Disable Signature Verification di ROM Android Termasuk MIUI

Fungsi dari Disable Signature Verification adalah untuk membebaskan kita menambahkan/memodif file apk yang ada di system dan data tanpa dipusingkan dengan segala macam signature yang selalu ada di file apk. Terutama sangat dibutuhkan jika kita ingin memodif file apk system yang berhubungan dengan AndroidManifest. Disini saya berikan tutorial lengkapnya, termasuk disable signature miui yang biasanya sangat alot di bypass. Hingga setelah terapkan, kamu dapat menghapus app system bawaan miui yang tidak kamu butuhkan, seperti MiuiStore, etc. Tanpa takut bootloop. Syarat:

Rooted
Deodexed ROM

Bahan:

core-libart.jar (ambil dari /system/framework)
services,jar (ambil dari /system/framework)

Langkah-langkah:

Bagian core-libart

Decompile core-libart.jar Buka /smali/java/security/Signature.smali Cari:



.method public final verify([B)Z

Lalu didalam method tersebut, cari:



    return v0

Tambahkan ini diatasnya:



    const/4 v0, 0x1

Hingga hasilnya menjadi seperti ini:



.method public final verify([B)Z
    .locals 2
    .param p1, "signature"    # [B
    .annotation system Ldalvik/annotation/Throws;
        value = {
            Ljava/security/SignatureException;
        }
    .end annotation

    .prologue
    .line 449
    iget v0, p0, Ljava/security/Signature;->state:I

    const/4 v1, 0x3

    if-eq v0, v1, :cond_0

    .line 450
    new-instance v0, Ljava/security/SignatureException;

    const-string v1, "Signature object is not initialized properly"

    invoke-direct {v0, v1}, Ljava/security/SignatureException;-><init>(Ljava/lang/String;)V

    throw v0

    .line 452
    :cond_0
    invoke-virtual {p0, p1}, Ljava/security/Signature;->engineVerify([B)Z

    move-result v0

    const/4 v0, 0x1

    return v0
.end method

Masih di /smali/java/security/Signature.smali Cari:



.method public final verify([BII)Z

Lalu didalam method tersebut, cari:



    return v0

Tambahkan ini diatasnya:



    const/4 v0, 0x1

Hingga hasilnya menjadi seperti ini:



.method public final verify([BII)Z
    .locals 2
    .param p1, "signature"    # [B
    .param p2, "offset"    # I
    .param p3, "length"    # I
    .annotation system Ldalvik/annotation/Throws;
        value = {
            Ljava/security/SignatureException;
        }
    .end annotation

    .prologue
    .line 481
    iget v0, p0, Ljava/security/Signature;->state:I

    const/4 v1, 0x3

    if-eq v0, v1, :cond_0

    .line 482
    new-instance v0, Ljava/security/SignatureException;

    const-string v1, "Signature object is not initialized properly"

    invoke-direct {v0, v1}, Ljava/security/SignatureException;-><init>(Ljava/lang/String;)V

    throw v0

    .line 484
    :cond_0
    if-eqz p1, :cond_1

    if-ltz p2, :cond_1

    if-ltz p3, :cond_1

    add-int v0, p2, p3

    array-length v1, p1

    if-le v0, v1, :cond_2

    .line 486
    :cond_1
    new-instance v0, Ljava/lang/IllegalArgumentException;

    invoke-direct {v0}, Ljava/lang/IllegalArgumentException;-><init>()V

    throw v0

    .line 488
    :cond_2
    invoke-virtual {p0, p1, p2, p3}, Ljava/security/Signature;->engineVerify([BII)Z

    move-result v0

    const/4 v0, 0x1

    return v0
.end method

Buka /smali/java/security/MessageDigest.smali Cari:



.method public static isEqual([B[B)Z

Lalu didalam method tersebut, cari:



    return v2

Tambahkan ini diatasnya:



    const/4 v2, 0x1

Hingga hasilnya menjadi seperti ini:



.method public static isEqual([B[B)Z
    .locals 5
    .param p0, "digesta"    # [B
    .param p1, "digestb"    # [B

