1
00:00:00,900 --> 00:00:05,070
‫Instructor: Hi, now we have created our APK,

2
00:00:05,070 --> 00:00:07,770
‫there is one last thing that we should do,

3
00:00:07,770 --> 00:00:11,640
‫before we send them to our victims.

4
00:00:11,640 --> 00:00:15,060
‫So we need to sign this and by signing,

5
00:00:15,060 --> 00:00:20,060
‫I mean having a signature identifying us as a developer.

6
00:00:20,850 --> 00:00:24,300
‫So without doing this, some of the devices,

7
00:00:24,300 --> 00:00:26,430
‫actually most of the devices,

8
00:00:26,430 --> 00:00:30,840
‫won't accept this APK and won't run it.

9
00:00:30,840 --> 00:00:34,470
‫You may be able to install it on your own machine,

10
00:00:34,470 --> 00:00:37,290
‫but you won't be able to run it.

11
00:00:37,290 --> 00:00:41,730
‫So in order to avoid this problem, we are going to sign it.

12
00:00:41,730 --> 00:00:45,720
‫So you have transferred this APK to your host machine,

13
00:00:45,720 --> 00:00:49,470
‫which is maybe Windows, which is maybe Linux

14
00:00:49,470 --> 00:00:51,540
‫or which is maybe Mac.

15
00:00:51,540 --> 00:00:55,230
‫So I'm going to show you a way to sign this

16
00:00:55,230 --> 00:00:56,940
‫and if it doesn't work,

17
00:00:56,940 --> 00:00:59,370
‫I'm going to show you some alternatives,

18
00:00:59,370 --> 00:01:03,480
‫so that you can actually do this process.

19
00:01:03,480 --> 00:01:06,810
‫So if you are on Windows, click on the Windows sign

20
00:01:06,810 --> 00:01:11,340
‫and write CMD in order to open command prompt

21
00:01:11,340 --> 00:01:14,460
‫and if you're on Mac, just open your terminal

22
00:01:14,460 --> 00:01:18,270
‫and if you're on Linux of course open your terminal as well.

23
00:01:18,270 --> 00:01:20,610
‫So we need to run some commands

24
00:01:20,610 --> 00:01:24,240
‫and I'm going to show you what are those commands.

25
00:01:24,240 --> 00:01:26,820
‫And remember, sometimes it doesn't work,

26
00:01:26,820 --> 00:01:29,010
‫I'm going to show you some alternative ways,

27
00:01:29,010 --> 00:01:30,840
‫to fix this problem

28
00:01:30,840 --> 00:01:35,840
‫or some other tools to overcome the signing issue.

29
00:01:36,150 --> 00:01:38,400
‫So this is a long command actually,

30
00:01:38,400 --> 00:01:40,590
‫so I have it on my notes.

31
00:01:40,590 --> 00:01:43,498
‫I'm going to copy and paste for my notes.

32
00:01:43,498 --> 00:01:46,961
‫And of course I'm going to include those codes,

33
00:01:46,961 --> 00:01:50,580
‫in the resources of this lecture as well.

34
00:01:50,580 --> 00:01:53,790
‫So this is the code that we are going to run.

35
00:01:53,790 --> 00:01:55,470
‫This is the command.

36
00:01:55,470 --> 00:01:58,110
‫So it uses a tool called Key Tool

37
00:01:58,110 --> 00:02:01,140
‫and it generates a key store file,

38
00:02:01,140 --> 00:02:06,120
‫which is a file identifying the ID of the developer.

39
00:02:06,120 --> 00:02:09,570
‫So it will ask for some information like your name,

40
00:02:09,570 --> 00:02:12,150
‫your country, and some other stuff

41
00:02:12,150 --> 00:02:15,450
‫and it will ask a password as you can see.

42
00:02:15,450 --> 00:02:20,450
‫So give some password and give this password one more time

43
00:02:20,910 --> 00:02:24,570
‫and when you see this first name, last name and stuff,

44
00:02:24,570 --> 00:02:27,467
‫you can just skip it by hitting enter.

