How to: Embed MSF Payload in Original APK Files | Part #1 - Using TheFatRAT

Oct 19, 2018 07:44 PM
Aug 11, 2019 06:41 PM
636755375640137852.jpg

NOTE: This Method Also works on Kali Linux on UserLAnd (Android) & Windows 10 (WSL System)

NOTE: For UserLAnd and WSL users: If some of the following commands don't work, then use sudo command at the first.

636729470289512760.jpg

Hi My Fellow H4ck3Rs!

  • Today, I`m here with a new Guide about Embedding MSF Payload in Original APK Files , specially for those people, who are having trouble with this. Actually, the main problem is with APKTool and AAPT Tool, so we are going to fix it first (in 1st step, actually, this guide has only 2 steps).

7-7-7-7-7-7-7-7-7-7-7-7-7-7-7-7-7-7-7-7-7-7-7-7-7-7-7-7-7-7

=====================================================

DISCLAIMER: This Thread is O.N.L.Y for Education Purposes.

I will not be Responsible of Any Negative and Illegal use of

this information. Try not to HACK the Devices, other than

your`s. Or you will be in PRISON (I`m not joking). Only Use

this information for testing purposes/impressing your friends.

=====================================================

7-7-7-7-7-7-7-7-7-7-7-7-7-7-7-7-7-7-7-7-7-7-7-7-7-7-7-7-7-7

  • Okay, So Let'S Do ThiS , Here are the Requirements:

Requirements

1). Kali LinuX (Latest Version is preferred), sorry, not using TermuX this time :)

2). Active Internet (TheFatRAT can be activated without Internet, but on the first time, Internet is required).

3). TheFatRAT Package (Download method is shown below).

4). aapt & apktool Installed (Instructions R in 'Setup the Program' Section).

Setup the Program

  • First of all, Download & Install TheFatRAT by executing the following commands in Terminal (one by one, one after another):

git clone github.com/Screetsec/TheFatRat.git

cd TheFatRat

sudo chmod +x setup.sh && ./setup.sh

— This may consume 500mb of internet data
  • This may take some time. It may also ask for making command shortcut, then press y for confirmation.
  • (For WSL users) : FatRat can't automatically Install its Requirements, so , we have to do this manually on WSL or on UserLAnd (Android Version). For this, You people have to open setup.py of FatRat (will be located in the TheFatRat directory) with notepad++ or nano, whatever you prefer, and find these commands: sudo apt-get install (package name). Copy those commands one-by-one in other Terminal session to Install the Required Packages MANUALLY.

Bug Fixing

636755462695137752.jpg
  • Q: What the Problem actually is ...?!?!?

Okay... Now, I`m gonna tell you what the problem actually is. APKTool v2.2.2 is very buggy, in Re-Compilation of an APK File. It always (yes ALWAYS) fails to Re-Compile the APK File, whether you edited it or not. Newer versions of APKTool just fix this glitch (i.e. v2.3 and up). So now, in this step, we are going to Update our old APKTool of v2.2.2 into APKTool 2.3.4 (in my case) MANUALLY.

  • Follow the instructions very carefully, because this is the most important step of this Tutorial. Following instructions are actually taken from HERE . I`ve only simplified the whole process :)
  • Okay... First, download the latest version of APKTool from HERE . In my case, it is like this:
636755386626700124.jpg
  • Download apktool_(Latest version).jar , after downloading it, rename it to apktool.jar .
  • Then, Download this File , and rename it to apktool (better copy all the script inside the link and save it as apktool OR save the entire link as apktool).
  • Move both files (apktool.jar & apktool) to:

1)./usr/local/bin

2)./usr/local/sbin

3)./usr/bin

4)./usr/sbin

(Just Replace them from the previous ones, if it asks about it)

