Resigning system.img on a device

android android-source lg optimus
natez0r picture natez0r · Feb 28, 2012 · Viewed 7k times · Source

I am working on an automatic app updating solution for devices (LG p509 - Optimus 1) which we deploy to our customers. We have control of these devices and currently install a custom kernel on them (but not a full custom ROM). Since we are trying to do auto-updating of our app on the device, we need the system to be signed by a key which we control so we can sign our apps with the same key (to get the INSTALL_PACKAGES permission).
I have been having a few issues running AOSP builds on the device (using the LG released source for the device), and am trying to take a step back and evaluate our options. I have a few questions:

  1. Is it viable to just pull the system.img off the phone and resign the contents? If so, where is the system apk located? I poked through the PackageManager source and it uses a systempackage (seemingly called "android") to compare apps with to see if they are allowed to have system permissions.
  2. Has anyone here created a custom ROM for the device that could offer some advice on how just get our signature be the system signature?

Any insight would be appreciated.

Answer

natez0r picture natez0r · Feb 29, 2012

Ok, so we figured it out. I am not going to go into full detail (too much writing), but here is the basic gist for anyone who stumbles on this:

If you want change the key which the system is signed with, you need to do the following steps:

  • Extract /system/ dir from the running phone
  • Inspect the .apk files (from /system/app and /system/framework) to figure out which ones are signed by the same key as the framework-res.apk. I used a modified version of the script linked here to figure out which APKs to sign.
  • If the APKs in /system/app which share the signing key with framework-res.apk are odexed, you need to de-odex them.
  • resign the APKs and the framework-res.apk and pack them in an update.zip (google how to do that).

On my specific device I had to resign both /system/framework/framework-res.apk and /system/framework/lge-res.apk from /system/framework and also had to de-odex and sign 20 .apks from the /system/app folder in order to get everything running smoothly.

Related questions

Where can I find Android source code online?

Particularly, where can I browse the source code for any android source application(e.g.the contact application) ? Is the only way to go to download all there is?

Read More
What are ODEX files in Android?

After some android apps installed, I found that it will change to odex file (not apk) in smartphone. How does it happens? Who can teach me, I am very interested about it.

Read More
Restart android machine

we have android + linux m/c, we log in into linux shell and boot the machine in android GUI. now we have the some script that is running on the same machine through linux shell. In that case when the …

Read More