signature;->state:I

    const/4 v1, 0x3

    if-eq v0, v1, :cond_0

    .line 482
    new-instance v0, Ljava/security/SignatureException;

    const-string v1, "Signature object is not initialized properly"

    invoke-direct {v0, v1}, Ljava/security/SignatureException;-><init>(Ljava/lang/String;)V

    throw v0

    .line 484
    :cond_0
    if-eqz p1, :cond_1

    if-ltz p2, :cond_1

    if-ltz p3, :cond_1

    add-int v0, p2, p3

    array-length v1, p1

    if-le v0, v1, :cond_2

    .line 486
    :cond_1
    new-instance v0, Ljava/lang/IllegalArgumentException;

    invoke-direct {v0}, Ljava/lang/IllegalArgumentException;-><init>()V

    throw v0

    .line 488
    :cond_2
    invoke-virtual {p0, p1, p2, p3}, Ljava/security/Signature;->engineVerify([BII)Z

    move-result v0

    const/4 v0, 0x1

    return v0
.end method
Buka /smali/java/security/MessageDigest.smali Cari:


.method public static isEqual([B[B)Z
Lalu didalam method tersebut, cari:


    return v2
Tambahkan ini diatasnya:


    const/4 v2, 0x1
Hingga hasilnya menjadi seperti ini:


.method public static isEqual([B[B)Z
    .locals 5
    .param p0, "digesta"    # [B
    .param p1, "digestb"    # [B

    .prologue
    const/4 v2, 0x0

    .line 303
    array-length v3, p0

    array-length v4, p1

    if-eq v3, v4, :cond_1

    .line 311
    :cond_0
    :goto_0
    const/4 v2, 0x1

    return v2

    .line 307
    :cond_1
    const/4 v1, 0x0

    .line 308
    .local v1, "v":I
    const/4 v0, 0x0

    .local v0, "i":I
    :goto_1
    array-length v3, p0

    if-ge v0, v3, :cond_2

    .line 309
    aget-byte v3, p0, v0

    aget-byte v4, p1, v0

    xor-int/2addr v3, v4

    or-int/2addr v1, v3

    .line 308
    add-int/lit8 v0, v0, 0x1

    goto :goto_1

    .line 311
    :cond_2
    if-nez v1, :cond_0

    const/4 v2, 0x1

    goto :goto_0
.end method
Recompile core-libart
  • Bagian services
Decompile services.jar Buka /smali/com/android/server/pm/PackageManagerService.smali Cari:


.method static compareSignatures([Landroid/content/pm/Signature;[Landroid/content/pm/Signature;)I
Lalu didalam method tersebut, cari:


    return v6
Tambahkan ini diatasnya:


    const/4 v6, 0x0
Hingga hasilnya menjadi seperti ini:


.method static compareSignatures([Landroid/content/pm/Signature;[Landroid/content/pm/Signature;)I
    .locals 11
    .param p0, "s1"    # [Landroid/content/pm/Signature;
    .param p1, "s2"    # [Landroid/content/pm/Signature;

    .prologue
    const/4 v6, 0x1

    const/4 v8, -0x3

    const/4 v7, 0x0

    .line 4072
    if-nez p0, :cond_1

    .line 4073
    if-nez p1, :cond_0

    .line 4105
    :goto_0
    const/4 v6, 0x0

    return v6

    .line 4073
    :cond_0
    const/4 v6, -0x1

    goto :goto_0

    .line 4078
    :cond_1
    if-nez p1, :cond_2

    .line 4079
    const/4 v6, -0x2

    goto :goto_0

    .line 4082
    :cond_2
    array-length v9, p0

    array-length v10, p1

    if-eq v9, v10, :cond_3

    move v6, v8

    .line 4083
    goto :goto_0

    .line 4087
    :cond_3
    array-length v9, p0

    if-ne v9, v6, :cond_5

    .line 4088
    aget-object v6, p0, v7

    aget-object v9, p1, v7

    invoke-virtual {v6, v9}, Landroid/content/pm/Signature;->equals(Ljava/lang/Object;)Z

    move-result v6

    if-eqz v6, :cond_4

    move v6, v7

    goto :goto_0

    :cond_4
    move v6, v8

    goto :goto_0

    .line 4093
    :cond_5
    new-instance v3, Landroid/util/ArraySet;

    invoke-direct {v3}, Landroid/util/ArraySet;-><init>()V

    ....