    .prologue
    const/4 v2, 0x0

    .line 303
    array-length v3, p0

    array-length v4, p1

    if-eq v3, v4, :cond_1

    .line 311
    :cond_0
    :goto_0
    const/4 v2, 0x1

    return v2

    .line 307
    :cond_1
    const/4 v1, 0x0

    .line 308
    .local v1, "v":I
    const/4 v0, 0x0

    .local v0, "i":I
    :goto_1
    array-length v3, p0

    if-ge v0, v3, :cond_2

    .line 309
    aget-byte v3, p0, v0

    aget-byte v4, p1, v0

    xor-int/2addr v3, v4

    or-int/2addr v1, v3

    .line 308
    add-int/lit8 v0, v0, 0x1

    goto :goto_1

    .line 311
    :cond_2
    if-nez v1, :cond_0

    const/4 v2, 0x1

    goto :goto_0
.end method

Recompile core-libart

Bagian services

Decompile services.jar Buka /smali/com/android/server/pm/PackageManagerService.smali Cari:



.method static compareSignatures([Landroid/content/pm/Signature;[Landroid/content/pm/Signature;)I

Lalu didalam method tersebut, cari:



    return v6

Tambahkan ini diatasnya:



    const/4 v6, 0x0

Hingga hasilnya menjadi seperti ini:



.method static compareSignatures([Landroid/content/pm/Signature;[Landroid/content/pm/Signature;)I
    .locals 11
    .param p0, "s1"    # [Landroid/content/pm/Signature;
    .param p1, "s2"    # [Landroid/content/pm/Signature;

    .prologue
    const/4 v6, 0x1

    const/4 v8, -0x3

    const/4 v7, 0x0

    .line 4072
    if-nez p0, :cond_1

    .line 4073
    if-nez p1, :cond_0

    .line 4105
    :goto_0
    const/4 v6, 0x0

    return v6

    .line 4073
    :cond_0
    const/4 v6, -0x1

    goto :goto_0

    .line 4078
    :cond_1
    if-nez p1, :cond_2

    .line 4079
    const/4 v6, -0x2

    goto :goto_0

    .line 4082
    :cond_2
    array-length v9, p0

    array-length v10, p1

    if-eq v9, v10, :cond_3

    move v6, v8

    .line 4083
    goto :goto_0

    .line 4087
    :cond_3
    array-length v9, p0

    if-ne v9, v6, :cond_5

    .line 4088
    aget-object v6, p0, v7

    aget-object v9, p1, v7

    invoke-virtual {v6, v9}, Landroid/content/pm/Signature;->equals(Ljava/lang/Object;)Z

    move-result v6

    if-eqz v6, :cond_4

    move v6, v7

    goto :goto_0

    :cond_4
    move v6, v8

    goto :goto_0

    .line 4093
    :cond_5
    new-instance v3, Landroid/util/ArraySet;

    invoke-direct {v3}, Landroid/util/ArraySet;-><init>()V

    ....

    ....

.end method

Masih di /smali/com/android/server/pm/PackageManagerService.smali Cari:



.method private compareSignaturesCompat(Lcom/android/server/pm/PackageSignatures;Landroid/content/pm/PackageParser$Package;)I

Lalu didalam method tersebut, dibawah param/line, seperti ini:



    .param p1, "existingSigs"    # Lcom/android/server/pm/PackageSignatures;
    .param p2, "scannedPkg"    # Landroid/content/pm/PackageParser$Package;

    .prologue
    .line 4126

Tambahkan:



    const/4 v14, 0x0

    return v14

Hingga hasilnya menjadi seperti ini:



.method private compareSignaturesCompat(Lcom/android/server/pm/PackageSignatures;Landroid/content/pm/PackageParser$Package;)I
    .locals 17
    .param p1, "existingSigs"    # Lcom/android/server/pm/PackageSignatures;
    .param p2, "scannedPkg"    # Landroid/content/pm/PackageParser$Package;

    .prologue
    .line 4126
    const/4 v14, 0x0

    return v14

    move-object/from16 v0, p0

    move-object/from16 v1, p2

    invoke-direct {v0, v1}, Lcom/android/server/pm/PackageManagerService;->isCompatSignatureUpdateNeeded(Landroid/content/pm/PackageParser$Package;)Z

    move-result v14

    if-nez v14, :cond_0

    ....

    ....

