How to: Embed MSF Payload in Original APK Files | Part #1 - Using TheFatRAT

NOTE: This Method Also works on Kali Linux on UserLAnd (Android) & Windows 10 (WSL System)
NOTE: For UserLAnd and WSL users: If some of the following commands don't work, then use sudo command at the first.

Hi My Fellow H4ck3Rs!

  • Today, I`m here with a new Guide about Embedding MSF Payload in Original APK Files , specially for those people, who are having trouble with this. Actually, the main problem is with APKTool and AAPT Tool, so we are going to fix it first (in 1st step, actually, this guide has only 2 steps).

DISCLAIMER: This Thread is O.N.L.Y for Education Purposes.
I will not be Responsible of Any Negative and Illegal use of
this information. Try not to HACK the Devices, other than
your`s. Or you will be in PRISON (I`m not joking). Only Use
this information for testing purposes/impressing your friends.

  • Okay, So Let'S Do ThiS , Here are the Requirements:


1). Kali LinuX (Latest Version is preferred), sorry, not using TermuX this time :)

2). Active Internet (TheFatRAT can be activated without Internet, but on the first time, Internet is required).

3). TheFatRAT Package (Download method is shown below).

4). aapt & apktool Installed (Instructions R in 'Setup the Program' Section).

Setup the Program

  • First of all, Download & Install TheFatRAT by executing the following commands in Terminal (one by one, one after another):

git clone
cd TheFatRat
sudo chmod +x && ./

— This may consume 500mb of internet data
  • This may take some time. It may also ask for making command shortcut, then press y for confirmation.
  • (For WSL users) : FatRat can't automatically Install its Requirements, so , we have to do this manually on WSL or on UserLAnd (Android Version). For this, You people have to open of FatRat (will be located in the TheFatRat directory) with notepad++ or nano, whatever you prefer, and find these commands: sudo apt-get install (package name). Copy those commands one-by-one in other Terminal session to Install the Required Packages MANUALLY.

Step 1: Bug Fixing

  • Q: What the Problem actually is ...?!?!?

Okay... Now, I`m gonna tell you what the problem actually is. APKTool v2.2.2 is very buggy, in Re-Compilation of an APK File. It always (yes ALWAYS) fails to Re-Compile the APK File, whether you edited it or not. Newer versions of APKTool just fix this glitch (i.e. v2.3 and up). So now, in this step, we are going to Update our old APKTool of v2.2.2 into APKTool 2.3.4 (in my case) MANUALLY.

  • Follow the instructions very carefully, because this is the most important step of this Tutorial. Following instructions are actually taken from HERE . I`ve only simplified the whole process :)
  • Okay... First, download the latest version of APKTool from HERE . In my case, it is like this:
  • Download apktool_(Latest version).jar , after downloading it, rename it to apktool.jar .
  • Then, Download this File , and rename it to apktool (better copy all the script inside the link and save it as apktool OR save the entire link as apktool).
  • Move both files (apktool.jar & apktool) to:

1). /usr/local/bin
2). /usr/local/sbin
3). /usr/bin
4). /usr/sbin
(Just Replace them from the previous ones, if it asks about it)

  • Make them Executable by executing these command in Terminal (anywhere):


sudo chmod +x /usr/local/bin/apktool
sudo chmod +x /usr/local/bin/apktool.jar

sudo chmod +x /usr/local/sbin/apktool
sudo chmod +x /usr/local/sbin/apktool.jar

sudo chmod +x /usr/bin/apktool
sudo chmod +x /usr/bin/apktool.jar

sudo chmod +x /usr/sbin/apktool
sudo chmod +x /usr/sbin/apktool.jar

— Execute one after another
  • U can move to /usr/local/sbin etc like this in the screenshot (Above & Below)
  • Now, update (reinstall) the APKTool, to fix possible errors:

sudo apt-get reinstall apktool aapt

— Press 'y' for confirmation
  • Now, enter the command apktool anywhere to verify the version you have downloaded before.

As you can see, we have now APKTool v2.3.4 .

  • This Step was the MAIN STEP of this Guide (Tutorial). All the Other steps are very easy to follow.

Step 2: Embedding Payload in Original APK File (TheFatRAT)

  • Alright, Now it is time to embed our payload in an Original APK File. First of all, Activate TheFatRAT by executing this command in Terminal:


— You can also find it in Main Menu and create shortcut

The TheFatRAT will take a few seconds to start up (Internet is not Required).

  • Finally, it will look like this:
  • Select option #5 from there, and fill the required fields for the Payload file, which is to be embedded in the original .apk file (Here I`m gonna use LHOST= , LPORT=4444 , Just for an example), as shown in screenshot:
  • Now, it will ask about the location (Path) of the apk file. Give it the path of Original APK File (most annoying thing at all!). Mine original apk file` name is voice.apk , which is located in root directory, that`s why, I`m giving this path:
  • Then it will ask about the type of payload. Choose the desired option (Option #3 is Highly Recommended!). I`m also gonna select option #3.
  • Now, the important thing comes; 'The Use of METHOD'. Method #1 is recommended, but if it does`nt work , try to Use 2nd Method (TheFatRAT`s Method). Anyways, Method #1 mostly works fine for me.
  • After selecting the method, wait for a minute, and your APK File with Embedded Payload will be created in /root/TheFatRat/backdoored/apk-backdoor.apk .
  • If you see the screen, as shown above, then

BINGO!!!!! You have successfully embedded the msf payload in an original apk file.