    ....

.end method
Masih di /smali/com/android/server/pm/PackageManagerService.smali Cari:


.method private compareSignaturesCompat(Lcom/android/server/pm/PackageSignatures;Landroid/content/pm/PackageParser$Package;)I
Lalu didalam method tersebut, dibawah param/line, seperti ini:


    .param p1, "existingSigs"    # Lcom/android/server/pm/PackageSignatures;
    .param p2, "scannedPkg"    # Landroid/content/pm/PackageParser$Package;

    .prologue
    .line 4126
Tambahkan:


    const/4 v14, 0x0

    return v14
Hingga hasilnya menjadi seperti ini:


.method private compareSignaturesCompat(Lcom/android/server/pm/PackageSignatures;Landroid/content/pm/PackageParser$Package;)I
    .locals 17
    .param p1, "existingSigs"    # Lcom/android/server/pm/PackageSignatures;
    .param p2, "scannedPkg"    # Landroid/content/pm/PackageParser$Package;

    .prologue
    .line 4126
    const/4 v14, 0x0

    return v14

    move-object/from16 v0, p0

    move-object/from16 v1, p2

    invoke-direct {v0, v1}, Lcom/android/server/pm/PackageManagerService;->isCompatSignatureUpdateNeeded(Landroid/content/pm/PackageParser$Package;)Z

    move-result v14

    if-nez v14, :cond_0

    ....

    ....

.end method
Masih di /smali/com/android/server/pm/PackageManagerService.smali Cari:


.method private compareSignaturesRecover(Lcom/android/server/pm/PackageSignatures;Landroid/content/pm/PackageParser$Package;)I
Lalu didalam method tersebut, cari:


    return v2
Tambahkan ini diatasnya:


    const/4 v2, 0x0
Hingga hasilnya menjadi seperti ini:


.method private compareSignaturesRecover(Lcom/android/server/pm/PackageSignatures;Landroid/content/pm/PackageParser$Package;)I
    .locals 7
    .param p1, "existingSigs"    # Lcom/android/server/pm/PackageSignatures;
    .param p2, "scannedPkg"    # Landroid/content/pm/PackageParser$Package;

    .prologue
    const/4 v6, 0x4

    const/4 v2, -0x3

    .line 4168
    invoke-direct {p0, p2}, Lcom/android/server/pm/PackageManagerService;->isRecoverSignatureUpdateNeeded(Landroid/content/pm/PackageParser$Package;)Z

    move-result v3

    if-nez v3, :cond_0

    .line 4185
    :goto_0
    const/4 v2, 0x0

    return v2

    .line 4172
    :cond_0
    const/4 v1, 0x0

    .line 4174
    .local v1, "msg":Ljava/lang/String;
    :try_start_0
    iget-object v3, p1, Lcom/android/server/pm/PackageSignatures;->mSignatures:[Landroid/content/pm/Signature;

    iget-object v4, p2, Landroid/content/pm/PackageParser$Package;->mSignatures:[Landroid/content/pm/Signature;

    invoke-static {v3, v4}, Landroid/content/pm/Signature;->areEffectiveMatch([Landroid/content/pm/Signature;[Landroid/content/pm/Signature;)Z

    move-result v3

    if-eqz v3, :cond_1

    .line 4175
    const/4 v3, 0x4

    new-instance v4, Ljava/lang/StringBuilder;

    invoke-direct {v4}, Ljava/lang/StringBuilder;-><init>()V

    const-string v5, "Recovered effectively matching certificates for "

    invoke-virtual {v4, v5}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

    move-result-object v4

    ....

    ....

