NOTE: This Method Also works on Kali Linux on UserLAnd (Android) & Windows 10 (WSL System)
NOTE: For UserLAnd and WSL users: If some of the following commands don't work, then use sudo command at the first.
- Today, I`m here with a new Guide about Embedding MSF Payload in Original APK Files , specially for those people, who are having trouble with this. Actually, the main problem is with APKTool and AAPT Tool, so we are going to fix it first (in 1st step, actually, this guide has only 2 steps).
DISCLAIMER: This Thread is O.N.L.Y for Education Purposes.
I will not be Responsible of Any Negative and Illegal use of
this information. Try not to HACK the Devices, other than
your`s. Or you will be in PRISON (I`m not joking). Only Use
this information for testing purposes/impressing your friends.
- Okay, So Let'S Do ThiS , Here are the Requirements:
1). Kali LinuX (Latest Version is preferred), sorry, not using TermuX this time :)
2). Active Internet (TheFatRAT can be activated without Internet, but on the first time, Internet is required).
3). TheFatRAT Package (Download method is shown below).
4). aapt & apktool Installed (Instructions R in 'Setup the Program' Section).
- First of all, Download & Install TheFatRAT by executing the following commands in Terminal (one by one, one after another):
git clone github.com/Screetsec/TheFatRat.git
sudo chmod +x setup.sh && ./setup.sh
- This may take some time. It may also ask for making command shortcut, then press y for confirmation.
- (Optional) Visit TheFatRAT`s GitHub Page for more details about Updating TheFatRAT.
- (For WSL users) : FatRat can't automatically Install its Requirements, so , we have to do this manually on WSL or on UserLAnd (Android Version). For this, You people have to open setup.py of FatRat (will be located in the TheFatRat directory) with notepad++ or nano, whatever you prefer, and find these commands: sudo apt-get install (package name). Copy those commands one-by-one in other Terminal session to Install the Required Packages MANUALLY.
- Q: What the Problem actually is ...?!?!?
Okay... Now, I`m gonna tell you what the problem actually is. APKTool v2.2.2 is very buggy, in Re-Compilation of an APK File. It always (yes ALWAYS) fails to Re-Compile the APK File, whether you edited it or not. Newer versions of APKTool just fix this glitch (i.e. v2.3 and up). So now, in this step, we are going to Update our old APKTool of v2.2.2 into APKTool 2.3.4 (in my case) MANUALLY.
- Follow the instructions very carefully, because this is the most important step of this Tutorial. Following instructions are actually taken from HERE . I`ve only simplified the whole process :)
- Okay... First, download the latest version of APKTool from HERE . In my case, it is like this:
- Download apktool_(Latest version).jar , after downloading it, rename it to apktool.jar .
- Then, Download this File , and rename it to apktool (better copy all the script inside the link and save it as apktool OR save the entire link as apktool).
- Move both files (apktool.jar & apktool) to:
(Just Replace them from the previous ones, if it asks about it)
- Make them Executable by executing these command in Terminal (anywhere):
sudo chmod +x /usr/local/bin/apktool
sudo chmod +x /usr/local/bin/apktool.jar
sudo chmod +x /usr/local/sbin/apktool
sudo chmod +x /usr/local/sbin/apktool.jar
sudo chmod +x /usr/bin/apktool
sudo chmod +x /usr/bin/apktool.jar
sudo chmod +x /usr/sbin/apktool
sudo chmod +x /usr/sbin/apktool.jar
- U can move to /usr/local/sbin etc like this in the screenshot (Above & Below)
- Now, update (reinstall) the APKTool, to fix possible errors:
sudo apt-get reinstall apktool aapt
- Now, enter the command apktool anywhere to verify the version you have downloaded before.
As you can see, we have now APKTool v2.3.4 .
- This Step was the MAIN STEP of this Guide (Tutorial). All the Other steps are very easy to follow.
- Alright, Now it is time to embed our payload in an Original APK File. First of all, Activate TheFatRAT by executing this command in Terminal:
The TheFatRAT will take a few seconds to start up (Internet is not Required).
- Finally, it will look like this:
- Select option #5 from there, and fill the required fields for the Payload file, which is to be embedded in the original .apk file (Here I`m gonna use LHOST=0.0.0.0 , LPORT=4444 , Just for an example), as shown in screenshot:
- Now, it will ask about the location (Path) of the apk file. Give it the path of Original APK File (most annoying thing at all!). Mine original apk file` name is voice.apk , which is located in root directory, that`s why, I`m giving this path:
- Then it will ask about the type of payload. Choose the desired option (Option #3 is Highly Recommended!). I`m also gonna select option #3.
- Now, the important thing comes; 'The Use of METHOD'. Method #1 is recommended, but if it does`nt work , try to Use 2nd Method (TheFatRAT`s Method). Anyways, Method #1 mostly works fine for me.
- After selecting the method, wait for a minute, and your APK File with Embedded Payload will be created in /root/TheFatRat/backdoored/apk-backdoor.apk .
- If you see the screen, as shown above, then
BINGO!!!!! You have successfully embedded the msf payload in an original apk file.
- But, if it fails to Recompile, or failes to find hook in smali files, then use the OLD THEFATRAT's METHOD to do so. If it also fails, then it means that the APK file is somehow PROTECTED or Encrypted. So, never waste your time in Embedding Payload in non-penetrable APK file.
- Now start the Meterpreter session or not (when asked by TheFatRAT at the end), it is your choice (I`m not gonna opening it, because I`ve already explained the whole process in detail, in my previous Guides).
You can also use Evil-Droid for this method, but the problem is, that it may not run on WSL and UserLAnd Environments. It only works on PURE KALI ROLLING Environment (Sometimes).
This information is for Educational Purposes ONLY. I`ll not be responsible of any Negative or Illegal use of this information. Also if you face any type of errors, or if you think that I`ve missed something, then tell me in Comments Section. I`ll find the Suitable Solution for that. Anyways, Just use these tricks for FUN... Not for doing Illegal work. We are all Eth1c4L H4ck3Rs, and we never invade people` Privacies.
Alright..., Thanks for reading my Thread (You can also join our Social Media Groups for more information and Guides). BEST OF LUCK ...!!!
!!!...===> Best Of Luck <===...!!!
- Your Friend :