#!/data/data/com.termux/files/usr/bin/bash #colors red='\033[1;31m' yellow='\033[1;33m' reset='\033[0m' ALPINEDIR="${PREFIX}/share/apkmod" BINDIR="${PREFIX}/bin" LIBDIR="${ALPINEDIR}/usr/lib" APKTOOL_VERSION="2.6.1" APKTOOL_URL="https://github.com/Hax4us/Apkmod/releases/download/v${APKTOOL_VERSION}/apktool-${APKTOOL_VERSION}.apk" JADX_VERSION="1.3.2" JADX_URL=https://github.com/skylot/jadx/releases/download/v${JADX_VERSION}/jadx-${JADX_VERSION}.zip AAPT_URL="https://github.com/Hax4us/Apkmod/releases/download/v${APKTOOL_VERSION}/aapt_@ARCH@.tar.gz" detect_os() { if [ -e $BINDIR/termux-info ]; then OS=TERMUX #AAPT="-a /usr/bin/aapt2" else grep kali /etc/os-release > /dev/null 2>&1 if [ $? -eq 0 ]; then OS=KALI AAPT="--use-aapt2" else printf "${red}[!] ${yellow}Unsupported system\n" exit 1 fi fi } install_deps_kali() { printf "[*] Installing dependencies...\n" apt-get install metasploit-framework bc apktool default-jdk -y > /dev/null wget https://github.com/hax4us/Apkmod/raw/master/apkmod.sh -O $PREFIX/bin/apkmod && chmod +x $PREFIX/bin/apkmod printf "[*] Done\n" } setup_alpine() { if [ ! "$1" = "--without-alpine" ]; then wget https://raw.githubusercontent.com/Hax4us/Apkmod/master/scripts/TermuxAlpine.sh -O TermuxAlpine.sh bash TermuxAlpine.sh fi mkdir -p ${ALPINEDIR}/root/.bind cat < /dev/null if [ $? -ne 0 ]; then line_num=$(busybox grep -n "help" msfvenom | cut -d ":" -f1) line_num=$((${line_num}-1)) busybox awk -v "n=${line_num}" -v "s=\n\topt.on('--use-aapt','Use aapt for recompiling') do\n\t\topts[:use_aapt] = true\n\tend" '(NR==n) { print s } 1' msfvenom.orig > msfvenom if [ $? -eq 0 ]; then printf "#patched" >> msfvenom else printf "${red}[!] can't patch msfvenom\n${reset}" exit 1 fi fi busybox grep "#patched" lib/msf/core/payload_generator.rb > /dev/null if [ $? -ne 0 ]; then line_num=$(busybox grep -n ":add_code" lib/msf/core/payload_generator.rb | head -n1 | cut -d ":" -f1) line_num=$((${line_num}-2)) busybox awk -v "n=${line_num}" -v "s=\t# @\!attribute use_aapt\n\t# @return [String] use aapt or not\n\tattr_accessor :use_aapt" '(NR==n) { print s } 1' lib/msf/core/payload_generator.rb.orig > lib/msf/core/payload_generator.rb if [ $? -ne 0 ]; then printf "${red}[!] can't patch payload_generator.rb\n${reset}" exit 1 fi line_num=$(busybox grep -n "@framework" lib/msf/core/payload_generator.rb | head -n1 | cut -d ":" -f1) line_num=$((${line_num}-2)) busybox sed -i "${line_num}s/.*/\t@use_aapt = opts.fetch(:use_aapt,false)/" lib/msf/core/payload_generator.rb if [ $? -ne 0 ]; then printf "${red}[!] can't patch payload_genereator.rb\n${reset}" exit 1 fi line_num=$(busybox grep -n "apk_backdoor.backdoor_apk" lib/msf/core/payload_generator.rb | cut -d ":" -f1) busybox sed -i "${line_num}s/.*/\t\traw_payload = apk_backdoor.backdoor_apk(template, generate_raw_payload, use_aapt)/" lib/msf/core/payload_generator.rb if [ $? -eq 0 ]; then printf "#patched" >> lib/msf/core/payload_generator.rb else printf "${red}[!] can't patch payload_generator.rb\n${reset}" exit 1 fi fi #sed -i "s#AAPT=.*#AAPT=\"$AAPT\"#" $BINDIR/apkmod if [ $OS = "KALI" ]; then sed -i "s#AAPT=.*#AAPT=\"$AAPT\"#" $BINDIR/apkmod sed -i s/"apktool b"/"apktool b --use-aapt2"/g /usr/share/metasploit-framework/lib/msf/core/payload/apk.rb fi } jadx() { wget ${JADX_URL} mkdir -p ${ALPINEDIR}/usr/lib/jadx unzip jadx-${JADX_VERSION}.zip -d ${ALPINEDIR}/usr/lib/jadx } ################## # MAIN DRIVER # ################## detect_os if [ $OS = "TERMUX" ]; then termux-wake-lock # Temporary check for alpine version # so that if user has already installed # TermuxAlpine then check if this alpine # was installed by apkmod or not. #if [ -d $PREFIX/share/TermuxAlpine ]; then # if [ "$(cat $PREFIX/share/TermuxAlpine/etc/alpine-release)" = "3.10.2" ]; then # mv $PREFIX/share/TermuxAlpine $ALPINEDIR # fi #fi setup_alpine "$1" install_deps install_scripts jadx termux-wake-unlock if [ ! "$HAS_METASPLOIT" = "no" ]; then do_patches fi else install_deps_kali do_patches_kali fi