Page cover

Create Malicious Applications

Signing the App
First, create the signature
keytool -genkey -v -keystore htb-key.keystore -keyalg RSA -keysize 2048 -validity 10000 -alias htb-alias
Second, align the unsigned app
zipalign -p 4 myapp.apk myapp-aligned.apk
Then, sign the app
apksigner sign --ks htb-key.keystore --ks-key-alias htb-alias --ks-pass pass:hackthebox --key-pass pass:hackthebox --out myapp-signed.apk myapp-aligned.apk
Check signatures
apksigner verify --verbose myapp-signed.apk
Enumeration App
MainActivity.java
package com.example.virtualtest;

import android.content.Context;
import android.content.pm.ApplicationInfo;
import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
import android.net.wifi.WifiInfo;
import android.net.wifi.WifiManager;
import android.os.BatteryManager;
import android.os.Build;
import android.os.Bundle;
import android.widget.TextView;
import androidx.appcompat.app.AppCompatActivity;
import java.util.List;

public class MainActivity extends AppCompatActivity {

   @Override
   protected void onCreate(Bundle savedInstanceState) {
       super.onCreate(savedInstanceState);

       StringBuilder info = new StringBuilder();

       // Device info
       info.append("Device Model: ").append(Build.MODEL).append("\n");
       info.append("Manufacturer: ").append(Build.MANUFACTURER).append("\n");
       info.append("Android Version: ").append(Build.VERSION.RELEASE).append("\n\n");

       // Battery status
       BatteryManager bm = (BatteryManager)getSystemService(BATTERY_SERVICE);
       int batteryPct = bm.getIntProperty(BatteryManager.BATTERY_PROPERTY_CAPACITY);
       info.append("Battery Level: ").append(batteryPct).append("%\n\n");

       // WiFi info (SSID & IP)
       WifiManager wifiManager = (WifiManager) getApplicationContext().getSystemService(Context.WIFI_SERVICE);
       if (wifiManager != null) {
           WifiInfo wifiInfo = wifiManager.getConnectionInfo();
           info.append("WiFi SSID: ").append(wifiInfo.getSSID()).append("\n");
           int ipAddress = wifiInfo.getIpAddress();
           String ipString = String.format("%d.%d.%d.%d",
                   (ipAddress & 0xff),
                   (ipAddress >> 8 & 0xff),
                   (ipAddress >> 16 & 0xff),
                   (ipAddress >> 24 & 0xff));
           info.append("IP Address: ").append(ipString).append("\n\n");
       }

       // List installed apps (names only)
       info.append("Installed Apps:\n");
       PackageManager pm = getPackageManager();
       List<PackageInfo> packages = pm.getInstalledPackages(0);
       for (PackageInfo packageInfo : packages) {
           ApplicationInfo appInfo = packageInfo.applicationInfo;
           if ((appInfo.flags & ApplicationInfo.FLAG_SYSTEM) == 0) {  // only user-installed apps
               info.append("- ").append(pm.getApplicationLabel(appInfo)).append("\n");
           }
       }

       // Show all info in a TextView
       TextView textView = new TextView(this);
       textView.setText(info.toString());
       textView.setTextSize(14);
       setContentView(textView);
   }
}
AndroidManifest.xml
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
   package="com.example.virtualtest">

   <uses-permission android:name="android.permission.ACCESS_WIFI_STATE"/>
   <uses-permission android:name="android.permission.INTERNET"/>

   <application
       android:label="Build Model Demo"
       android:theme="@style/Theme.AppCompat.Light.NoActionBar">
       <activity android:name=".MainActivity"
           android:exported="true">
           <intent-filter>
               <action android:name="android.intent.action.MAIN"/>
               <category android:name="android.intent.category.LAUNCHER"/>
           </intent-filter>
       </activity>
   </application>

</manifest>

Last updated