We publish applications in Google Play and earn millions. We publish applications in Google Play and earn millions how to extract the signature of the APK file
So, you worked many days (and maybe at night), and here your first hybrid mobile application is ready. It is fairly stable, most of the critical bugs are closed. Small remained, but remembering that perfectionism is evil, you take a volitional solution to lay out the application.
The required condition for this is the presence of a signed APK file. How to sign APK file, you will learn from this article.
Small retreat
When my Pet Project closely approached the release, I began to search for information on how quickly and without pain publish the application. Many instructions found looked simple. I chose the instruction of the authors of the Ioni Framework, where the application is developed. Not everything turned out the first time, there are several features. The signing process is described in this article, the important points are especially allocated.Initial data
I assume that you have everything you need to develop hybrid mobile applications using Apache Cordova. Must be installed:- Apache Cordova.
- Java Development Kit.
- Android SDK Tools.
Go
First you need to create a release bit of your application. But before that, let's make sure that all excess plugins are removed. For example, we do not need a plugin that displays debug information into the console. Remove it: $ Cordova Plugin Rm Cordova-Plugin-Console
To generate release assembly under Android use the team build With flag --release:
$ Cordova Build --release Android
This team will create unsigned APK file in the directory:
Platforms / Android / Build / Outputs / APK
For example, Platforms / Android / Build / Outputs / APK / android-Release-unsigned.apk. Then we need to sign this file and run the utility zipalign To optimize and prep file for Google Play.
For file signing, you need a certificate. Create it with the utility keytoolwhich is enabled in JDK:
$ Keytool -genKey -V -Keystore LCF.KEYSTORE -ALIAS LCF -KEYALG RSA -KEYSIZE 2048 -Validity 10000
Important
The value of the -Alias \u200b\u200bparameter must be remembered, and it is better to write down. In the example above it is equal to LCF (according to the first letters of the name of the Loyal Client Free application). I will not bring the details here, if it is interesting, write in the comments, I will tell you more.Alias \u200b\u200bis used every time signing * Applications. To be easier to remember, use the keystore file name as Alias, for example:
-Keystore Hello-World.Keystore -Alias \u200b\u200bHello-World -Keystore Weather-App.Keystore -Alias \u200b\u200bWeather-App -Keystore Todo.Keystore -Alias \u200b\u200bTodo
* You need to sign the application each time updates
Utility keytool Specifies a number of questions. In total, there will be 8. In order to have an idea of \u200b\u200bthe idea of \u200b\u200bquestions and exemplary responses in advance, they are all submitted further under the spoiler.
Questions Keytool and exemplary answers to them
1. ENTER KEYSTORE PASSWORD:
Here you need to enter a password for the file (at least 6 characters). The entered password must be recorded in a safe place, it needs every time the application is signed.
2. RE-ENERGER NEW PASSWORD:
Password re-entering.
3. What is Your First and Last Name?
: Ivan Petrov.
Your name and surname. The value in square brackets is the default value.
4. What is the name of your Organizational Unit? WHAT IS THE NAME OF YOUR ORGANIZATIONAL UNIT
: IT.
Name of the division of your company. You can leave empty, I specify IT.
5. What is the name of your organization?
: 2Developers.
The name of your organization. Specify if there is.
6. What is the Name of Your City or Locality?
: Moscow.
City name
7. What is the name of your state or Province?
: Mo.
Area name
8. What is the Two-Letter Country Code for this Unit?
: Ru
Code of the country. I specify RU.
: y.
Confirm if everything is true or press Enter to enter again.
At the end, a message about successful key generation will appear. It will be prompted to set a password for a private key (if you want to leave the same as for a certificate - press ENTER):
Generating 2 048 Bit RSA Key Pair and Self-Signed Certificate (SHA256WITHRSA) WITH A VALIDITY OF 10 000 DAYS FOR: CN \u003d Ivan Petrov, OU \u003d IT, O \u003d 2Developers, L \u003d MOSCOW, ST \u003d MO, C \u003d RU ENTER KEY Password for
The current directory will create a file lCF.KeyStore..
Important
The created file must be saved in a safe place. If you use a closed repository, the file can be commuted along with the source code of the application. In general, certificates are better stored separately. In case of a lost certificate, you will not be able to release application updates.
