You're Invited:Meet the Socket Team at BlackHat and DEF CON in Las Vegas, Aug 4-6.RSVP
Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

sigtool

Package Overview
Dependencies
Maintainers
1
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

sigtool

A command-line tool for in-depth APK signature and keystore analysis.

3.0
pipPyPI
Maintainers
1

SigTool: APK Signature and Keystore Analyzer Pro

Overview

SigTool is a command-line tool designed to in-depth APK signature and keystore analysis and related information. It provides various functionalities such as extracting APK metadata, signature hashes, CRC32 and HashCode values, generating Base64 and PEM encoded certificates, and more.

Features

  • APK Information Extraction: Extract essential details like app name, package name, version name, and build code from an APK file.

  • Signature Extraction: Retrieve the certificate bytes in hex string format from APK file, RSA file and x509 certificate.

    • To extract an x509 certificate from your keystore, you can check out our second tool, KeySigner.

  • Hash Calculations: Generates and displays a wide range of cryptographic hash values such as SHA-1, SHA-224, SHA-256, SHA-356, SHA-512, MD5 from the extracted certificate.

  • CRC32 and HashCode Calculation: Compute CRC32 and Java-style HashCode from the extracted certificate.

  • Smali Bytecode Generation: Convert the extracted certificate into a smali byte array format.

  • Base64 Encoding: Encode signatures and hashes in Base64.

  • PEM Certificate Parsing: Create and display PEM formatted certificates from the extracted certificate.

  • Colon and Uppercase Formatting: Format hashes with colons and convert to uppercase.

  • File Handling Capabilities: Manages file outputs efficiently, allowing users to save analysis results directly to files.

  • Generate MT VIP Hook: SigTool can also generate an MT VIP hook to bypass APK signatures. How to Inject the hook?...

Requirements

Before using SigTool, ensure that the following system dependencies are installed:

  • Python: Required to run the SigTool.
  • Java: Required to run smali.jar for generating MT hook.
  • aapt: Required to extract APK metadata.
  • OpenSSL: Required for handling certificates.

Installation

Termux (Android)

To install SigTool on Termux, use the following command to install all necessary dependencies:

pkg install python openjdk-17 aapt openssl-tool

Installation via pip (Recommended)

You can easily install SigTool using pip:

pip install --force-reinstall sigtool

For the latest changes and features, install SigTool directly from the GitHub repository:

pip install --force-reinstall -U git+https://github.com/muhammadrizwan87/sigtool.git

Custom Build Installation

To build SigTool from source:

  • Clone the repository:

    git clone https://github.com/muhammadrizwan87/sigtool.git

  • Navigate to the SigTool directory:

    cd sigtool

  • Install the build tools:

    pip install build

  • Build and install the package:

    python -m build
pip install --force-reinstall dist/sigtool-2.0-py3-none-any.whl

Usage:

usage: sigtool <apk_path> [-a] [-c] [-e] [-f] [-fc] [-fu] [-fuc] [-p] [-u] [-uc] [-hmt] [-o <output_path>]

positional arguments:
  apk_path       Path to the APK file

options:
  -h, --help     show this help message and exit
  -u             Convert output to uppercase
  -c             Add colons to certificate hashes
  -uc            Add colons to hashes and convert output to uppercase
  -e             Encode output in Base64
  -p             Parse PEM Certificate
  -a             Generate Smali Byte Array
  -f             Print All Information
  -fc            Add colons to hashes and print all information
  -fu            Convert output to uppercase and print all information
  -fuc           Add colons to hashes, convert output to uppercase and print all information
  -hmt           Generate and export hook of MT enhanced version
  -o O           Output results to a specified file path. If the path ends with '.json', results will be saved in JSON format.
  -v, --version  Show program's version number and exit

Examples:

  • To print the default results:

    sigtool /path/to/apk

  • To save the default results to a file:

    sigtool /path/to/apk -o /path/to/output.txt

  • To print the Base64-encoded results:

    sigtool /path/to/apk -e

  • To save all results to a file:

    sigtool /path/to/apk -f -o /path/to/output.bin

  • To save results in JSON format:

    sigtool /path/to/apk -f -o /path/to/output.json

  • To export hook of MT enhanced version:

    sigtool /path/to/apk -hmt -o /path/to/hook

Contributing

Feel free to submit issues or pull requests if you find any bugs or have suggestions for new features.

License

This project is licensed under the MIT License. See the LICENSE file for more details.

Author

MuhammadRizwan

FAQs

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

60 Malicious Ruby Gems Used in Targeted Credential Theft Campaign

Research

/

Security News

60 Malicious Ruby Gems Used in Targeted Credential Theft Campaign

A RubyGems malware campaign used 60 malicious packages posing as automation tools to steal credentials from social media and marketing tool users.

By Kirill Boychenko  -  Aug 07, 2025
SocketSocket SOC 2 Logo

Product

About

Packages

Explore npm
Explore Cargo
Explore Go
Explore Maven
Explore NuGet
Explore PyPI
Explore Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc

U.S. Patent No. 12,346,443 & 12,314,394. Other pending.