Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to find signature of apk file?

What's the easiest way to find signature of an apk file? Please note that I'm not asking about code. I just want to find it from my pc. Signature like this one 975yYkKAQF+KST7g3ASHvHkYopq=

like image 221
user3548321 Avatar asked Jul 25 '16 01:07

user3548321


People also ask

What is signature in APK?

APK Signature Scheme v2 is a whole-file signature scheme that increases verification speed and strengthens integrity guarantees by detecting any changes to the protected parts of the APK.

How do I find my app signature on Android?

Android Security Verifying App Signature - Tamper Detection We can break this technique into 3 simple steps: Find your developer certificate signature. Embed your signature in a String constant in your app. Check that the signature at runtime matches our embedded developer signature.

Is APK signed?

APK signing has been a part of Android from the beginning. It is based on signed JAR. For details on using this scheme, see the Android Studio documentation on Signing your app. v1 signatures do not protect some parts of the APK, such as ZIP metadata.


2 Answers

$ $ANDROID_SDK/build-tools/$BUILD_TOOLS_VERSION/apksigner verify --print-certs -v $APK_FILE

Example:

$ /Users/hborders/android/build-tools/29.0.2/apksigner verify --print-certs -v ~/Desktop/my-apk.apk

Verifies
Verified using v1 scheme (JAR signing): true
Verified using v2 scheme (APK Signature Scheme v2): true
Verified using v3 scheme (APK Signature Scheme v3): false
Number of signers: 1
Signer #1 certificate DN: CN=Bob Smith, OU=Acme, O=Acme, L=San Francisco, ST=California, C=US
Signer #1 certificate SHA-256 digest: f1f2f3f3f21f26a67s76a6a76a76a76a76a67c78c8c78c709c90c90c09932451
Signer #1 certificate SHA-1 digest: 839103847abdefcbade123713957358920
Signer #1 certificate MD5 digest: 182831983712923f2e2e2f2a2c2fbc25
Signer #1 key algorithm: RSA
Signer #1 key size (bits): 1024
Signer #1 public key SHA-256 digest: 8acaca8cabcaabdadc8cc99cc695ace47aec4c747c746c476cae4657c47c4765
Signer #1 public key SHA-1 digest: b11bca4123bea24befbe5b8be9768ef078

apksigner is part of the Android SDK in the build-tools directory. It's the tool print-apk-signature uses.

like image 80
Heath Borders Avatar answered Nov 12 '22 07:11

Heath Borders


Signature[] sigs = context.getPackageManager().getPackageInfo(context.getPackageName(), PackageManager.GET_SIGNATURES).signatures;
for (Signature sig : sigs)
{
    Trace.i("MyApp", "Signature hashcode : " + sig.hashCode());
}

http://developer.android.com/reference/android/content/pm/PackageManager.html

this might help

First, unzip the APK and extract the file /META-INF/ANDROID_.RSA (this file may also be CERT.RSA, but there should only be one .RSA file).

Then issue this command:

keytool -printcert -file ANDROID_.RSA You will get certificate fingerprints like this:

 MD5:  B3:4F:BE:07:AA:78:24:DC:CA:92:36:FF:AE:8C:17:DB
 SHA1: 16:59:E7:E3:0C:AA:7A:0D:F2:0D:05:20:12:A8:85:0B:32:C5:4F:68
 Signature algorithm name: SHA1withRSA

Then use the keytool again to print out all the aliases of your signing keystore:

keytool -list -keystore my-signing-key.keystore You will get a list of aliases and their certificate fingerprint:

android_key, Jan 23, 2010, PrivateKeyEntry, Certificate fingerprint (MD5): B3:4F:BE:07:AA:78:24:DC:CA:92:36:FF:AE:8C:17:DB Voila! we can now determined the apk has been signed with this keystore, and with the alias 'android_key'.

Keytool is part of Java, so make sure your PATH has Java installation dir in it.

How do I find out which keystore was used to sign an app?

like image 27
Charuක Avatar answered Nov 12 '22 07:11

Charuක