There are two steps left, and you will get ready to distribute APK file. Go directly to the signature.
To sign your APK file, use the utility jarsigner.which is also included in JDK.
$ jarsigner -verbose -sigalg sha1withrsa -digestalg sha1 -keystore lcf.keystore android-relide-unsigned.apk lcf
The certificate name is indicated after the parameter -Keystore., Alias \u200b\u200b- after the file name.
Finally, to optimize the APK file, use the utility zipalign:
$ zipalign -v 4 Android-Release-unsigned.apk LoyalClientFree.apk
The last parameter is the name of the file that you will download to Google Play.
Important.
Utility zipalign This is the Android SDK Tools and can be found here:/ Path / To / Android / SDK / Build-Tools / Version / Zipalign
Conclusion
Now you have a ready-to-distribute APK file that can be downloaded to Google Play. Fill in the description, define the rating of your application and boldly press "Publish".The article presents screenshots when the application store was called "Android Market". The generation of cats have already grew, which never heard about this name. But the general principle has not changed. Left for history. I can't re-register to make new screenshots.
Since we worry, they are practicing on cats. Take, for example, an example from the article and try to lay out it on Google Play. If everything works out, then it will be easier.
Before proceeding to further operations, make sure that you are ready for your own icons for applications and the name of the program. It will be very strange to see in the Application Store program with a standard icon and name "HelloWorld". And also check all records in the manifest file.
Step one. He is difficult
Any application laid out to the store must have a signed certificate. The certificate allows you to identify you as the author of the program. And if someone tries to lay out a program with the same name as you, then he will be denied due to the conflict of names. Under the name of the application refers to the full name of the package.
When you launched your applications on an emulator or your phone, then the development environment automatically signed the program by the debug certificate. To distribute through the store, the debug certificate is not suitable, and you need to sign the application with your unique certificate. It is free, without registration and SMS.
Create a signed APK file that is something type by executable file as notepad.exe. In Windows. If you have an open Android Studio development environment, select the menu BUILD | Generate Signed APK ....
The wizard dialog box will appear, which must be filled with data.
In the first field, you should specify the path to the keys repository. If you used to create programs before, including in Eclipse, you can specify an existing storage through the button Choose existing .... If you create a repository for the first time, cholect a button Create New .... A new dialog box appears.
In the first field you need to select the folder through the button. ... and enter the name for the file with the storage to which the expansion will be assigned jKS..
Now create the key for the application. In field Alias. (Alias) Enter your key name-minded and cats. It is not necessary to create a pseudonym for each application, you can use one pseudonym for your applications and individual aliases for applications under the order.
For the key you also need to create a password and confirm it.
The key is designed for 25 years. Field VALIDITY (YEARS) We leave unchanged (if you do not have significant reasons in the opposite).
Finally, fill your data about yourself.
Fill in the field, you will return to the first window of the wizard.
Click on the button Next And in the next window, enter another password to access the password database.
Perhaps this step you will not have. It may appear if you marked the option "Remember Password". I do not remember details, challenge yourself.
Last step - Press the button FINISH.
Previously, it was the last step. Now new flags appeared V1 (Jar Signure) and V2 (Full APK Signature). Mark at least the first option V1. - It corresponds to the old way. The second method is considered more reliable in terms of hacking and can be used for late API, at your discretion (see below).
As a result of complex manipulations with dialog boxes, you will have a long-awaited APK - your charm, which will open the door to the world of wealth and happiness.
Press the button Show in Explorer.You will run the conductor on your computer with a folder in which the signed file is located.
Be careful with the key created. It is he who is a guarantee that the new version of the program is written by you. Therefore, if you lose the created key, you will have to lay out a program under a different name with a new key.
The studio provides an automatic creation mode of the signed application. Right-click on the folder app. And in the context of the menu, select item Open Module Settings. Choose a section app. In the section Modules.. Select the tab Signing.. Press the button with a plus card and fill the fields.
Go to the tab Build Types. and choose the assembly release. In the drop-down list Signing Config Choose the configuration just created. Default she has a name config.
Press OK. To save results.
You can sign applications via the command line without the participation of the studio if you are a pervert. You can read the documentation on this topic.
v2 Full APK.
