c91660bc54
Bump the minimum version of apktool
...
Bump the minimum version of apktool to avoid CVE-2024-21633
2024-01-10 16:19:21 -05:00
8525849763
Msf::Payload::Apk: Bump apktool minimum required version to 2.7.0
2023-04-10 21:07:25 +10:00
b19ab03da1
Msf::Payload::Apk: apktool: Decompile only main classes
2023-02-25 01:08:20 +11:00
bbf9e3163a
Fix file reads on Windows for binary files
2022-03-21 12:47:39 +00:00
a4956bfe7c
Land #16358 , fix apk injection on some apks by finding the correct hook point
2022-03-21 07:36:00 +00:00
d9bd985cef
Msf::Payload::Apk: find_hook_point: Return full packagename.classname
2022-03-19 21:08:02 +00:00
fe70296f1e
Msf::Payload::Apk: Try rebuilding APK with AAPT2 if rebuilding APK fails
2022-03-13 14:35:15 +00:00
df81a48e4a
Land #16332 , fix zipalign to align shared object files
2022-03-13 12:48:22 +00:00
d28a172ab4
Msf::Payload::Apk: Extract cert details from APK files not JAR signed
...
Since Android 11, APK contents must be signed with signature scheme
v2 or higher (v2/v3/v4). In order to maintain compatibility with
older versions of Android, APKs can also be signed with v1 (after
first signing with v2/v3/v4), but this is not mandatory.
When using a template apk file, the APK library now attempts to
extract signing scheme v1 certificate details (using keytool)
and falls back to extracting v2/v3/v4 certificate details (using
apksigner) if the APK is not signed with signing scheme v1.
Fixes #16295 .
2022-03-12 18:40:37 +00:00
6ae54566b6
Msf::Payload::Apk: zipalign: align APK stored shared object files
2022-03-12 18:22:34 +00:00
7bb575a24e
Msf::Payload::Apk: Replace jarsigner with apksigner
...
This allows signing APK files with Signature Scheme v2/v3/v4.
2022-03-06 13:50:38 +00:00
be928f9154
Msf::Payload::Apk: raise if apktool output includes Java exceptions
2022-03-05 15:32:24 +00:00
ac72803543
Msf::Payload::Apk: raise if APK is unsigned or generating new key fails
2022-03-05 05:36:24 +00:00
2cd6e66791
Land #16269 , Msf::Payload::Apk: Check Java is installed and apktool.jar exists
2022-03-04 11:33:34 +00:00
69f7008a07
Msf::Payload::Apk: raise if keytool cannot parse APK file or certificate
2022-03-04 08:10:37 +00:00
03419e8a19
Msf::Payload::Apk: Check Java is installed and apktool.jar exists
2022-03-04 06:39:51 +00:00
ef135a8440
Msf::Payload::Apk: Print warning if apktool version < 2.5.1
2022-03-02 06:31:43 +00:00
4fe7375341
Msf::Payload::Apk: Fix apktool version check
2022-02-27 05:33:00 +00:00
319f15d938
Handle nil versions for rubygems 4
2021-02-25 16:47:49 +00:00
1617b3ec9b
Use zeitwerk for lib/msf/core folder
2020-12-07 10:31:45 +00:00
d1528cc0aa
Paramaterise args to popen3()
2020-10-20 08:12:33 +10:00
64695f1354
initial commit
2019-08-24 13:42:22 +08:00
08c196c5d5
show the output of apktool if injection fails
2018-10-05 14:11:36 +08:00
2529fdf322
Fix issue #8887 , when injecting into an existing .apk file on windows
2018-08-10 05:43:26 -04:00
c3fa30707d
fix #8879 , fix APK injection edge cases
2017-09-11 12:03:20 +08:00
601131f236
hook Application class if found
2017-03-01 19:22:42 +08:00
ee8b70e0df
fix permission shuffling
2017-03-01 14:38:47 +08:00
063d999a64
randomize the payload, service and broadcast receiver names
2017-03-01 14:20:31 +08:00
64e7f13067
improve error detection
2017-01-19 16:40:35 +07:00
c1e30b632b
fix #7725 , inject into the Activity constructor
2017-01-19 16:24:26 +07:00
f8f764aefc
fix #7617 , invalid register when hooking smali code
2017-01-19 14:52:30 +07:00
daae46d37b
Fixes #7552 , fix apk injection into proguarded apks
2016-11-21 15:05:59 +08:00
cd01b07682
Land #7565
...
Lands print_bad and vprint_bad from todb-r7
2016-11-18 13:29:39 -05:00
927e195e28
Generate payload apk from permissionless apk
2016-11-16 00:48:10 -04:00
1deacad2be
Add a print_bad alias for print_error
...
Came up on Twitter, where Justin may have been trolling a little:
https://twitter.com/jstnkndy/status/798671298302017536
We have a `print_good` method, but not a `print_bad`, which seems a
little weird for Ruby -- opposite methods should be intuitive as Justin
is implying.
Anyway, I went with alias_method, thanks to the compelling argument at
https://github.com/bbatsov/ruby-style-guide#alias-method
...since Metasploit is all about the singleton, and didn't want to risk
some unexpected scoping thing.
Also dang, we define the `print_` methods like fifty billion times!
Really should fix that some day.
2016-11-15 19:20:42 -06:00
c0e839dfd9
Fixes keytool bug in APK inject code
2016-11-11 06:12:47 -08:00
b8e30a241e
Copy original cert data into new signing cert created for APK injection
2016-10-20 08:43:45 -07:00
d7ac8eba45
Create new signing certificate with dname value copied from original certificate.
2016-10-15 14:05:53 -07:00
e5ac3eda61
Land #7362 , Fix apk injection script to include android payload service and broadcast receivers
2016-10-11 07:54:10 -05:00
b06a3d3c68
Refactor code that calls zipalign on injected APK
2016-09-29 07:49:50 -07:00
e8d99fb3f5
Run zipalign as last step during APK injection process
...
Running zipalign on an APK after signing and before distribution
is considered general best practice. Also, properly aligning an APK
makes it less likely to be flagged as suspicious by mobile security
solutions.
More on zipalign from Google:
https://developer.android.com/studio/command-line/zipalign.html
2016-09-28 20:05:17 -07:00
a39c4965e4
fix apk injection script to include payload service and receivers
2016-09-26 19:50:10 +08:00
9ebe18d096
automatically generate keystore for apk signing
2016-09-01 10:19:58 +01:00
5d0e868fd6
facebook.orca fixes
2015-12-24 12:21:08 +00:00
69b65e7d39
fix error handling
2015-12-24 09:13:56 +00:00
eeea4bde9d
integrate ./msfvenom -x for android payloads
2015-12-22 15:58:27 +00:00
662a6dfd53
¯\_(ツ)_/¯
2015-12-22 14:49:00 +00:00
Spencer McIntyre