How to modify a compiled Android application (. apk file)

Today I ' d like-to-share with your My findings about how a existing APK file can be modified.

An. apk file represents the mobile application as it's installed on a mobile device, like smartphone, tablet, wearable, E Tc.

Such an. apk file was a simple archive, can be opened with any packager like e.g. WinRAR

So your can easily open it and view the Files–although viewing most of the files won ' t make you happy, because you ll rea Lize that they ' re compiled, in binary format, etc

... but this is a different story.

Anyways, you can open the archive and then modify any resource file and save the modification in the archive.

If you afterwards try to install the. APK on the smartphone (or tablet or similar), you'll get an error.

The following screenshot displays the error when installing the Modified sample application myapp.apkin an Androi D Device:

The reason is, the modification, the checksum and the signature were not valid anymore.

Thus, simply changing an. apk file was not possible.

However, there ' s still the valid use case to modify or replace files inside an existing. apk.

For example:

–files which is placed in the assets folder

–property files containing configuration data

–images which can be replaced

–styling Information Resources

and similar.

My personal use case is:

I had created an Android application using SAP Netweaver Gateway Productivity Accelerator.

I had to deliver the application to my users as. apk file.

But there is the requirement that they wanted to modify the ready application (change configuration data).

So I had the achieve that:modify the app without have access to the source code.

Below, I ' m sharing the required steps with you.

The description is based on the following software and versions:

Android Current API 19

Java 7

Windows 7

If you aren ' t familiar with Android, but wish to is, you might want to check the documents [1] and [2]

All prerequisites to understanding this blog is explained there.

Note:

In order to execute the commands described below, you need to having Java on your PATH variable of your for Windows system (see [1] for the explanation).

Overview

There is 3 steps that need to being followed in order to modify an existing. apk file:

1. Do the actual desired modifications inside the. apk file

2. Sign the. apk

3. Install the. apk on the device

1. The resource in the. apk

Open the. apk file with WinRAR (IF-doesn ' t work, rename the file extension. apk to. zip)

Change the resource in the archive as desired (packager tools allow to change files without the need to extract the Archiv E

Once you ' re do with your changes and you have a to-take care about the signature files that is part of the. APK:

Inside the archive, go to folder Meta-inf

Delete the existing *. RSA and *. SF files

The following screenshot displays the content of the Meta-inf folder in an. apk file:

Now the archive can is closed.

In case you had changed the file extension before, your now has to change it back to. apk

2. Sign the. apk

Android doesn ' t allow to install a application (APK) that isn ' t signed.

When developing a app in Eclipse, the ADT ("Android Developer Tools", the extension to eclipse that sup Ports development for Android) takes care of signing the app with a default certificate, before installing in on the Devic E.

That's comfortable, but with the following description, everybody was able to sign an application.

Signing the. APK is do in 2 steps:

A) Create the certificate

b) sign the. apk with the created certificate

Both steps is done with commands on the command line

A) Generate a certificate

If you're working in a Java environment, you have the JDK on your file system.

The JDK comes with a tool to manage certificates:the Keytool.

You can find it in the ./bin folder of your JDK installation.

Example:

On my machine it's here:

Now you can generate a certificate using below command.

However, before executing it, please check the notes below, in order to adapt the parameters

keytool.exe-genkey-v-keystore <myKeystore> -alias <myAlias> -sigalg Md5withrsa -keyalg RSA -keysize 2048 -validity 1000

Please note this you had to adapt some of the parameters of the above command to your personal needs:

KeyStore <myKeystore>

Here, you can provide a arbitrary name for your keystore.

The name is provide here is the name of the KeyStore-file that would be created.

The file is created in the current directory.

(I haven ' t tried it, but probably can enter the name of a existing KeyStore file, in order to store the new Certifica Te there)

Alias <myAlias>

Here as well, you can provide a arbitrary name for the alias.

It's meant for recognize it.

The alias is the human readable name of the certificate which would be created and stored in the KeyStore.

Validity 1000

This is the number of desired days.

You can enter any number wish.

I think it should be-enough in order to avoid trouble with expiration.

Note that the parameters Sigalg and keyalg is required by JDK 7, so it shouldn ' t is necessary to add th EM if you ' re using JDK 6

Example:

Keytool.exe-genkey-v-keystore mykeystore-alias myalias-sigalg md5withrsa-keyalg rsa-keysize 2048-validity 10000

When executing the command, you'll get several prompts on the command line, asking for password, username, organization, c ity, etc

You can enter any arbitrary data here and you are only having to make sure to remember the password.

After your ' ve executed the command, you'll see the generated keystore file on your file system in the current dire Ctory (from where you ' ve executed the command)

Now you can proceed with signing the. APK using the newly created certificate.

b) Sign the APK

Before signing the. apk file, you have a to do sure that there is no certificates available in the. apk.

This was described in step 1 above.

For signing a archive, we use the jarsigner tool, which are provided with JDK, and which can are found in the same Location like the Keytool.

The following command is a used for signing a apk.

Jarsigner-verbose-sigalg Md5withrsa -digestalg SHA1 -keystore <keystoreName> <appName> <alias>

Please note this you had to adapt some of the parameters of the above command to fit your personal needs:

KeyStore <keystoreName>

Here are the given in the previous step a) with the to enter the name

In order to keep the command line short, I recommend to temporarily copy the KeyStore file to the same location where you ' Re executing the command.

<appName>

Here is the name of the APK file which you want to sign

In order to keep the command line short, I recommend to temporarily copy of the. apk file to the same location where do you ' re E Xecuting the command.

<alias>

Here are the provided when generating the name of the "the" and the "alias that" that's the certificate

Note that the parameters Sigalg and digestalg is required by JDK 7, so it shouldn ' t is necessary to add them if you ' re using JDK 6

Example:

Jarsigner-verbose-sigalg md5withrsa-digestalg sha1-keystore mykeystore myapp.apk MyAlias

After you've executed the command, you can check the result inside the. apk file:

Open the archive, go to the folder .../meta-inf and check if the files CERT. RSA and CERT. SF has been created.

3. Install the APK on the device

Now the. apk file is signed, and you can install it on your device.

Btw:this procedure is also called side-load.

For Android applications The installation are done with the command line, using the adb command.

adb stands for Android Debug Bridge

Adb.exe is a piece of software this connects the PC with the Android device.

It allows access to the device, allows to trigger operations, transfer files, etc.

In order to install the. APK on the device and you have to connect the device to your PC via USB cable,

Then execute following command

adb install <appName>

In order to keep the command line short, you can temporarily copy the apk file to the same location where you ' re executing The command.

Example:

ADB install myapp.apk

The result should is "success" message on command prompt.

If not, any of the previous steps could have failed.

That ' s it.

You can find the application in the Apps folder of your smartphone.

This procedure worked for me on WIN7 and JDK 7.

It wasn ' t required to rebuild the app, nor to generate new checksum or similar.

Links

Refer to the following documents for lot of information for beginners.

They also contain lots of additional links for further reading.

[1] Getting started with gwpa:prerequisites:http://scn.sap.com/docs/doc-52235

[2] Getting started with gwpa:android preparation:http://scn.sap.com/docs/doc-52371

The official docu can be found here:http://developer.android.com/tools/publishing/app-signing.html

Transferred from: https://blogs.sap.com/2014/05/21/how-to-modify-an-apk-file/

How to modify a compiled Android application (. apk file)