Open tik-pro opened 11 months ago
I bind an original APK (FM WhatsApp) with your default payload with all custom permissions selected. Everything works fine and injected APK is generated. Then I Install this generated APK In my Physical Android of Version 13. During APK Installation I figure Out 2 Problems that look suspicious to a user and also it's not a good way and cause trust issues. A user may postpone the APK installation.
1st : As attached screenshot, Google Play Protect detecting app as a older android version because generated APK via Ahmyth is targeted by older version of SDK . It will be suspicious to the user and if a User clicks on "Got It" , backdooring finishes at that instance. HAHAHA
2nd : Same like error as described above. It also looks suspicious.
Permissions Note : At that stage custom permissions are working perfectly and app is requesting all the permissions.
WHAT I HAVE DONE MANUALLY
Then I decided to Decompile the Generated Ahmyth Binded APK (Of FM WhatsApp) using latest version of APKTOOL. Then I changed the SDK Version to 30 In the Manifest of decompiled APK and also changes the Value of SDK to Latest Version 30 In apktool.yml file.
After that I recompile the project with 100 percent success in APKTOOL. Then I installed this newly generated APK into my Physical Android Device. Now there are no suspicious popup as seen in 1st and 2nd Screenshot above and app installed successfully. Device connection is also active and victim is connected.
BUT...
Now, there is no custom permission selection activity or page popups at App first startup and also there is no access to sms, call log or camera or other permissions in Ahmyth Server.
Manually allowing permissions in APP Info page is not a good practice and also this is not convincing method.
I Hope I am able to describe my problem well to you. Thanks
Yes I am quite well aware of this, when you bind to APK, AhMyth changes the targetSdkVersion:
in the apktool.yml file as well as the original application's Androidmanifest.xml file to SDK 22 for permissions to be asked for grant when the bound payload is installed on the victim device, a lot of things with Android changed after SDK 22 including how permissions are granted, the AhMyth payload is currently only built for older Android devices, but the next few releases will see this problem solved.
For now just bind to the payload automatically with AhMyth using the "On Activity" and install it to the device, if you get problems with the payload afterwards then you'll need to try a different APK until I update the payload.
I do Appreciate someone finally opening an Issue Ticket for this though, it helps me keep track of everything I need to do ๐
I do Appreciate someone finally opening an Issue Ticket for this though, it helps me keep track of everything I need to do ๐
Any update???
I do Appreciate someone finally opening an Issue Ticket for this though, it helps me keep track of everything I need to do ๐
Any update???
This one is going to take a while, please be patient
I have replaced default apktool jar file (present in Ahmyth Server folder) with latest version of apktool (2.9.1). Then I bind an original APK (using very latest version of Gb Whatsapp with very latest SDK) with OnActivity Method . Ahmyth generate apk successfully. Then I install this apk into my physical device.
Now there is no unsafe app blocked error OR error of app was built for an older version of android.
But yes, due to latest version of SDK, Permissions are not being requested at app start. (Yes I know you are working on Ahmyth-Client side to request permissions at app startup in SDKs above 22)
I do Appreciate someone finally opening an Issue Ticket for this though, it helps me keep track of everything I need to do ๐
Any update???
This one is going to take a while, please be patient
Sorry for closing and reopening this issue. This was due to wrong comment button click. I apologies.
Update :
I have replaced default apktool jar file (present in Ahmyth Server folder) with latest version of apktool (2.9.1). Then I bind an original APK (using very latest version of Gb Whatsapp with very latest SDK) with OnActivity Method . Ahmyth generate apk successfully. Then I install this apk into my physical device.
Now there is no unsafe app blocked error OR error of app was built for an older version of android.
But yes, due to latest version of SDK, Permissions are not being requested at app start. (Yes I know you are working on Ahmyth-Client side to request permissions at app startup in SDKs above 22)
Yes but I make modifications to the Apktool source code by adding what's called "res_type_styles" and these are used by apps like Facebook, and another seperate problem is that currently with people using Debian 12 they're unable to install Java 11 from the terminal anymore and the current version of Apktool that AhMyth utilises right now, contains Java 11 Support and with Apktool 2.9.1, according to iBotPeache's release notes, build support was added to Apktool 2.9.1 for Java 21, but unfortunately when I used an Apktool snapshot built with java 21 in AhMyth, it failed everytime but worked from the terminal or command line without problem, which is a major issue.... as for the res_type_styles
I mentioned earlier, if I don't add these appropriately AhMyth won't be able to decompile or build a backdoored FB APK, and yes I am definitely working on the client update for permissions as well ๐
Update :
I have replaced default apktool jar file (present in Ahmyth Server folder) with latest version of apktool (2.9.1). Then I bind an original APK (using very latest version of Gb Whatsapp with very latest SDK) with OnActivity Method . Ahmyth generate apk successfully. Then I install this apk into my physical device.