.end method
Untuk ROM Android selain MIUI sudah selesai sampai disini. Silahkan lanjut ke bagian finishing. Khusus ROM MIUI silahkan lanjutkan tutorialnya. Buka /smali/com/miui/server/SecurityManagerService.smali Cari:


.method private checkSysAppCrack()Z
Lalu didalam method tersebut, cari:


    const/4 v8, 0x0
Tambahkan ini dibawahnya:


    const/4 v3, 0x1

    return v3
Hingga hasilnya menjadi seperti ini:


.method private checkSysAppCrack()Z
    .locals 9

    .prologue
    const/4 v8, 0x0

    const/4 v3, 0x1

    return v3

    .line 602
    new-instance v1, Ljava/util/ArrayList;

    invoke-direct {v1}, Ljava/util/ArrayList;-><init>()V

    .line 603
    .local v1, "appsTobeChecked":Ljava/util/ArrayList;, "Ljava/util/ArrayList<Lcom/miui/server/SecurityManagerService$AppItem;>;"
    new-instance v5, Lcom/miui/server/SecurityManagerService$AppItem;

    const-string v6, "com.miui.home"

    const-string v7, "3082046c30820354a003020102020900e552a8ecb9011b7c300d06092a864886f70d0101050500308180310b300906035504061302434e3110300e060355040813074265696a696e673110300e060355040713074265696a696e67310f300d060355040a13065869616f6d69310d300b060355040b13044d495549310d300b060355040313044d495549311e301c06092a864886f70d010901160f6d697569407869616f6d692e636f6d301e170d3131313230363033323632365a170d3339303432333033323632365a308180310b300906035504061302434e3110300e060355040813074265696a696e673110300e060355040713074265696a696e67310f300d060355040a13065869616f6d69310d300b060355040b13044d495549310d300b060355040313044d495549311e301c06092a864886f70d010901160f6d697569407869616f6d692e636f6d30820120300d06092a864886f70d01010105000382010d00308201080282010100c786568a9aff253ad74c5d3e6fbffa12fed44cd3244f18960ec5511bb551e413115197234845112cc3df9bbacd3e0f4b3528cd87ed397d577dc9008e9cbc6a25fc0664d3a3f440243786db8b250d40f6f148c9a3cd6fbc2dd8d24039bd6a8972a1bdee28c308798bfa9bb3b549877b10f98e265f118c05f264537d95e29339157b9d2a31485e0c823521cca6d0b721a8432600076d669e20ac43aa588b52c11c2a51f04c6bb31ad6ae8573991afe8e4957d549591fcb83ec62d1da35b1727dc6b63001a5ef387b5a7186c1e68da1325772b5307b1bc739ef236b9efe06d52dcaf1e32768e3403e55e3ec56028cf5680cfb33971ccf7870572bc47d3e3affa385020103a381e83081e5301d0603551d0e0416041491ae2f8c72e305f92aa9f7452e2a3160b841a15c3081b50603551d230481ad3081aa801491ae2f8c72e305f92aa9f7452e2a3160b841a15ca18186a48183308180310b300906035504061302434e3110300e060355040813074265696a696e673110300e060355040713074265696a696e67310f300d060355040a13065869616f6d69310d300b060355040b13044d495549310d300b060355040313044d495549311e301c06092a864886f70d010901160f6d697569407869616f6d692e636f6d820900e552a8ecb9011b7c300c0603551d13040530030101ff300d06092a864886f70d010105050003820101003b3a699ceb497300f2ab86cbd41c513440bf60aa5c43984eb1da140ef30544d9fbbb3733df24b26f2703d7ffc645bf598a5e6023596a947e91731542f2c269d0816a69c92df9bfe8b1c9bc3c54c46c12355bb4629fe6020ca9d15f8d6155dc5586f5616db806ecea2d06bd83e32b5f13f5a04fe3e5aa514f05df3d555526c63d3d62acf00adee894b923c2698dc571bc52c756ffa7a2221d834d10cb7175c864c30872fe217c31442dff0040a67a2fb1c8ba63eac2d5ba3d8e76b4ff2a49b0db8a33ef4ae0dd0a840dd2a8714cb5531a56b786819ec9eb1051d91b23fde06bd9d0708f150c4f9efe6a416ca4a5e0c23a952af931ad3579fb4a8b19de98f64bd9"

    invoke-direct {v5, v6, v7, v8}, Lcom/miui/server/SecurityManagerService$AppItem;-><init>(Ljava/lang/String;Ljava/lang/String;Z)V

    invoke-virtual {v1, v5}, Ljava/util/ArrayList;->add(Ljava/lang/Object;)Z

    ....