  • Make them Executable by executing these command in Terminal (anywhere):

cd

sudo chmod +x /usr/local/bin/apktool

sudo chmod +x /usr/local/bin/apktool.jar

sudo chmod +x /usr/local/sbin/apktool

sudo chmod +x /usr/local/sbin/apktool.jar

sudo chmod +x /usr/bin/apktool

sudo chmod +x /usr/bin/apktool.jar

sudo chmod +x /usr/sbin/apktool

sudo chmod +x /usr/sbin/apktool.jar

— Execute one after another
636755401925762687.jpg
  • U can move to /usr/local/sbin etc like this in the screenshot (Above & Below)
636755403086544208.jpg
  • Now, update (reinstall) the APKTool, to fix possible errors:

sudo apt-get reinstall apktool aapt

— Press 'y' for confirmation
  • Now, enter the command apktool anywhere to verify the version you have downloaded before.
636755410036387984.jpg

As you can see, we have now APKTool v2.3.4 .

  • This Step was the MAIN STEP of this Guide (Tutorial). All the Other steps are very easy to follow.

Embedding Payload in Original APK File (TheFatRAT)

636755460391700366.jpg
  • Alright, Now it is time to embed our payload in an Original APK File. First of all, Activate TheFatRAT by executing this command in Terminal:

fatrat

— You can also find it in Main Menu and create shortcut

The TheFatRAT will take a few seconds to start up (Internet is not Required).

  • Finally, it will look like this:
636705336995584862.jpg
  • Select option #5 from there, and fill the required fields for the Payload file, which is to be embedded in the original .apk file (Here I`m gonna use LHOST=0.0.0.0 , LPORT=4444 , Just for an example), as shown in screenshot:
636755472427794724.jpg
  • Now, it will ask about the location (Path) of the apk file. Give it the path of Original APK File (most annoying thing at all!). Mine original apk file` name is voice.apk , which is located in root directory, that`s why, I`m giving this path:
636755476068262826.jpg
  • Then it will ask about the type of payload. Choose the desired option (Option #3 is Highly Recommended!). I`m also gonna select option #3.
636755474114512704.jpg
  • Now, the important thing comes; 'The Use of METHOD'. Method #1 is recommended, but if it does`nt work , try to Use 2nd Method (TheFatRAT`s Method). Anyways, Method #1 mostly works fine for me.
636755478281544343.jpg
  • After selecting the method, wait for a minute, and your APK File with Embedded Payload will be created in /root/TheFatRat/backdoored/apk-backdoor.apk .
636755480124512626.jpg
636755480719044302.jpg
636755480124512626.jpg
636755480719044302.jpg
  • If you see the screen, as shown above, then

BINGO!!!!! You have successfully embedded the msf payload in an original apk file.

  • But, if it fails to Recompile, or failes to find hook in smali files, then use the OLD THEFATRAT's METHOD to do so. If it also fails, then it means that the APK file is somehow PROTECTED or Encrypted. So, never waste your time in Embedding Payload in non-penetrable APK file.
  • Now start the Meterpreter session or not (when asked by TheFatRAT at the end), it is your choice (I`m not gonna opening it, because I`ve already explained the whole process in detail, in my previous Guides).

You can also use Evil-Droid for this method, but the problem is, that it may not run on WSL and UserLAnd Environments. It only works on PURE KALI ROLLING Environment (Sometimes).

Note:-

This information is for Educational Purposes ONLY. I`ll not be responsible of any Negative or Illegal use of this information. Also if you face any type of errors, or if you think that I`ve missed something, then tell me in Comments Section. I`ll find the Suitable Solution for that. Anyways, Just use these tricks for FUN... Not for doing Illegal work. We are all Eth1c4L H4ck3Rs, and we never invade people` Privacies.

Alright..., Thanks for reading my Thread (You can also join our Social Media Groups for more information and Guides). BEST OF LUCK ...!!!

If You Liked My Guide, Then Don't Forget to Give Feedback ...!!!

!!!...===> Best Of Luck <===...!!!

  • Your Friend :
636755501580762691.jpg
  • H4ck3R_777

Just updated your iPhone? You'll find new Apple Intelligence capabilities, sudoku puzzles, Camera Control enhancements, volume control limits, layered Voice Memo recordings, and other useful features. Find out what's new and changed on your iPhone with the iOS 18.2 update.

Comments

No Comments Exist

Be the first, drop a comment!