In 2017, Google changed the signing process slightly. Now there are two signature schemes APK: V1 JAR and V2 Full APK.
Signature V1 (which existed from the very beginning) does not protect some parts apk, such as ZIP metadata. Verifier APK must process a lot of unreliable data structures, and then discard the data that is not signed, which provides large space for attack. In addition, the Verifier APK must unpack all compressed records that spends a lot of time and memory. To solve problems, a new version of the V2 Full APK was developed, which you meet when signing your application.
The V2 scheme works in Android 7.0 Nougat (API 25). The scheme provides a faster installation of the application and good protection against unauthorized changes in APK. The contents of the APK are checked and subscribe, then the received APK signature unit is inserted into APK.
The new format is compatible, so APK signed by a new scheme can be installed on earlier devices (which will simply ignore a new signature) if these apk are also signed by the diagram V1.
In old applications, I leave the first version check box. Perhaps later will make it come to the second version forcibly. It is important to take into account that you need to sign the V1 scheme before signing the V2 scheme, since APK will not be checked according to the V2 scheme if it is signed by additional certificates after signing by the V2 scheme.
Strictly speaking, you can post an APK file on the site, and all your visitors can download it and install it. But it is somehow unsolonged into our century nanotechnology. Therefore, go to the next step.
Step second. You must Fedya, you must
The next step is very unpleasant. You need to give 25 evergreens to someone else's person. To make it not so hurt, this operation was called a registration fee. You will need a credit card with the specified amount. Please note that Visa Electron, and even more so the discount card of the network of stores "Crossroads" you will not fit. If you already have a desired card, then you skip this paragraph. The rest can advise to start a Qiwi-wallet and there to start a virtual card. This is exactly what I did, as it was reluctant to write all sorts of statements.
Automatic update
If you have created a new version of the program, fixing various bugs and adding new cat pictures, then you need to enlarge per unit number version (attribute versioncode.) and replace versionName. For yourself (will be shown on the Google Play page). In the latest versions of the studio, these properties are now not in the manifest, but in the file build.gradle Module your application. Check the new version on Google Play and users will receive an update in automatic mode.
Watch out for reviews
Install the Google Play Developer Console application on your device so as not to miss a new feedback on your program. You can also view statistics.
Change the warehouse passwords and the key alias
I did not have to use for several years, so I do not know whether this information is relevant.
Suppose you sold your program with sources of another company. So that she could upload the program updates, the company must sign the application by the same key that you have signed. Otherwise, the program will be considered another and will have to change the name of the package. But then old users will not be able to get updates.
But if you all sign all your programs with the same key and password, for example cat Cat.The company can sign the same key and other applications by the same key, placing its programs with the same package name, and you do not prove anything to anyone.
Therefore, you need to take care of the key change to transfer the new owner.
Suppose our storage has a structure:
Storage Name (Keystore): Old.Keystore Password from the repository: Cat1 Alias: My_alias Password from Pseudinum: Cat2
Make a copy of your storage and save it elsewhere. It was necessary to make it even when you first create, because when losing the repository, you will not be able to restore access to your programs when updating.
Make a copy of your storage again and rename it, for example, new.Keystore.. We will work with him.
Run the utility keytool with the team:
Keytool -StorePasswd -Keystore New.Keystore
You will be prompted to enter the current password, and then enter a new password and repeat it. Approx like this:
ENTER KEYSTORE PASSWORD: NEW KEYSTORE PASSWORD: Re-Enter New Keystore Password:
The first part of the task is made, the password from the storage is changed.
If you also want to change the password from the pseudonym, then again run the utility with the team:
Keytool -KeyPasswd -Keystore New.Keystore -Alias \u200b\u200bMy_Name
You will be asked to enter the current password from the repository (your new password), then the pseudonym password. You can enter a new password and it will replace the old password.
ENTER KEYSTORE PASSWORD: ENTER KEY PASSWORD FOR
Password from the pseudonym is changed.
If the password changes are not enough for you and you want to change the name of the pseudonym (maybe you used the name of your favorite cat, why others know about it), then continue work.
Run the command:
Keytool -Changealias -Keystore New.Keystore -Alias \u200b\u200bMy_alias -Destalias My_New_alias
You will be asked to enter a password from the repository, then password for a new pseudonym (current password), then a new password and repeat it. The name of the pseudonym will be changed.
