Getting certificate details from an apkkeytool -printcert -jarfile file.apk
apktool - decode and compile APK
java -jar .\apktool.jar decode -r 'C:\tmp\xxxxx.apk'
(inside the decompiled APK (root))
java -jar ..\apktool.jar build -o c:\tmp\new.apk C:\Tools\android\apk_folder
I: Using Apktool 2.5.0
I: Checking whether sources has changed...
I: Smaling smali folder into classes.dex...
I: Checking whether sources has changed...
I: Smaling smali_classes2 folder into classes2.dex...
I: Checking whether resources has changed...
I: Copying raw resources...
I: Copying libs... (/lib)
I: Copying libs... (/kotlin)
I: Copying libs... (/META-INF/services)
I: Building apk file...
I: Copying unknown files/dir...
I: Built apk...
PS C:\Tools\android\>
Create keystore key
cd C:\Program Files\Java\jre1.8.0_251\bin
keytool.exe -genkey -v -keystore c:\tmp\.keystore -keyalg RSA -keysize 2040 -validity 365 -alias baws
(...)
Generating 2,040 bit RSA key pair and self-signed certificate (SHA256withRSA) with a validity of 365 days
for: CN=123, OU=123, O=123, L=123, ST=123, C=123
[Storing c:\tmp\.keystore]
Sign apk with jarsigner
Here, you need to use the alias created when you created the keystore file (baws, in this case).
cd C:\Program Files\AdoptOpenJDK\jdk-11.0.11.9-hotspot\bin
jarsigner.exe -sigalg SHA1withRSA -digestalg SHA1 c:\tmp\new.apk baws -keystore C:\tmp\.keystore
(...)
Enter Passphrase for keystore:
jar signed.
Warning:
The signer's certificate is self-signed.
Align APK to avoid errors
After sign an APK, if you got some erros such as "Failed to extract native libraries, res=-2]", probably you need to align the APK.
.\adb.exe install C:\tmp\backdored.apk
Performing Streamed Install
adb: failed to install C:\tmp\backdored.apk: Failure [INSTALL_FAILED_INVALID_APK: Failed to extract native libraries, res=-2]
Attention: You must use zipalign at one of two specific points in the app building process, depending on the app signing tool you use:
If you use apksigner, only run zipalign before signing the apk file. If you sign your APK using apksigner and make other changes to the APK, the signature will be invalidated.
If you use jarsigner, only run zipalign after signing the APK file.
As I used jarsigner, my last step is align the APK before installing it.
First, check on the Android-Manifest.xml file the package name. It can be found on the first line of the XML file (<?xml version="1.0" encoding="utf-8" standalone="no" ... package="com.x.x.x.x" ...)
.\adb.exe shell am start com.xxx.xxx.xxx/com.xxx.xxx.v2.ui.dashboard.DashboardActivity