Forum Thread: How Can Bypass the AV and Make Payload for Android Clean

any help

10 Responses

You put no effort into your question, so why should we put any effort into our answer? Try starting with what you have tried, then realize that AV evasion is a constant cat and mouse game that will require you to put in work.

i Embed a Metasploit Payload in an Original .Apk File but the AV Catch it

i Embed a Metasploit Payload in an Original .Apk File but the AV Catch it

How to Encrypt it

Basically AV works by reading the signature file.You can edit it using this simple steps,this will guarantee you a perfect social engineering and AV by passing.

1.Decompile your apk with apktool - apktool d /path/to/apk /path/to/decompilefolder

2.Edit what you need like the Name of the apkfile located at the rest/values/strings.xml or you can add an icon by making a folder by

drawable-ldpi
drawable-mdpi
drawable-hdpi

in the rest directory and add the your icon with 48px icon in the "drawable-ldpi" and 36px icon in the "drawable-mdpi" and 72px icon in the "drawable-hdpi" and edit the AndroidMenifest.XML file and add this line android:icon=@drawable/icon and make sure you name all your icons with the name icon.png.

Then complie this by this code apktool b /path/to/decompilefolder then you will find the apk file in a filde named dist.Then you must sign the apk file with jarsigner ,this is where you change the signature.

jarsigner -verbose -keystore ~/.android/debug.keystore -storepass android -keypass android -digestalg SHA1 -sigalg MD5withRSA /path/to/apk androiddebugkey*

Decompile the apk or the Payload

can you give me video for it

Share Your Thoughts

  • Hot
  • Active