search

sensepost / kwetza

Python script to inject existing Android applications with a Meterpreter payload.
GNU General Public License v2.0
629 stars 238 forks source link

[+] NO LAUNCHER FOUND, PLEASE SPECIFY A TARGET CLASS #31

Open Himan6 opened 6 years ago

tokenwizard commented 6 years ago

I an confirm this behavior with multiple tested apks. I have updated to the latest apktool (2.3.1) and still get the same issue. If I run the kwetza script, the extracted AndroidManifest.xml looks like this: 2018-01-12-141547_446x252_scrot

If I just manually run apktool d <apkname.apk> then the resulting AndroidManifest.xml looks correct: 2018-01-12-141927_410x302_scrot

tokenwizard commented 6 years ago

I did a little more digging and in the kwetza.py script, if I remove some of the options form the apktool command line... changing this: 2018-01-12-142352_645x90_scrot

to this: 2018-01-12-142429_564x99_scrot

(removing the -f and -r parameters) then the AndroidManifest.xml looks correct and kwetza will successfully locate the HOME Activity. I then get hung up at the readPayloads point: 2018-01-12-142725_801x247_scrot

It seems like kwetza is designed to NOT decode the resources when it extracts the apk, but then has trouble locating the Launcher because it is parsing the Manifest file looking for specific strings that do not exist in the encoded version of the file: 2018-01-12-143116_806x329_scrot

I'm certainly no coding expert, just pointing out what I found to hopefully help the cause!