Decompile and Embed Payload to Android Apk
I’m sure most of you, or at least those who have set a foot in the kingdom of hacking, have heard of Metasploit.
The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development.
Its best-known sub-project is the open source Metasploit Framework, a tool for developing and executing exploit code against a remote target machine. Other important sub-projects include the Opcode Database, shellcode archive and related research.
In a more informal language, it’s a tool which we can use to perform various kinds of hacks against a machine. The flagship payload which comes with the Metasploit Framework is the ‘Meterpreter’, which also has an Android version that comes as an .apk file. In case you are wondering what an payload is, it’s a program we can install on a victim’s system to compromise it.
Normally we have to install the payload in the victims phone by any means we can, and when the victim runs the application, we would get a direct connection to our victim’s phone remotely and we can use it to wreak havoc on that phone.
But since the app doesn’t look very legit, takes up only a few kBs, and doesn’t show anything when clicked on, the victim will probably uninstall it right away, or worse, wouldn’t install it at all. So we have to solve that problem.
Here’s where this tutorial comes in. I’m gonna show you how to take any .apk file, be it WhatsApp or Amazon or SnapChat, and embed the Meterpreter payload in that apk. To the victim it will look and behave exactly as the original app, so he will use it regularly without any doubt, letting you do anything you want to his phone.