45
00:02:27,467 --> 00:02:31,620
‫And for the last time you will see something like no

46
00:02:31,620 --> 00:02:34,950
‫and just write yes and hit enter.

47
00:02:34,950 --> 00:02:37,050
‫So if it doesn't work for you,

48
00:02:37,050 --> 00:02:40,454
‫don't worry I'm going to show you an alternative, remember?

49
00:02:40,454 --> 00:02:43,590
‫So this created a key to our file,

50
00:02:43,590 --> 00:02:46,590
‫but since I'm not in the desktop,

51
00:02:46,590 --> 00:02:51,590
‫I should have written CD desktop and then run this command.

52
00:02:51,840 --> 00:02:55,890
‫I am in my users atilsam.

53
00:02:55,890 --> 00:02:59,910
‫So I believe it created file over here like this.

54
00:02:59,910 --> 00:03:02,880
‫So I'm going to move this file to my desktop.

55
00:03:02,880 --> 00:03:07,080
‫So it's essential that you have this two file side by side.

56
00:03:07,080 --> 00:03:09,300
‫It doesn't matter if you're on desktop

57
00:03:09,300 --> 00:03:12,240
‫or on your downloads or your own documents,

58
00:03:12,240 --> 00:03:17,070
‫just CD into that folder from your terminal, okay?

59
00:03:17,070 --> 00:03:20,100
‫So I'm going to CD into the desktop

60
00:03:20,100 --> 00:03:24,930
‫and then later on I'm going to run the second command.

61
00:03:24,930 --> 00:03:27,780
‫So copy and paste the second command

62
00:03:27,780 --> 00:03:30,660
‫from the resources of this course, okay?

63
00:03:30,660 --> 00:03:32,520
‫From this lecture.

64
00:03:32,520 --> 00:03:37,350
‫And we are going to use this key store to sign this APK

65
00:03:37,350 --> 00:03:41,552
‫and this Jar signer tool does exactly the same.

66
00:03:41,552 --> 00:03:44,640
‫All you have to change is the name of this file.

67
00:03:44,640 --> 00:03:47,880
‫So if this is ngroktest.apk for you,

68
00:03:47,880 --> 00:03:50,280
‫you don't even need to change that.

69
00:03:50,280 --> 00:03:52,374
‫It will ask you for your password,

70
00:03:52,374 --> 00:03:55,560
‫just give the same password and hit enter.

71
00:03:55,560 --> 00:03:58,770
‫And now this is signed.

72
00:03:58,770 --> 00:04:03,060
‫So if it didn't work out for you, what you can do?

73
00:04:03,060 --> 00:04:07,740
‫So the reason why it might have failed for you,

74
00:04:07,740 --> 00:04:10,200
‫you need some JDK tool,

75
00:04:10,200 --> 00:04:13,440
‫in order to run this jar signer, okay?

76
00:04:13,440 --> 00:04:16,890
‫JDK stands for Java Development Kit.

77
00:04:16,890 --> 00:04:18,930
‫So let me show you.

78
00:04:18,930 --> 00:04:20,550
‫Let me go to google.com,

79
00:04:20,550 --> 00:04:22,980
‫you don't have to do that right now.

80
00:04:22,980 --> 00:04:26,670
‫So let me search for JDK and here it is.

81
00:04:26,670 --> 00:04:28,950
‫So this is Java Development Kit

82
00:04:28,950 --> 00:04:33,000
‫and in fact two lectures later on,

83
00:04:33,000 --> 00:04:37,050
‫we are going to install this to our machines

84
00:04:37,050 --> 00:04:41,940
‫and we're going to install some ID called Android Studio

85
00:04:41,940 --> 00:04:45,810
‫and we are going to run some Java codes as well.

86
00:04:45,810 --> 00:04:48,162
‫But right now we don't have this.

87
00:04:48,162 --> 00:04:53,100
‫So an alternative tool is to find an APK signer,

88
00:04:53,100 --> 00:04:55,050
‫on Google Play like this.

89
00:04:55,050 --> 00:04:57,930
‫As you can see, if you search for APK signer,

90
00:04:57,930 --> 00:05:00,060
‫you get a lot of results.

91
00:05:00,060 --> 00:05:04,890
‫So do that within your own Android device, okay?

92
00:05:04,890 --> 00:05:07,020
‫So search for APK signer

93
00:05:07,020 --> 00:05:10,290
‫and just download the first one that comes up.

94
00:05:10,290 --> 00:05:15,290
‫That way if you download your APK from files FM,

95
00:05:15,600 --> 00:05:20,600
‫to your own phone or own tablet, Android tablet, okay?

96
00:05:20,818 --> 00:05:24,750
‫And then if you use this APK,

97
00:05:24,750 --> 00:05:28,410
‫with APK signer app that you have downloaded,

98
00:05:28,410 --> 00:05:32,310
‫then you will be able to do exactly the same thing,

99
00:05:32,310 --> 00:05:34,650
‫that we have done with the commands, okay?

100
00:05:34,650 --> 00:05:38,940
‫This tool does exactly the same thing.

101
00:05:38,940 --> 00:05:42,540
‫So if you download this and if you download the APK,

102
00:05:42,540 --> 00:05:46,860
‫you can just sign it with inside your machine as well.

103
00:05:46,860 --> 00:05:50,400
‫Then you can upload it to some kind of server

104
00:05:50,400 --> 00:05:55,230
‫or files FM one more time and then send it to the victim.

105
00:05:55,230 --> 00:05:59,670
‫And if you don't have any Android device at all,

106
00:05:59,670 --> 00:06:02,940
‫you can use some something called emulator,

107
00:06:02,940 --> 00:06:04,470
‫a simulator, okay?

108
00:06:04,470 --> 00:06:09,470
‫An Android software that simulates the actual Android forms.

109
00:06:10,920 --> 00:06:13,680
‫And you're going to see how to use it,

110
00:06:13,680 --> 00:06:15,780
‫in the next section as well.

111
00:06:15,780 --> 00:06:18,690
‫In this section, we are just warming up,

112
00:06:18,690 --> 00:06:20,520
‫we are getting you familiarized,

113
00:06:20,520 --> 00:06:24,480
‫with concepts of Kali Linux of backdoor

114
00:06:24,480 --> 00:06:26,910
‫and of hacking as well.

115
00:06:26,910 --> 00:06:29,700
‫So we don't have under Android studio,

116
00:06:29,700 --> 00:06:32,220
‫we don't have JDK right now.

117
00:06:32,220 --> 00:06:36,630
‫So you may encounter some kind of difficulty,

118
00:06:36,630 --> 00:06:38,880
‫like a jar signer thing,

119
00:06:38,880 --> 00:06:43,880
‫but you can overcome this with APK signer, obviously.

120
00:06:44,850 --> 00:06:46,200
‫After you do that,

121
00:06:46,200 --> 00:06:49,440
‫of course you can just go to files.fm one more time

122
00:06:49,440 --> 00:06:54,440
‫or any other service and upload your signed APK.

123
00:06:54,720 --> 00:06:57,960
‫So if this doesn't work out for you,

124
00:06:57,960 --> 00:07:02,460
‫just go to the next section, download the JDK

125
00:07:02,460 --> 00:07:05,763
‫and then try one more time, okay?

126
00:07:05,763 --> 00:07:08,820
‫So if it did work out for you,

127
00:07:08,820 --> 00:07:11,580
‫I suggest you don't delete this key store

128
00:07:11,580 --> 00:07:14,580
‫or if you have downloaded APK signer,

129
00:07:14,580 --> 00:07:16,620
‫don't delete that application,

130
00:07:16,620 --> 00:07:21,030
‫because we are going to use this a lot during this training,

131
00:07:21,030 --> 00:07:24,480
‫but I promise you it'll work out eventually,

132
00:07:24,480 --> 00:07:28,500
‫after you download JDK and SDKs of under Android studio.

133
00:07:28,500 --> 00:07:31,110
‫So don't worry about that.

134
00:07:31,110 --> 00:07:34,023
‫So let's stop here and see you in the next lecture.