APK反编译、打包、签名

Android逆向工作都避免不了要对apk进行反编译后重新打包，这里就简单说一下用apktool进行解包和打包的整个过程。

首先把一个apk和apktool放到同一目录下，打开shell（我这里是power shell，用平常的shell也一样），输入命令

java -jar .\apktool_2.3.0.jar d .\app-debug.apk -o leftypackage

格式为： java -jar apktool的名字 d(反编译) 要解包的apk -o(输出) 文件名

成功后可以看到解包出来的文件夹leftypackage，然后可以对内容进行修改。

反编

PS D:\apktool> java -jar apktool_2.2.4.jar d -f musicLauncher0927.apk
I: Using Apktool 2.2.4 on musicLauncher0927.apk
I: Loading resource table...
I: Decoding AndroidManifest.xml with resources...
I: Loading resource table from file: C:\Users\yyd\AppData\Local\apktool\framework\1.apk
I: Regular manifest package...
I: Decoding file-resources...
I: Decoding values */* XMLs...
I: Baksmaling classes.dex...
I: Baksmaling classes2.dex...
I: Copying assets and libs...
I: Copying unknown files...
I: Copying original files...
PS D:\apktool> 

打包

当我们修改完之后可以进行重新的打包，重新打包后的apk在要打包的文件夹里的dist目录下

java -jar .\apktool_2.3.0.jar b .\leftypackage\

格式为： java -jar apktool的名字 b(打包) 要打包的文件夹名字

PS D:\apktool> java -jar apktool_2.2.4.jar b musicLauncher0927
I: Using Apktool 2.2.4
I: Checking whether sources has changed...
I: Smaling smali folder into classes.dex...
I: Checking whether sources has changed...
I: Smaling smali_classes2 folder into classes2.dex...
I: Checking whether resources has changed...
I: Building resources...
W: warning: string 'default_area_text' has no default translation.
W: warning: string 'ensure_delete_app' has no default translation.
W: warning: string 'wkq_mode_00' has no default translation.
W: warning: string 'wkq_mode_01' has no default translation.
W: warning: string 'wkq_mode_02' has no default translation.
W: warning: string 'wkq_mode_03' has no default translation.
W: warning: string 'wkq_mode_04' has no default translation.
I: Copying libs... (/lib)
I: Building apk file...
I: Copying unknown files/dir...
PS D:\apktool>

签名

对重新打包的apk进行Android系统platform签名，命令

java -jar prebuilts/sdk/tools/lib/signapk.jar build/target/product/security/platform.x509.pem build/target/product/security/platform.pk8 musicLauncher0927.apk musicLauncher0927_singed.apk

格式为：java -jar 系统signapk.jar platform.x509.pem platform.pk8 被签名apk名字 签名apk名字

lantiancheng@ubuntu1:~/code/Moon-A2$ java -jar prebuilts/sdk/tools/lib/signapk.jar build/target/product/security/platform.x509.pem build/target/product/security/platform.pk8 musicLauncher0927.apk musicLauncher0927_singed.apk
lantiancheng@ubuntu1:~/code/Moon-A2$ 

会在同一级的根目录下看到已经签名的apk：musicLauncher0927_singed.apk