Modifying Android APK and Resign on Windows

apk_zipalign_resign.md

Modifying Android APK and Resign on Windows

Requirements

JDK (Java SE Development Kit)

https://www.oracle.com/java/technologies/javase-downloads.html Install to the default location, eg: C:\Program Files\Java\jdk-14.0.2

• keytool.exe
• jarsigner.exe

Android Build Tools/Android Studio

https://developer.android.com/studio I found build tools were installed by default when I installed Android Studio. Check %LocalAppData%\Android\Sdk\build-tools\<version>

• apksigner.bat
• zipalign.exe

Add JAVA_HOME environment variable

Need to locate this folder, differs between versions.

set JAVA_HOME=C:\Program Files\Java\jdk-14.0.2

Generate Keystore

If you do not already have a keystore.

Note: Signing an APK with a different keystore will result in a package that cannot overwrite an existing app. App uninstallation and reinstallation would be required.

Provide a keystore name.

set KEYSTORE_NAME=""
keytool -genkey -v -keystore your.keystore -alias "%KEYSTORE_NAME%" -sigalg MD5withRSA -keyalg RSA -keysize 2048 -validity 7300`

Procedure

1. Download APK
2. Rename file extension to .zip
3. Unzip to directory
4. Make changes to files
5. Delete META-INF\*.*
6. Zip contents (not folder) of unzipped folder back into new archive
7. Rename zip
8. Rename file extension to .apk
9. Zipalign
10. Sign
11. Check signatures

Zipaligning and Signing the APK

1. Open Command Prompt (cmd.exe) in folder of location of modified APK (Shift Right-click)
2. If launched PowerShell, run cmd.exe
3. If you haven't already Set JAVA_HOME to your JDK install location
   set JAVA_HOME=C:\Program Files\Java\jdk-14.0.2
4. Get build-tools path:
   dir %LocalAppData%\Android\Sdk\build-tools\
5. Note build-tools version folder name and include in path
6. Zipalign APK
   Run command with appropriate file names (appending .aligned):
   %LocalAppData%\Android\Sdk\build-tools\30.0.1\zipalign -v 4 NewAPK.apk NewAPK.aligned.apk
7. Sign APK
   Run apksigner with path to keystore:
   %LocalAppData%\Android\Sdk\build-tools\30.0.1\apksigner.bat sign --ks your.keystore NewAPK.aligned.apk
8. Provide keystore password
9. Should result in signed APK, to check: a. Copy APK b. Rename file extension to zip c. Open d. Ensure META-INF directory exists and contains %KEYSTORE_NAME%.RSA and %KEYSTORE_NAME%.SF

Alternate: Manually Signing the APK with jarsigner

Skip if the process above works fine. Using apksigner the process is align, then sign; using jarsigner is sign, then align.

jarsigner -verbose -sigalg MD5withRSA -digestalg SHA1 -keystore your.keystore NewAPK.apk %KEYSTORE_NAME%

To zipalign, in the same command window:

%LocalAppData%\Android\Sdk\build-tools\30.0.1\zipalign -v 4 NewAPK.apk NewAPK.aligned.apk

Verify Signed and Zipaligned APK

Get Keystore SHA-1 digest

“%JAVA_HOME%\bin\keytool” -list -keystore your.keystore -v

Check Certificate fingerprints SHA1 hash:

Certificate fingerprints:
    SHA1: 9B:F6:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:2A

Get APK SHA-1 fingerprint

%LocalAppData%\Android\Sdk\build-tools\30.0.1\apksigner verify -v --print-certs NewAPK.apk

SHA1 hash will show without colons and should match.

Signer #1 certificate SHA-1 digest: 9bf6**********************************2a