Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[feature] get signatures info using CLI tool #1083

Open
Surendrajat opened this issue Jan 16, 2021 · 5 comments
Open

[feature] get signatures info using CLI tool #1083

Surendrajat opened this issue Jan 16, 2021 · 5 comments
Labels
CLI Issues in jadx-cli module enhancement new feature

Comments

@Surendrajat
Copy link
Contributor

Surendrajat commented Jan 16, 2021
edited
Loading

Describe your idea:

@skylot first of all, thank you very much for Jadx. This makes the android RE experience so much easier.

About the feature request, I see that jadx-gui has APK signature view which shows the details of all versions of signatures used. However, I don't see an equivalent option for jadx CLI. It'll be nice to get signature info output in a file containing all info (say, signatures.json) with a switch like --cert-info.

Additional context: I'm working on https://github.com/Surendrajat/APKLab and I'm using Jadx CLI to decompile the apk. I'd very much like to avoid adding yet another jar file just to parse certificates because Jadx already can do that.. just not in CLI yet.
@skylot
Copy link
Owner

skylot commented Jan 16, 2021

@Surendrajat this can be done.
By the way, do you going to parse that file? Because jadx use info provided by apksig library (check ApkSignature class). So maybe for you, it will be easier to just use that lib.

@skylot skylot added CLI Issues in jadx-cli module enhancement labels Jan 16, 2021
@Surendrajat
Copy link
Contributor Author

@skylot thanks for the reply.
No. I am planning to keep the json(?) file as output in the project root for interested people to see.
Yes, I see that jadx uses apksig but because I'm doing it in typescript and not java, and am potentially trying to avoid just another jar :)
But for now, I think I can parse the little info uber-apk-signer spits and save that until it's done in jadx.

@Surendrajat Surendrajat mentioned this issue Jan 19, 2021
Open
@99zikke
Copy link

99zikke commented Dec 1, 2022

@skylot Hi, can jadx now have a cli cmd to get an apk's signature?
By the way, I have some questions about how jadx get the signature of one apk. I have used some tools such as apksigner.jar, keytool.jar, etc. to test some apks but their result is "No Jar Signatures". However, although jadx will also get the "No Jar Signatures" on these apks, jadx also have a valid signature info about these apks. How this worked?

@jpstotz
Copy link
Collaborator

jpstotz commented Dec 2, 2022

@99zikke Jadx uses apksig library Whis is also used by apksigner.

Usually "JAR signature" is the name of APK v1 signature. An APK can have an V2 and/or v3 signature with or without v1 signature. Each signature version is independent of the other versions and can be present or not. Does that solves your confusion?

@99zikke
Copy link

99zikke commented Dec 2, 2022

@99zikke Jadx uses apksig library Whis is also used by apksigner.

Usually "JAR signature" is the name of APK v1 signature. An APK can have an V2 and/or v3 signature with or without v1 signature. Each signature version is independent of the other versions and can be present or not. Does that solves your confusion?

I got it. Thank you very much!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
CLI Issues in jadx-cli module enhancement new feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@skylot @jpstotz @Surendrajat @99zikke