March 24, 2020 · Adv. Pen-Testing Pentest Android
APKTOOL Reverse engineering , a complete cli set to modify apk
adb connect 10.0.0.36
adb root
# Fix verify install issue
adb shell settings put global verifier_verify_adb_installs 0
adb shell settings put global package_verifier_enable 0
# Decompile apk
apktool -r d com-a-merchant-client_2020-03-20.apk
# You may now inject your code here
# rebuild it
apktool b com-a-merchant-client_2020-03-20
# find the location
find com-a-merchant-client_2020-03-20 -name com-a-merchant-client_2020-03-20.apk
# create sign key
keytool -genkey -alias abc.keystore -keyalg RSA -validity 365 -keystore abc.keystore
# sign it
jarsigner -verbose -keystore abc.keystore -signedjar signed.apk \
com-a-merchant-client_2020-03-20/dist/com-a-merchant-client_2020-03-20.apk abc.keystore
# send it to your android client
scp -P 8022 signed.apk 10.0.0.36:~/
# install it
adb shell
cd TO_YOUR_HOME_DIR
pm install signed.apk