Re-sign the APK

tag: Android HTTP Java OS uses the IO strong file for

1. generate the android APK package signature certificate
1 ). switch to the JDK bin directory in doc
Cd C: \ Program Files \ Java \ jdk1.6.0 _ 18 \ bin
2 ). run the following command
keytool-genkey-alias android123.keystore-keyalg RSA-validity 20000-keystore android123.keystore
: keytool is a built-in certificate tool of Java JDK
-genkey parameter: generate a certificate (security certificate for copyright and Identity Recognition)
-alias Parameter Representation: the certificate has an alias-alias mine. keystore indicates that the certificate alias is: Mine
-keyalg RSA indicates the encryption type, and RSA indicates that encryption is required to prevent others from stealing
-Validity 20000 indicates that the validity period is 20000 days (K3
-keystore mine123.keystore indicates that the name of the certificate to be generated is mine123
*/
after you press ENTER screen Display:
enter the keystore password: [do not display the password] (generally 20 bits are recommended. Remember to use them later)
enter the new password again: [do not display the password]
What is your first name and last name?
[UNKNOWN]: Lili
what is the name of your organization?
[UNKNOWN]: Snoopy
what is your organization name?
[UNKNOWN]: Snoopy team
what is the name of your city or region?
[UNKNOWN]: Beijing
what is the name of your state or province?
[UNKNOWN]: Beijing
what is the two-letter country code for this Unit
[UNKNOWN]: CN
Cn = Lili, u = Snoopy, O = Snoopy team, L = Beijing, St = Beijing, c = cn correct?
[No]: y
enter the master password of
(if the master password is the same as the keystore password, press Enter):

View c: \ Program Files \ Java \ jdk1.6.0 _ 18 \ bin, generate the certificate key for signature later: mine123.keystore

Here, if you try to generate a signature file in eclipse, the file size is also 2 kb, And the alias will be entered during the generation process.

2. Delete the previous signature file
1) decompress the APK file with the decompression tool (for example, decompress it to D: \ sign \ phonebook)

Analysis of compressed Package content:

• Androidmanifest. xml

This file must be defined and contained by each application. It describes the application name, version, permission, referenced library file, and other information. [,], to upload the APK to Google market, you also need to configure the XML. Androidmanifest. XML in the APK is compressed. You can use the axmlprinter2 tool [,] to unbind it. The specific command is: Java-jar axmlprinter2.jar androidmanifest. xml

• META-INF directory

The META-INF directory stores signature information to ensure the integrity of the APK package and system security. When eclipse compiles an APK package, it will do a verification calculation for all the files to be packaged, and put the calculation result under the META-INF directory. This ensures that the files in the APK package cannot be replaced at will. For example, after obtaining an APK package, if you want to replace an image, a piece of code, or a piece of copyright information, it is basically impossible to directly decompress, replace, and re-package the package. This increases the difficulty of virus infection and malicious modification, and helps protect the security of the system.

• Res directory

The res directory stores resource files. Including images and strings.

• Lib directory

The sub-directory armeabi In the lib directory stores some so files. In this place, I will talk a few more words, all of which are found during the development process. During packaging, eclipse will follow the naming rules for file names (LIB ****. so) to package the so file, the start and end must be "lib" and ". so ", otherwise it will not be packaged into the APK file. Other non-Eclipse development environments have not been tested. If you are using sdks and ndk for development, this part is very important. You can even package some files that are not so files into the APK by renaming them, what you can do depends on what you want to do!

• Assets Directory

The Assets Directory can store some configuration files. The content of these files can be obtained through related APIs during the program running. The specific method can refer to the SDK example: In the SDK \ 1.6 \ android-sdk-windows-1.6_r1 \ platforms \ Android-1.6 \ samples \ apidemos example, there is a COM. example .. android. APIS. in this example, a text file is stored in the asset directory of the project, and the TXT file is processed as a common file. The processing process is in readasset. java. Similarly, asset can also store other files.

• Classes. Dex File

Classes. Dex is a Java bytecode file generated after Java source code compilation. However, because the Dalvik Virtual Machine Used by Android is incompatible with the standard Java virtual machine, the DEX file is different from the class file, regardless of the file structure or opcode. Currently, common Java decompilers cannot process Dex files. The android simulator provides dexdump, A decompilation tool for Dex files. First, start the android simulator, and use the ADB push upload simulator to view the DEX file. Then, log on to the simulator using the ADB shell, find the DEX file to be viewed, and execute dexdump XXX. Dex. In addition, dedexer is the only open-source tool that can be found on the Internet to decompile Dex files. You need to compile the source code by yourself.

• Resources. ARSC

Compiled binary resource file"
 
2) Find the directory META-INF below and delete the directory META-INF
3). Use the zip tool to package the entire phonebook folder into a zip package and change the suffix to APK (Note: There is no second-level root directory in your phonebook.zip file)
 
3. re-sign the APK File
1). Copy the certificate to the same directory as the APK file to be re-signed (for example, copy to D: \ sign)
2) switch to the directory where you need to re-upload the APK file in the doc.
Cd d: \ sign
3). Run the following command
Jarsigner-verbose-keystore mine123.keystore-signedjar phonebook_signed.apk phonebook.apk mine. keystore
/* Explanation: hjarsigner is a Java signature tool.
-Verbose parameter indicates that the signature details are displayed.
-Keystore: Use mine123.keystore in the current directory to sign the certificate file.
-Signedjar phonebook_signed.apk?generated after the signature, phonebook.apk indicates the unsigned APK Android software, and mine. keystore indicates the alias
*/
After entering the carriage return, the screen is displayed as follows:

 

View the D: \ signdirectory. The phonebook_signed.apk file has been generated for the new signature.

In addition, sometimes you will find that the APK package in this way cannot be used in some places. The article "simple modification of APK and re-signature" provides a more convenient solution.

 

References:

Re-sign the APK File

Re-sign the APK