Processed WhatsApp APK crashes on start

[meblack]

the infected apk its not running on android 6

[meblack]

after install the apk , the program is not running and stopped
and no session has was created

[dana-at-cp]

@meblack Need more information.

• What is the APK?
• Where did you download the APK?
• Does the APK work before injection via backdoor-apk?
• Does the APK (injected/not injected) work on any other versions of Android?

[meblack]

i tried with whatsapp
i download it from whatsapp website
thats first try for injection test
the problem is:
its installed but not running
i test it on android 5 and 6
in both of them its not run and got the stopped error

[dana-at-cp]

@meblack I confirmed the same behavior for WhatsApp on an emulated Android 4.4 device. The problem seems to be isolated to the WhatsApp APK. This will be a low priority for me to review. How are your Android app debugging skills? Do you know the Android SDK and smali well?

[meblack]

i tried it with many apk files and none of them have not run at all.
could you please give me an apk file that work with this method properly ?
i have to say. i tried all apk files on android 6

[dana-at-cp]

@meblack I use Pandora as a benchmark. It's still working as of today. Are you getting all of the APKs from the Google Play Store or from sites like apkmirror?

[meblack]

i get them from apkmirror

[dana-at-cp]

@meblack That could be part of your problem. I only use APKs from the Google Play Store.

[dana-at-cp]

@meblack Did you ever try a legit version of Pandora?

I tested it earlier today on an emulated Android 6 device and it worked fine:

meterpreter > sysinfo
Computer    : localhost
OS          : Android 6.0 - Linux 3.10.0+ (i686)
Meterpreter : dalvik/android

meterpreter > getuid
Server username: u0_a55

meterpreter > pwd
/data/user/0/com.pandora.android/files

meterpreter >

[Abdulmalik5371]

@dana-at-cp for some reason the backdoor Whatsapp apk stops running after installation on victim phone...kindly help me solve the issue

[dana-at-cp]

@meblack @Abdulmalik5371 This no longer appears to be an issue. I tested with the latest version of the WhatsApp APK directly from WhatsApp:

https://www.whatsapp.com/download/

The APK file was processed properly and I got a stable meterpreter session:

meterpreter > pwd
/data/user/0/com.whatsapp/files
meterpreter > ls
Listing: /data/user/0/com.whatsapp/files
========================================

Mode              Size    Type  Last modified              Name
----              ----    ----  -------------              ----
40666/rw-rw-rw-   4096    dir   2017-03-15 12:35:21 -0400  Logs
100666/rw-rw-rw-  196608  fil   2017-03-15 12:35:21 -0400  wam.wam

meterpreter > sysinfo
Computer    : localhost
OS          : Android 6.0 - Linux 3.10.0+ (i686)
Meterpreter : dalvik/android
meterpreter >