Decompile an APK, Modify It and Then Recompile It

Decompile an APK, modify it and then recompile it

Thanks to Chris Jester-Young I managed to make it work!

I think the way I managed to do it will work only on really simple projects:

With Dex2jar I obtained the Jar.
With jd-gui I convert my Jar back to Java files.
With apktool i got the android manifest and the resources files.
In Eclipse I create a new project with the same settings as the old one (checking all the information in the manifest file)
When the project is created I'm replacing all the resources and the manifest with the ones I obtained with apktool
I paste the java files I extracted from the Jar in the src folder (respecting the packages)
I modify those files with what I need
Everything is compiling!

/!\ be sure you removed the old apk from the device an error will be thrown stating that the apk signature is not the same as the old one!

Decompile a signed apk, modify and recompile usiing different keystore than that of the original signed apk?

Yes, it is possible and it is exactly what happens when an app is put on black market. Of course this happens especially to people who don't care about securing their apk

I'll follow your steps giving you a highlight point by point but you are totally responsible of what you will end up doing with all of this

1) decompile a signed apk

This step is usually centered on applying the apktool command on the original apk:

apktool d app_to_tamper.apk

This will generate a folder, say the app_to_tamper_folder

2) modify its code -> I'm not gonna add anything here

3) recompile

This step is usually centered on applying the next apktool command on the modified apk [actually on its folder]:

apktool b app_to_tamper_folder

From the last command you will get back an unsigned tampered_app.apk produced in the app_to_tamper_folder/dist directory

4) sign it

First of all you MUST sign the tampered_app.apk or once you will try to run it on your phone it will not work. There are at least two methods to do this. The most common is based on this command:

jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore $YOUR-KEY-STORE-PATH  $UNSIGN-APK-PATH $ALIAS-NAME

so for example [here I'm signing with the debug.keystore]:

jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore debug.keystore tampered_app.apk androiddebugkey

Optionally you can verify the apk

jarsigner -verify -verbose -certs $UNSIGN-APK-PATH

5) optimize it

This step is based on a tool called zipalign and the following command:

zipalign -v 4 $UNSIGN-APK-PATH $OUTPUT-APK-PATH

so for example:

zipalign -v 4 tampered_app.apk final_tampered_app.apk

Basically it aligns all the uncompressed data within the APK, such as images or raw files. This will reduce in the amount of RAM consumed when running the application. More info can be found on the Android official documentation here. Please note that depending on the tool you will choose to sign you may have to apply this command with a different timeline

At this point you got the final_tampered_app.apk which is ready to be installed and run on phone

6) Bonus

As I was saying this happens especially to those people who don't even try to protect the apk. Android Studio natively support a tool - ProGuard - which is capable of providing a basic obfuscation. This will NOT be enough to save you from the damages of an attacker as I showed extensively in another post of mine but for sure it will make the app tampering immediately more difficult

In order to have a much more robust protection go with some paid tools, especially when the app contains sensitive data [e.g. healthcare, fintech, etc]. This will prevent a bad reputation to you/your company/your app and will increase the trust and safety of your users. Better safe than sorry, especially nowadays

How to correctly re-compile an apk file?

The following is for your reference

Compile, decompile and sign APK using apktool utility.

Download latest apktool version.
Download the batch file and aapt.exe.
Create a folder anywhere in the PC and put all the apktool.jar, aapt.exe and the batch script in that folder.
Open command prompt.
Navigate to the folder where you placed apktool.jar, batch script and the aapt.exe.
Now, you need to install the file using the " IF " command.
Type the following command.
apktool if name-of-the-app.apk
For decompiling use the command "d". The "d" stands for decompile.
apktool d name-of-the-app.apk
After the app is correctly decompiled, a new folder will be created in the same folder where you placed your app. This contains all the xml's and smali files which can be edited for different mode's.
To recompile the app use the following command " B ". The "b" simply means recompile.
apktool b name-of-the-app-folder
The final modded app will be in the "dist" folder located inside the original app folder created by apktool.

Signing the apk

open a new command prompt and change into the sign-apk directory using cmd
move the modified-unsigned apk into this folder
then type the following command -
java -jar signapk.jar certificate.pem key.pk8 path-of-the-folder-contaning-the-apk.apk path-of-the-new-signed-apk.apk
Once compiled, the signed apk will be found in the same folder.

Decompiling, modifying and Recompiling android apk

You can use Apktool https://ibotpeaches.github.io/Apktool/ to Decompile your apk. Then modify codes in ClassName.smali
You can recompile the modified files to apk using apktool.
(Note : Need to sign the apk so that it will be installed on the device).

->But upto my knowledge till there is no decompiler to decompile .so files.

Recompile a apk file

A similar question has already been answered: Decompile an APK, modify it and then recompile it

To summarize, you must create a new Eclipse or AndroidStudio project containing your decompiled java source files and compile the project to get a new apk file that can be installed on your android device.

Decompile an APK, Modify It and Then Recompile It