So, we needed three steps to create a new repository and alias to transfer someone else's person. The new owner must do the same thing to be confident that you do not use the changed files for your own purposes. However, it is already his problems.
We subscribe a ready-made application
Such a case may be subject to when you are lost sources and only APK. Most likely it is relevant for pirates that reconnect other applications (do not do so with other people's programs).
First, change the extension with APK on Zip. In the archive, delete the folder Meta-inf. Restore the extension. You deleted the old signature.
Now you need to sign the application with a new key. Enter the command.
Jarsigner -Keystore keystore-file.jks -storepass keystore_password -keypass alias_password --signedjar Signed-APK-FILE.APK APK-FILE.APK ALIAS_NAME
In a successful case, get a message that the application is signed. Next, we perform another command.
Android_SDK_Path / Build-Tools / Last_Build_Tools_Version / Zipalign -v 4 Signed-APK-FILE.APK Aligned-APK-FILE.APK
As a result, an APK file signed by a new key should be turned out. He himself did not apply.
Google keys storage
In 2017, Google added a new opportunity to store keys in cloud storage. The main difference is that you sign the application with a special download key that Google checks and deletes, replacing it with the original key signature key you provided.
With it, you can manage application signature keys for both new and published applications that will be stored in Google in their own key store. To join this program, you must subscribe to it in your Google Play Console. It is worth noting that unsubscribe from it will already be impossible.
This method is very useful - when the keystore is lost, the Google Play Signing keys will allow you to reset the key to install the new one. You do not have to publish the application re-with the new package name and key.
Additional reading
Android-Keystore-Password-Recover by Maxcamillo - If you lost the password, then try using this tool. He himself did not use, so I will not tell.
Sometimes some applications on Android are not satisfied with the user. As an example, you can cite udigue advertising. And it happens and so - everyone is good for the program, but only there is no translation in it or a curve, or there is no one. Or, for example, a trial program, and there is no full version of the possibility. How to change the situation?
Introduction
In this article we will talk about how to disassemble the APK package with the application, consider its internal structure, disassemble and decompiling byte code, and try to make several changes to applications that can bring us one or another.
To do all this on your own, you will need at least the initial knowledge of the Java language on which the Android applications are written, and the XML language that is used in Android is everywhere - from the description of the application itself and its access rights to storing the lines that will be displayed on the screen. Also need the ability to handle specialized console software.
So, what is the package apk, which covers absolutely all software for Android?
Decompiling applications
In the article, we worked only with the disassembly application code, however, if you make more serious changes in large applications, the SMALI code will be much more complicated. Fortunately, we can decompile the DEX code in a Java code, which will be not original and not compiled back, but much easier to read and understand the logic of the application. To do this, we will need two tools:
- dex2Jar - the Dalvik byte-code translator in the JVM byte code, on the basis of which we can get the code in the Java language;
- jD-GUI is a decompiler itself, which allows you to get a readable Java code from the JVM byte-code. Alternatively, you can use jad (www.varaneckas.com/jad); Although it is quite old, but in some cases generates more readable code than JD-GUI.
Use them follows. First, launch Dex2JAR, pointing out the path as an argument to APK-package:
% Dex2jar.sh Mail.apk.
As a result, the Mail.jar java package will appear in the current directory, which can already be opened in JD-GUI to view the Java code.
APK package device and getting them
The Android application package is essentially a regular zip file, to view the contents and unpacking of which no special tools are required. It is enough to have an archiver - 7zip for Windows or a console UNZIP in Linux. But it concerns wrapper. What inside? Inside, we generally have such a structure:
- META-INF / - contains a digital certificate of the application certifying its creator, and the checksum amounts of the package files;
- rES / - various resources that the application uses in its work, such as images, a declarative description of the interface, as well as other data;
- Androidmanifest.xml. - Application description. This includes, for example, a list of required permissions, the desired Android version and the required screen resolution;
- classes.dex - Compiled byte application application for the Dalvik virtual machine;
- resources.arsc. - also resources, but another kind - in particular, lines (yes, this file can be used for Russification!).
