Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[!] Failed to verify signed artifacts #25

Open
moonwolf63x opened this issue Oct 14, 2018 · 28 comments
Open

[!] Failed to verify signed artifacts #25

moonwolf63x opened this issue Oct 14, 2018 · 28 comments

Comments

@moonwolf63x
Copy link

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ]
[] Generating apk payload
[ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ]
[] Removing 1.apk framework file...
[ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ]
[] Decompiling Original APK...
[ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ]
[] Decompiling Payload APK...
[ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ]
[] Adding permission and Hook Smali
[ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ]
##################################################################
inject Smali: com/dotgears/flappy/SplashScreen.smali
In line:17
##################################################################
[ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ]
[] Rebuilding Backdoored APK...
[ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ]
[] Checking for ~/.android/debug.keystore for signing...
[ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ]
[] Attempting to sign the package with your android debug key
[ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ]
[*] Verifying signed artifacts...
[ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ]
[!] Failed to verify signed artifacts

Is there any solution?? Help US..
@coluccigiovanni16
Copy link

me too , i have kali linux 2018.3 and evildroid 0.3

@vkyz
Copy link

vkyz commented Mar 26, 2019

iam also got this issue
any solution for this?

@aryansoni1108
Copy link

Same

@ShailendraKumarBellary
Copy link

ShailendraKumarBellary commented Apr 4, 2019 via email

@PhantomX15
Copy link

Use different types of apk's which are below 15mb to 10mb

On Sun, 14 Oct 2018, 12:23 pm moonwolf63x, @.**> wrote: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ] [ ] Generating apk payload [ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ] [] Removing 1.apk framework file... [ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ] [ ] Decompiling Original APK... [ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ] [] Decompiling Payload APK... [ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ] [ ] Adding permission and Hook Smali [ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ] ################################################################## inject Smali: com/dotgears/flappy/SplashScreen.smali In line:17 ################################################################## [ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ] [] Rebuilding Backdoored APK... [ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ] [ ] Checking for ~/.android/debug.keystore for signing... [ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ] [] Attempting to sign the package with your android debug key [ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ] [] Verifying signed artifacts... [ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ] [!] Failed to verify signed artifacts Is there any solution?? Help US.. — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#25>, or mute the thread https://github.com/notifications/unsubscribe-auth/AoC_-wW-sDwHfAI_AaiRrTY0np8j74IUks5ukt9rgaJpZM4Xa_Y5 .

use 1.8 mb apk file and still not working, really need help here

@irfankhan090
Copy link

I'm also gonna looking for the same issue, anyone please help me.

@Wh1teR4bb1t
Copy link

I find a solution which fixed the problem on my side. See here : #5 (comment)

@gvj861
Copy link

gvj861 commented Oct 4, 2019

guys its gonna work for apks...with old versions...

For the newer versions it is not gonna work

@gvj861
Copy link

gvj861 commented Oct 4, 2019

need help on lower versions then I can...
but higher versions not allowing for signed artifacts

@Fabxx
Copy link

Fabxx commented Oct 23, 2019

Is this issue still considered? Because it's one of the worst bug for this tool, since it becames useless with the failure of the apk validation

@Lucky97
Copy link

Lucky97 commented Dec 24, 2019

Is this issue still considered? Because it's one of the worst bug for this tool, since it becames useless with the failure of the apk validation

you have any idea how to fix this ?
and can you tell me other working tool? i try the rat but got some errors

@andreicadar
Copy link

Error still exists, is anyone working to fix this?

@TheLegendKillerLK
Copy link

Finally Guys I've figured it out.....
The indeed problem is that the Java sdk that is used by kali by default to recompile the App with the backdoor that we have genarated is the latest version and Evil droid or any backdoor creator can't exploit it to recompile....So we need to set the java version to JAVA SDK 8..To do so check out the following method....
Open Terminal and Type Following...
update-alternatives --config java
select java 8 number 3
root@Kalivil:~# update-alternatives --config java
There are 3 choices for the alternative java (providing /usr/bin/java).

Selection Path Priority Status

0 /usr/lib/jvm/java-13-openjdk-amd64/bin/java 1311 auto mode
1 /usr/lib/jvm/java-11-openjdk-amd64/bin/java 1111 manual mode
2 /usr/lib/jvm/java-13-openjdk-amd64/bin/java 1311 manual mode

  • 3 /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java 1081 manual mode

Press to keep the current choice[*], or type selection number: 3
Then Hit Enter
The Problem will be Solved...

@christopher241
Copy link

Facing the same problem

@ShailendraKumarBellary
Copy link

WHY!!!!! using these tools man......u can manually bink any apk to msfvenom apk ... 100% working with stable meterpreter ! Till victim uses it ... We can bind it with a chess application so make victim to play a game..mostly u will get 10 min or max 15 min ..in this u can download his internal memory ASAP!! I can help u with tht
Select the apk according to victim! peace

@christopher241
Copy link

christopher241 commented May 11, 2020 via email

@ShailendraKumarBellary
Copy link

Try the manual method

@christopher241
Copy link

christopher241 commented May 11, 2020 via email

@ShailendraKumarBellary
Copy link

ShailendraKumarBellary commented May 11, 2020 via email

@Fabxx
Copy link

Fabxx commented May 18, 2020

Finally Guys I've figured it out.....
The indeed problem is that the Java sdk that is used by kali by default to recompile the App with the backdoor that we have genarated is the latest version and Evil droid or any backdoor creator can't exploit it to recompile....So we need to set the java version to JAVA SDK 8..To do so check out the following method....
Open Terminal and Type Following...
update-alternatives --config java
select java 8 number 3
root@Kalivil:~# update-alternatives --config java
There are 3 choices for the alternative java (providing /usr/bin/java).