Now there is no unsafe app blocked error OR error of app was built for an older version of android.
But yes, due to latest version of SDK, Permissions are not being requested at app start. (Yes I know you are working on Ahmyth-Client side to request permissions at app startup in SDKs above 22)
Permissions above Android 6.0 (SDK 23) can ONLY be granted during runtime! Install Time permissions are deprecated as of Android 6.0 (SDK 23)..... this is why I've made the SDK change function happen when binding to an original application with AhMyth if the targetSdkVersion:
in the Apktool.yml
file is set to 22 with a minSdkVersion:
of 19, then install time permissions will be granted!
Keep in mind that this is basically a dirty workaround for binding with modern apps with a legacy payload, and it will not work for all apps despite whether is successful or not unfortunately, however I am working on a modern payload as we speak, but like I said, slot of stuff changed with Android after Android 5.1 (SDK 22).
Here are a few things listed below that AhMyth relies on, that have changed with Android versions over the years:
Android 6.0 (SDK 23) is the Android version that introduced the runtime permissions system that's used in modern phones today, the introduction of this permissions system deprecated the old Install Time Permissions system which is currently leveraged by the current AhMyth payload that the Server Builds.
Then with Android 8.0 (SDK 26) came a lot of changes to how services are started and handled especially in the background, this presents a major workload since we can't just directly start the service in the background anymore, we need to a little bit more to make this happen according to my research.
THEN MORE CHANGES with Android 10 came along, specifically with how background location is requested, as you probably know, Geolocation is one of AhMyth's most notable features, and obtaining Background access is one thing AhMyth relies on for accurate Geolocation.
And those are just a few things that changed....
So yeah..... I've got my work cut out for me, so it looks like the modern payload won't be available until the release of 1.0-beta.8
the next release will contain an updated version of the payload that's already available, as well as more server updates to stabilise the server a bit more and make it a bit more breezy for user to use, but that's about all I can do for the current payload until the new modern one is built, and even then once it's built I need to make sure it works with the current methods for binding as well, if it doesn't then we've got a problem....
So let's be hopeful
@Morsmalleo Any update bro?
No this is going to take a while with this one guys, I need to figure out something decent for this, I can't just implement any sort of dirt workaround. I added a dirty workaround in the binding process that modifies min and max SDK values that I told you about further up this issue post and that only works sometimes, other times it causes problems.
So I need time to do research on this problem.
I bind an original APK (FM WhatsApp) with your default payload with all custom permissions selected. Everything works fine and injected APK is generated. Then I Install this generated APK In my Physical Android of Version 13. During APK Installation I figure Out 2 Problems that look suspicious to a user and also it's not a good way and cause trust issues. A user may postpone the APK installation.
1st : As attached screenshot, Google Play Protect detecting app as a older android version because generated APK via Ahmyth is targeted by older version of SDK . It will be suspicious to the user and if a User clicks on "Got It" , backdooring finishes at that instance. HAHAHA
2nd : Same like error as described above. It also looks suspicious.
Permissions Note : At that stage custom permissions are working perfectly and app is requesting all the permissions.
WHAT I HAVE DONE MANUALLY
Then I decided to Decompile the Generated Ahmyth Binded APK (Of FM WhatsApp) using latest version of APKTOOL. Then I changed the SDK Version to 30 In the Manifest of decompiled APK and also changes the Value of SDK to Latest Version 30 In apktool.yml file.
After that I recompile the project with 100 percent success in APKTOOL. Then I installed this newly generated APK into my Physical Android Device. Now there are no suspicious popup as seen in 1st and 2nd Screenshot above and app installed successfully. Device connection is also active and victim is connected.
BUT...
Now, there is no custom permission selection activity or page popups at App first startup and also there is no access to sms, call log or camera or other permissions in Ahmyth Server.
Manually allowing permissions in APP Info page is not a good practice and also this is not convincing method.
I Hope I am able to describe my problem well to you. Thanks