You might ask yourself why is it necessary to modify an APK* released for an Android 9 based Zidoo Player (Z9X, Z10 Pro, Z1000 Pro, UHD3000) to get it work on Zidoo Players running Android 6 (X8, X9S, X10)/7.1 (Z9S, Z10, X20, X20 Pro, Z1000, UHD2000) and what has to be modified.
To answer this question I’ve to explain a little bit about the technical background of Android.
It all depends on APK Signature Signing sheme for JAR signing. With Android 6, 7.1 and 9 Google introduced several security improvements.
- Android 6 support only APK signing scheme v1*
- Android 7.1 support only APK signing scheme v2*
- Android 9 support APK signing scheme v2 and v3*
Media Center 3.8.1 from firmware X8, X9S or X10 v2.1.42 has been signed with Signature Signing sheme v1
01. zidoo_file_3.8.1.apk VERIFY file: apks\Media Center\Android 6\zidoo_file_3.8.1.apk (7.71 MiB) checksum: 7a1b77652635a8bcf9c9909c73aa28e985844ad793a5cae2f90ffb0333522a2b (sha256) - zipalign verified - signature verified [v1] 13 warnings Subject: EMAILADDRESSfirstname.lastname@example.org, CN=Android, OU=Android, O=Android, L=Mountain View, ST=California, C=US SHA256: c8a2e9bccf597c2fb6dc66bee293fc13f2fc47ec77bc6b2b0d52c11f51192ab8 / MD5withRSA Expires: Sun Sep 02 00:40:50 CEST 2035
Media Center 3.8.1 from firmware Z9S, Z10, X20, X20 Pro, Z1000 or UHD2000 v4.0.25 has beed signed with Signature Signing sheme v1 and v2
01. zidoo_file_3.8.1.apk VERIFY file: apks\Media Center\Android 7.1\zidoo_file_3.8.1.apk (7.7 MiB) checksum: 68b6a5e0bd7d4dc6e6e8bbad773de3b3c349a616b186a2e98ae0eb8e1568f340 (sha256) - zipalign verified - signature verified [v1, v2] 13 warnings Subject: EMAILADDRESSemail@example.com, CN=Android, OU=Android, O=Android, L=Mountain View, ST=California, C=US SHA256: c8a2e9bccf597c2fb6dc66bee293fc13f2fc47ec77bc6b2b0d52c11f51192ab8 / MD5withRSA Expires: Sun Sep 02 00:40:50 CEST 2035
Media Center 3.8.1 from firmware Z9X, Z10 Pro or Z1000 Pro v6.0.35 has been signed with Signature Signing sheme v1, v2 and v3
01. zidoo_file_3.8.1.apk VERIFY file: apks\Media Center\Android 9\zidoo_file_3.8.1.apk (1.81 MiB) checksum: 2480cbba69fda94a193a68dc35b75f310fe12c62c097dcf3e7ec442dea4e4f45 (sha256) - zipalign verified - signature verified [v1, v2, v3] 13 warnings Subject: EMAILADDRESSfirstname.lastname@example.org, CN=ZIDOO Media Player, OU=ZIDOO Media, O=ZIDOO, L=Shenzhen, ST=Guangdong, C=CN SHA256: a6db62fc18096547a441cfed1f0e20da1342301c388f48da03bb719ca0b65bbe / SHA256withRSA Expires: Tue Apr 23 12:21:05 CEST 2047
To install an APK on Android 6, 7.1 or 9 it has to be signed with a valid certificate. Validating a signed APK is to make sure it hasn’t been modified between signing and installing e.g. to prevent malware.
So why it isn’t possible to install an APK from firmware Z9X, Z10 Pro or Z1000 Pro with APK Signature Signing sheme v1, v2 and v3 on the Android 6 or 7.1 devices?
Let’s take a deeper look into the design of on APK file.
The Android 6 version of the APK is quite equal to the Android 7.1 version except the META-INF folder. In the META-INF folder the signing information is stored. An APK contains assets like images, sounds or fonts, resources like language files and bytecode. The bytecode is stored in dex* files.
The Android 9 version of the APK is much smaller in file size 1.8MB vs 7.7MB because the dex files are missing. With Android 8 Google replaced dex files with the new file formats vdex and odex*. These files are stored next to the APK in the file system.
apks\Media Center\Android 9\zidoo_file_3.8.1\zidoo_file_3.8.1.apk apks\Media Center\Android 9\zidoo_file_3.8.1\oat apks\Media Center\Android 9\zidoo_file_3.8.1\oat\arm apks\Media Center\Android 9\zidoo_file_3.8.1\oat\arm\zidoo_file.odex apks\Media Center\Android 9\zidoo_file_3.8.1\oat\arm\zidoo_file.vdex
With the right tool chain it is possible to convert the bytecode from the Android 8+ vdex format to the legacy Android 6/7.1 dex format and to downgrade from API level 28 to API level 23*.
Adding those newly created dex files into the Android 9 based APK invalidates the signing so the APK is not installable anymore.
As you can imagine I don’t have Zidoo’s certificate to sign the APK but I can use my own.
01. zidoo_file_3.8.1-McBluna-signed.apk VERIFY file: apks\Media Center\Android 9\zidoo_file_3.8.1\zidoo_file_3.8.1-McBluna-signed.apk (6.78 MiB) checksum: 8454996f2f8c5371a66bbad6ff0a14569aef257936500d47abf3aad46754d45b (sha256) - zipalign verified - signature verified [v1, v2, v3] 1 warnings Subject: CN=www.mcbluna.net SHA256: 7ecc19453d16f43c897c989620951271b63ab4ab53f20ed46c043cd30ed30074 / SHA256withRSA Expires: Wed Apr 28 01:59:59 CEST 2021
Let’s try to install the APK via GUI
Let’s try it again via shell
kylin32:/ # pm install /sdcard/Download/zidoo_file_3.8.1-McBluna-signed.apk Failure [INSTALL_FAILED_UPDATE_INCOMPATIBLE: Package com.zidoo.fileexplorer signatures do not match the previously installed version; ignoring!]
It doesn’t work because Media Center is already installed and signed with Zidoo’s certificate.
Media Center is a system application and can not be easily uninstalled because there’s is no uninstall button
After successfully uninstalling Media Center let’s try again to install the modded version
kylin32:/ # su kylin32:/ # pm install -g /sdcard/Download/zidoo_file_3.8.1-McBluna-signed.apk> Failure [INSTALL_FAILED_SHARED_USER_INCOMPATIBLE: Package couldn't be installed in /data/app/com.zidoo.fileexplorer-1: Package com.zidoo.fileexplorer has no signatures that match those in shared user android.uid.system; ignoring!]
As a security mechanism Android prevent application A from accessing data from application B. Per default Androids creates a uid per application. Two applications sharing the same uid are permitted to access each others data. The certificate of the first application which uses a new uid is related to it and can not be replaced.
The uid for the modded application has to be changed by modifying the App Manifest file* of the APK.
kylin32:/ # pm install -g /sdcard/Download/zidoo_file_3.8.1-McBluna-signed.apk> Success
Upgrade to v3.8.6
For any reason the Permissions are not set for my modded apks. Please keep in mind that you’ve to repeat this procedure each time you delete the application data.
I recommend to assign the System Settings to one of the colored buttons on your remote control for quick access.
goto System Settings/Apps
Let’s checkout the new UPNP funtion of v3.8.6
Media Center 1. Increase UPNP function. 2. Optimize NAS boot and mount speed. 3. Optimize UI.