search

dana-at-cp / backdoor-apk

backdoor-apk is a shell script that simplifies the process of adding a backdoor to any Android APK file. Users of this shell script should have working knowledge of Linux, Bash, Metasploit, Apktool, the Android SDK, smali, etc. This shell script is provided as-is without warranty of any kind and is intended for educational purposes only.
Apache License 2.0
2.2k stars 699 forks source link

Original APK file specified is not valid #60

Closed vincentcox-work closed 7 years ago

vincentcox-work commented 7 years ago

I get the following error if I use an APK file from apkpure.com:

root@printer:~/rat/backdoor-apk/backdoor-apk# ./backdoor-apk.sh du.apk 
          ________
         / ______ \
         || _  _ ||
         ||| || |||          AAAAAA   PPPPPPP   KKK  KKK
         |||_||_|||         AAA  AAA  PPP  PPP  KKK KKK
         || _  _o|| (o)     AAA  AAA  PPP  PPP  KKKKKK
         ||| || |||         AAAAAAAA  PPPPPPPP  KKK KKK
         |||_||_|||         AAA  AAA  PPP       KKK  KKK
         ||______||         AAA  AAA  PPP       KKK  KKK
        /__________\
________|__________|__________________________________________
       /____________\
       |____________|            Dana James Traversie

[*] Running backdoor-apk.sh v0.1.7 on Thu Dec 15 18:48:51 CET 2016
[!] Original APK file specified is not valid

Any idea's?

dana-at-cp commented 7 years ago

@vincentcox-ordina Please share the run.log file and the original APK file.

vincentcox-work commented 7 years ago

Hi there, Thank you for your response. I have put those files in a zip file: data.zip Thanks in advance!

dana-at-cp commented 7 years ago

@vincentcox-ordina Both of the APKs you shared appear to be invalid or otherwise corrupt.

root@kali:~/Downloads# keytool -printcert -jarfile du.apk 
keytool error: java.util.zip.ZipException: error in opening zip file
root@kali:~/Downloads# keytool -printcert -jarfile Tumblr_v7.5.1.00_apkpure.com.apk 
keytool error: java.util.zip.ZipException: error in opening zip file
root@kali:~/Downloads#

The run.log output suggests the du.apk file is invalid as well:

root@kali:~/Downloads# cat run.log 
Running backdoor-apk at Thu Dec 15 19:33:24 CET 2016
/usr/bin/msfvenom
/usr/bin/d2j-dex2jar
/usr/bin/unzip
/usr/bin/keytool
/usr/bin/jarsigner
/usr/bin/apktool
third-party/proguard5.2.1/lib/proguard
third-party/android-sdk-linux/build-tools/23.0.3/dx
third-party/android-sdk-linux/build-tools/23.0.3/zipalign
Archive:  du.apk
  End-of-central-directory signature not found.  Either this file is not
  a zipfile, or it constitutes one disk of a multi-part archive.  In the
  latter case the central directory and zipfile comment will be found on
  the last disk(s) of this archive.
note:  du.apk may be a plain executable, not an archive
unzip:  cannot find zipfile directory in one of du.apk or
        du.apk.zip, and cannot find du.apk.ZIP, period.
root@kali:~/Downloads#

I'm going to close this issue out. Be mindful of where you obtain APKs. :)