How to create unsigned APK file for rooted devices + Lucky Patcher/Core Patch

Why Unsigned APK and Its Benefits

Why unsigned APK, and why is it recommended for most games? With an unsigned APK, you can install the APK over the original. You can login with your Google account without signature error, and login with your Facebook account without uninstalling Facebook app.

"Unsigned" means that you left the original key intact and did not sign it with a test/own signature key. Android’s security does not allow it by default. But if you root your device and disable signature verification via Lucky Patcher or Core Patch, you can trick the device into accepting the APK. This allows you to update the original Playstore game with a mod and login with the Google+ account, effectively lying to your device.

You can only install an unsigned APK on your rooted device because it requires signature verification to be disabled using Lucky Patcher or Core Patch. If your phone is not rooted, search on Google about how to root your phone.

Let's Start

Copying Original META-INF to Modded APK

Note: This tutorial is written for PC. If you only have a phone, you can follow the same steps using X-plore or MT Manager. Both apps can open APK as a ZIP file and change files directly.

Steps:

1. Open APK using 7zip or Winrar
   • Right-click on the APK file > Open With - Choose Another App
   
   • Click on "More apps" and tick "Always use this app to open .APK files"
   
   • Click "Look for another app on this PC"
   
   • Navigate to Program Files and select any program to open with APK. Recommended: 7zip or Winrar
   
   • The program will open
   
   • Copy META-INF from the original APK to the modded APK. If you are modding a signed mod APK, delete the signed META-INF before copying the original META-INF
   

Important Notes

By using the described method, avoid adding new files or removing existing files from the APK, as it will break compatibility with Lucky Patcher. For instance, adding a file like "assets/myfile.dat" will not work and will lead to installation failure. Similarly, deleting "lib/arm64-v8a" will cause installation failure.

This is because all file structures in the APK are mapped and their information is stored in the "META-INF/CERT.SF" file. To resolve this, put all your mods along with the expected APK file structures in the compiled APK, sign it (with any desired key), then pull the "META-INF/CERT.SF" from this newly signed APK to replace the old one in your working APK. However, this trick will not work with the new signature scheme for Lucky Patcher. Using Core Patch instead is recommended as it is better than Lucky Patcher.

Missing .RSA, .SF, or .MF files?

This occurs because the APK uses signature scheme v2 and above. You can obtain .RSA, .SF, or .MF files from split APK/XAPK, or older APKs downloaded from Apkcombo, Apkpure, Apk4fun, or other sites. If Google login does not work, try copying the entire contents from a signed APK to the original APK except META-INF.

Credit: AndnixSH