> For the complete documentation index, see [llms.txt](https://sec88.0x88.online/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://sec88.0x88.online/android-appsec/signing-the-apk.md). # Signing the APK ### Decompiling, Modifying, and Signing Android Apps ### APKTOOL - Decompile To decompile an APK, you can use the `apktool` command: ``` $ apktool d ``` If you encounter problems, try decompiling with the `-r` parameter, which skips the resource files: ``` $ apktool d -r game_test.apk ``` If errors persist, consider using alternative decompilers like `jadx` or `androguard`. ### APKTOOL - Compile After making modifications, you can rebuild the app: ``` $ apktool b game_test/ ``` Ensure you provide the directory path and not the APK file when building. ### Creating a New Keystore To sign the APK, you need to create a keystore. Use the following command: ``` $ keytool -genkey -v -keystore ~/android-app-hack.keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 365 ``` The alias name can be any identifier you choose. It identifies the correct certificate within the keystore, which can hold multiple certificates. Before signing the APK, align the file using `zipalign` to ensure all uncompressed data start with a 4-byte alignment. This reduces the RAM required by the application: ``` $ zipalign 4 app-debug.apk outfile.apk ``` The aligned file `outfile.apk` can now be signed. ### Signing the App Sign the APK with the following command: ``` $ apksigner sign --ks ~/android-app-hack.keystore new-debug.apk ``` This creates a new signed application `new-debug.apk`, ready for installation. ### New Version - Steps Here is a summary of all commands in the new version of android systems 11,12: 1. Decompile the APK: ``` $ java -jar apktool_2.5.0.jar d org.secuso.privacyfriendlydicer_8.apk ``` 2. Modify the SMALI content / `AndroidManifest.xml`. 3. Rebuild the APK: ``` $ java -jar apktool_2.5.0.jar b org.secuso.privacyfriendlydicer_8 ``` 4. Navigate to the `dist` directory: ``` $ cd dist ``` 5. Align the APK: ``` $ zipalign 4 app-debug.apk new-debug.apk ``` 6. Sign the APK: ``` $ apksigner sign --ks ~/tools/keystore/android-app-hack.keystore new-debug.apk ``` 7. Install the APK: ``` $ adb install -r new-debug.apk ``` #### Blue Box Key Vulnerability To exploit the Blue Box key vulnerability: 1. Add `classez.dex` to the APK. 2. Use a hex editor (like `ghex`) and search for `classez.dex`. 3. Replace `z` with `s`. 4. Now the APK will have two `classes.dex` files. 5. If the vulnerability exists, the APK will validate and accept the latest added `classes.dex` from the attacker. This vulnerability allows attackers to inject malicious code into an APK by adding an additional `classes.dex` file and manipulating its name. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://sec88.0x88.online/android-appsec/signing-the-apk.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.