Hi all,
I would patch a native NDK file, those *.so files you can find in some APK packages...

They are indeed normal elf *.so library native code libraries, but are usually signed with a 1024 RSA signature. Does anyone know how to re-sign them once patched??

Thanks!

Most of those files can found in the wild without being signed.
It will depend on if it was part of a "bundle" or a stand alone.

Woodmann

Heya Shub,

Only the APK files are signed. I've never seen a signed .so file.

-rendari

rendari is right. patch your file and resign the apk with the common commandline line tools with our custom key. that will work on any android where non market applications are allowed.

regards,
OHPen.

Hi mate
you are right. Generally for market apps the so files are not signed. However I asked this because I was reversing an android malware app which was apparently using a signed so file inside, and since it's supported by the format I openened the thread.

Hi Shub,

I'm not sure if the ELF files you're patching are verifying themselves, or are being verified by the Android kernel. As far as I know, Android does not support verifying signed elf files. I might be wrong, and if I am, then there is probably a .signature section that you should 0 out to remove the signature:
http://lwn.net/Articles/532778/

If the ELF files are verifying themselves, then you will have to patch the file to bypass the signature verification.

-rendari