APK Decompilation, Signing, Alignment – WhiteNight's Site
September 22, 2023
Tags: Android , application development
Record the relevant command line parameters.
APK packaging and unpacking
java -jar apktool.jar
First, you need a jar package, take the one I am using as an example: apktool_2.8.1.jar. And your machine must have a java environment. In order to facilitate the operation, I put all the tools I need to use in the same folder. Here is a picture that combines the power of the three phases (apktool, apksigner, zipalign)
Here’s a quick summary: I’m fed up with some apps’ shake-up ads, as well as those deceptive ads where the “×” is extremely small. So I started to teach myself how to decompile Android.
Among them, assuming that you want to unpack demo.apk, you need to use this command (CMD):
java -jar apktool_2.8.1.jar d demo.apk -o test
After unpacking is completed, you can see the decompilation results in the test folder. If you go the other way and repackage the decompiled APK, you need to use the following instructions:
java -jar apktool_2.8.1.jar b test -o demo_repackage.apk
But this is not enough. If you want to install the repackaged apk on your mobile phone, you need to sign it.
APK Alignment
zipalign
Before signing, it is recommended to download Android Studio and follow the online steps to install it. However, remember to circumvent the firewall when installing the SDK, otherwise the download will most likely fail.
Before signing, the APK needs to be aligned, otherwise it will fail to install and report an error in Android 11 and above versions. For alignment, you need to use zipalign. This thing will come in the build_tool folder when installing Android Studio.
You need to use this command when aligning apk. If you align an apk that already has a signature, remember to re-sign it.
zipalign -f -v 4 infile.apk outfile.apk
zipalign -c -v 4 outfile.apk //查看APK是否对齐
APK signature
apksign and keytool
To sign, you need to use keytool and apksigner. The former will generally come with it when installing the java environment. You can enter keytool with CMD to see if it can run normally.
The latter may or may not come with it when installing the java environment. I belong to the latter. But this tool comes with Android Studio when installing the SDK. The path is generally:
(你选择安装SDK的文件夹)\build-tools\34.0.0\lib
To generate a signature, you need to first generate the signature file .keystore through keytool. For example, a signature file with a keystore password of 123456 (the password must be at least six digits, you can also set it yourself) is generated here. This password will be used later.
keytool -genkey -v -keystore adam.keystore -alias adam -storepass 123456 -keypass 123456 -keyalg RSA -validity 36000
The next step is to sign the apk through apksigner
apksigner sign --ks adam.keystore --ks-key-alias adam demo_repackage.apk
After signing, you can throw it back to your phone. If it can be installed, it will be considered OK.
Writer's note
Before decompiling some APKs, it is recommended to throw them into an emulator or virtual machine to see if they can run. For example, the A.apk I am working on cannot be started when it is thrown into the simulator. It can only be thrown into the real machine environment and run. It made me think that I made a mistake in the decompilation step.