Create Signed Zip with airSlate SignNow

Signed zip

hey guys hackers Floyd here back again with another video and in this video I'm gonna be showing you how to sign Android apks or applications with zipper line and jaw seiner alright so the structure of the android penetration testing videos is going to be as follows after this video I'll be making video now to automatically embed payloads or create out or to create backdoors in applications automatically so we looked at how to do it manually we looked at the proof-of-concept of that and we're looking at signing the applications now after the automatic embed video which will be coming after this we'll then we will take a look at obfuscation of course we will then look at persistence after persistence will finally end the series with port forwarding so that you can conduct these attacks over the Internet alright so let's get started with today's video so the first question many people may be having if this is your first time dealing with Android applications at a developer level why would we want to sign applications or why do Android applications need to be signed well all Android applications must be signed digitally with a certificate now this is done to ensure the authenticity of the application so the private key is going to be held with the developer so that only he or she can release versions of the app that are verifiable via the certificate alright so in essence signing an application ensures its authenticity from the developer so no one else can you know simply sign an application without that particular key store and release it on the Google Play Store that's the OL essence of signing applications or signing apks now the tools we'll be using for this video or that was I'm gonna be using to show you how to essentially sign your applications so that you can install them on Android devices are going to be key tool JA signer and zipper line alright so this takes us to the next question what is a key store because we need a key store to sign these applications well a key store which is also known as the Java key store with the extension of jks is a repository of security certificates both public and private keys that are used to digitally sign Android applications and each key store as I mentioned is unique to the developer so a key store potentially or essentially stores your security certificates the public key is used to sign the apk because before it is released to the Play Store all right so that brings us on to the next tool or the first tool we'll be using that will allow us to generate key stores which is key tool all right so key tool allows you to create these key stores and comes prepackaged with the Java JDK which is awesome all right so let us get started by generating our key store all right so the commands I'll be I'll essentially show you the command you need to use to generate the keys to an aryl I'll explain what each of the arguments are so let's get started so to get started we type in key tool and after that we type in Gen key which will put you're prompted to generate or it will essentially give us the option to generate our key I will use a verbose output here and the the key we are generating is a key store all right so we specify that by typing in key store and we then provide the destination in which all the directory in which we want to save our key store so I will call it key dot key store and you can also use you can also use the jks extension if you want to I simply prefer using key store so that I can keep it very very simple and I understand what I'm doing all right so next you need to specify the alias now the alias is very very important for your particular key store in my case I'll just use my name so that I remember it very very easily so Alexis alias is going to be Alexis you then have key out I'll explain what that is in a second so key Alka that is your key algorithm that we're going to use RSA for that we then have the key size so the key size can vary from 1024 for 2048 to 4096 in our case we'll just go for the standard 2048 and then the validity I'll explain what this is in a second so validity so the validity is going to be outside mine to a thousand all right and I will hit enter and let me explain before we actually hit enter what I've done here so is specifying keytool as the main as he made told we're using we are saying generate the key where for boosting the output so we know what's going on now we're saying we want to generate a key stock we'll specify the destination to store it in and the name of the file or the name of the key store we have provided it with an alias we have also specified the key algorithm to use or the algorithm that will be used for the key which is RSA the key size in bits so that's 2048 and the validity of the key store which is a thousand days which means the application will be valid or this key store will be valid for that long and the deed duration is in days all right so the key sizes in bits the validity is in days and the key algorithm is the algorithm that will be used to generate the keeper and the alias is the key pair alias name very very important stuff this I'm going to enter it's going to ask me to specify the keystore password make sure you select a safe password I'm just going to specify one here we hit enter it's gonna ask me for my first and last name since I'm not going to be using this for assigning an application that will go to the Google Play Store I'll just state test test test test and TS two-letter country we have just used es again and I'm just gonna - yes to generate the key store and there we are it's going to store it on your route a desktop and key store or whatever directory you would specify all right so we have generated our key store so we can now use this key store to sign our applications so to do that we use JA signer alright so let me just clear my terminal so we will be using jaws signer to sign the application with our key store so the application will be signing is the one that I've been using for this video series the one that we actually embedded a payload in which is the Google now launcher which we have right here and it is still in its original directory right over here unchanged alright so we the option for jar for Jaws line are very very simple so we specify jar signer so jaw signer and we specify for both people both output and then we move into the signature algorithm so signature algorithm is denoted by sig out and then the signature algorithm is going to be sha-1 with RSA okay sorry about that time we are using sha-1 with RSA and then we need to specify our digest algorithm so digest algorithm and that is going to be equal to short to do sha-1 sorry thank you from typing that wrong way sha-1 and then we specify the key store so the key store is right over here then that's going to be stored in our desktop and we're looking for key key key store I believe I stored it there if I'm correct I think I did store it on my desktop let me just check one more time here there we are key dot key store and there it is all right so key door key store I no need to specify the Android application that we want to sign which is in this directory so the other thing I need to do is I need to copy the name of the of the file so it is in original it's in dist and I'll just rename here and I will copy the entire name I would have done it in another terminal but I just want to show you ye that you need to specify these options accurately and then we specify the alias which is Alexis or whatever alias you set for your particular key store I'm gonna it enter it's gonna ask me for the passphrase for the keystore so enter that right now and it enter alright after you've done that it's gonna tell you here that the job was signed and the signers certificate is self signed don't worry about that that's perfectly not normal and the application should be signed now the important thing to take into consideration is we now need to perform zipper lining now for those of you are Android developers you already know what this is and what it is why it is important so for those of you don't know let me explain what's going on here so we have signed the application we now need to perform zip alignment all right so zipper line is essentially is essentially an optimization process that is performed on an application that allows it to run more efficiently after signing all right so it's usually done when you want to release your application to the public or the Google Play Store after the signing process all right so zipper line will restructure the resources in an apk along a white boundaries all right so this alignment allows Android to quickly load the resources from the apk increasing the performance of the application and potentially reducing memory use so this is usually done as an optimization for Android applications to make them run as efficiently as possible all right so let us get started with zipper lining and how to zipper line our particular application so we type in zip a line and it's very very simple so zipper line with both the output and we specify for I'll explain what four is and we then specify the application we want to zip a line and then we specify the output file with its name so I'm just gonna say signed dot apk and I'll just hit enter and I'll explain what is what's taking place here so what you'll see is the verification it was essentially verify the alignment of the signed apk so then you'll see it will then compress all the other options right over here in the application as I mentioned and this is testament what I said earlier it essentially makes sure that the application runs efficiently as possible all right so if I list the files here you will see we have our signed apk and we are essentially done we have been able to sign our apk and you can do this to all the payloads or all the applications that have back doors because signing is very very important so if I type in here zip online you can see that one ounce of typed in zipper line the option four is specified here and that essentially provides 32-bit alignment which is very very important you can also specify an additional alignment that will make sure it compresses it even further but I don't recommend going above four all right so that is going to be it for this video thank you so much for watching if you have any questions or suggestions let me know in the comments section on my social networks or on the forum Atticus play dog and I'll be seeing you in the next video peace [Music]