Skip to content

Alepacox/Advanced-Android-Hidden-Backdoor

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

22 Commits

.idea

.idea

 
 

app

app

 
 

gradle/wrapper

gradle/wrapper

 
 

.gitignore

.gitignore

 
 

Advanced-Android-Hidden-Backdoor.iml

Advanced-Android-Hidden-Backdoor.iml

 
 

MsfvenomBackdooredAPK.iml

MsfvenomBackdooredAPK.iml

 
 

README.md

README.md

 
 

advanced-embedding-backdoor-android.iml

advanced-embedding-backdoor-android.iml

 
 

build.gradle

build.gradle

 
 

gradle.properties

gradle.properties

 
 

gradlew

gradlew

 
 

gradlew.bat

gradlew.bat

 
 

msfvenom-modified.iml

msfvenom-modified.iml

 
 

payload.jar

payload.jar

 
 

settings.gradle

settings.gradle

 
 

Repository files navigation

Advanced Android Hidden Backdoor

This kind of backdoor differs from any other seen in this context because it goes beyond their typical limitations. It can be hidden in any other application and it is resistant to rebooting or connectivity drop (thanks to Giovanni Colonna code that modified the msfvenom generated code, link here). The peculiarity of this implementation that allows this behaviour is that the activity of the backdoor is completly unrelated with the host app startup.

The backdoor is invoked by two events:

  • The phone has been switched on or rebooted.
  • There has been a connectivity change

In this two cases, the connectivity is checked:

  • if the phone is connected, the backdoor tries to instantiate the connection with the attacker and launches a background service that retry every X minutes. (Preconfigured at 30 minutes)
  • if it is disconnected and the service has been launched, the backdoor's background service is killed.

The service will show in the list of all processes with the name of the host app

HOW TO

This procedure allows you to insert the backdoor code inside the host application without modifying its original code (unlike any other backdoor seen before).

Decompile the generated backdoor apk and, if not already done before the compilation, modify attacker's host and port in the /app/src/main/java/livingbox/Connect.java(String URL line). Then decompile the app we want to insert the code in, copy all the files in /app/src/main/java/livingbox/ to a new subfolder in the original decompiled app, in /smali/livingbox (you have to create it).
After all, modify the original AndroidManifest adding the missing permission and the rest of the lines about service and receiver wrote in this project's AndroidManifest.
Rebuild the original app and sign it!

In order to make the backdoor working, you need to launch the host app at least one time.

Permission needs to be granted to the host app in order to access the particular resources you are asking for.

Created for research purposes. Use only on devices you are authorized to do so. Use it at your own risk.

Tested on Nexus 5, Android 7.1.1

About

Modified backdoor code plus new embedding technique

Topics

android backdoor msfvenom metasploit

Resources

Readme
Activity

Stars

35 stars

Watchers

5 watching

Forks

8 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Java 100.0%