Hide Android Payload(0 Level Icon,Android Payload Obfuscation, FUD):
Disclaimer : This is only for educational purpose do not try to hack anyone without their permission. Hacking is illegal do it in your own lab environment.
Hi,
I am Aman, In this blog i am going to show you how you can create a hidden payload for android. This is important because you don’t want to expose you payload to victim when you are hacking into someone’s android phone. So lets start by create a payload by Metasploit(You can read my previous blog here to know how to create android payload). I am using Linux but you can use Windows also to do so.
Before start we need to install some tools like
(1): zipalign || install it by command “sudo apt install zipalign”
(2): apktool || download it from here.
(3): java || install it by command “sudo apt install default-jdk”
After installation we good to go, So lets start.
First we Decompile the payload by apktool by following command(fig-2.0):
~$ apktool d [Payload_Name.apk]
Now we can change into application code, So first we go to the folder where we decompile the application and open AndroidManifest.xml file.
AndroidManifest.xml file contains essential information about your app to the Android build tools, all permissions and all.
Here we edit the app’s icon location and app’s name and change to its icon location below i give you some code you need to copy and save it into a .xml file we will replace app icon by this code to make app icon transparent, so it will be hidden into phone.
<?xml version="1.0" encoding="utf-8"?>
<shape
xmlns:android="http://schemas.android.com/apk/res/android">
<solid android:color="#00ffffff" />
</shape>
Now we look for where the app icon is located. We can find it into AndroidManifest.xml file. it could be ‘ android:icon=“@[location/icon]” ’ . In metasploit’s payload we do not get this so we add this by ourself.
First we go into /res file and create a folder named mipmap. In mipmap folder we will put the above code in a .xml file.
Now we will edit our AndroidManifest.xml file to point this .xml file as icon.We will edit into application section to add code to point android icon.
In above image we change the app icon now we will erase the app name to make it hidden application name we can find under “ /values/string.xml ”.
Now lets edit the string.xml file for erase app name(fig-9.0).
Now we done now lets recompile this file to create a application by following command(fig-10.0).
~$ apktool b [File_Name] -o [output_Name.apk]
After successful recompilation we need to sign into the application we can do it manually by java but also you can do it automatically by android application from play store(App_name: apk-signer) or download from this link here.
For sign in to the app we need to create a key, to do so you can use following command:
~$ keytool -genkey -v -keystore my-release-key.keystore -alias your-key-alias -keyalg RSA -keysize 2048 -validity 10000When you execute this command it will ask you some question like passkey, you name, ..etc fill it what ever you want after that it will a key file that we use for signing into application(fig-11.0).
Now we use following command to sign into application. Use the same password that you created previously.
~$ jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.keystore [App_name.apk] your-key-alias
Now we are done now lets test the app by installing it(fig-13.0).
This way you can hide you payload and victim will can’t find it.
