How to: Embed MSF Payload in Original APK Files | Part #1 - Using TheFatRAT

Hi My Fellow H4ck3Rs!

  • Today, I`m here with a new Guide about Embedding MSF Payload in Original APK Files , specially for those people, who are having trouble with this. Actually, the main problem is with APKTool and AAPT Tool, so we are going to fix it first (in 1st step, actually, this guide has only 2 steps).

DISCLAIMER: This Thread is O.N.L.Y for Education Purposes.
I will not be Responsible of Any Negative and Illegal use of
this information. Try not to HACK the Devices, other than
your`s. Or you will be in PRISON (I`m not joking). Only Use
this information for testing purposes/impressing your friends.

  • Okay, So LetS Do ThiS , Here are the Requirements:


1). Kali LinuX (Latest Version is preferred), sorry, not using TermuX this time :)

2). Active Internet (TheFatRAT can be activated without Internet, but on the first time, Internet is required).

3). TheFatRAT Package (Download method below).

4). aapt & apktool Installed (Instructions in 'Setup the Program' Section).

Setup the Program

  • First of all, Download & Install TheFatRAT by executing the following commands in Terminal (one by one, one after another):

git clone
cd TheFatRat
chmod +x && ./

— This may consume 500mb of internet data
  • This may take some time. It may also ask for making command shortcut, then press y for confirmation.

Step 1: Bug Fixing

  • Q: What is the actual Problem ...?!?!?

Okay... Now, I`m gonna tell you what the problem actually is. APKTool v2.2.2 is very buggy, in Re-Compilation of an APK File. It always (yes ALWAYS) fails to Re-Compile the APK File, whether you edited it or not. Newer versions of APKTool just fix this glitch (i.e. v2.3 and up). So now, in this step, we are going to Update our old APKTool of v2.2.2 into APKTool 2.3.4 (in my case) MANUALLY.

  • Follow the instructions very carefully, because this is the most important step of this Tutorial. Following instructions are actually taken from HERE . I`ve only simplified the whole process :)
  • Okay... First, download the latest version of APKTool from HERE . In my case, it is like this:
  • Download apktool_(Latest version).jar , after downloading it, rename it to apktool.jar .
  • Then, Download this File , and rename it to apktool (better copy all the script inside the link and save it as apktool).
  • Move both files (apktool.jar & apktool) to /usr/local/bin (root needed).
  • Make them Executable by executing this command in Terminal (anywhere):

chmod +x /usr/local/bin/apktool
chmod +x /usr/local/bin/apktool.jar

— Execute one after another
  • Alright, now move to /usr/local/sbin and delete the apktool , and aapt files from there (these are the fake files, created by TheFatRAT).
  • Now, update the APKTool from the command line also:

sudo apt-get install apktool aapt

— Press 'y' for confirmation
  • Now, enter the command apktool anywhere to verify the version you have downloaded before.

As you can see, we have now APKTool v2.3.4 .

  • This Step was the MAIN STEP of this Guide (Tutorial). All the Other steps are very easy to follow.

Step 2: Embedding Payload in Original APK File (TheFatRAT)

  • Alright, Now it is time to embed our payload in an Original APK File. First of all, Activate TheFatRAT by executing this command in Terminal:


— You can also find it in Main Menu and create shortcut

The TheFatRAT will take a few seconds to start up (Internet is not Required).

  • Finally, it will look like this:
  • Select option #5 from there, and fill the required fields for the Payload file, which is to be embedded in the original .apk file (Here I`m gonna use LHOST= , LPORT=4444 , Just for an example), as shown in screenshot:
  • Now, it will ask about the location (Path) of the apk file. Give it the path of Original APK File (most annoying thing at all!). Mine original apk file` name is voice.apk , which is located in root directory, that`s why, I`m giving this path:
  • Then it will ask about the type of payload. Choose the desired option (Option #3 is Highly Recommended!). I`m also gonna select option #3.
  • Now, the important thing comes; 'The Use of METHOD'. Method #1 is recommended, but if it does`nt work , try to Use 2nd Method (TheFatRAT`s Method). Anyways, Method #1 mostly works fine for me.
  • After selecting the method, wait for a minute, and your APK File with Embedded Payload will be created in /root/TheFatRat/backdoored/apk-backdoor.apk .
  • If you see the screen, as shown above, then

BINGO!!!!! You have successfully embedded the msf payload in an original apk file.

  • But, if it fails to Recompile, or failes to find hook in smali files, then use the OLD THEFATRAT's METHOD to do so. If it also fails, then Follow the Part #2 of this Tutorial (Coming Soon).
  • Now start the Meterpreter session or not (when asked by TheFatRAT at the end), it is your choice (I`m not gonna opening it, because I`ve already explained the whole process in detail, in my previous Guides).

New Guide Coming Soon: Embed MSF Payload in Original APK Files | Part #2 - U???g ????-??o?D


This information is for Educational Purposes ONLY. I`ll not be responsible of any Negative or Illegal use of this information. Also if you face any type of errors, or if you think that I`ve missed something, then tell me in Comments Section. I`ll find the Suitable Solution for that. Anyways, Just use these tricks for FUN... Not for doing Illegal work. We are all Eth1c4L H4ck3Rs, and we never invade people` Privacies.

Alright..., Thanks for reading my Thread (You can also join our WhatsApp Group for more information and Guides). BEST OF LUCK ...!!!

If You Liked My Guide, Then Don't Forget to Give Feedback ...!!!

!!!...===> Best Of Luck <===...!!!

  • Your Brother (with a new look!):
  • H4ck3R_777

Get The Null Byte Newsletter

Never miss a new hacking or security guide

13 Responses

If You Liked My Guide, Then Don't Forget to Vote Up This Comment & Giving Feedback ...!!!

!!!...===> Best Of Luck <===...!!!

how can you avoid eset antivirus on android ?

  • I'll explain in Part-II

Why it is not possible with termux??

  • Because ApkTool v2.3.4 can't be installed on TermuX (for now). But if we find a successful way to install apktool v2.3.4 in Termux, then we will be able to to all the process with TermuX. We all have to find a way to install ApkTool v2.3.4 in TermuX. I'm also on to it.

after I deleted aapt file and run the fatrat
i got this messege
x::warning:this script require aapt to work

!::Run to install aapt
why :( ?

Sorry for inconvenience , I`ve updated the Commands

I need Help please
Can you contact me?

Still im getting in Embedding payload can u please give me the part-2 Link

Your genius man I am trying to embed this for 2 years

Downloads# sudo apt-get install apktool aapt
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package apktool
E: Unable to locate package aapt

can you help me with this

Failed to recompile original project with backdoor
after following all the steps

Share Your Thoughts

  • Hot
  • Active