The listed files and directories are if not in all, then, perhaps, in the absolute majority APK. However, it is worth mentioning a few not so much common files / directories:
- assets. - analogue of resources. The main difference is to access the resource. It is necessary to know its identifier, the Asset list can be obtained dynamically using the AssetManager.List () method in the application code;
- lib - Native Linux libraries written using NDK (Native Development Kit).
This directory uses game manufacturers, placing the game engine there, written in C / C ++, as well as creators of high-performance applications (for example, Google Chrome). The device figured out. But how to get a file of the package of the application of interest? Since without root from the device to pick up APK files is not possible (they lie in the / Data / App directory), and it is not always appropriate to handle, there is at least three ways to get the application file to the computer:
- apk Downloader extension for chrome;
- application Real APK LEECHER;
- various file sharing and lumpy.
Which one to use is a matter of taste; We prefer to use individual applications, so we describe the use of Real APK LEECHER, especially as it is written on Java and, accordingly, it will work at least in Windows, even in Nixes.
After starting the program, you must fill out three fields: Email, Password and Device ID - and choose a language. The first two are e-mail and your googleaccount password, which you use on the device. The third is the identifier of the device, and it can be obtained by typing the code on the dialer # #8255## And then finding the Device ID string. When filling, you need to enter only the ID without the Android prefix.
After filling and saving, the message "Error While Connecting to Server" pops up. It is not related to Google Play, so boldly it ignores it and look for packages you are interested in.
View and modification
Suppose you have found the package that interests you, downloaded, unpacked ... And when trying to view any XML file, it was surprised to find that the file is not text. What to decompile and how to work with packages? Is it really necessary to put an SDK? No, the SDK is not at all necessary. In fact, for all steps to unpack, modify and package packaging APK need the following tools:
- archiver Zip. for unpacking and searches;
- smali. - assembler / disassembler byte-code of the Dalvik virtual machine (code.google.com/p/smali);
- aapt. - a resource tool (by default resources are stored in binary form to optimize application performance). It is included in the Android SDK, but can be obtained separately;
- signer. - A tool for digital signature of the modified package (bit.ly/rmrv4m).
You can use all these tools individually, but it is inconvenient, therefore it is better to use a higher-level software built on them. If you work in Linux or Mac OS X, then there is a tool called apktool. It allows you to unpack resources in the original type (including binary XML and ARSC files), reoper a package with modified resources, but does not know how to sign packets, so run the SIGNER utility will have to manually. Despite the fact that the utility is written in Java, its installation is quite non-standard. First you should get the JAR file itself:
$ CD / TMP $ wget http://bit.ly/wc3ocz $ tar -xjf apktool1.5.1.tar.bz2
$ Wget http://bit.ly/wrjec7 $ tar -xjf apktool-install-linux-r05-ibot.tar.bz2
$ MV APKTOOL.JAR ~ / BIN $ MV APKTOOL-INSTALL-LINUX-R05-IBOT / * ~ / BIN $ Export Path \u003d ~ / Bin: $ Path
If you work in Windows, it has an excellent tool calledVirtuous Ten Studio, which also accumulates all these tools (including APKTOOL itself), but instead of the CLI interface provides the user with an intuitive graphical interface with which you can perform operations on unpacking, disassembling and decompiling into several clicks. This donation-ware tool, that is, sometimes appears windows with a proposal to get a license, but this is, in the end, you can suffer. It does not make any point in describing it, because you can understand the interface in a few minutes. But apktool, due to its console nature, should be discussed in more detail.
Consider the Apktool options. In short, there are three main commands: D (Decode), B (Build) and if (Install Framework). If everything is clear with the first two teams, what does the third conditional operator do? It unpacks the specified UI framework, which is necessary in cases where you displays any system package.
Consider the most interesting options of the first team:
- -s. - do not disassemble the DEX files;
- -r. - Do not unpack resources;
- -b. - do not insert debug information into the results of disassembling the DEX file;
- --Frame-Path. - Use the specified UI framework instead of the built-in apktool. Now consider a couple of options for the B team:
- -f. - forced assembly without checking changes;
- -a. - Indicate the path to AAPT (tool for assembling APK-archive), if you want to use it from another source for some reason.
APKTOOL is very easy to use, it is enough to specify one of the commands and the path to APK, for example:
$ apktool d mail.apk
After that, all extracted and disassembly package files will appear in the Mail directory.
