{"id":17346147,"url":"https://github.com/rushiimachine/xspoofsignatures","last_synced_at":"2025-08-21T10:32:22.544Z","repository":{"id":186590593,"uuid":"675411577","full_name":"rushiiMachine/XSpoofSignatures","owner":"rushiiMachine","description":"Xposed module to spoof package signatures.","archived":false,"fork":false,"pushed_at":"2023-08-07T16:39:53.000Z","size":126,"stargazers_count":5,"open_issues_count":1,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2024-12-12T14:43:23.242Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rushiiMachine.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2023-08-06T20:26:51.000Z","updated_at":"2024-12-11T08:56:12.000Z","dependencies_parsed_at":null,"dependency_job_id":"c1f1e257-a277-46b5-ab8c-04b056b9d0ff","html_url":"https://github.com/rushiiMachine/XSpoofSignatures","commit_stats":null,"previous_names":["rushiimachine/xspoofsignatures"],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rushiiMachine%2FXSpoofSignatures","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rushiiMachine%2FXSpoofSignatures/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rushiiMachine%2FXSpoofSignatures/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rushiiMachine%2FXSpoofSignatures/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rushiiMachine","download_url":"https://codeload.github.com/rushiiMachine/XSpoofSignatures/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":230507053,"owners_count":18236944,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-15T16:44:42.405Z","updated_at":"2025-08-21T10:32:22.527Z","avatar_url":"https://github.com/rushiiMachine.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# XSpoofSignatures\n\nXposed module to spoof package signatures.\n\n## Features\n\n- Supports Android \u003e= 1.5 (Cupcake)\n- Compatible with the standardized spoofing\n  mechanic ([microG](https://github.com/microg/GmsCore/tree/a787b52ccc56b2e197bf38e1229bb4206538cd12/patches))\n- Allow any package to spoof their signature through manifest properties\n\t- Allow bypassing GMS checks\n- Spoofing gated behind a permission\n\n## Install\n\n1. Use [Magisk](https://github.com/topjohnwu/Magisk) to root your device\n2. Enable Zygisk\n3. Install [LSPosed](https://github.com/LSPosed/LSPosed) or the updated [LSPosed fork](https://github.com/mywalkb/LSPosed_mod)\n4. Install XSpoofSignatures from [here](https://github.com/rushiiMachine/XSpoofSignatures/releases/latest)\n5. Enable it in LSPosed\n6. Verify that signature spoofing works via [Signature Spoofing Checker](https://f-droid.org/en/packages/lanchon.sigspoof.checker)\n7. You can now use apps that require signature spoofing (like microG)\n\n## Usage (developers)\n\nXSpoofSignatures supports two methods of spoofing:\n\n- Sole signer [DEFAULT]: spoof to be the only signer on a package\n- First signer: spoof to be the first signer on a package (multi signers)\n\t- Note: this does not work for all signer checks such as GMS\n\nEach package **must** declare and request (at runtime) the `android.permission.FAKE_PACKAGE_SIGNATURE` permission.\\\nIf the permission is not granted then no spoofing will occur.\n\nThis module will check for two [`\u003cmeta-data\u003e`](https://developer.android.com/guide/topics/manifest/meta-data-element) tags for each package that wants\nto spoof it's own signature:\n\n- `fake-signature` -\u003e The certificate fingerprint in hex\n- `fake-signature-only` (optional, default `true`) -\u003e Refer to \"Sole signer\" above\n\nTo see an example usage of signature spoofing, see [sigspoof-checker](https://github.com/Lanchon/sigspoof-checker).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frushiimachine%2Fxspoofsignatures","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frushiimachine%2Fxspoofsignatures","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frushiimachine%2Fxspoofsignatures/lists"}