    ....

.end method
Masih di /smali/com/miui/server/SecurityManagerService.smali Cari:


.method private checkSystemSelfProtection(Z)V
Hapus semua text didalam  method tersebut , lalu rubah hingga hasilnya menjadi seperti ini:


.method private checkSystemSelfProtection(Z)V
    .locals 2
    .param p1, "onlyCore"    # Z

    .prologue
    .line 517
    const-string v0, "SystemSelfProtection"

    const-string v1, "bypassed by bamzzz@xda"

    invoke-static {v0, v1}, Landroid/util/Log;->i(Ljava/lang/String;Ljava/lang/String;)I

    .line 588
    return-void
.end method
Recompile services
  • Bagian Finishing
Salin kembali core-libart.jar dan services.jar ke dalam folder /system/framework, set permission files nya rw--r--r-- (0644). Reboot system Selesai Demikianlah artikel ini dibuat, semoga bermanfaat. Referensi: Forum Multirom

Artikel Terkait

Previous
Next Post »

44 comments

Write comments
Kelana
AUTHOR
December 28, 2017 at 1:00 PM delete

Nambah ilmu 😅
Matur suwun tutorx 😂

Reply
avatar
hunyb ers
AUTHOR
January 15, 2018 at 7:14 AM delete This comment has been removed by a blog administrator.
avatar
hunyb ers
AUTHOR
January 15, 2018 at 7:25 AM delete

ga bisa gan gada namanya folder smali

Reply
avatar
bamzzz
AUTHOR
January 15, 2018 at 9:59 AM delete

Pastikan rom nya udah deodex.. decompile menggunakan apktool

Reply
avatar
February 26, 2018 at 2:23 PM delete

gan ini bisa di pake di nougat ga ya?

Reply
avatar
Nadia Putri
AUTHOR
April 2, 2018 at 10:18 AM delete

Gan ada tutor untuk buat rom odex menjadi deodex ga gan..

Tnhx

Reply
avatar
bamzzz
AUTHOR
April 3, 2018 at 8:09 AM delete

Ada, baru dibuat, silahkan https://www.bootloop.id/2018/04/cara-deodex-rom-android.html

Reply
avatar
tito sr
AUTHOR
April 17, 2018 at 4:05 PM delete

Mana nih mau di baca, tp ga ada.

Reply
avatar
tito sr
AUTHOR
April 17, 2018 at 4:14 PM delete

Tolong di post ulang ya, atau kirim ke email saya, thanks.

Reply
avatar
Reeant
AUTHOR
May 1, 2018 at 8:10 PM delete

om bamz koq di hapus konten nya..

hiks hiks

Reply
avatar
Wee Lee
AUTHOR
May 6, 2018 at 7:24 AM delete

Yes, sorry ntar di balikin..

Reply
avatar
Qnoy
AUTHOR
June 5, 2018 at 2:36 AM delete

Sangat membantu, terimakasih

Reply
avatar
June 20, 2018 at 1:53 AM delete

kalo udah kelar, terus unroot, apakah masih berfungsi disable signaturenya?

Reply
avatar
Will MCRmy
AUTHOR
July 5, 2018 at 8:47 AM delete

Thanks gan..ini yg ane cari slama ini..

Reply
avatar
Anonymous
AUTHOR
July 21, 2018 at 8:51 PM delete

gan kalo buat redmi 3 sama gga gan method nya?

Reply
avatar
Andreas T
AUTHOR
July 21, 2018 at 11:41 PM delete

gan, itu text editnya pake app apa yah?