Preparability. Turn off advertising
The theory is, of course, well, but why is it needed if we do not know what to do with a unpacked package? Let's try to apply the theory with benefit for yourself, namely, we modify some softyn so that it does not show us advertising. For example, let it be Virtual Torch - a virtual torch. For us, this software will fit perfectly, because it is striking with annoying advertising and is also quite simple, so as not to get lost in the codes.
So, with one of the following methods, download the application from the market. If you decide to use Virtuous Ten Studio, simply open the APK file in the application and unpack it, for what to create a project (File -\u003e New Project), then select the Import File in the context menu. If your choice fell on apktool, it is enough to execute one command:
$ apktool d com.kauf.particle.virtualtorch.apk
After that, the COM.KAUF.Particle.VirtualTorch directory will appear a file tree similar to that described in the previous section, but with an optional Smali directory instead of Dex files and a apktool file .yml. The first contains a disassembly application code of the executable DEX file of the application, the second - the service information needed by APKTOOL to build a package back.
The first place where we must look are, of course, androidmanifest.xml. And here we immediately celebrate the following line:
It is not difficult to guess that she is responsible for providing the application to the use of the Internet connection. In fact, if we want to just get rid of advertising, we will most likely have enough to ban the Internet application. Let's try to do it. We delete the specified string and try to collect software using APKTOOL:
$ apktool b com.kauf.particle.virtualTorch
The com.kauf.particle.VirtualTorch / Build / Build / Build / Build / Build / BUILD / will appear. However, it will not be possible to install it, as it does not have a digital signature and checksums of files (there is simply no META-INF directory in it). We must sign a package using the APK-SIGNER utility. Started. The interface consists of two tabs - on the first (key generator) we create keys to the second (APK Signer). To create our private key, fill in the following fields:
- Target file. - the output key storage file; It is usually stored one pair of keys;
- Password. and Confirm. - Password for the repository;
- Alias. - the name of the key in the repository;
- Alias \u200b\u200bPassword. and Confirm. - password secret key;
- Validity - validity period (in years). The default value is optimal.
The remaining fields, in general, are optional - but it is necessary to fill at least one.
Warning
To sign the application using APK-Signer, you must install Android SDK and specify the full path to it in the application settings.
All information is provided solely for informational purposes. Neither the editors nor the author are responsible for any possible harm caused by the materials of this article.
Now this key can be signed apk. On the APK Signer tab, select the newly generated file, enter a password, an alias of a key and a password to it, then find the file APK and boldly press the "SIGN" button. If everything goes fine, the package will be signed.
Info.
Since we have signed a package by our own key, it will conflict with the original application, which means that when you try to update my softy in the market, we will get a mistake.
Digital signature is needed only by third-party software, so if you are modified by system applications that are installed by copying to the / System / App / App / App / App, then you do not need to sign them.
After that, we throw off the package on your smartphone, install and run. Voila, advertising disappeared! Instead, however, a message appeared that we have no Internet or there are no appropriate permissions. In theory, this could have enough, but the message looks annoying, and, and, honestly, we were just lucky with a blunt application. Normally written software, most likely, will clarify its powers or check the presence of an Internet connection and otherwise it will simply refuse to start. How to be in this case? Of course, edit the code.
Usually the authors of the application create special classes for advertising and cause methods of these classes during the launch of the application or one of its "activities" (simplistic speaking, application screens). Let's try to find these classes. We go to the Smali directory, then COM (in ORG only the open Cocos2D graphics library), followed by Kauf (it is there, because this is the name of the developer and there is all its code) - And here it is, the Marketing catalog. Inside, we find a bunch of files with the expansion of Smali. These are classes, and the most remarkable class AD.Smali is most noteworthy, by the name of which it is not difficult to guess what it brings advertising.
We could change the logic of its work, but much easier will be stupidly remove the challenges of any methods from the application itself. Therefore, we leave from the Marketing directory and go to the nearby Particle directory, and then in VirtualTorch. Special attention here deserves the MainActivity.smali file. This is a standard for Android class, which is created by Android SDK and is installed as an input point of the application (analogue of the Main function in C). Open the file to edit.
