I am trying to flash a customized update.zip on a pre-Kitkat device.
In the zip there are 2 files with SHA1 signatures of other files in the update. But they have different signatures for the same files.
Example:
META-INF/MANIFEST.MF:
Name: system/lib/libcustom_jni.so
SHA1-Digest: +PhV5XphkQTNTyM2TSRTeiaDlCA=
META-INF/CERT.SF:
Name: system/lib/libcustom_jni.so
SHA1-Digest: 7ooFhqk1oYWF5pmVuSAhF2pFVNw=
I can get the first one using:
sha1sum system/lib/libcustom_jni.so | cut -d\ -f1 | xxd -p -r | base64
+PhV5XphkQTNTyM2TSRTeiaDlCA=
How is the second one computed? The second file has a hash of the first file, so maybe the other hashes are salted with the first file or something?
From what i found in java doc the SHAs should be identical, except all SHAs are the version 1 in the original update.zip.
It seems hat the certificate used to sign the update was the android test one so it should work, but aborts instead.