Gluing two apk-files into one

I decided to somehow glue the two apk files together, but there is not much information about how to do this on the Internet. Then armed with the Ahmyth trojan for android (its sources ), the journey into the world of gluing apk began with your own hands. Briefly about this further ...

Briefly about the essence of the problem:

There are two apk files (say 1.apk and 2.apk). The task is to create 3.apk, which will be gluing together 1 and 2 apk (and will perform their functions).
')

As a result (python code):

We have:

1. Folder apk - for files with apk;
2. Folder tmp - for decompiled files;
3. Tools folder - with additional software (such as apktool.jar, sign.jar, testkey).

First, we determine the current folder in which we work and the folders where we will decompile:

#!/usr/bin/python # -*- coding: utf-8 -*- import re import codecs import os from os import listdir import shutil import subprocess import datetime pwd = os.getenv("PWD", os.getcwd()) #   apkFolder1=pwd+"/tmp/1" #  apk1 apkFolder2=pwd+"/tmp/2" #  apk2 

Then we decompile apk files into the tmp folder:

 print " "+pwd+"/apk/1.apk" subprocess.call("java -jar "+ pwd+"/tools/apktool.jar d "+pwd+"/apk/1.apk -f -o " + pwd+"/tmp/1" , shell=True ) print " "+pwd+"/apk/2.apk" subprocess.call("java -jar " + pwd+"/tools/apktool.jar d "+pwd+"/apk/2.apk -f -o " + pwd+"/tmp/2" , shell=True ) 

After this step, we have two folders / tmp / 1 and / tmp / 2 with decompiled files. Now the most interesting thing is the union of manifestos !

 print "  " mainfest1 = open(apkFolder1+"/AndroidManifest.xml", "r").read() #   ,       service1 = mainfest1[(mainfest1.find("</activity>")+len("</activity>")):mainfest1.find("</application>")] #      permission1=mainfest1[ mainfest1.find("<uses-permission"):mainfest1.find("<application ")]#    mainfest2 = open(apkFolder2+"/AndroidManifest.xml", "r").read() #       new_mainfest2 = mainfest2[0:mainfest2.find("<application")] +permission1+ mainfest2[mainfest2.find("<application"):mainfest2.find("</application")] +service1 + mainfest2[mainfest2.find("</application>"):mainfest2.find("</manifest>")+len("</manifest>")] #    new_mainfest = open(apkFolder2+"/AndroidManifest.xml", "w") new_mainfest.write(new_mainfest2 ) new_mainfest.close() 

Now in order in this code:

Find the AndroidManifest.xml file in the / tmp / 1 folder:

 mainfest1 = open(apkFolder1+"/AndroidManifest.xml", "r").read() 

In this file we find all the declared services and classes:

 service1 = mainfest1[(mainfest1.find("</activity>")+len("</activity>")):mainfest1.find("</application>")] 

In AndroidManifest.xml folder / tmp / 1 Copy everything from the tag "<uses-permission" to the tag "<application". Here are all the permissions that the program needs:

 permission1=mainfest1[ mainfest1.find("<uses-permission"):mainfest1.find("<application ")] 

Find the AndroidManifest.xml file in the / tmp / 2 folder:

 mainfest1 = open(apkFolder2+"/AndroidManifest.xml", "r").read() 

After that we need to combine all this into one file , so that everything is in its place.

The new manifest (new_mainfest2) consists of:

1. Start AndroidManifest.xml 2.apk applications (from the beginning to the end of the necessary permissions);
2. Add here the permissions of the application 1.apk (permission1);
3. Add everything that is in AndroidManifest.xml 2.apk applications from the tag "<application" to "

Add all the services of the application 1.apk (service1);
We add the remnants of the AndroidManifest.xml application 2.apk.

 new_mainfest2 = mainfest2[0:mainfest2.find("<application")] +permission1+ mainfest2[mainfest2.find("<application"):mainfest2.find("</application")] +service1 + mainfest2[mainfest2.find("</application>"):mainfest2.find("</manifest>")+len("</manifest>")] 

Overwriting AndroidManifest.xml in the / tmp / 2 folder:

 #    new_mainfest = open(apkFolder2+"/AndroidManifest.xml", "w") new_mainfest.write(new_mainfest2 ) new_mainfest.close() 

This completes the AndroidManifest build. It remains to copy all the classes from / tmp / 1 to / tmp / 2. Or rather, we will copy the smali folders (here are all application classes) and unknown :

 subprocess.call("cp -rn "+apkFolder1+"/smali "+apkFolder2 , shell=True ) #   /smali apkFolder1  /smali apkFolder2 subprocess.call("cp -rn "+apkFolder1+"/unknown "+apkFolder2 , shell=True ) #   /unknown apkFolder1  /unknown apkFolder2 

Well, in the end you need to collect all of this into an apk file, sign it:

  print " apk   "+ pwd+"/tmp/3.apk" subprocess.call("java -jar " + pwd+"/tools/apktool.jar b "+pwd+"/tmp/2 -o " + pwd+"/tmp/3.apk" , shell=True ) print "  "+ pwd+"/tmp/3.apk" subprocess.call("java -jar " + pwd+"/tools/sign.jar "+pwd+"/tmp/3.apk --override", shell=True ) 

As a result, the 3.apk file appears in the tmp folder, which is the gluing of the other two.

PS In this embodiment, when gluing the resolutions of the two applications, their comparison and addition of those that do not exist is not checked. May (and will arise) duplication with the declaration of permissions. But at this stage, everything works with duplication.

Sources:

→ AhMyth-Android-RAT