version 1.1
This POC script embeds an metasploit generated android payload to any other APKs.
It just automates the following:-
[+] Copying payload smali files into target app.
[+] Finding target app's MainActivity smali file.
[+] Finding Hookpoint and adding hook there.
[+] Writing permissions in the Androidmanifest.xml
[+] Compile the infected app.
[+] Signing.
There are some apps like FacebookLite which are a little protected by this method. The MainActivity smali file specified in the Manifest is not present. I'll come up with something in the next update.
And a Special Thanks to TheSpeedX for optimising this script.
Just make sure apktool and apksigner are properly installed.
NOTE FOR TERMUX:- It wasnt possible for this script to run in termux in the previous version because its apktool cant decompile apps properly, but thanks to Hax4us's APKMOD, its now possible. Run termux-install.sh
to install it and other dependencies.
python3 main.py path/to/payload.apk path/to/any/app.apk path/to/save/the/final/app/with/name.apk
example:- python3 main.py /sdcard/somepayload.apk /sdcard/Whatsapp.apk /sdcard/Whatsapp_Infected.apk
Telegram:- @R37R0_GH057
Discord:- Ken Kaneki#2895