version 1.3
This POC script embeds an metasploit generated android payload to any other APKs.
It just automates the following:-
[+] Copying payload smali files into target app.
[+] Finding target app's MainActivity smali file.
[+] Finding Hookpoint and adding hook there.
[+] Writing permissions in the Androidmanifest.xml
[+] Compile the infected app.
[+] Signing.
There are some apps like FacebookLite which are a little protected by this method. The MainActivity smali file specified in the Manifest is not present. And there are also some other apps that throw some errors on decompiling. May take a while to fix.
And a Special Thanks to TheSpeedX for optimising this script.
Just make sure apktool and apksigner are properly installed.
NOTE FOR TERMUX:- It wasnt possible for this script to run in termux in the previous version because its apktool cant decompile apps properly, but thanks to Hax4us's APKMOD, its now possible. Run termux-install.sh
to install it and other dependencies.
python3 main.py path/to/payload.apk path/to/any/app.apk path/to/save/the/final/app/with/name.apk
example:- python3 main.py /sdcard/somepayload.apk /sdcard/Whatsapp.apk /sdcard/Whatsapp_Infected.apk
Telegram:- @R37R0_GH057
Discord:- Ken Kaneki#2895