• Unlocking the LG Classic flip for unlimited installations

  • UUriLevel 1 - Junior Member

    • Edited

    Hi guys.
    A few weeks ago I found a way (at least I think so) to unlock the LG Classic to install apps, but I have no way to implement it. So I'll bring up the whole idea here, and if anyone can do something about it - it'll be awesome!

    So:
    In system\framework folder there is an app namedlge-res.apk. If we open it we find in res\values\arrays.xml an array called 'config_enable_installed' that contains a list of permissible-to-install apps. You can install any app listed in this array without modification. So the idea is very simple, add more package-names to the arry and replace the existing lge-res with the updated...
    And here begins the problem: how to replace the old one with the new?

    Idea A: Push the re-compiled app with adb pushcommand.
    Why it does not work: The Classic is completely blocked for editing system files, as far as I have tried. You can see details [Login to see the link].

    Idea B: Reinstall the re-compiled app as an update (as [Login to see the link][Login to see the link]).
    Why does it not work: To install apk as an update you need:

    1. that it be signed in the same signature as the old version.
    2. that all his classes.dex will be within him. It is not possible to install an app without its dex in full.

    The system apps arrive with the dex outside them - so that the system loads faster or something like that - it's divided into two files: .odex and .vdex.
    Fortunately there is a process that can convert these inconvenient files to a normal dex. The process is called deodex, and there are 2 programs that can do it (for Android 8 of course). A. smali-baksmali, B. vdexExtractor.
    And here's the big problem: the deodex of the system apps destroys their signature (in short, the signature represents the APK file as it should be, and once we add the dex, the file changes). On 99% of Android devices it would not bother at all, because we can push the system apps with adb which is a trick to skip the signature verification, but our Classic is blocked for that!
    If I tried to re-sign the APK (both with testkey.pk8 and with flatform.pk8) then the signature no longer matched the old APK...

    I might have given up here, but still [Login to see the link] somehow managed to update the settings app with this of the LG Rebel 4. Maybe he somehow managed to get LG's specific platform.pk8, or he had another trick...

    So if you have an idea how to update this elusive lge-res, give it a try. You may succeed!

    Here are some related files:
    [Login to see the link]
    [Login to see the link]
    [Login to see the link] (Our specific array begins in line 713.)
    [Login to see the link]. (I added three new package-names at the end of the array).

    [Login to see the link]

    Important note: I'm going back to studying this coming Sunday, so I will not be available to try any idea that comes up here, so if you think you have it, try to check by yourself and then tell here if you succeeded or not.

    7 days later
    14 days later

    I don't have LGs keys. What I do have is a phone and a way to get APKs. These phones use the same signing keys.

    • Uri replied to this.

      xxdeafgirl Those apps came deodexed or do you deodex them?
      If you deodexedthem yourself, then how?
      Can you share the Rebel 4 system folder?
      Thanks.

      Could we extract the LG key from the apk? sorry im more of a pc person dont know much about phones tho

      • UUriLevel 1 - Junior Member

        lgexalter1 Ultimate DeOdexer is GUI versiom of smali-baksmali, so it doesn't change anything.

        4 days later

        Those? 100% using the Classic Flip's existing ODEX.
        All LG phones are ODEX on these newer Android versions. DeODEX is a thing yes, but that tends to destroy application integrity which would prevent an install.

        So I just distributed kosher APKs that work because the ODEX used on Classic is highly similar to the Rebel 4 and Aristo 3's

        • Uri replied to this.

          Do you have the lg-res apk?

          • UUriLevel 1 - Junior Member

            xxdeafgirl I do not understand you. Your LGSettings and your WifiFix include classes.dex within the apks. How did you get it there?

              could we re-name the LGSettings apk to lg-res and install it since it contains the classes.dex file?

              oh wait no the package name wont change

              i got dome info from another signed lg apk here it is `Signer #1:

              Signature:

              Owner: EMAILADDRESS=[Login to see the link], CN=AndroidPCert, OU=Android, O=LGEMC, L=Seoul, ST=Seoul, C=KR
              Issuer: EMAILADDRESS=[Login to see the link], CN=AndroidPCert, OU=Android, O=LGEMC, L=Seoul, ST=Seoul, C=KR
              Serial number: da49a5590952591f
              Valid from: Mon Apr 30 08:51:05 CDT 2012 until: Fri Sep 16 08:51:05 CDT 2039
              Certificate fingerprints:
              SHA1: 01😃8:45:B2:6B:68:8D:8E:F6:47:20:5A:59:44:E9:40:7E:52:E0:6E
              SHA256: 42:74:24:3D:7A:95:4A:C6:48:28:66:F0:CC:67:CA:18:43:CA:94😃6:8A:0E:E5:3F:83:7D:67:40:A8:13:44:21
              Signature algorithm name: SHA1withRSA (weak)
              Subject Public Key Algorithm: 2048-bit RSA key (3)
              Version: {10}

              Extensions:

              #1: ObjectId: 2.5.29.35 Criticality=false
              AuthorityKeyIdentifier [
              KeyIdentifier [
              0000: A5 FD 38 89 BF E5 63 B3 1C D5 1F D0 A6 9F 9A 8D ..8...c.........
              0010: E9 34 AA 7B .4..
              ]
              [EMAILADDRESS=[Login to see the link], CN=AndroidPCert, OU=Android, O=LGEMC, L=Seoul, ST=Seoul, C=KR]
              SerialNumber: [ da49a559 0952591f]
              ]

              #2: ObjectId: 2.5.29.19 Criticality=false
              BasicConstraints:[
              CA:true
              PathLen:2147483647
              ]

              #3: ObjectId: 2.5.29.14 Criticality=false
              SubjectKeyIdentifier [
              KeyIdentifier [
              0000: A5 FD 38 89 BF E5 63 B3 1C D5 1F D0 A6 9F 9A 8D ..8...c.........
              0010: E9 34 AA 7B .4..
              ]
              ]

              Warning:
              The certificate uses the SHA1withRSA signature algorithm which is considered a security risk. This algorithm will be disabled in a future update.
              [isaiah@isaiah-enevaouros Downloads]$
              `

              the emojis were acidental they should coresponf to the text versions

              • YEG likes this.
              2 months later

              Uri Whatever APK extractor I used did it.

              9 months later

              BUMP - Has anyone managed to succussfully deodex any apps? I need to deodex FPHome, but can't figure out how to use vdex extractor.