Android Ethical Hacking, could it get any easier?! Try it yourself with apk CSigner!

Written by Mostafa Dafer on . Posted in Tips & Tricks

UPDATE November 2015: Version (0.8.2) released, Compatible with Windows 10!

UPDATE: A new version has been released (0.8.1)!

Introduction:
I’ve recently joined Android Developers and I have published CoolesTech RSS Feed Reader. All went fine until I had to self-sign my app (personal private key), and that’s what was like a nightmare (although it’s relatively easy); test keys worked like a charm when self-certificates failed… But Google does not allow test certificates as you may have noticed.

I have tried signar 1.3 and signer 0.3 but after my app seemed successfully signed I still got “application not installed.

So I have created my own tool, called “CSigner” that only runs in windows and comes with 2 versions (32-bit & 64-bit)

The only requirements are Java and windows…
2 (Small)

I’m posting it here just in case someone goes through what I have been striving to achieve…

Goal:
Whether you are new to signing apps, or getting “application was not installed”, then you’ve finally reached the correct place! Along signing apks, apk CSigner is capable of compiling & decompiling apks serving the pupose of pure sources/resources replacement.

Note: This program is designed for situations where apk multitool fail to compile/decompile certain apps. It’s not intended to replace other programs.Untitled (Small)

Requirements:

You must have Java (jdk) installed and you must add its path to Environment variable see this video for more help.

I heartily thank android-dls.com for their help! Because of them I figured out that some files were missing from OpenSSL (which generates the certificate).

If you face file not found error, you may need to install Java JRE (in addition to JDK).

Download: (v0.8.2)

apk_CSigner_x64                   apk_CSigner_x86 

Note: after unzipping the file, do not rename the folder (eg. apk_CSigner_x64).

If you like my work please click on “thanks” button on xda-developers:

http://forum.xda-developers.com/showthread.php?t=2062386

 

Tags: , , , , , , , , ,

Mostafa Dafer

Computer & Communication Eng. Stdnt. Founder & CEO of CoolesTech Knows Arabic; English, learning French, Chinese, and Japanese Email:Mostafa@coolestech.com

Comments (24)

  • Jonás Perusquía

    |

    cool! however, I'm unable to set PATH variable for ADB, simply not recognized 🙁

    Reply

  • Mostafa Dafer

    |

    I will add an automatic ADB installer in the next release 🙂

    Reply

  • Mostafa Dafer

    |

    I will add an automatic ADB installer in the next version 🙂

    Reply

  • Izara

    |

    Hi Mostafa, thanks for your tool!! It was a great help for my projects, however now I like to update an app that I have in Google Play but appear that message “The apk must be signed with the same certificates as the previous version while uploading apk on market” how can sign the update version with the same certificate? I will appreciate some light in this issue. Thanks again

    Reply

    • Mostafa Dafer

      |

      Hi Izara, to update a modified app there are two ways:

      1- Uninstall the modified app then install the updated one and re-customize it.

      2- Download the updated apk, from CSigner choose the new apk then choose sign using last created certificate (in case the last one was used for the older version). You can now update it.

      Either way, you are going to lose your modifications when you update to the newer version. So, in my opinion, it’s best to uninstall the app when possible (note that you may lose any saved progress), to solve the saved progress issue, you can install some database backup software like sqlite…

      Hope this helps, and thank you for your interest in CSigner 🙂

      Reply

      • Izara

        |

        Hi Mostafa, thanks for your reply. Sorry, but I don’t understand your explanation.

        Maybe I will explain myself better. The process I follow is:

        I created an app with a software that creates for me a magazine app (I don’t have android programming knowledge) then I decompiled this app with your tool for modify the Android Manifest and finally I compile and sign de APK.

        Because of my zero knowledge of the signing process every time I modify the App I create a new certificate in the signing process, therefore the first time I uploaded my APP to Google Play I signed the APP with a certificate that now I don’t have. At Google Play they say that I have to upload a new Application… 🙁

        I suppose that if I have saved the certificate.pem, key.pem and key.pk8 and use them every time this would not have happened.

        But anyway thanks for your help.

