GithubHelp home page GithubHelp logo

odensc / janus Goto Github PK

View Code? Open in Web Editor NEW
80.0 80.0 24.0 4 KB

Python script to create an Android APK exploiting the Janus vulnerability.

License: MIT License

Python 100.00%
android janus security

janus's People

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar

Forkers

dstmath shuixi2013 yege0201 jeperez disane qqwh avaudioplayer takboo bluekezhou huixhzheng tsondt xifeng6 itestings cs8425 kungia09 cen123456 anuragdwivedy zorfree aerodigital minxin jhonelpe realradioactive hackeymonkey mang0cola

janus's Issues

Congratulations on this code making it on the small screen.

Your code looks very similar to the style of fictional character Matilda "Mattie" Hawkins from the British TV series, Humans ;)

Background

The code from this repository was briefly shown at the end of the fourth episode of season three. It was accompanied with the dialog that the code's style match to code unseen in a previous episode.

Closing

I was quite excited when a search picked up this code and also saw that it was for an exploit for Android given the TV show focuses on humanoid androids called Synthetics ;)

Not working

I tried it on a vulnerable apk. I generated the .dex file with msfvenom than I used this tool to inject my payload.dex. However, if I analyze the generated apk with jadx-gui, I cannot find any references to my evil payload (metasploit). Do you know why? Am I doing something wrong?

Didn't find class * on path: DexPathList

I joined "Hello world" .dex file to DIVA.apk (https://github.com/payatu/diva-android) and other apps and tested on Android Emulator 6.0.
Output application couldn't run and failed with messages:

04-24 00:09:29.595  3821  3834 D DefContainer: Copying /data/local/tmp/diva-hack1.apk to base.apk
04-24 00:09:29.681  1899  1923 I PackageManager.DexOptimizer: Running dexopt (dex2oat) on: /data/app/vmdl92185492.tmp/base.apk pkg=jakhar.aseem.diva isa=x86 vmSafeMode=false debuggable=true oatDir = /data/app/vmdl92185492.tmp/oat
04-24 00:09:30.811  1899  1923 V BackupManagerService: restoreAtInstall pkg=jakhar.aseem.diva token=5 restoreSet=0
04-24 00:09:36.495  1899  3352 I ActivityManager: START u0 {act=android.intent.action.MAIN cat=[android.intent.category.LAUNCHER] flg=0x10200000 cmp=jakhar.aseem.diva/.MainActivity (has extras)} from uid 10009 on display 0
04-24 00:09:36.517  1899  2142 I ActivityManager: Start proc 4567:jakhar.aseem.diva/u0a65 for activity jakhar.aseem.diva/.MainActivity
04-24 00:09:36.564  4580  4580 W dex2oat : /system/bin/dex2oat --runtime-arg -classpath --runtime-arg  --instruction-set=x86 --instruction-set-features=smp,ssse3,-sse4.1,-sse4.2,-avx,-avx2 --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/app/jakhar.aseem.diva-1/base.apk --oat-file=/data/dalvik-cache/x86/data@[email protected]@[email protected]
04-24 00:09:36.565  4580  4580 E dex2oat : Failed to create oat file: /data/dalvik-cache/x86/data@[email protected]@[email protected]: Permission denied
04-24 00:09:36.571  4567  4567 W art     : Failed execv(/system/bin/dex2oat --runtime-arg -classpath --runtime-arg  --instruction-set=x86 --instruction-set-features=smp,ssse3,-sse4.1,-sse4.2,-avx,-avx2 --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/app/jakhar.aseem.diva-1/base.apk --oat-file=/data/dalvik-cache/x86/data@[email protected]@[email protected]) because non-0 exit status
04-24 00:09:36.579  4567  4567 E AndroidRuntime: Process: jakhar.aseem.diva, PID: 4567
04-24 00:09:36.579  4567  4567 E AndroidRuntime: java.lang.RuntimeException: Unable to get provider jakhar.aseem.diva.NotesProvider: java.lang.ClassNotFoundException: Didn't find class "jakhar.aseem.diva.NotesProvider" on path: DexPathList[[zip file "/data/app/jakhar.aseem.diva-1/base.apk"],nativeLibraryDirectories=[/data/app/jakhar.aseem.diva-1/lib/x86, /data/app/jakhar.aseem.diva-1/base.apk!/lib/x86, /vendor/lib, /system/lib]]
04-24 00:09:36.579  4567  4567 E AndroidRuntime: Caused by: java.lang.ClassNotFoundException: Didn't find class "jakhar.aseem.diva.NotesProvider" on path: DexPathList[[zip file "/data/app/jakhar.aseem.diva-1/base.apk"],nativeLibraryDirectories=[/data/app/jakhar.aseem.diva-1/lib/x86, /data/app/jakhar.aseem.diva-1/base.apk!/lib/x86, /vendor/lib, /system/lib]]
04-24 00:09:36.579  4567  4567 E AndroidRuntime: 	Suppressed: java.lang.ClassNotFoundException: jakhar.aseem.diva.NotesProvider
04-24 00:09:36.580  1899  3352 W ActivityManager:   Force finishing activity jakhar.aseem.diva/.MainActivity
04-24 00:09:36.893  1899  3352 I WindowManager: Screenshot max retries 4 of Token{7e43c3 ActivityRecord{8676372 u0 jakhar.aseem.diva/.MainActivity t14 f}} appWin=Window{6c2683b u0 Starting jakhar.aseem.diva} drawState=3
04-24 00:09:37.396  1899  1913 W ActivityManager: Activity pause timeout for ActivityRecord{8676372 u0 jakhar.aseem.diva/.MainActivity t14 f}
04-24 00:09:39.272  1899  1910 I ActivityManager: Process jakhar.aseem.diva (pid 4567) has died

What is the problem?
Thanks!

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.