Trust me , it’s very easy to bypass or kill signature verification of any android app with the help of my tool Apkmod.

Requirements :

Steps :

  1. Let’s assume , we have latest whatsapp apk so command would be

     apkmod --signature-bypass --killer=k2 -i /path/to/whatsapp.apk -o killed_whatsapp.apk

    Apk must be untouched before killing signature verification.

    Now you can modify it or inject metasploit payload with it using apkmod.

  2. Sign it ( Optional )

     apkmod -s -i killed_whatsapp.apk -o signed_whatsapp.apk

Tips:

  • There are two version available of signature killer , one is k1 and second one is k2, you will have to specify version like --killer=k1 or --killer=k2.

  • Always try k2 first :)