        Reply

    • Mostafa Dafer

      |

      Ah now I see. My previous comment was assuming that you wanted to update an app that you have installed on your phone. Now I understand that you want to upload an updated version to the store.

      According to my knowledge, there are three options to do it:
      Let your app that is in the store be X. And let the modified app that you want to put on the store be Y.

      1- open the apk file of X using some zip utility (other than winrar, winrar will not give you the result you want, if I remember correctly 7-zip is good) then open Y using the same utility. Finally, move the files of Y into the zip file of X replacing them all except the manifest file. This trick will replace the files without destroying the certificate.

      2- Delete your app from the store and upload it again.

      3- Upload your new version as a different app.

      For this not to happen in the future, you need to backup your certification keys (the ones you mentioned)

      Reply

      • Izara

        |

        Thanks Mostafa for taking your time to answer.

        I try your first option, but unfortunately it did’nt work whatsover 🙁
        When I copied the files in to the apk with the original certificate the apk does’nt install.

        Your second option option will force me to change the name of the APP and how it is a book it can not be possible.

        Ok, Thank you for you help and nice to talk with you.

        Reply

  • Mostafa Dafer

    |

    Hello Izara,

    I believe it will not install until you uninstall the other version (but will work great for the store users). I’m interested in this case and would like to help you further more… You are welcome to email me your custom version to look further into this issue 🙂

    Reply

    • Izara

      |

      Hi Mostafa,

      Wow! Thank you for your interest!! I will write you over this week a more extended email.

      Thanks again for your help.

      Reply

      • Izara

        |

        Hi Mostafa, we sent you an email to your address “Mostafa@coolestech.com” from antareus.com with more detailed explanations. Did you receive it? Thank you.

        Reply

  • Mostafa Dafer

    |

    Jonás Perusquía New version released! Version 0.8 can automatically detect and install ADB 😉

    Reply

  • Stephan

    |

    Hey,

    It seems that we’re unable to download the new version. When clicking, the post page reloads instead of the download. Can you please fix this ?

    Reply

    • Mostafa Dafer

      |

      Hey Stephan,

      Thank you for reporting the issue, the links have been fixed 🙂

      Reply

  • Jamal Glasgow

    |

    i used your tool to sign my one app then I went to create a new and and signed with new certificate, now i cannot sign my previous app to original certificate?

    Reply

  • Mostafa Dafer

    |

    Certificates overwrite each other, to avoid this issue, you can have a copy of the "bin" folder after each new certificate. Then you can replace the "bin" folder with the backup copy you want. (The "bin" folder contains the certificate, so replacing it will replace the certificate as well.)
    I will add some sort of certificate management in the next version.

    Reply

  • FlashT

    |

    Doesn’t work.. says no Java is installed. And it is not true… at first it said that ADT is not installed, but after running it as admin, it did something… and now only java left… but nothing happens even running as admin. Seems fake.

    Reply

    • Mostafa Dafer

      |

      Hello FlashT, sorry for my late reply… Thanks for reporting the issue, I have found that it’s doing this on some Windows 8 machines, as a quick fix, you can extract the zip file to c:\ directly and work from there (in case of x64 you will have c:\apk CSigner x64\ as the folder). I will look into this and fix it in the next version 🙂

      Update: please try now with the latest version (0.8.1).

      Reply

  • Gerardo

    |

    Hi Guys,
    I recently downlod the signer, but doesn’t work, due to the .bat file have a lot of missing labels, update, new, compile, etc.
    could you fix it? or give put in some place the old version.
    Thx

    Reply

    • Mostafa Dafer

      |

      Hi, sorry for the late reply!

      I thought that the script is obsolete and was surprised to know that it’s still valid…
      It only needed some minor tweaking, I’ve uploaded the new version (v.0.8.2) it’s now compatible with Windows 10!

      Reply

  • Neethi rajan. S

    |

    Hi, its not working. getting “The system cannot find the batch label specified – new” error. goto#new is not available in bat file.

    Reply

    • Mostafa Dafer

      |

      Hi, sorry for the late reply!

      I thought that the script is obsolete and was surprised to know that it’s still valid…
      It only needed some minor tweaking, I’ve uploaded the new version (v.0.8.2) it’s now compatible with Windows 10!

      Reply

Leave a comment