Decompile an APK, modify it and then recompile it
Thanks to Chris Jester-Young I managed to make it work!
I think the way I managed to do it will work only on really simple projects:
- With Dex2jar I obtained the Jar.
- With jd-gui I convert my Jar back to Java files.
With apktool i got the android manifest and the resources files.
In Eclipse I create a new project with the same settings as the old one (checking all the information in the manifest file)
- When the project is created I'm replacing all the resources and the manifest with the ones I obtained with apktool
- I paste the java files I extracted from the Jar in the src folder (respecting the packages)
- I modify those files with what I need
- Everything is compiling!
/!\ be sure you removed the old apk from the device an error will be thrown stating that the apk signature is not the same as the old one!
Decompile a signed apk, modify and recompile usiing different keystore than that of the original signed apk?
Yes, it is possible and it is exactly what happens when an app is put on black market. Of course this happens especially to people who don't care about securing their apk
I'll follow your steps giving you a highlight point by point but you are totally responsible of what you will end up doing with all of this
1) decompile a signed apk
This step is usually centered on applying the apktool command on the original apk:
apktool d app_to_tamper.apk
This will generate a folder, say the app_to_tamper_folder
2) modify its code -> I'm not gonna add anything here
3) recompile
This step is usually centered on applying the next apktool command on the modified apk [actually on its folder]:
apktool b app_to_tamper_folder
From the last command you will get back an unsigned tampered_app.apk
produced in the app_to_tamper_folder/dist directory
4) sign it
First of all you MUST sign the tampered_app.apk
or once you will try to run it on your phone it will not work. There are at least two methods to do this. The most common is based on this command:
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore $YOUR-KEY-STORE-PATH $UNSIGN-APK-PATH $ALIAS-NAME
so for example [here I'm signing with the debug.keystore]:
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore debug.keystore tampered_app.apk androiddebugkey
Optionally you can verify the apk
jarsigner -verify -verbose -certs $UNSIGN-APK-PATH
5) optimize it
This step is based on a tool called zipalign
and the following command:
zipalign -v 4 $UNSIGN-APK-PATH $OUTPUT-APK-PATH
so for example:
zipalign -v 4 tampered_app.apk final_tampered_app.apk
Basically it aligns all the uncompressed data within the APK, such as images or raw files. This will reduce in the amount of RAM consumed when running the application. More info can be found on the Android official documentation here. Please note that depending on the tool you will choose to sign you may have to apply this command with a different timeline
At this point you got the final_tampered_app.apk
which is ready to be installed and run on phone
6) Bonus
As I was saying this happens especially to those people who don't even try to protect the apk. Android Studio natively support a tool - ProGuard - which is capable of providing a basic obfuscation. This will NOT be enough to save you from the damages of an attacker as I showed extensively in another post of mine but for sure it will make the app tampering immediately more difficult
In order to have a much more robust protection go with some paid tools, especially when the app contains sensitive data [e.g. healthcare, fintech, etc]. This will prevent a bad reputation to you/your company/your app and will increase the trust and safety of your users. Better safe than sorry, especially nowadays
How to correctly re-compile an apk file?
The following is for your reference
Compile, decompile and sign APK using apktool utility.
Download latest apktool version.
Download the batch file and aapt.exe.
Create a folder anywhere in the PC and put all the apktool.jar, aapt.exe and the batch script in that folder.
Open command prompt.
Navigate to the folder where you placed apktool.jar, batch script and the aapt.exe.
Now, you need to install the file using the " IF " command.
Type the following command.
apktool if name-of-the-app.apk
For decompiling use the command "d". The "d" stands for decompile.
apktool d name-of-the-app.apk
After the app is correctly decompiled, a new folder will be created in the same folder where you placed your app. This contains all the xml's and smali files which can be edited for different mode's.
To recompile the app use the following command " B ". The "b" simply means recompile.
apktool b name-of-the-app-folder
The final modded app will be in the "dist" folder located inside the original app folder created by apktool.
Signing the apk
open a new command prompt and change into the sign-apk directory using cmd
move the modified-unsigned apk into this folder
then type the following command -
java -jar signapk.jar certificate.pem key.pk8 path-of-the-folder-contaning-the-apk.apk path-of-the-new-signed-apk.apk
Once compiled, the signed apk will be found in the same folder.
Decompiling, modifying and Recompiling android apk
You can use Apktool https://ibotpeaches.github.io/Apktool/ to Decompile your apk. Then modify codes in ClassName.smali
You can recompile the modified files to apk using apktool.
(Note : Need to sign the apk so that it will be installed on the device).
->But upto my knowledge till there is no decompiler to decompile .so files.
Recompile a apk file
A similar question has already been answered: Decompile an APK, modify it and then recompile it
To summarize, you must create a new Eclipse or AndroidStudio project containing your decompiled java source files and compile the project to get a new apk file that can be installed on your android device.
Related Topics
Convert Unix Timestamp to Date in Java
Meaning of the Import Statement in a Java File
Jtable, Rowfilter and Rowfilter.Entry
Configuring Log4J Loggers Programmatically
Getting Java Gui to Open a Webpage in Web Browser
How to Set -Fx-Max-Width to Use_Pref_Size in Javafx CSS
Android Studio - No Jvm Installation Found
How to Select and Crop an Image in Android
Android: Email Client Receiver Email Id Empty in Android-Parse
Java/Android - How to Print Out a Full Stack Trace
How to Set Up Intellij Idea for Android Applications
How to Execute JavaScript on Android
What Is the Certificate Enrollment Process
How to Hide a View Programmatically
Android - How to Replace Part of a String by Another String
Android: Realm + Retrofit 2 + Gson