Inside is the SMALI code (local assembler). It is quite tangled and difficult to read by virtue of its low-level nature, so we will not study it, but just find all the references to the class AD in the code and comment on them. Drive the string "AD" in the search and fall on the line 25:
Field Private AD: LCOM / KAUF / MARKETING / AD;
The AD field is created here for storing the class AD object. Let's comment using the ### sign set before the string. We continue to search. Row 423:
NEW-Instance V3, LCom / Kauf / Marketing / AD;
Here is the creation of an object. Comment. We continue to search and find in lines 433, 435, 466, 468, 738, 740, 800 and 802 appeals to methods of class AD. Comment. Look like that's it. We save. Now the package must be collected back and check its performance and availability of advertising. For the purity of the experiment, we return the remote from the AndroidManifest.xml string, collect the package, subscribe and install.
Our experimental rabbit. Seen advertising 
Op-Pa! Advertising disappeared only during the application, but remained in the main menu that we see when we run soft. So, wait, but after all, the entry point is the MainActivity class, and the advertisement disappeared during the application, but remained in the main menu, then the entry point is different? To reveal the true entry point, open the AndroidManifest.xml file. And yes, it has the following lines:
They tell us (and, more importantly, android) that activity with the name START must be running in response to the generation of the intent (events) Android.Intent.action.Main from the category Android.intent.category.launcher. This event is generated when tapped on the application icon in the Lancher, so it determines the entry point, namely the Start class. Most likely, the programmer first wrote the application without a major menu, the entry point to which was the standard MainActivity class, and then added a new window (activity) containing the menu and described in the Start class, and manually made it input point.
Open the START.SMALI file and again looking for the AD string, we find in line 153 and 155 mention of the FIRSTAD class. He also has in the source and, judging by the name, is just responsible for displaying ads on the main screen. We look further, there is an instance of an instance of the FIRSTAD class and the intent, according to the context of having a relation to this instance, and then the Cond_10 label, the conditional transition to which the accuracy is carried out before creating an instance of the class:
IF-NE P1, V0,: COND_10 .Line 74 NEW-Instance V0, Landroid / Content / Intent; ...: Cond_10
Most likely, the program is somehow randomly calculates whether to show advertising on the main screen, and, if not, jumps immediately to Cond_10. OK, we simply simplify the task and replace the conditional transition to the unconditional:
# If-ne P1, V0 ,: Cond_10 Goto: Cond_10
There are no more FIRSTAD references in the code, so we close the file and again collect our virtual torch using APKTOOL. Copy on your smartphone, install, run. Voila, all advertising disappeared, with which we congratulate all.
RESULTS
This article is only a brief introduction to the methods of opening and modifying Android applications. For the scenes, many questions remained, such as removing protection, analysis of the obfused code, translation and replacing application resources, as well as the modification of applications written using Android NDK. However, having basic knowledge, understand all this - only the question of time.
Since he himself googled the question " how to sign ak file? ", I know what to find really working and everything is not so easy to find the instruction. That is why I decided to write a material about how it is worth correctly signing my program or the game for Android.
As you know now without digital signature, your creation is not easy to accommodate in the market "e, and this is already serious. I noticed very many young developers on Android, so to say newcomers and at all forget to sign your application at all and try to do something and all Worth the question why they do not manage to perform this or that action with their APK file.
So, we will not pull the rubber and begin immediately with how you can sign your APK file and what actually use to achieve the desired result.
This method is the rightmost one of all listed, so we describe it in this material. We will make our own keys with your data and certificates and will signify the application you created.
We will need: OpenSSL and SIGNAPK.
To begin with, make a certificate and key to signature. Install OpenSSL. During installation, the selection installer will offer to copy the components to the Windows folder, select the BIN folder, which will be on the site where you install the entire OpenSSL.
Now open on behalf of the system administrator (it is very important!) Command line. Then go to the command line to the BIN folder, which is located in the folder where you installed OpenSSL (for example, C: \\ OpenSSL \\ Bin \\ or C: \\ Program Files \\ OpenSSL \\ Bin \\). If you do not know, the transition to another folder is executed by the command cD. That is, in order to go to the desired folder you should execute the command of this plan:
cD C: \\ OpenSSL \\ Bin \\
After you are in the BIN folder, you can proceed directly to creating a certificate and key.
