Pentest & Bug Bounty Resources and Techniques
  • Pentest & Bug Bounty Resources and Techniques
    • Introduction
    • Tests Checklist
    • OSINT
    • Communications Security
      • SSL/TLS
    • Networking
      • Subdomains Discovery
        • DNS & OSINT
        • DNS Brute force
          • Second DNS Brute-Force Round
      • Subdomain Takeover
      • Network Host Scan/Discovery
        • External/Internal
        • Internal only
      • Network Vulnerability Scanning
      • Network Hacking
      • Parsing
      • Reporting
    • Brute Force
      • Wordlists
      • Databases
      • SSH
    • Web
      • Endpoint Discovery
      • Infrastructure & Configuration
        • Headers
        • WAF Detection/ Evasion
      • Injection
        • GraphQL
        • Cross-Site Scripting (XSS)
        • SQL Injection
        • Payloads
      • SSRF & XXE
        • Labs & Resources
        • Tools
        • SVG SSRF Cheatsheet
        • XXE - XEE - XML External Entity
      • JWT Vulnerabilities (Json Web Tokens)
      • HTTP/S DoS
    • Mobile
      • Both
        • SAST
          • MobSF
        • DAST
          • Installing Frida and Objection
      • Android
        • Create a Lab
          • Rooting Android Emulator
          • Rooting Android Emulator Cheat Sheet
        • APK Certificates
        • SAST
          • APKs
            • Get Information from APK
            • GDA (GJoy Dex Analysizer)
            • Scanning APK for URIs, endpoints & secrets
            • Google Maps API Scanner
        • DAST
          • Rooting the Android Studio AVDs
          • non-Rooted devices
            • Bypass SSL Pinning - non-rooted devices
              • Method 1: apk-mitm
              • Instrumentation with Frida and Objection
                • Bypass SSL Pinning - Method 2: With Objection Explore
                • Bypass SSL Pinning - Method 3: With root_bypass.js
          • Rooted Devices
            • Run frida-server in the emulator or device
            • Inject Frida
            • Bypass SSL Pinning - rooted devices
              • Install Burp CA as a system-level CA on the device
      • iOS
        • SAST
          • Building a reverse iOS engineering environment for free
          • Test Vulnerabilities
  • Lets Practice
    • Virtual Machines
    • Vulnerable App
    • Guided Labs
    • CTFs
  • Group 1
    • AI
Powered by GitBook
On this page
  • Generating An Android Certificate
  • Signing An Android Applicaiton
  • JarSigner
  • APKSigner
  1. Pentest & Bug Bounty Resources and Techniques
  2. Mobile
  3. Android

APK Certificates

PreviousRooting Android Emulator Cheat SheetNextSAST

Last updated 4 years ago

Generating An Android Certificate

When decompiling an android application and compiling it back, you will need to sign the app, and if you don’t sign it, the Application will not be installed on the user device.

There are different ways of generating a certificate but the easiest and universal one is using keytool.

keytool -genkey -v -keystore KeyStoreName -alias KeyStoreAlias -keyalg RSA -keysize 2048 -validity 365

-keystore KeyStoreName is the keystore name

-alias KeyStoreAlias is the certificate alias name, which after you use it will be added to META-INF folder

-keysize 2048 You can use 4096 size, but there are issues regarding that from devices or so.

-validity 365 Validity in days

Signing An Android Applicaiton

JarSigner

It's important to note your APK (YourAPK_unsigned.apk) will be overwritten. If you want to keep an unsigned copy, please first create a copy ofYourAPK_unsigned.apk

jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore KeyStoreName YourAPK_unsigned.apk KeyStoreAlias
mv YourAPK_unsigned.apk YourAPK_signed.apk

-sigalg is the signature algorithm used. There are some apps using MD5 but use SHA1 as when you are verifying the app it will tell you the hashing algorithm used and how weak the algorithm used is.

-keystore KeyStoreName is the name of the keystore name used when generating the certificate

YourAPK_unsigned.apk is the name of the app to be sign. Note: if you used MD5, the application will be treated as an unsign app because the algorithm used to sign the App is weak.

KeyStoreAlias is the alias name of the certificate used when creating the certificate.

APKSigner

Install APKSigner

sudo apt-get apksigner

Sign the APK

It's important to note your APK (YourAPK_unsigned.apk) will be overwritten. If you want to keep an unsigned copy, please first create a copy ofYourAPK_unsigned.apk

apksigner sign --ks KeyStoreName YourAPK_unsigned.apk
mv YourAPK_unsigned.apk YourAPK_signed.apk
apksigner verify --verbose YourAPK_signed.apk

Generating a Certificate