Android apk Remove signatures and re-sign methods _android

Android apk Remove signatures and re-sign methods

An important part of Android development is the use of their own key to apk file signature, unsigned apk files are generally not installed, even if the last is also a failure to install.

Online spread of the "Check to allow the installation of unknown sources of application" in fact, and signed no signature does not matter, plainly is to allow installation is not from the electronic market to download the application just.

In recent days need to modify a apk in the JNI call of the. so file, suffer from no apk source code, had to study the signature-related issues. Of course there are a lot of third-party tools that can be done, but in fact the JDK already provides a powerful signature tool Jarsigner.

1. Remove signature

In fact, it is very simple to open the APK with WinRAR, locate the Meta-inf folder, and delete all other files except MANIFEST.MF.

2. Signature

To run Jarsigner, if you do not set the PATH environment variable, you can find it from the bin directory under the JDK installation path, for example, my native is C:\Program Files\java\jdk1.8.0_31\bin\jarsigner.exe

Jarsigner usage is as follows:

Usage: jarsigner [options] jar-file alias jarsigner-verify [options] jar-file [alias ...] [-keystore <url&gt] KeyStore location [-storepass < password] password for keystore integrity [-storetype < Type] KeyStore type [-keypass < password The password of the private key (if different) [-certchain < file] Replaces the name of the certificate chain file [-sigfile < file]. sf/. The name of the DSA file [-signedjar < file] The name of the signed JAR file [-digestalg < algorithm] Digest the name of the algorithm [-sigalg < algorithm] Signature algorithm
              The name [-verify] verifies the output details of a signed JAR file [-verbose[:suboptions]] signature/verification. Sub options can be all, grouped or summary [-certs] Output details and display certificates when validation [-tsa <url>] The location of the timestamp authority [-tsacert < alias]      ;] Timestamp authority's public key certificate [-tsapolicyid &LT;OID&GT] Timestamp authority's Tsapolicyid [-altsigner < class] Alternative signature mechanism class name [-altsignerpat H < path list the location of the alternative signature mechanism [-INTERNALSF] is contained within the signature block. The SF file [-sectionsonly] does not compute the entire manifest's hash [-protected] KeyStore has a protected authentication path [-providername < name] Provider name [-PROVIDERC Lass < class > Cryptographic service Provider name [-providerarg < parameters]] ...

 The main class file and constructor parameters [-strict] treat warnings as errors

A more commonly used parameter is to specify the location of the KeyStore and the file after the signature, for example:

Jarsigner-keystore C:\myKey.key-signedjar apk-signed.apk apk-unsigned.apk MyKey

The file to be signed is apk-unsigned.apk, and the APK after the signature is apk-signed.apk. We can also sign directly on the APK to be signed without specifying the-signedjar parameter. The last MyKey is my keystore alias.

After the signature is completed and then opened with WinRAR, you will find that there are more than Mykey.rsa and mykey.sf two files in the Meta-inf directory, respectively:

MANIFEST. MF holds the SHA-1 of all other files and base64 the encoded values.
MYKEY. SF also has other files SHA-1 and Base64 encoded values, and a MANIFEST.MF file SHA-1 and Base64 encoded values
MYKEY. RSA contains public key information and publishing Authority information

The names of the latter two files and my key alias are converted to uppercase after the same.

KeyStore on how to make the cost of the machine is no longer to repeat, in Androidstudio and Eclipse have a corresponding tool, graphical interface, so easy.

Thank you for reading, I hope to help you, thank you for your support for this site!