Open Surendrajat opened 3 years ago
skylot
commented
3 years ago @Surendrajat this can be done. By the way, do you going to parse that file? Because jadx use info provided by apksig library (check ApkSignature class). So maybe for you, it will be easier to just use that lib.
Surendrajat
commented
3 years ago @skylot thanks for the reply.
No. I am planning to keep the json(?) file as output in the project root for interested people to see.
Yes, I see that jadx uses apksig but because I'm doing it in typescript and not java, and am potentially trying to avoid just another jar :)
But for now, I think I can parse the little info uber-apk-signer spits and save that until it's done in jadx.
99zikke
commented
1 year ago @skylot Hi, can jadx now have a cli cmd to get an apk's signature? By the way, I have some questions about how jadx get the signature of one apk. I have used some tools such as apksigner.jar, keytool.jar, etc. to test some apks but their result is "No Jar Signatures". However, although jadx will also get the "No Jar Signatures" on these apks, jadx also have a valid signature info about these apks. How this worked?
jpstotz
commented
1 year ago @99zikke Jadx uses apksig library Whis is also used by apksigner.
Usually "JAR signature" is the name of APK v1 signature. An APK can have an V2 and/or v3 signature with or without v1 signature. Each signature version is independent of the other versions and can be present or not. Does that solves your confusion?
99zikke
commented
1 year ago @99zikke Jadx uses apksig library Whis is also used by apksigner.
Usually "JAR signature" is the name of APK v1 signature. An APK can have an V2 and/or v3 signature with or without v1 signature. Each signature version is independent of the other versions and can be present or not. Does that solves your confusion?
I got it. Thank you very much!
Describe your idea:
@skylot first of all, thank you very much for Jadx. This makes the android RE experience so much easier.
About the feature request, I see that
jadx-guihas APK signature view which shows the details of all versions of signatures used. However, I don't see an equivalent option forjadxCLI. It'll be nice to get signature info output in a file containing all info (say, signatures.json) with a switch like--cert-info.Additional context: I'm working on https://github.com/Surendrajat/APKLab and I'm using Jadx CLI to decompile the apk. I'd very much like to avoid adding yet another jar file just to parse certificates because Jadx already can do that.. just not in CLI yet.