.end method

Masih di /smali/com/android/server/pm/PackageManagerService.smali Cari:



.method private compareSignaturesRecover(Lcom/android/server/pm/PackageSignatures;Landroid/content/pm/PackageParser$Package;)I

Lalu didalam method tersebut, cari:



    return v2

Tambahkan ini diatasnya:



    const/4 v2, 0x0

Hingga hasilnya menjadi seperti ini:



.method private compareSignaturesRecover(Lcom/android/server/pm/PackageSignatures;Landroid/content/pm/PackageParser$Package;)I
    .locals 7
    .param p1, "existingSigs"    # Lcom/android/server/pm/PackageSignatures;
    .param p2, "scannedPkg"    # Landroid/content/pm/PackageParser$Package;

    .prologue
    const/4 v6, 0x4

    const/4 v2, -0x3

    .line 4168
    invoke-direct {p0, p2}, Lcom/android/server/pm/PackageManagerService;->isRecoverSignatureUpdateNeeded(Landroid/content/pm/PackageParser$Package;)Z

    move-result v3

    if-nez v3, :cond_0

    .line 4185
    :goto_0
    const/4 v2, 0x0

    return v2

    .line 4172
    :cond_0
    const/4 v1, 0x0

    .line 4174
    .local v1, "msg":Ljava/lang/String;
    :try_start_0
    iget-object v3, p1, Lcom/android/server/pm/PackageSignatures;->mSignatures:[Landroid/content/pm/Signature;

    iget-object v4, p2, Landroid/content/pm/PackageParser$Package;->mSignatures:[Landroid/content/pm/Signature;

    invoke-static {v3, v4}, Landroid/content/pm/Signature;->areEffectiveMatch([Landroid/content/pm/Signature;[Landroid/content/pm/Signature;)Z

    move-result v3

    if-eqz v3, :cond_1

    .line 4175
    const/4 v3, 0x4

    new-instance v4, Ljava/lang/StringBuilder;

    invoke-direct {v4}, Ljava/lang/StringBuilder;-><init>()V

    const-string v5, "Recovered effectively matching certificates for "

    invoke-virtual {v4, v5}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

    move-result-object v4

    ....

    ....

.end method

Untuk ROM Android selain MIUI sudah selesai sampai disini. Silahkan lanjut ke bagian finishing. Khusus ROM MIUI silahkan lanjutkan tutorialnya. Buka /smali/com/miui/server/SecurityManagerService.smali Cari:



.method private checkSysAppCrack()Z

Lalu didalam method tersebut, cari:



    const/4 v8, 0x0

Tambahkan ini dibawahnya:



    const/4 v3, 0x1

    return v3

Hingga hasilnya menjadi seperti ini:



.method private checkSysAppCrack()Z
    .locals 9

    .prologue
    const/4 v8, 0x0

    const/4 v3, 0x1

    return v3

    .line 602
    new-instance v1, Ljava/util/ArrayList;

    invoke-direct {v1}, Ljava/util/ArrayList;-><init>()V

    .line 603
    .local v1, "appsTobeChecked":Ljava/util/ArrayList;, "Ljava/util/ArrayList<Lcom/miui/server/SecurityManagerService$AppItem;>;"
    new-instance v5, Lcom/miui/server/SecurityManagerService$AppItem;

    const-string v6, "com.miui.home"

