Activity 3 - Mobile Forensics
Signing the modified APK file
Estimated Time : 15 Minutes
Objective
With malicious code injected into one of the files of APK in Activity 2, we will re-build the APK file now and sign it with same java key store file generated during Activity1.
Description
With malicious code injected into one of the files of APK in Activity 2, we will re-build the APK file now and sign it with same java key store file generated during Activity1.
Prerequisites
For this Activity you need to download, install jdk
and set environment variables 'Path' & 'JAVA_HOME'
in windows. This is required for running 'jarsigner'
command to build the modified APK file. You can watch
below YouTube video for reference.
How to Install Java JDK 18 on Windows 10
Artifacts
Click below link to download files.
login.apk
Instructions
- Step 1: After updating code of "RestClient.smali" file in Activity 2, we will re-build app-release.apk file in this Activity.
- Step 2: Open command prompt and go to path where you have placed files "app-release.apk" & "apktool_2.0.0rc3.jar" initially.
- Step 3: Execute below command to build app-release folder and create new "app-release.apk" file. java -jar apktool_2.0.0rc3.jar b app-release
- Step 4: Observe that a new file "app-release.apk" is created under sub-folder /app-release/dist/
- Step 5: Since the code has changed, old signature is invalid. So, we need to sign it again.
- Step 6: Open command prompt and execute below command. jarsigner -verbose p9cert.jks app-release/dist/app-release.apk proj9key
- Step 7: To save time, modified APK file with name as "login.apk" is provided under "Activity 3: Artifacts" section. Kindly use it for subsequent Activities
(Note: If you are getting "jarsigner not found" error, it means Java configurations is not set correctly in your windows system.
Please refer section "Activity 3: Pre-Requisites" for setting environment variables correctly.)
Self-Assessment
Please complete the following self-assessment over Activity 3.
Start Assessment