android - apksigner zipalign的时候和反编译之后再正编译 逆向 重新打包 apk compile decompile

访问量: 1026

说明: apk b, apk d 的过程见

https://siwei.me/blog/posts/android-apk-compile-decompile

1. apk d source.apk

2. apk b temp packged.apk
3. 继续做下面。。。

zipalign 内存对齐,算是优化代码

zipalign -c -v 4 new.apk   // 检查

zipalign -v 4 origin.apk new.apk  // 做代码对齐

jarsigner 做 jar签名

生成 keystore文件 

# 注意下面的 banana 是文件名字

keytool -genkey -v -keystore banana.keystore -alias banana -keyalg RSA -sigalg SHA1withRSA -keysize 2048 -validity 10000

回车 后,会询问密码等信息, 随便设置个简单的6位数字就好.

然后询问country, zipcode啥的,直接留空, 

What is your first and last name?
  [Unknown]:  
What is the name of your organizational unit?
  [Unknown]:  
What is the name of your organization?
  [Unknown]:  
What is the name of your City or Locality?
  [Unknown]:  
What is the name of your State or Province?
  [Unknown]:  
What is the two-letter country code for this unit?
  [Unknown]:  
Is CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct?
  [no]:  yes

Generating 2,048 bit RSA key pair and self-signed certificate (SHA1withRSA) with a validity of 10,000 days
	for: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
Enter key password for 
	(RETURN if same as keystore password):  
Re-enter new password: 
[Storing banana.keystore]



可以看到,已经生成了一个banana.keystore 的文件

使用jarsigner做签名 

jarsigner -verbose -keystore banana.keystore -signedjar signed_jar.apk(得到的apk)
    new_zip_aligned.apk(待签名的apk) banana (keystore的别名)


  signing: assets/bin/Data/globalgamemanagers.assets.split2
  signing: assets/bin/Data/dbd921fa0e9f5a14ba4c93c6dc5c06d2
  signing: assets/bin/Data/7491ab35a23588442ab65a61c8ed9a4d
  signing: assets/bin/Data/settings.xml
  signing: assets/bin/Data/a788f82dd093e97469d7d6580b948e02
>>> Signer
    X.509, CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
    [trusted certificate]

jar signed.

Warning: 
The signer's certificate is self-signed.

使用apksigner做签名

apksigner sign --ks banana.keystore --ks-key-alias banana --out new.apk old.apk 
Keystore password for signer #1:

输入密码后就好了. 

对签名做个校验,看看(可选)

$ apksigner verify -v --print-certs signed2_jar.apk 
Verifies
Verified using v1 scheme (JAR signing): true
Verified using v2 scheme (APK Signature Scheme v2): true
Verified using v3 scheme (APK Signature Scheme v3): true
Number of signers: 1
Signer #1 certificate DN: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
Signer #1 certificate SHA-256 digest: 60859adf85ad761de42cd01d530a4b4f2706f1b9a40c7ddf5b56258440738525
Signer #1 certificate SHA-1 digest: a102f011d7f75950bf684a0bfc3fa19ea38bd497
Signer #1 certificate MD5 digest: ba3f22ba3ca433c29be2d044c20494c1
Signer #1 key algorithm: RSA
Signer #1 key size (bits): 2048
Signer #1 public key SHA-256 digest: 718bacd0c5d0faee1db4caf5849cb7425b5c1ff004ff450ffc895999808d245a
Signer #1 public key SHA-1 digest: 3e99d904d35c45574cfde1986d908b038715af4c
Signer #1 public key MD5 digest: 6e19341db417539bb308c0c8c9ca4244

订阅/RSS Feed

Subscribe