Selection Path Priority Status

0 /usr/lib/jvm/java-13-openjdk-amd64/bin/java 1311 auto mode
1 /usr/lib/jvm/java-11-openjdk-amd64/bin/java 1111 manual mode
2 /usr/lib/jvm/java-13-openjdk-amd64/bin/java 1311 manual mode

  • 3 /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java 1081 manual mode

Press to keep the current choice[*], or type selection number: 3
Then Hit Enter
The Problem will be Solved...

I already had java8 setted, do you have discord please so we can look deeper into this?

@Fabxx
Copy link

Fabxx commented May 24, 2020

After looking into this, looks like Evil-Droid fails to verify artifacts only with original apk's. If you have the OS installed with english US, and you set your java version to 8, it will owrk good with msf-venom apk's and AV bypass (option 4). But for original apk's, you better use the nsfvenom option. The apk mustn't be big a lot or it will fail too.

@DBreh99
Copy link

DBreh99 commented Jan 2, 2021

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ]
[] Generating apk payload [ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ] [] Removing 1.apk framework file...
[ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ]
[] Decompiling Original APK... [ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ] [] Decompiling Payload APK...
[ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ]
[] Adding permission and Hook Smali [ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ] ################################################################## inject Smali: com/dotgears/flappy/SplashScreen.smali In line:17 ################################################################## [ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ] [] Rebuilding Backdoored APK...
[ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ]
[] Checking for ~/.android/debug.keystore for signing... [ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ] [] Attempting to sign the package with your android debug key
[ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ]
[*] Verifying signed artifacts...
[ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ]
[!] Failed to verify signed artifacts

Is there any solution?? Help US..

same here how to solve this error

@officialbatman
Copy link

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ]
[] Generating apk payload [ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ] [] Removing 1.apk framework file...
[ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ]
[] Decompiling Original APK... [ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ] [] Decompiling Payload APK...
[ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ]
[] Adding permission and Hook Smali [ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ] ################################################################## inject Smali: com/dotgears/flappy/SplashScreen.smali In line:17 ################################################################## [ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ] [] Rebuilding Backdoored APK...
[ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ]
[] Checking for ~/.android/debug.keystore for signing... [ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ] [] Attempting to sign the package with your android debug key
[ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ]
[*] Verifying signed artifacts...
[ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ]
[!] Failed to verify signed artifacts
Is there any solution?? Help US..

same here how to solve this error

FIXED THIS ISSUE!

So I tried the replacing method of the apktool.jar to the latest from their website as described above, but the problem was persisting, then after a research, upon finding out the debug.keystore hidden in the /root/.android/ directory, i just deleted the file and started the whole process again and voila!
Screenshot 2021-04-24 08:05:28

Hope this helps.

Originally posted by @officialbatman in #5 (comment)

@pransh4
Copy link

pransh4 commented Apr 28, 2021

officialbatman
can you please describe which version on apk tool you use and which version on kali linux you use

@officialbatman
Copy link

officialbatman
can you please describe which version on apk tool you use and which version on kali linux you use

Everything is Up-To-Date 😎:

02 Dec 2020 - Apktool v2.5.0 Released
(Download - https://bitbucket.org/iBotPeaches/apktool/downloads/apktool_2.5.0.jar)

January 2021 - Kali 2021.1 Released
(Details - https://www.kali.org/downloads/)

*** To Be Noted - Metasploit Vulnerabilities and be used on a target with Android 5.5.1 - 8.0 UNDETECTED, the newer versions have the security patches which can easily detect the Metasploit-Q and warns the users of the threat and grants no permissions to the payload - Hence No access, unless manually granted by the targets phone.

Hope this helps and saves your time 🤠

@amrtawfik160
Copy link

amrtawfik160 commented Aug 7, 2021
edited
Loading

The problem comes from the use of an outdated apktool.jar by ED (Evil-droid)

By looking on the source code and Evil-droid files, we can notice than ED don't use system apktool software, but embed its own one. It is located in Evil-Droid-master/tools/apktool.jar.

The version of this specific file is apktool 2.2.4. But according to the main website, the version is 2.4.0 at the time of writing this (https://ibotpeaches.github.io/Apktool).

So you have to replace Evil-Droid-master/tools/apktool.jar by an updated apktool.jar downloaded directly from the main website.

In practice :

  • Download the latest apktool.jar from https://bitbucket.org/iBotPeaches/apktool/downloads/
  • Rename apktool_2.X.X.jar to apktool.jar
  • Remove Evil-Droid-master/tools/apktool.jar
  • Move the downloaded apktool.jar to Evil-Droid-master/tools/
  • (Eventually update the version stated by Evil-Droid-master/tools/doc.txt)

I just tested and it works on my side.

@naveednilawfar
Copy link

I too got this error I think the problem is in the apk file.
Try to decompile and recompile the original apk using apktool if you get an error recompiling or decompiling the error is with the original apk

@hcuman
Copy link

hcuman commented Mar 4, 2022

update apktool
delete keystore
update java
None worked!!!!
help please

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests