Question - Githubissues

dana-at-cp / backdoor-apk

backdoor-apk is a shell script that simplifies the process of adding a backdoor to any Android APK file. Users of this shell script should have working knowledge of Linux, Bash, Metasploit, Apktool, the Android SDK, smali, etc. This shell script is provided as-is without warranty of any kind and is intended for educational purposes only.

Apache License 2.0

2.2k stars 699 forks source link

Question #88

Closed peterpt closed 7 years ago

peterpt commented 7 years ago

I have been looking into your script to find how the process to find a place to inject the payload code is processed , but i have my head in water and i could not understand it very well .

One of the errors that users are having is that the default points used in apks to inject the payload are not found , by this i believe that somehow is a new apk security implementation .

In other scripts i used , you have the possibility to select a hook point from a list , but in the end you get an error because somehow the program was not able to find inside that hook a location to place the payload .

My question is simple , how does your tool search for hook points ? Based on word lists that you have in your "lists" folder ?

I got your script running here but i always get stuck into that part where no hook was found . What if word lists were updated ? just an idea to know if we can bypass this part .

dana-at-cp commented 7 years ago

@peterpt The algorithm is fairly simple:

Find the 'android.intent.category.LAUNCHER' line in the AndroidManifest.xml file
Determine if the "LAUNCHER" line is contained in an "activity" or "activity-alias" element
Normalize the path to the smali file to hook
Search the smali directories for the path to the smali file (e.g. it could be in 'smali' or 'smali_classes2' etc.)
Inject code into the smali file to hook when found

There are a few reasons why folks might be getting this error:

There could be edge cases not covered by the algorithm
The APK files could be non-standard
The tool may not be used properly

It's hard to say without having samples of the APK files that aren't working. I always ask for the APK file used but the folks reporting issues recently haven't attached any APK files.

peterpt commented 7 years ago

Do you want to collaborate and try to fix the error in one version of fatrat i have build to use your tool ? I can create a private git for us to work with it and then you can check it out by using your tool in fatrat why apk brings up error in apks . I had to change many stuff in your code to be able to work with this fatrat version , specially the paths where files are decompiled , variables etc ... a lot of changes . If i send you only the script i changed , you will not be able to run it because it will depend from variables that fatrat will write on a file that your tool will read to build the payload . It is a very confusing script , but i let there notes for guidance . Let me know if you have some little time to work with me on it and i upload the code of that version . Also fatrat 1.9 will have mother other things implemented that i did not wrote yet , but that part i can do it myself . I only need you to concentrate on your script in there .

Let me know anything .