Decompile An APK

Discussion in 'Android Tablet Apps' started by aktiv22, Mar 3, 2019.

  1. aktiv22

    aktiv22 Member

    Joined:
    Oct 14, 2018
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    43
    Hi
    it is possible to recompile an apk with the same signature?
     
  2. Traveller

    Traveller Super Moderator Staff Member

    Joined:
    Jun 16, 2012
    Messages:
    2,654
    Likes Received:
    940
    Trophy Points:
    460
    Tablet / Device:
    Coby Kyros MID9742, Lenovo Tab 4 (8"), numerous phones
    No, unless you're the original author. Any changes to the code in an APK require a new signature. For an example of this, go here.
     
  3. aktiv22

    aktiv22 Member

    Joined:
    Oct 14, 2018
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    43
    thanks for replay
    this apk is use with an injectors test bench
    this apk have inside some users and passwords
    i find where is located and i changed the password for admin user.
    i admin mode i can make more than in another user
    the user is czadmin and the password is made to 9 characthere
    i know some of this
     
  4. Traveller

    Traveller Super Moderator Staff Member

    Joined:
    Jun 16, 2012
    Messages:
    2,654
    Likes Received:
    940
    Trophy Points:
    460
    Tablet / Device:
    Coby Kyros MID9742, Lenovo Tab 4 (8"), numerous phones
    Having usernames and passwords hard-coded into the app itself is a really bad design. The entire reason the link I gave you exists is because the authors of ES File Explorer did much the same thing and hard-coded the paths to the superuser binaries into the app, which meant it could not see systemless root solutions, e.g. Magisk. When I changed the paths in the app to point to systemless root solutions the chain of trust in the app was broken, rendering the original signature invalid. To restore the chain I needed to replace the signature.

    For ES File Explorer and a few other apps, including a couple I've built from source, I used my own keystore. While it is very easy to use test keys in signing an app, especially if that app isn't going to be uploaded to Google Play, it's not as secure a solution as using your own keystore. Creating your own keystore isn't terribly difficult, especially if Android Studio is installed. See here for instructions on how to do it. This will generate a keystore file that you would use to sign your apps with. How you sign the app is up to you, whether you sign the app in Android Studio or use an app like ZipSigner to do it.
     
    • Informative Informative x 1

Share This Page