apk recompile jarsigner
Dalvik Virtual Machine does not use java bytecode. Instead, it uses it’s own file format called dex (Dalvik Executable Format). It holds definition of multiple classes and relative data.
Smali /Baksmali is an assembler / disassembler for for dex file format.
----------------------------
jd-gui download: http://jd.benow.ca/jd-gui/downloads/#jd-gui
Recompile script 1:
(need tools: dex2jar, jd-gui.exe)
You can have a look at the src code except the AndroidManifest.xml by this way.
-----
#!/bin/bash
# eg: $./decode Test.apk
if [ $# != 1 ]; then
echo "Parameters not right"
exit 1;
fi
unzip -o $1
./dex2jar-0.0.9.15/dex2jar.sh classes.dex
./jd-gui.exe classes_dex2jar.jar
---------------------------------------------------------------
apktool
apktoolh wrapper script: ttp://ibotpeaches.github.io/Apktool/install/
apktool_2.0.2.jar: http://ibotpeaches.github.io/Apktool/
muhe221@muhe:~/recompile$ ./apktool d chameleon.apk -o .\tempDir
I: Using Apktool 2.0.2 on chameleon.apk
I: Loading resource table...
I: Decoding AndroidManifest.xml with resources...
I: Loading resource table from file: /home/muhe221/apktool/framework/1.apk
I: Regular manifest package...
I: Decoding file-resources...
I: Decoding values */* XMLs...
I: Baksmaling classes.dex...
I: Copying assets and libs...
I: Copying unknown files...
I: Copying original files...
muhe221@muhe:~/recompile$ ./apktool b tempDir -o chameleon.apk //打包
I: Using Apktool 2.0.2
I: Checking whether sources has changed...
I: Checking whether resources has changed...
I: Building apk file...
打包后的apk需要使用jarsigner命令来签名
apktool 脚本:
#!/bin/bash # # Copyright (C) 2007 The Android Open Source Project # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # This script is a wrapper for smali.jar, so you can simply call "smali", # instead of java -jar smali.jar. It is heavily based on the "dx" script # from the Android SDK # Set up prog to be the path of this script, including following symlinks, # and set up progdir to be the fully-qualified pathname of its directory. prog="$0" while [ -h "${prog}" ]; do newProg=`/bin/ls -ld "${prog}"` echo ${newProg} newProg=`expr "${newProg}" : ".* -> \(.*\)$"` if expr "x${newProg}" : 'x/' >/dev/null; then prog="${newProg}" else progdir=`dirname "${prog}"` prog="${progdir}/${newProg}" fi done oldwd=`pwd` progdir=`dirname "${prog}"` cd "${progdir}" progdir=`pwd` prog="${progdir}"/`basename "${prog}"` cd "${oldwd}" jarfile=apktool_2.0.2.jar libdir="$progdir" if [ ! -r "$libdir/$jarfile" ] then echo `basename "$prog"`": can't find $jarfile" exit 1 fi javaOpts="" # If you want DX to have more memory when executing, uncomment the following # line and adjust the value accordingly. Use "java -X" for a list of options # you can pass here. # javaOpts="-Xmx512M" # Alternatively, this will extract any parameter "-Jxxx" from the command line # and pass them to Java (instead of to dx). This makes it possible for you to # add a command-line parameter such as "-JXmx256M" in your ant scripts, for # example. while expr "x$1" : 'x-J' >/dev/null; do opt=`expr "$1" : '-J\(.*\)'` javaOpts="${javaOpts} -${opt}" shift done if [ "$OSTYPE" = "cygwin" ] ; then jarpath=`cygpath -w "$libdir/$jarfile"` else jarpath="$libdir/$jarfile" fi # add current location to path for aapt PATH=$PATH:`pwd`; export PATH; exec java $javaOpts -jar "$jarpath" "$@"
-------------------------------------------------------------------------
import unsigned apk(Eclipse)
选中项目=> Android Tools => Exported Unsigned Application package =>......