    const-string v7, "3082046c30820354a003020102020900e552a8ecb9011b7c300d06092a864886f70d0101050500308180310b300906035504061302434e3110300e060355040813074265696a696e673110300e060355040713074265696a696e67310f300d060355040a13065869616f6d69310d300b060355040b13044d495549310d300b060355040313044d495549311e301c06092a864886f70d010901160f6d697569407869616f6d692e636f6d301e170d3131313230363033323632365a170d3339303432333033323632365a308180310b300906035504061302434e3110300e060355040813074265696a696e673110300e060355040713074265696a696e67310f300d060355040a13065869616f6d69310d300b060355040b13044d495549310d300b060355040313044d495549311e301c06092a864886f70d010901160f6d697569407869616f6d692e636f6d30820120300d06092a864886f70d01010105000382010d00308201080282010100c786568a9aff253ad74c5d3e6fbffa12fed44cd3244f18960ec5511bb551e413115197234845112cc3df9bbacd3e0f4b3528cd87ed397d577dc9008e9cbc6a25fc0664d3a3f440243786db8b250d40f6f148c9a3cd6fbc2dd8d24039bd6a8972a1bdee28c308798bfa9bb3b549877b10f98e265f118c05f264537d95e29339157b9d2a31485e0c823521cca6d0b721a8432600076d669e20ac43aa588b52c11c2a51f04c6bb31ad6ae8573991afe8e4957d549591fcb83ec62d1da35b1727dc6b63001a5ef387b5a7186c1e68da1325772b5307b1bc739ef236b9efe06d52dcaf1e32768e3403e55e3ec56028cf5680cfb33971ccf7870572bc47d3e3affa385020103a381e83081e5301d0603551d0e0416041491ae2f8c72e305f92aa9f7452e2a3160b841a15c3081b50603551d230481ad3081aa801491ae2f8c72e305f92aa9f7452e2a3160b841a15ca18186a48183308180310b300906035504061302434e3110300e060355040813074265696a696e673110300e060355040713074265696a696e67310f300d060355040a13065869616f6d69310d300b060355040b13044d495549310d300b060355040313044d495549311e301c06092a864886f70d010901160f6d697569407869616f6d692e636f6d820900e552a8ecb9011b7c300c0603551d13040530030101ff300d06092a864886f70d010105050003820101003b3a699ceb497300f2ab86cbd41c513440bf60aa5c43984eb1da140ef30544d9fbbb3733df24b26f2703d7ffc645bf598a5e6023596a947e91731542f2c269d0816a69c92df9bfe8b1c9bc3c54c46c12355bb4629fe6020ca9d15f8d6155dc5586f5616db806ecea2d06bd83e32b5f13f5a04fe3e5aa514f05df3d555526c63d3d62acf00adee894b923c2698dc571bc52c756ffa7a2221d834d10cb7175c864c30872fe217c31442dff0040a67a2fb1c8ba63eac2d5ba3d8e76b4ff2a49b0db8a33ef4ae0dd0a840dd2a8714cb5531a56b786819ec9eb1051d91b23fde06bd9d0708f150c4f9efe6a416ca4a5e0c23a952af931ad3579fb4a8b19de98f64bd9"

    invoke-direct {v5, v6, v7, v8}, Lcom/miui/server/SecurityManagerService$AppItem;-><init>(Ljava/lang/String;Ljava/lang/String;Z)V

    invoke-virtual {v1, v5}, Ljava/util/ArrayList;->add(Ljava/lang/Object;)Z

    ....

    ....

.end method

Masih di /smali/com/miui/server/SecurityManagerService.smali Cari:



.method private checkSystemSelfProtection(Z)V

Hapus semua text didalam method tersebut , lalu rubah hingga hasilnya menjadi seperti ini:



.method private checkSystemSelfProtection(Z)V
    .locals 2
    .param p1, "onlyCore"    # Z

    .prologue
    .line 517
    const-string v0, "SystemSelfProtection"

    const-string v1, "bypassed by bamzzz@xda"

    invoke-static {v0, v1}, Landroid/util/Log;->i(Ljava/lang/String;Ljava/lang/String;)I

    .line 588
    return-void
.end method

Recompile services

Bagian Finishing

Salin kembali core-libart.jar dan services.jar ke dalam folder /system/framework, set permission files nya rw--r--r-- (0644). Reboot system Selesai Demikianlah artikel ini dibuat, semoga bermanfaat. Referensi: Forum Multirom

bamzzz

49 comments

Write comments

Kelana

AUTHOR

December 28, 2017 at 1:00 PM delete

Nambah ilmu 😅
Matur suwun tutorx 😂

December 28, 2017 at 8:28 PM delete

Iya, sama²

Unknown

January 15, 2018 at 7:14 AM delete This comment has been removed by a blog administrator.

January 15, 2018 at 7:25 AM delete

ga bisa gan gada namanya folder smali

January 15, 2018 at 9:59 AM delete

Pastikan rom nya udah deodex.. decompile menggunakan apktool

February 26, 2018 at 2:23 PM delete

gan ini bisa di pake di nougat ga ya?

February 26, 2018 at 2:24 PM delete

Bisa

April 2, 2018 at 10:18 AM delete

Gan ada tutor untuk buat rom odex menjadi deodex ga gan..

Tnhx

April 3, 2018 at 8:09 AM delete

Ada, baru dibuat, silahkan https://www.bootloop.id/2018/04/cara-deodex-rom-android.html

Tito

April 17, 2018 at 4:05 PM delete

Mana nih mau di baca, tp ga ada.

April 17, 2018 at 4:14 PM delete

Tolong di post ulang ya, atau kirim ke email saya, thanks.

Reeant

May 1, 2018 at 8:10 PM delete

om bamz koq di hapus konten nya..

hiks hiks

May 6, 2018 at 7:24 AM delete

Yes, sorry ntar di balikin..

Qnoy

June 5, 2018 at 2:36 AM delete

Sangat membantu, terimakasih

June 20, 2018 at 1:53 AM delete

kalo udah kelar, terus unroot, apakah masih berfungsi disable signaturenya?