Reply
avatar
bamzzz
AUTHOR
July 22, 2018 at 5:15 AM delete

Pakai Notepad++ kalau di Windows PC, link download: https://notepad-plus-plus.org/download/v7.5.7.html

Reply
avatar
Anonymous
AUTHOR
July 22, 2018 at 11:27 AM delete

trus script bagian akhir miui nya ikutin kaya yg diatas apa gimana gan?? tolong bantuan nya

Reply
avatar
bamzzz
AUTHOR
July 22, 2018 at 12:29 PM delete

Ikutin semua sampai selesai kalo modif rom miui

Reply
avatar
Anonymous
AUTHOR
July 22, 2018 at 9:41 PM delete

bootloop gan ,,,

Reply
avatar
Tono
AUTHOR
July 25, 2018 at 6:31 PM delete

Gan kalau semua sudah ikutin pentunjuk tapi pd ada yg kurang odex ke reodex belum bisa lanjutkn caranya gimana Gan?
Selain cara di atas ada lg gak gan?soalnya pakai lucky patcher gagal pakai Xinstaller gagal juga.solusi yg gampang dan ampuh gmn Gan?Terima kasih

Reply
avatar
bamzzz
AUTHOR
July 27, 2018 at 6:57 PM delete

Pakai hp apa, rom apa?

Reply
avatar
sang saka
AUTHOR
August 10, 2018 at 1:25 AM delete

Buat custom rom device xiaomi
Harus pake tutorial selanjutnyagk? gk

Reply
avatar
bamzzz
AUTHOR
August 10, 2018 at 5:47 AM delete

Khusus MIUI aja yang pakai tutorial selanjutnya

Reply
avatar
Tri Juhari
AUTHOR
August 10, 2018 at 6:25 PM delete

Buat mia1. Android 8.1. bisa gan ????

Reply
avatar
sang saka
AUTHOR
August 18, 2018 at 4:03 PM delete

Kadang ada apk yg di tanem di system priv app menggunakan root explorer/LP tapi setelah reboot aplikasinya hilang
Apakah dg cara tutorial ini dapat mengatasi hal itu min?

Reply
avatar
robie iebell
AUTHOR
September 20, 2018 at 4:01 AM delete

Maaf gan ane baru mao deodex cor-libart tapi gak ada file odex nya di arm maupun di arm64. Posisi miui 9 nougat

Reply
avatar
Reeant
AUTHOR
October 2, 2018 at 10:46 AM delete

om Bamzz Disable signature oreo gmn ya

Reply
avatar
November 28, 2018 at 1:15 PM delete

Kalau untuk miui base oreo 8.1 bagaimana tutorialnya um ?

Reply
avatar
Aris_juliant
AUTHOR
December 14, 2018 at 8:12 PM delete

Huu kalo miui 10 apktool yg cocok versi brpa ya ??

Reply
avatar
Anonymous
AUTHOR
February 24, 2019 at 9:15 AM delete

gan untuk rom miui 9 android 8.1 ane gak nemu method core-kibart jar nya ya, apa metode disable signature ini gak bisa buat android O ya?
mohon petunjuk nya gan....

Reply
avatar
Abank Donny
AUTHOR
March 23, 2019 at 2:40 AM delete

core-oj.jar kalo oreo 8.1

Reply
avatar
Unknown
AUTHOR
May 20, 2019 at 9:14 AM delete

Bang ini buat by pass hp untuk ojol work ga ya?

Reply
avatar
rhendytay
AUTHOR
May 21, 2019 at 3:11 PM delete

mas kalo buat portiny rom miui untuk device oppo apakah perlu tutorial selanjut nya ?

Reply
avatar
HardDev
AUTHOR
July 8, 2019 at 4:01 AM delete This comment has been removed by the author.
avatar
HardDev
AUTHOR
July 8, 2019 at 4:08 AM delete

tapi pada fc app nya

Reply
avatar
Gowalk
AUTHOR
July 26, 2019 at 2:33 AM delete

gan tolong bikin versi video donk biar lebih simple di pahaminya

Reply
avatar
Gowalk
AUTHOR
August 16, 2019 at 9:52 AM delete

gan help, ane setelah deodex rom, decomp[ile , itu di core libart nya ga ada folder security nya... gmn yah?

Reply
avatar

Silahkan tinggalkan komentar EmoticonEmoticon