APK Signing Using ZIPALIGN && APKSIGNER

I am going to demonstrate how to sign an APK using apksigner and zipalign on a Kali Linux machine.

The first thing I need to do is build the APK. After doing that I will move into the directory containing the new APK.

Now I’m going to sign the APK file using zipalign and apksigner. In Kali Linux, zipalign from the Kali repository is broken. I will demonstrate how to resolve this issue.

I first need to create an Android Keystore file that contains the private and public keys assigned to the APK. To do this, I will be using keytool.

Now I will use zipalign to ensure the APK is properly aligned. This improves the APK’s performance.

“base-aligned.apk” has been created by zipalign. Before I move forward with the signing process, I am going to quickly run through the steps to resolving the broken zipalign in Kali Linux.

The first step is to open “/etc/apt/sources.list” in a text editor. I use nano.

Comment out “deb http:kali.org/kali kali-rolling main contrib non-free-fireware” then add “deb http://ftp.de.debian/debian buster main”.

Next, using the “sudo apt –purge remove zipalign” command, I will completely purge the system of the broken zipalign so that I can install a proper zipalign from the newly added debian repository.

After running “sudo apt update && sudo apt upgrade -y”, we are able to install zipalign from the new repository.

I am now going to copy the newly installed zipalign into a different ON-PATH location then reconfigure the “/etc/apt/source.list” file back to its original configuration, then update the system with “sudo apt update && sudo apt upgrade -y”.

After saving and closing out of nano, run the command “sudo apt update && sudo apt upgrade -y”. This updates the system with the newly configured source.list file. Run the zipalign command should print on the screen the similar output.

Ok. Now that I have gone over that, it is time to get back to the APK signing process.

I am using the tool apksigner to sign the APK. Apksigner can be installed by running the command “sudo apt install apksigner”.

Sign the APK by running the command ” sudo apksigner sign –ks-key-alias app –ks my.keystore base-aligned.apk”. Then verify it by runnning “sudo verify base-aligned.apk”. If done properly, the output should be similar to the follwoing screenshot.

Now the newly built APK is properly signed and ready to install on the Android device.

Leave a Reply

Your email address will not be published. Required fields are marked *

Filed under: Uncategorized - @ December 21, 2024 12:05 PM