-----------------------------------------------------------------
keytool
使用keytool生成签名信息
jdk1.7.0_60/bin/keytool
jdk1.7.0_60/bin/jarsigner
muhe221@muhe:~/recompile/key$ ~/soft/jdk1.6.0_45/bin/keytool -genkey -alias aeo_android.keystore -keyalg RSA -validity 20000 -keystore aeo_android.keystore
Enter keystore password:
Re-enter new password:
What is your first and last name?
[Unknown]: daemon
What is the name of your organizational unit?
[Unknown]: daemon studio
What is the name of your organization?
[Unknown]: daemon studio
What is the name of your City or Locality?
[Unknown]: ShangHai
What is the name of your State or Province?
[Unknown]: ShangHai
What is the two-letter country code for this unit?
[Unknown]: CN
Is CN=daemon, OU=daemon studio, O=daemon studio, L=ShangHai, ST=ShangHai, C=CN correct?
[no]: y
Enter key password for <aeo_android.keystore>
(RETURN if same as keystore password):
muhe221@muhe:~/recompile/key$ ls
aeo_android.keystore
Common Name - 名字与姓氏
jarsigner
使用jarsigner给 chameleon.apk 文件签名
muhe221@muhe:~/recompile/key$ ~/soft/jdk1.6.0_45/bin/jarsigner -verbose -keystore aeo_android.keystore -signedjar chameleon_signed.apk chameleon.apk aeo_android.keystore
Enter Passphrase for keystore:
adding: META-INF/MANIFEST.MF
adding: META-INF/AEO_ANDR.SF
adding: META-INF/AEO_ANDR.RSA
signing: AndroidManifest.xml
signing: classes.dex
signing: res/drawable-hdpi-v4/ic_launcher.png
signing: res/drawable-mdpi-v4/ic_launcher.png
signing: res/drawable-xhdpi-v4/ic_launcher.png
signing: res/drawable-xxhdpi-v4/ic_launcher.png
signing: res/layout/activity_main.xml
signing: resources.arsc
jar signed.
Warning:
No -tsa or -tsacert is provided and this jar is not timestamped. Without a timestamp, users may not be able to validate this jar after the signer certificate's expiration date (2070-07-17) or after any future revocation date.
会出现Warning,这个警告的话本身对签名没有影响,但是总感觉怪怪的,要想去掉这个警告只要在命令上再加上 -tsa https://timestamp.geotrust.com/tsa 就可以了
muhe221@muhe:~/recompile/key$ ~/soft/jdk1.6.0_45/bin/jarsigner -verbose -digestalg SHA1 -sigalg MD5withRSA -tsa https://timestamp.geotrust.com/tsa -keystore aeo_android.keystore -signedjar chameleonsigned.apk chameleon.apk aeo_android.keystore
Enter Passphrase for keystore:
adding: META-INF/MANIFEST.MF
adding: META-INF/AEO_ANDR.SF
requesting a signature timestamp
TSA location: https://timestamp.geotrust.com/tsa
adding: META-INF/AEO_ANDR.RSA
signing: AndroidManifest.xml
signing: classes.dex
signing: res/drawable-hdpi-v4/ic_launcher.png
signing: res/drawable-mdpi-v4/ic_launcher.png
signing: res/drawable-xhdpi-v4/ic_launcher.png
signing: res/drawable-xxhdpi-v4/ic_launcher.png
signing: res/layout/activity_main.xml
signing: resources.arsc
jar signed.
key验证
muhe221@muhe:~/recompile/key$ ~/soft/jdk1.6.0_45/bin/jarsigner -verify chameleonsigned.apk
jar verified.
Warning:
This jar contains entries whose certificate chain is not validated.
Re-run with the -verbose and -certs options for more details.
使用jdk1.7签名存在 某些小问题,所以推荐使用jdk1.6签名,而且签名的apk不要含有中文名,尽量只使用英文字母
muhe221@muhe:~/recompile/key$ ~/soft/jdk1.6.0_45/bin/jarsigner -verify chameleonsigned.apk
jar verified.
