APK Binder Script v0.1 Released
apk_binder_script allows us to unify two apk’s in one or add a service apk smali code to the target. This copy smali code, active and manifest. Implements a receiver acting loader loading the class specified as a parameter (a service).
The original application is normally run in parallel, the service is invoked by the loader based on two events:
- android.intent.action.BOOT_COMPLETED
- android.intent.action.ACTION_POWER_CONNECTED
You can add actions and permissions as desired. In short, allows us to “extend” the functionality of a apk, doors implement “administrative” etc.
Requirements
apk_binder_script is developed in python and is tested on Windows and Linux. Requires apktool (included in the package) and therefore also of Java.
Operation
- Decompiles apk apk objective and binder.
- AndroidManifest.xml unifies the two apk’s.
- Copy and smali code assets (other resources, see limitations).
- Implements a receiver that gives high on the apk objective acts “binder” and reacts when the charger is connected or restart the device.
- When the receiver “awake”, invokes the class defined in the properties (it must be a service).
- The receiver and the properties are copied to the “package” target with random names.
- Compiles and generates an apk with the merger.
- The apk is not signed or lined.
Usage
Usage: apk_binder_script.py [OPTIONS]
--------------------------------------------------- -t* apk target -b apk bind on target -c class to invoke when the event is revealed -s class smali to bind ---------------------------------------------------
Limitations
apk_binder_script has certain limitations and works with “bindeados” services. Currently no resources or activities to the manifest are copied, and in some cases creates problems recompiling with apktool. Viability and use cases for proper implementation study. When recompiling with apktool certain apks’, you may not do it properly generating resource compilation errors, but it is a case outside the script. How to decode the file AndroidManifest.xml is studied manually decode avoiding all resources.
Files
- apk_binder_script.py – script
- tmp/ – temporary directory to store the decompiled / compiled apks
- loader/permissions.xml – base permissions used by the loader (can be extended and register those who need it)
- loader/receiver.xml – receiver will be discharged in order to receive AndroidManifest.xml events held there (can be extended)
- loader/smali/Loader.smali – class implementing the receiver which in turn invoke the properties declared in the class.
- loader/smali/Loader.java – source code receiver.
- loader/assets/loader.properties – properties containing the class to be invoked by the receiver.
- apktool/ – directory containing the tools apktool decompile / compile apk’s.
More Information: here
Thanks to our friendĀ Adrian Ruiz, for sharing this tool with us.
