nerdunit / androidsideloader

GNU General Public License v3.0
236 stars 54 forks source link

Strange behaviour of the hotfixed version #7

Closed ghost closed 3 years ago

ghost commented 3 years ago

I first downloaded the non-hotfixed 1.15 version, everything went fine, no AV messages, pop-ups, etc. But I didn't have any mirrors. I looked thru the files and everything but still found nothing then decided to ask the discord. They told me that there was a hotfixed version so I decided to check that out. I download the .exe, I put it in the folder I want it in, and run it. All the usual files get created and two other text files, one named debug.txt and another named details.txt. Right after these files get created, my AV (bitdefender) goes off and removes the .exe for "SuspiciousBehavior.11081145025A94E6". The contents of the two files can be found below:

debug.txt:

Output: Microsoft Windows [Version 10.0.18363.1139] (c) 2019 Microsoft Corporation. All rights reserved.

C:\Users\blind\Desktop\hotfixed rookie>keytool -genkeypair -alias UcaqhTVI -keyalg RSA -keysize 2048 -keystore keystore.key

C:\Users\blind\Desktop\hotfixed rookie>UcaqhTVIzKqCfLHF

C:\Users\blind\Desktop\hotfixed rookie>UcaqhTVIzKqCfLHF

C:\Users\blind\Desktop\hotfixed rookie>mM

C:\Users\blind\Desktop\hotfixed rookie>mMkM

C:\Users\blind\Desktop\hotfixed rookie>mM

C:\Users\blind\Desktop\hotfixed rookie>mMkM

C:\Users\blind\Desktop\hotfixed rookie>mMk

C:\Users\blind\Desktop\hotfixed rookie>mMkMs

C:\Users\blind\Desktop\hotfixed rookie>yes

C:\Users\blind\Desktop\hotfixed rookie> Error: 'keytool' is not recognized as an internal or external command, operable program or batch file. 'UcaqhTVIzKqCfLHF' is not recognized as an internal or external command, operable program or batch file. 'UcaqhTVIzKqCfLHF' is not recognized as an internal or external command, operable program or batch file. 'mM' is not recognized as an internal or external command, operable program or batch file. 'mMkM' is not recognized as an internal or external command, operable program or batch file. 'mM' is not recognized as an internal or external command, operable program or batch file. 'mMkM' is not recognized as an internal or external command, operable program or batch file. 'mMk' is not recognized as an internal or external command, operable program or batch file. 'mMkMs' is not recognized as an internal or external command, operable program or batch file. 'yes' is not recognized as an internal or external command, operable program or batch file.

details.txt:

UcaqhTVIzKqCfLHF

I personally found it strange that the sideloader is outputting things like "mMkMs", "mMk" and other stuff. I would like an explanation if possible. Thanks.

nerdunit commented 3 years ago

It's for the spoofer, if you googled what keytool is, you would've found it's for signing java files (HMmmmmmmmmmmmmm like apks?????????????? YES!) the spoofer decompiles an app, replaces the packagename and then compiles it back and signs it with A RANDOM KEY WITH RANDOM details (that is generated right in the log you see) the details should contain the key alias and password (randomly generated) but since you don't have keytool it didn't work