LogoLogo
  • About Me
  • Notes
    • Android Pentesting
      • First Android App
      • ADB
      • The INTERNET Permission
      • Installing Certificate in User Store
      • Installing system certificates
      • Install system certificates on android 14
      • apktool (for patching and decompiling)
      • Advanced Network interception using VPN
      • DNS Spoofing and Transparent Proxy
      • HTTP Mock
      • APK
      • Static analysis
        • Getting APK from a Device
      • Case Study: A Weather App
      • Frida & Objection
      • Frida Scripts
        • Tracing Activities
        • Tracing Fragments
      • Frida Trace
      • SSL Validation Bypasses
Powered by GitBook
On this page
  • unpack the target .apk
  • repackage the .apk
  • ensure the .apk is zipaligned
  • create a keystore to sign the apk
  • sign the apk with apksigner
  • Signature Verification

Was this helpful?

  1. Notes
  2. Android Pentesting

apktool (for patching and decompiling)

PreviousInstall system certificates on android 14NextAdvanced Network interception using VPN

Last updated 2 days ago

Was this helpful?

  • decompiling the app

  • then change its network configurations to trust user certificates also

  • recompiling the apk

  • sign the apk so that it can be installed on any device

unpack the target .apk

apktool d translate.apk

  • modify the AndroidManifest.xml to add a networkSecurityConfig

    • create a permissive xml/network_security_config.xml

cd translate

repackage the .apk

apktool b

ensure the .apk is zipaligned

[...]/build-tools/34.0.0/zipalign -p -f -v 4 ./dist/translate.apk translate2.apk

create a keystore to sign the apk

keytool -genkey -v -keystore research.keystore -alias research_key -keyalg RSA -keysize 2048 -validity 10000

sign the apk with apksigner

[...]/build-tools/34.0.0/apksigner sign --ks ./research.keystore ./translate2.apk

Signature Verification

  • To verify if an app is signed or not (also works for aab)

jarsigner -verify -verbose -certs your_app.aab

  • for only apk

apksigner verify your_app.apk
hextree video demo ⇗