  • But, if it fails to Recompile, or failes to find hook in smali files, then use the OLD THEFATRAT's METHOD to do so. If it also fails, then it means that the APK file is somehow PROTECTED or Encrypted. So, never waste your time in Embedding Payload in non-penetrable APK file.
  • Now start the Meterpreter session or not (when asked by TheFatRAT at the end), it is your choice (I`m not gonna opening it, because I`ve already explained the whole process in detail, in my previous Guides).

You can also use Evil-Droid for this method, but the problem is, that it may not run on WSL and UserLAnd Environments. It only works on PURE KALI ROLLING Environment (Sometimes).


This information is for Educational Purposes ONLY. I`ll not be responsible of any Negative or Illegal use of this information. Also if you face any type of errors, or if you think that I`ve missed something, then tell me in Comments Section. I`ll find the Suitable Solution for that. Anyways, Just use these tricks for FUN... Not for doing Illegal work. We are all Eth1c4L H4ck3Rs, and we never invade people` Privacies.

Alright..., Thanks for reading my Thread (You can also join our Social Media Groups for more information and Guides). BEST OF LUCK ...!!!

If You Liked My Guide, Then Don't Forget to Give Feedback ...!!!

!!!...===> Best Of Luck <===...!!!

  • Your Friend :
  • H4ck3R_777

22 Responses

If You Liked My Guide, Then Don't Forget to Vote Up This Comment & Giving Feedback ...!!!

!!!...===> Best Of Luck <===...!!!

how can you avoid eset antivirus on android ?

  • I'll explain in Part-II

EDIT: I'm not publishing Part-II . U can use Evil-Droid on your own device. BTW, that's very glitchy software. TheFatRAT is far better than that

Why it is not possible with termux??

  • Because ApkTool v2.3.4 can't be installed on TermuX (for now). But if we find a successful way to install apktool v2.3.4 in Termux, then we will be able to to all the process with TermuX. We all have to find a way to install ApkTool v2.3.4 in TermuX. I'm also on to it.

after I deleted aapt file and run the fatrat
i got this messege
x::warning:this script require aapt to work

!::Run to install aapt
why :( ?

Sorry for inconvenience , I`ve updated the Commands

I need Help please
Can you contact me?

Still im getting in Embedding payload can u please give me the part-2 Link

  • I planned to write part 2, but Evil-Droid is a buggy tool. It works only on a few Devices.

I have installed fatrat successfully in my kalinethunter. But when im embedding apk it is saying unable to recompile ,i used old fatrat method too but no chenge. Please help me. Thanks in advance

Most probably, the issue is with apktool. Check the version of apktool. If it's 2.2.2 . If it is, then update the apktool as guided in 1st step.

Your genius man I am trying to embed this for 2 years

Downloads# sudo apt-get install apktool aapt
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package apktool
E: Unable to locate package aapt

can you help me with this

  • Your sources.list file is corrupt

Failed to recompile original project with backdoor
after following all the steps

  • It's mean your apktool is older, or the APK file is Advanced Encrypted. Try another.

To All Latest Commenteers:

  • I've recently UPDATED my guide with an improved method of FINDING THE BUG ... !!!
  • Check It out Please
  • Android manifest permission options:

) Keep original
2) Merge with payload and shuffle
? Please select an Android manifest permission option: 1
* Decompiling original APK file...done.
* Locating smali file to hook in original project...done.

  • Package where RAT smali files will be injected: ru/zdevs/zarchiver
  • Smali file to hook RAT payload: ru/zdevs/zarchiver/ZApplication.smali

Generating RAT APK file...done.
* Decompiling RAT APK file...done.

  • Keeping permissions of original project

Injecting helpful Java classes in RAT APK file...done.
* Creating new directory in original package for RAT smali files...done.

  • Inject package path: ru/zdevs/zarchiver/foetp
  • Generated new smali class name for MainBroadcastReceiver.smali: Rnhmr
  • Generated new smali class name for MainService.smali: Iihqk
  • Generated new smali class name for Payload.smali: Ubomy
  • Generated new smali class name for StringObfuscator.smali: Xjtte
  • Generated new smali method name for StringObfuscator.obfuscate method: nmbac
  • Generated new smali method name for StringObfuscator.unobfuscate method: nxblo

Copying RAT smali files to new directories in original project...done.
* Fixing RAT smali files...done.
* Obfuscating const-string values in RAT smali files...done.
* Adding hook in original smali file...done.

  • Unable to add persistence hook due to missing permission

Recompiling original project with backdoor...done.
! Failed to recompile original project with backdoor

Press ENTER key to continue to return to fatrat menu

how to solve help plz

Hlo bro i have a doubt which apk file would be install in victims phone updater.apk (or)updater-sign.apk .... I Installed updater-sign apk in my victims phone it doesn't opening in victims phone and no session are opened in my phone....pls help me..

Share Your Thoughts

  • Hot
  • Active