Wednesday, November 4, 2009

Remove signature from APK file and sign it again

The APK file is just a zip file with another extension. To remove the signature just unzip it, remove the folder META-INF and zip it again.

but how to sign it again? You can use your own signature or the debug signature used by Android SDK named debug.keystore

You can copy the debug signature from C:\Documents and Settings\\Local Settings\Application Data\Android\

The data of the signature is the following:

* Keystore name: "debug.keystore"
* Keystore password: "android"
* Key alias: "androiddebugkey"
* Key password: "android"
* CN: "CN=Android Debug,O=Android,C=US"

for more details go to http://developer.android.com/guide/publishing/app-signing.html

Now, how to sign the apk again? Use the jarsigner.exe tool, this tool comes with the JDK.

JDKFOLDER\bin\jarsigner.exe -verbose -storepass android -keystore debug.keystore myprogram.apk androiddebugkey

replace myprogram.apk with your own unsigned apk.

Is this useful? Maybe, if you want to modify the build with reverse engineering or something similar, use your imagination.

voila!

6 comments:

  1. I tried this, but when I tried to install the app I got a parse error from the installer from the AndroidManifest.xml. Any idea what this is from?

    ReplyDelete
  2. Hi,

    what did you change in the apk?

    ReplyDelete
  3. What does the command line look like to zip the APK directory back into a single file?

    ReplyDelete
  4. I hve been tryin to change th signature for android.Settings....
    It doesn't seem to work
    I get this error
    jarsigner: unable to sign jar: java.util.zip.ZipException: invalid entry crc-32

    ReplyDelete
  5. Look here when using JDK 7+

    http://stackoverflow.com/questions/5505240/trying-to-manually-sign-android-package-with-jarsigner-exe-and-install-with-adb

    ReplyDelete