Step 1 (We carry out the key generation of 1024 bits)
Run the command:
openssl Genrsa -OUut Key.pem 1024
Step 2. (Based on the key Create a certificate request)
Run the command:
openSSL Req -New -Key Key.pem -out Request.pem
At this stage you will need to enter your data that will identify you in the certificate.
Step 3 (We generate a private key on the certificate)
Run the command:
openSSL X509 -REQ -DayS 9999 -in Request.pem -SignKey Key.pem -out Certificate.pem
Step 4. (We carry out the open key generation)
Run the command:
openSSL PKCS8 -Topk8 -outForm Der -in Key.pem -inform Pem -Out Key.pk8 -nocrypt
At this stage, creating the files you need to sign up your games and applications is completed. Using the created key and certificate, you can sign an pleasing number of games and applications on Android.
And now, actually, let's start signing the application. Unpack the above archive with Singapk. Move from the BIN folder, where we created a certificate and key 2 file: certificate.pem. and key.pk8. In the folder where you unpacked Singapk. Windows must display the file replacement dialog - replace.
Now in order to sign the APK file a unique digital signature that you did yourself, just the mouse pull your APK file to sign_apk.bat.. In order not to pull the file from one window to another (it is not convenient) Move your APK file to the folder with Singapk. After execution, a file will appear in the Singap folder apk_signed.apk.which will be your signed app or play.
Last updated: 10/30/2015
After creating an application, its testing and debugging, we can proceed to its publication. The essence of the publication is to create a file with expansion. .apk.That will represent the application and its subsequent placement on Google Play Market or on other external sites. By default, during debugging and creating an application, the APK file is already created, and we can find it in the project folder on the way Title_Project \\ App \\ Build \\ Outputs \\ APK. By default, the file is called app-Debug.apk. And represents a debug version.
But for fully publishing this file may not be enough. And we still need to make some project preparation for release. To do this, specify in the manifest file from the element
In addition, at this stage, you can install an application icon that will be displayed on the gadget operating screen, the application name (Android attribute: label at the item), and you can also specify the license agreement.
In the manifest file, you should also determine the name of the package (attribute Package element
In this case, if in the Java file files, the package name at the beginning of the file should also correspond to the application package.
Installing requirements
At the stage of preparing for release, you can also set the requirements for the API. For example, our application has a certain minimum version of Android, so we can install the corresponding attributes from the element in the manifest file
android: MINSDKVERSION - Minimum version of Android
android: TargetSdkversion - Optimal version of the API
android: MaxSdkversion - Maximum System Version
For example, let the minimum version of Jelly Beans 4.1.2, and the optimal Kitkat 4.4.4:
Signature applications
When everything is already ready, the Android application must be signed by a certificate, thanks to which you can identify the author of the application. When we test the application by installing it through Android Studio to the device, it is automatically signed. But to create a release version, we need to produce an additional action.
When creating a certificate, it should be remembered that when updating the application, the system will compare certificates of the old and new version. And the update will occur if the certificates of both versions coincide. But if the new version is signed by a new certificate, the application will be regarded as a completely new, in no way associated with the old version and representing a completely different application. In this case, in order to install it, the new version will have to have another name of the package than the old one.
First, in Android Studio, choose the Build -\u003e Generate Signed APK in the menu. After that, we will open the Master window:
Click the Create New button. After that, we will open the key creation window:
We introduce a path to the network file to the key store path in the Key Store field. If the specified folder does not exist, then it must be created or defined an existing folder.
In the Password / Confirm field, specify the password.
In the Alias \u200b\u200bfield, we specify a pseudonym. You can deliver an arbitrary name.
In the FIRST AND LAST NAME field, enter the name and surname. And then we have a division, organization, city, country and country code.
At the end, click OK.
After that, the first window will automatically be updated:
The final window will show us the path to the directory where the signed APK application will be located in the Release version. Click on FINISH.
Now on the specified path can be found signed apk, which will be called app-relase.apk.:
We can rename the file by saving its extension and lay out in Play Market or on any site or immediately download to your mobile device. After downloading to the phone / tablet, it is worth it to hp it on it, and using the standard package installer, the application will be installed. True, it is also necessary to take into account that if we install the application not from Play Market, then in the settings you need to allow installation from other sources - Security-\u003e Unknown sources (allow the installation of applications from other sources)
