Patching apk | Notion

In case we want to make changes to the source code of the application, we can decompile it with apktools and make the changes to the SMALI code and then recompile the app.

Decompile the app using apktools
1. apktool d example.apk // 'd' for decompile
Make the changes
compile the app
1. apk tool b example/ -o newapk.apk //'b' for build
Sign the application
1. keytool -genkey -v -keystore class.keystore -alias alias -keyalg RSA -keysize 2048 -validity 10000 // Generate a new key if needed
2. Verify that 'TestOnly' is not present in the AndroidManifest.xml
3. jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore class.keystore newreapp.apk alias
Install using adb
1. adb install newapp.apk

Example for compiling:

Mobexler@Mobexler  ~/Documents/Attify  Mobexler@Mobexler <b0> ~/Documents/Attify <b0> apktool b reapp/ -o newreapp.apk                                                                                             <b2> ✔ <b2> 531 <b2> 19:06:11 
I: Using Apktool 2.4.1
I: Checking whether sources has changed...
I: Smaling smali folder into classes.dex...
I: Checking whether sources has changed...
I: Smaling smali_classes2 folder into classes2.dex...
I: Checking whether resources has changed...
I: Building resources...
I: Copying libs... (/kotlin)
I: Building apk file...
I: Copying unknown files/dir...
I: Built ap

Install the new app:

C:\\Users\\iron\\Documents\\android-platform-tools>.\\adb install ..\\class\\newreapp.apk
Performing Streamed Install
adb: failed to install ..\\class\\newreapp.apk: Failure [INSTALL_PARSE_FAILED_NO_CERTIFICATES: Failed collecting certificates for /data/app/vmdl346747873.tmp/base.apk: Failed to collect certificates from /data/app/vmdl346747873.tmp/base.apk: Attempt to get length of null array]

//Note: The installation will fail due to the app is not signed.

Create a key to sign with

                                                                                                                             ✔  534  19:13:13 
 Mobexler@Mobexler  ~/Documents/app  keytool -genkey -v -keystore class.keystore -alias alias -keyalg RSA -keysize 2048 -validity 10000                            ✔  534  19:13:13 
Enter keystore password:  
Re-enter new password: 
What is your first and last name?
  [Unknown]:  iron
What is the name of your organizational unit?
  [Unknown]:  class
What is the name of your organization?
  [Unknown]:  atifyc
What is the name of your City or Locality?
  [Unknown]:  uk
What is the name of your State or Province?
  [Unknown]:  state
What is the two-letter country code for this unit?
  [Unknown]:  uk
Is CN=iron, OU=class, O=atifyc, L=uk, ST=state, C=uk correct?
  [no]:  yes

Generating 2,048 bit RSA key pair and self-signed certificate (SHA256withRSA) with a validity of 10,000 days
	for: CN=iron, OU=class, O=atifyc, L=uk, ST=state, C=uk
[Storing class.keystore]
 Mobexler@Mobexler  ~/Documents/app ls                                                                                                                            ✔  535  19:14:36 
class.keystore  newreapp.apk  reapp  reapp.apk

Sign the apk

 Mobexler@Mobexler  ~/Documents/app  jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore class.keystore newreapp.apk alias                            ✔  537  19:29:54 
Enter Passphrase for keystore: 
   adding: META-INF/MANIFEST.MF
   adding: META-INF/ALIAS.SF
   adding: META-INF/ALIAS.RSA
  signing: classes.dex
  signing: AndroidManifest.xml
  signing: classes2.dex
  signing: resources.arsc
  signing: kotlin/kotlin.kotlin_builtins
  signing: kotlin/ranges/ranges.kotlin_builtins
  signing: kotlin/internal/internal.kotlin_builtins
  signing: kotlin/collections/collections.kotlin_builtins
  signing: kotlin/annotation/annotation.kotlin_builtins
  signing: kotlin/reflect/reflect.kotlin_builtins
  signing: kotlin/coroutines/coroutines.kotlin_builtins
  signing: res/mipmap-xxxhdpi/ic_launcher.png
  signing: res/mipmap-xxxhdpi/ic_launcher_round.png
  [SNIP[]
  signing: res/interpolator/btn_checkbox_checked_mtrl_animation_interpolator_1.xml
  signing: res/interpolator/btn_radio_to_off_mtrl_animation_interpolator_0.xml
  signing: res/interpolator/btn_checkbox_checked_mtrl_animation_interpolator_0.xml
  signing: res/interpolator/mtrl_fast_out_linear_in.xml
  signing: res/interpolator/btn_checkbox_unchecked_mtrl_animation_interpolator_0.xml
  signing: res/interpolator/fast_out_slow_in.xml

>>> Signer
    X.509, CN=iron, OU=class, O=atifyc, L=uk, ST=state, C=uk
    [trusted certificate]

jar signed.

Warning: 
The signer's certificate is self-signed.
The SHA1 algorithm specified for the -digestalg option is considered a security risk. This algorithm will be disabled in a future update.
The SHA1withRSA algorithm specified for the -sigalg option is considered a security risk. This algorithm will be disabled in a future update.

  Mobexler@Mobexler  ~/Documents/app  jarsigner -verify newreapp.apk                                                                                                ✔  538  19:30:51 

jar verified.

Warning: 
This jar contains entries whose certificate chain is invalid. Reason: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
This jar contains entries whose signer certificate is self-signed.
The SHA1 digest algorithm is considered a security risk. This algorithm will be disabled in a future update.
The SHA1withRSA signature algorithm is considered a security risk. This algorithm will be disabled in a future update.
This jar contains signatures that do not include a timestamp. Without a timestamp, users may not be able to validate this jar after any of the signer certificates expire (as early as 2048-09-19).

Re-run with the -verbose and -certs options for more details.

If it fails because of 'Test Only' flag then follow the instructions on 'Common Errors' Page.