aka hacking apk reverse engineering Guides: https://blog.securityevaluators.com/how-to-view-tls-traffic-in-androids-logs-6a42ca7a6e55 https://archive.ph/zDaV6 - used during Lutron hacking Tools: $ sudo apt install adb apktool openjdk-11-jdk-headless zipalign apksigner $ locate apktool - replace apktool with new version: - https://github.com/iBotPeaches/Apktool/releases $ sudo mv /usr/share/apktool/apktool.jar /usr/share/apktool/apktool.jar.orig $ sudo mv ~/Downloads/apktool_2.5.0.jar /usr/share/apktool/apktool.jar Get APK file: - find name of the app $ adb shell pm list packages | grep covid - find path of the app $ adb shell pm path ca.ab.gov.covidrecordsverifier - pull the apk $ adb pull [path] . Decompile: $ apktool d application.apk -o output/ Compile: $ apktool b output/ --use-aapt2 -o patched.apk $ zipalign 4 patched.apk patched2.apk Sign: - disable verification over USB in developer settings? - the following just once: $ keytool -genkey -v -keystore release.keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000 $ apksigner sign --ks release.keystore patched2.apk Install: $ adb install patched2.apk Read logs: $ adb logcat -c Old instructions ---------------- $ jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore release.keystore patched.apk alias_name