June 24, 2018 at 6:01 PM delete

Masih dong

July 5, 2018 at 8:47 AM delete

Thanks gan..ini yg ane cari slama ini..

Anonymous

July 21, 2018 at 8:51 PM delete

gan kalo buat redmi 3 sama gga gan method nya?

blay

July 21, 2018 at 11:41 PM delete

gan, itu text editnya pake app apa yah?

July 22, 2018 at 5:14 AM delete

Sama metodenya

July 22, 2018 at 5:15 AM delete

Pakai Notepad++ kalau di Windows PC, link download: https://notepad-plus-plus.org/download/v7.5.7.html

July 22, 2018 at 11:27 AM delete

trus script bagian akhir miui nya ikutin kaya yg diatas apa gimana gan?? tolong bantuan nya

July 22, 2018 at 12:29 PM delete

Ikutin semua sampai selesai kalo modif rom miui

July 22, 2018 at 9:41 PM delete

bootloop gan ,,,

Tono

July 25, 2018 at 6:31 PM delete

Gan kalau semua sudah ikutin pentunjuk tapi pd ada yg kurang odex ke reodex belum bisa lanjutkn caranya gimana Gan?
Selain cara di atas ada lg gak gan?soalnya pakai lucky patcher gagal pakai Xinstaller gagal juga.solusi yg gampang dan ampuh gmn Gan?Terima kasih

July 27, 2018 at 6:57 PM delete

Pakai hp apa, rom apa?

August 10, 2018 at 1:25 AM delete

Buat custom rom device xiaomi
Harus pake tutorial selanjutnyagk? gk

August 10, 2018 at 5:47 AM delete

Khusus MIUI aja yang pakai tutorial selanjutnya

August 10, 2018 at 6:25 PM delete

Buat mia1. Android 8.1. bisa gan ????

August 11, 2018 at 7:00 PM delete

Bisa gan

August 18, 2018 at 4:03 PM delete

Kadang ada apk yg di tanem di system priv app menggunakan root explorer/LP tapi setelah reboot aplikasinya hilang
Apakah dg cara tutorial ini dapat mengatasi hal itu min?

September 20, 2018 at 4:01 AM delete

Maaf gan ane baru mao deodex cor-libart tapi gak ada file odex nya di arm maupun di arm64. Posisi miui 9 nougat

October 2, 2018 at 10:46 AM delete

om Bamzz Disable signature oreo gmn ya

FenFren

November 28, 2018 at 1:15 PM delete

Kalau untuk miui base oreo 8.1 bagaimana tutorialnya um ?

Aris_juliant

December 14, 2018 at 8:12 PM delete

Huu kalo miui 10 apktool yg cocok versi brpa ya ??

December 18, 2018 at 5:09 AM delete

Apktool latest

February 24, 2019 at 9:15 AM delete

gan untuk rom miui 9 android 8.1 ane gak nemu method core-kibart jar nya ya, apa metode disable signature ini gak bisa buat android O ya?
mohon petunjuk nya gan....

Abank Donny

March 23, 2019 at 2:40 AM delete

core-oj.jar kalo oreo 8.1

TDW

May 20, 2019 at 9:14 AM delete

Bang ini buat by pass hp untuk ojol work ga ya?

rhendytay

May 21, 2019 at 3:11 PM delete

mas kalo buat portiny rom miui untuk device oppo apakah perlu tutorial selanjut nya ?

HardDev

July 8, 2019 at 4:01 AM delete This comment has been removed by the author.

July 8, 2019 at 4:08 AM delete

tapi pada fc app nya

Info Seputar Jakarta Utara

July 26, 2019 at 2:33 AM delete

gan tolong bikin versi video donk biar lebih simple di pahaminya

August 16, 2019 at 9:52 AM delete

gan help, ane setelah deodex rom, decomp[ile , itu di core libart nya ga ada folder security nya... gmn yah?

ササゴ

September 15, 2019 at 2:00 AM delete

bang?itu decompile jar nya pake apa?batch apk tool apa gimana?tutor ente kurang jelas ane gapaham:((

Gunscissors Hairstylist

May 5, 2020 at 3:06 PM delete

Ane berhasil ngikutin tutor nya hu..tp ga ngerti di hp ane ga fungsiny hu... ane mau tanya biar sertifikasi play protect tolong tutorialnya clue nya hu...