[notice] Unable to sign zip

[dazzleworth]

Is it necessary to sign zip that's to be adb sideloaded with TWRP?

Output: out/zip_reverse_shell_v2.zip

• Packing Uninstaller Zip

zip: META-INF/com/google/android/update-binary
zip: scripts/uninstall_revshell.sh -> META-INF/com/google/android/updater-script
zip: native/out/armeabi-v7a/magiskboot -> arm/magiskboot
zip: native/out/x86/magiskboot -> x86/magiskboot
zip: scripts/util_functions.sh -> util_functions.sh
zip: tools/futility -> chromeos/futility
zip: tools/keys/kernel_data_key.vbprivk -> chromeos/kernel_data_key.vbprivk
zip: tools/keys/kernel.keyblock -> chromeos/kernel.keyblock

No keystore is configured! Unable to sign zip.

[ng-dst]

Most recoveries (including TWRP) allow flashing unsigned zips, so you can ignore this warning.

P.S. came across your thread on xda. AFAIK, you can safely install Magisk again and it shouldn't wipe your data or cause bootloop. Not sure about Samsung, though. You may give it a try, just make sure you backup partitions with TWRP before flashing.

[dazzleworth]

Thanks for your quick reply. Is there any reason we need to flash it using TWRP? Can we not just run

adb sideload zip_reverse_shell_v2.zip

while phone is booted up and data closer to decrypted state? In which case probably need it to be signed if adb doesn't allow unsigned zips and possibly require APK format. Ideally a real exploit would require minimal intervention to install and gain escalated privileges.

As per Xda thread. I can confirm magisk bootloops when flashed without wipe as per topjohnwu's instructions for samsung devices. And many threads on xda included it as a required step

[ng-dst]

This zip is not a runtime exploit - what the installer does is that it modifies boot partition in order to bypass SELinux and launch the payload on device startup, just like Magisk does.

If bootloops with Magisk are caused by modification of /boot, chances are installation of this rootkit will trigger bootloop as well. In this case, you can try to backup (adb pull) all available data without root, then install Magisk and perform a factory reset. Although some app data will be lost, this is still an option