--------------------------------------------------------------------------
另外还可以使用andriod自带的signapk.jar platform.x509.pem platform.pk8签名
文件位置:可以在platform/build/target/product/security/中找到platform.pk8 platform.x509.pem等签名文件,对应不同的权限。
signapk.jar:由/platform/build/tools/signapk/编译产出,可以在/out/host/linux-x86/framework/中找到。
签名:$ java -jar signapk.jar platform.x509.pem platform.pk8 MyDemo.apk MyDemo_signed.apk 得到具有对应权限的APK
---------------------------------------------------------------------------
zipalign
adt-bundle-linux-x86_64-20140702/sdk/build-tools/android-4.4W/zipalign
优化的目的:Android SDK中包含一个“zipalign”的工具,它能够对打包的应用程序进行优化。在你的应用程序上运行zipalign,使得在运行时Android与应用程序间的交互更加有效率。因此,这种方式能够让应用程序和整个系统运行得更快。我们强烈推荐在新的和已经发布的程序上使用zipalign工具来得到优化后的版本。
muhe221@muhe:~/recompile/key$ zipalign
Zip alignment utility
Copyright (C) 2009 The Android Open Source Project
Usage: zipalign [-f] [-v] <align> infile.zip outfile.zip
zipalign -c [-v] <align> infile.zip
<align>: alignment in bytes, e.g. '4' provides 32-bit alignment
-c: check alignment only (does not modify file)
-f: overwrite existing outfile.zip
-v: verbose output
muhe221@muhe:~/recompile/key$ zipalign -v 4 chameleonsigned.apk chameleonalignsigned.apk //对程序包进行对齐
Verifying alignment of chameleonalignsigned.apk (4)...
50 META-INF/MANIFEST.MF (OK - compressed)
508 META-INF/AEO_ANDR.SF (OK - compressed)
1029 META-INF/AEO_ANDR.RSA (OK - compressed)
4153 AndroidManifest.xml (OK - compressed)
4924 res/drawable-hdpi-v4/ic_launcher.png (OK)
10956 res/drawable-mdpi-v4/ic_launcher.png (OK)
14136 res/drawable-xhdpi-v4/ic_launcher.png (OK)
23560 res/drawable-xxhdpi-v4/ic_launcher.png (OK)
41507 res/layout/activity_main.xml (OK - compressed)
41816 resources.arsc (OK)
43641 classes.dex (OK - compressed)
Verification succesful
muhe221@muhe:~/recompile/key$ zipalign -c -v 4 chameleonalignsigned.apk //验证程序宝是否都已经对齐
Verifying alignment of chameleonalignsigned.apk (4)...
50 META-INF/MANIFEST.MF (OK - compressed)
508 META-INF/AEO_ANDR.SF (OK - compressed)
1029 META-INF/AEO_ANDR.RSA (OK - compressed)
4153 AndroidManifest.xml (OK - compressed)
4924 res/drawable-hdpi-v4/ic_launcher.png (OK)
10956 res/drawable-mdpi-v4/ic_launcher.png (OK)
14136 res/drawable-xhdpi-v4/ic_launcher.png (OK)
23560 res/drawable-xxhdpi-v4/ic_launcher.png (OK)
41507 res/layout/activity_main.xml (OK - compressed)
41816 resources.arsc (OK)
43641 classes.dex (OK - compressed)
Verification succesful
------------------------------------------------------------------------------
smali: https://bitbucket.org/JesusFreke/smali/downloads
对比一个没有签名的APK和一个签名好的APK,我们会发现,签名好的APK包中多了一个叫做META-INF的文件夹。里面有三个文件,分别名为MANIFEST.MF、CERT.SF和CERT.RSA。signapk.jar就是生成了这几个文件(其他文件没有任何改变。因此我们可以很容易去掉原有签名信息)
浙公网安备 33010602011771号