Create Malicious Applications
Signing the App
First, create the signature
keytool -genkey -v -keystore htb-key.keystore -keyalg RSA -keysize 2048 -validity 10000 -alias htb-alias
Second, align the unsigned app
zipalign -p 4 myapp.apk myapp-aligned.apk
Then, sign the app
apksigner sign --ks htb-key.keystore --ks-key-alias htb-alias --ks-pass pass:hackthebox --key-pass pass:hackthebox --out myapp-signed.apk myapp-aligned.apk
Check signatures
apksigner verify --verbose myapp-signed.apk
Enumeration App
MainActivity.java
package com.example.virtualtest;
import android.content.Context;
import android.content.pm.ApplicationInfo;
import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
import android.net.wifi.WifiInfo;
import android.net.wifi.WifiManager;
import android.os.BatteryManager;
import android.os.Build;
import android.os.Bundle;
import android.widget.TextView;
import androidx.appcompat.app.AppCompatActivity;
import java.util.List;
public class MainActivity extends AppCompatActivity {
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
StringBuilder info = new StringBuilder();
// Device info
info.append("Device Model: ").append(Build.MODEL).append("\n");
info.append("Manufacturer: ").append(Build.MANUFACTURER).append("\n");
info.append("Android Version: ").append(Build.VERSION.RELEASE).append("\n\n");
// Battery status
BatteryManager bm = (BatteryManager)getSystemService(BATTERY_SERVICE);
int batteryPct = bm.getIntProperty(BatteryManager.BATTERY_PROPERTY_CAPACITY);
info.append("Battery Level: ").append(batteryPct).append("%\n\n");
// WiFi info (SSID & IP)
WifiManager wifiManager = (WifiManager) getApplicationContext().getSystemService(Context.WIFI_SERVICE);
if (wifiManager != null) {
WifiInfo wifiInfo = wifiManager.getConnectionInfo();
info.append("WiFi SSID: ").append(wifiInfo.getSSID()).append("\n");
int ipAddress = wifiInfo.getIpAddress();
String ipString = String.format("%d.%d.%d.%d",
(ipAddress & 0xff),
(ipAddress >> 8 & 0xff),
(ipAddress >> 16 & 0xff),
(ipAddress >> 24 & 0xff));
info.append("IP Address: ").append(ipString).append("\n\n");
}
// List installed apps (names only)
info.append("Installed Apps:\n");
PackageManager pm = getPackageManager();
List<PackageInfo> packages = pm.getInstalledPackages(0);
for (PackageInfo packageInfo : packages) {
ApplicationInfo appInfo = packageInfo.applicationInfo;
if ((appInfo.flags & ApplicationInfo.FLAG_SYSTEM) == 0) { // only user-installed apps
info.append("- ").append(pm.getApplicationLabel(appInfo)).append("\n");
}
}
// Show all info in a TextView
TextView textView = new TextView(this);
textView.setText(info.toString());
textView.setTextSize(14);
setContentView(textView);
}
}
AndroidManifest.xml
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="com.example.virtualtest">
<uses-permission android:name="android.permission.ACCESS_WIFI_STATE"/>
<uses-permission android:name="android.permission.INTERNET"/>
<application
android:label="Build Model Demo"
android:theme="@style/Theme.AppCompat.Light.NoActionBar">
<activity android:name=".MainActivity"
android:exported="true">
<intent-filter>
<action android:name="android.intent.action.MAIN"/>
<category android:name="android.intent.category.LAUNCHER"/>
</intent-filter>
</activity>
</application>
</manifest>
Last updated