import os, subprocess
import optparse, zipfile, sys
import xml.etree.ElementTree as ET
def am(base_path):
f = open(base_path+'\\activity.bat','w')
global sharedUserId
global debuggable
tree = ET.parse(base_path+'\\apktool\\AndroidManifest.xml')
root = tree.getroot()
package = root.attrib['package']
try:
except Exception as e:
pass
for application in root.findall('application'):
try:
except Exception as e:
pass
for activity in application.findall('activity'):
for intent_filter in activity.findall('intent-filter'):
action = intent_filter.find('action')
if action is not None:
if action_name != '':
cmd = 'adb shell ' + 'su -c "'+ 'am start' + ' -a android.intent.action.MAIN '+ ' -n ' + package+'/'+activity_name+' -el--es key value' + '" ' +'\n'
else :
cmd = 'adb shell am start'
f.write(cmd)
f.flush()
f.close()
return ""
def debuggable_true(base_path):
tree = ET.parse(base_path+'\\AndroidManifest.xml')
root = tree.getroot()
for application in root.findall('application'):
try:
except Exception as e:
pass
output_file = open(base_path+'\\AndroidManifest.xml', 'w' )
output_file.write(ET.tostring(root).replace('ns0','android'))
output_file.close()
return ""
def execute_cmd(cmd):
my_env=os.environ
my_env["PATH"]=os.path.dirname(__file__)+'\\apk-sign;'+os.path.dirname(__file__)+'\\apktool;'+os.path.dirname(__file__)+'\\jadx\\bin;'+my_env["PATH"]
print cmd,
p = subprocess.Popen(cmd, env=my_env, shell=True, stdout=subprocess.PIPE)
line = p.stdout.readline()
if line !='':
print ''
while True:
if line != '':
strip = line.rstrip()
print strip
line = p.stdout.readline()
else:
break
print " ----- Done! "
print ""
return ""
def execute_new_cmd(cmd):
print cmd,
os.system('start /wait cmd /c "mode con: cols=50 lines=30 & '+cmd+'" ')
print " ----- Done! "
return ""
def unzip(apkfile, output):
with zipfile.ZipFile(apkfile, "r") as z:
z.extractall(output)
return ""
def apktool_unpack(apkfile, output):
execute_cmd('apktool d "'+apkfile+'" -o "'+output+'" ')
execute_cmd('apktool d -d "'+apkfile+'" -o "'+output+'_d"')
return ""
def apktool_repack(output):
debuggable_true(output)
execute_cmd('apktool b "'+output+'" ')
autosign(output)
return ""
def autosign(output):
dist_apkfile = output+'\\dist\\' +output.split('\\').pop(-2)+'.apk'
execute_cmd('sign "'+ dist_apkfile +'" "' + output + "\\..\\" + dist_apkfile.split('\\').pop(-1)[0:-4] +'_signed.apk"')
return ""
def jadx(apkfile, output):
execute_cmd('jadx -f -d "'+output+'" "'+apkfile+'" ')
return ""
def jadx_gui(input):
execute_cmd('jadx-gui "'+ input + '" ')
return ""
def main():
global debuggable
parser = optparse.OptionParser('1. usage hackapk.py -i apkfile.apk -o output dir\n2. usage hackapk.py filepath\\victim.apk\n3. usage hackapk.py -b build_targer_dir\n4. usage hackapk.py -p pakage_name\n using -b, -p options solo.')
parser.add_option('-i', dest='input', type='string', help='apkfile.apk filepath')
parser.add_option('-o', dest='output', type='string', help='output dir path')
parser.add_option('-b', dest='build_target', type='string', help='build targer dir')
parser.add_option('-p', dest='pull_pakage', type='string', help='pull pakage')
(options, args) = parser.parse_args()
input = options.input
output = options.output
build_target = options.build_target
pull_pakage = options.pull_pakage
if pull_pakage ==None :
if build_target == None :
if (input == None) & (output == None) :
if sys.argv[1][-4:] == '.apk' :
input=os.path.abspath(sys.argv[1])
else :
print parser.usage
exit(0)
base_path = input[0:-4]
elif (input != None) & (output != None) :
input=os.path.abspath(input)
filename = input.split('\\').pop()
output=os.path.abspath(output)
base_path = output+"\\"+filename[0:-4]
else :
print parser.usage
exit(0)
execute_cmd('rm -rf "'+base_path+'" ')
execute_cmd('mkdir "'+base_path+'" ')
unzip_path= base_path+'\\unzip'
execute_cmd('mkdir "'+unzip_path+'" ')
unzip(input, unzip_path)
jadx_path = base_path+'\\jadx'
execute_cmd('mkdir "'+jadx_path+'" ')
jadx(input, jadx_path)
apktool_path = base_path+'\\apktool'
apktool_unpack(input, apktool_path)
print "--- check debuggable options ..."
am(base_path)
if sharedUserId:
print "!!!!! sharedUserId option is detected - confirm"
else:
print "--- sharedUserId option is not detected"
if debuggable:
print "!!!!! debuggable option is True - danger !!!!!"
else:
print "--- debuggable options is " + str(debuggable)
print "--- Change debuggable TRUE in apktool DIR and Repacking..."
apktool_repack(apktool_path)
jadx_gui(input)
elif (build_target != None) & (input == None) & (output == None) :
build_target=os.path.abspath(build_target)
apktool_repack(build_target)
else :
print parser.usage
exit(0)
elif (pull_pakage != None) & (build_target == None) & (input == None) & (output == None) :
execute_cmd('adb shell ' + 'su -c "'+'chmod -R 777 /data/data/"')
execute_cmd('adb shell ' + 'su -c "'+'chmod -R 777 /data/data/'+pull_pakage+'" ')
execute_cmd('adb pull ' + '/data/data/'+pull_pakage+'/'+' ./')
else :
print parser.usage
exit(0)
if __name__ == '__main__':
sharedUserId = False
debuggable = False
print "Hack-apk Made by Y.Prefer"
print "Hack-apk is running....."
print ""
main()
print "END"
hackapk.py
