# Firma de app

## Generación de llave

### keytool

```shell
keytool -keystore /tmp/app.keystore -genkey -keyalg RSA -keysize 2048 -dname "CN=app-cn, OU=app-ou, O=app-o, L=app-l, ST=app-st, C=app-c" -validity 180 -alias app-keystore
```

## Firmado de app

### jarsigner

```shell
jarsigner -keystore /tmp/app.keystore app-compiled.apk app-keystore
```

### apksigner

```shell
# Creación de archivo con contraseña
echo "<password>" > password.txt

# Firmado de app
apksigner sign --ks /tmp/app.keystore --ks-pass file:password.txt --v1-signing-enabled true --v2-signing-enabled true app-compiled.apk
```

## Optimización de APK

### zipalign

{% hint style="info" %}
Importante: se debe usar **zipalign** en uno de los dos puntos específicos del proceso de compilación de apps, según la herramienta de firma de apps que se utilice.

* Si usas **apksigner**, zipalign solo debe realizarse antes de que se firme el archivo APK. Si firmas tu APK con un apksigner y realizas más cambios en el APK, tu firma se invalida.&#x20;
* Si usas **jarsigner**, zipalign solo debe realizarse después de que firme el archivo APK.
  {% endhint %}

```shell
zipalign -p -f -v 4 app-compiled.apk app-aligned.apk
```

* -p =alineación de páginas de memoria para archivos de objetos compartidos.
* -f = Sobrescribe archivo de output (`app-aligned.apk`).
* -v = modo verboso.
* 4 = 4 bytes para sistemas de 32 y 64 bits.

Confirmación de alineación de `app-aligned.apk`.

```shell
zipalign -c -v 4 app-aligned.apk
```

## Proceso de firmado de app

```sh
echo -e "password\npassword" > password.txt
cat password.txt | keytool -keystore /tmp/app.keystore -genkey -keyalg RSA -keysize 2048 -dname "CN=app-cn, OU=app-ou, O=app-o, L=app-l, ST=app-st, C=app-c" -validity 180 -alias app-keystore
zipalign -p -f -v 4 app-compiled.apk app-aligned.apk
echo password | apksigner sign --ks /tmp/app.keystore --out app-signed.apk app-aligned.apk
adb uninstall $(aapt dump badging app-compiled.apk | grep package | awk -F"'" '{print $2}')
adb install app-signed.apk
```

* <https://github.com/MrW0l05zyn/pentesting/blob/master/mobile/sign_and_install_apk.sh>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://mobile.mrw0l05zyn.cl/android/firma-de-app.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.