XGitHubLinkedInInstagram

apktool (for patching and decompiling)

  • decompiling the app

  • then change its network configurations to trust user certificates also

  • recompiling the apk

  • sign the apk so that it can be installed on any device

  • hextree video demo ⇗

unpack the target .apk

apktool d translate.apk

  • modify the AndroidManifest.xml to add a networkSecurityConfig

    • create a permissive xml/network_security_config.xml

cd translate

repackage the .apk

apktool b

ensure the .apk is zipaligned

[...]/build-tools/34.0.0/zipalign -p -f -v 4 ./dist/translate.apk translate2.apk

create a keystore to sign the apk

keytool -genkey -v -keystore research.keystore -alias research_key -keyalg RSA -keysize 2048 -validity 10000

sign the apk with apksigner

[...]/build-tools/34.0.0/apksigner sign --ks ./research.keystore ./translate2.apk

Signature Verification

  • To verify if an app is signed or not (also works for aab)

jarsigner -verify -verbose -certs your_app.aab

  • for only apk

apksigner verify your_app.apk
PreviousInstall system certificates on android 14NextAdvanced Network interception using VPN

Last updated

Was this helpful?