-
Notifications
You must be signed in to change notification settings - Fork 399
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[!] Failed to verify signed artifacts #25
Comments
me too , i have kali linux 2018.3 and evildroid 0.3 |
iam also got this issue |
Same |
Use different types of apk's which are below 15mb to 10mb
…On Sun, 14 Oct 2018, 12:23 pm moonwolf63x, ***@***.***> wrote:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ]
[
*] Generating apk payload [
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ] [*]
Removing 1.apk framework file...
[ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ]
[
*] Decompiling Original APK... [
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ] [*]
Decompiling Payload APK...
[ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ]
[
*] Adding permission and Hook Smali [
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ]
################################################################## inject
Smali: com/dotgears/flappy/SplashScreen.smali In line:17
################################################################## [
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ] [*]
Rebuilding Backdoored APK...
[ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ]
[
*] Checking for ~/.android/debug.keystore for signing... [
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ] [*]
Attempting to sign the package with your android debug key
[ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ]
[*] Verifying signed artifacts...
[ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ]
*[!] Failed to verify signed artifacts*
Is there any solution?? Help US..
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#25>, or mute the thread
<https://github.com/notifications/unsubscribe-auth/AoC_-wW-sDwHfAI_AaiRrTY0np8j74IUks5ukt9rgaJpZM4Xa_Y5>
.
|
use 1.8 mb apk file and still not working, really need help here |
I'm also gonna looking for the same issue, anyone please help me. |
I find a solution which fixed the problem on my side. See here : #5 (comment) |
guys its gonna work for apks...with old versions... For the newer versions it is not gonna work |
need help on lower versions then I can... |
Is this issue still considered? Because it's one of the worst bug for this tool, since it becames useless with the failure of the apk validation |
you have any idea how to fix this ? |
Error still exists, is anyone working to fix this? |
Finally Guys I've figured it out..... Selection Path Priority Status0 /usr/lib/jvm/java-13-openjdk-amd64/bin/java 1311 auto mode
Press to keep the current choice[*], or type selection number: 3 |
Facing the same problem |
WHY!!!!! using these tools man......u can manually bink any apk to msfvenom apk ... 100% working with stable meterpreter ! Till victim uses it ... We can bind it with a chess application so make victim to play a game..mostly u will get 10 min or max 15 min ..in this u can download his internal memory ASAP!! I can help u with tht |
I updated my linux and it kinda sucks, i try embedding my payload to an apk
with msfveom and it doesn't go through. " jarsigner not found " and cant
probe further.Evil-droid cant verify signed artifacts too.
…On Mon, 11 May 2020, 08:41 hack69, ***@***.***> wrote:
WHY!!!!! using these tools man......u can manually bink any apk to
msfvenom apk ... 100% working with stable meterpreter ! Till victim uses it
... We can bind it with a chess application so make victim to play a
game..mostly u will get 10 min or max 15 min ..in this u can download his
internal memory ASAP!! I can help u with tht
Select the apk according to victim! peace
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#25 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/APQPK3WVU7JI6WE4M6JLBULRQ6FXBANCNFSM4F3L6Y4Q>
.
|
Try the manual method |
Am on it
…On Mon, 11 May 2020, 12:09 hack69, ***@***.***> wrote:
Try the manual method
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#25 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/APQPK3S7I5CCCGT43WFEDHDRQ66EDANCNFSM4F3L6Y4Q>
.
|
Yeah !
On Mon, 11 May 2020, 2:43 pm christopher241, <notifications@github.com>
wrote:
… Am on it
On Mon, 11 May 2020, 12:09 hack69, ***@***.***> wrote:
> Try the manual method
>
> —
> You are receiving this because you commented.
> Reply to this email directly, view it on GitHub
> <
#25 (comment)>,
> or unsubscribe
> <
https://github.com/notifications/unsubscribe-auth/APQPK3S7I5CCCGT43WFEDHDRQ66EDANCNFSM4F3L6Y4Q
>
> .
>
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#25 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AKAL76ZSFYLSRAAZK3K3BX3RQ66TNANCNFSM4F3L6Y4Q>
.
|
I already had java8 setted, do you have discord please so we can look deeper into this? |
After looking into this, looks like Evil-Droid fails to verify artifacts only with original apk's. If you have the OS installed with english US, and you set your java version to 8, it will owrk good with msf-venom apk's and AV bypass (option 4). But for original apk's, you better use the nsfvenom option. The apk mustn't be big a lot or it will fail too. |
same here how to solve this error |
FIXED THIS ISSUE! So I tried the replacing method of the apktool.jar to the latest from their website as described above, but the problem was persisting, then after a research, upon finding out the debug.keystore hidden in the /root/.android/ directory, i just deleted the file and started the whole process again and voila! Hope this helps. Originally posted by @officialbatman in #5 (comment) |
officialbatman |
Everything is Up-To-Date 😎: 02 Dec 2020 - Apktool v2.5.0 Released January 2021 - Kali 2021.1 Released *** To Be Noted - Metasploit Vulnerabilities and be used on a target with Android 5.5.1 - 8.0 UNDETECTED, the newer versions have the security patches which can easily detect the Metasploit-Q and warns the users of the threat and grants no permissions to the payload - Hence No access, unless manually granted by the targets phone. Hope this helps and saves your time 🤠 |
The problem comes from the use of an outdated apktool.jar by ED (Evil-droid) By looking on the source code and Evil-droid files, we can notice than ED don't use system apktool software, but embed its own one. It is located in Evil-Droid-master/tools/apktool.jar. The version of this specific file is apktool 2.2.4. But according to the main website, the version is 2.4.0 at the time of writing this (https://ibotpeaches.github.io/Apktool). So you have to replace Evil-Droid-master/tools/apktool.jar by an updated apktool.jar downloaded directly from the main website. In practice :
I just tested and it works on my side. |
I too got this error I think the problem is in the apk file. |
update apktool |
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ]
[] Generating apk payload
[ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ]
[] Removing 1.apk framework file...
[ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ]
[] Decompiling Original APK...
[ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ]
[] Decompiling Payload APK...
[ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ]
[] Adding permission and Hook Smali
[ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ]
##################################################################
inject Smali: com/dotgears/flappy/SplashScreen.smali
In line:17
##################################################################
[ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ]
[] Rebuilding Backdoored APK...
[ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ]
[] Checking for ~/.android/debug.keystore for signing...
[ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ]
[] Attempting to sign the package with your android debug key
[ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ]
[*] Verifying signed artifacts...
[ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ]
[!] Failed to verify signed artifacts
Is there any solution?? Help US..
The text was updated successfully, but these errors were encountered: