-
Notifications
You must be signed in to change notification settings - Fork 210
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Permission Dialogue Is Unavailable (When Bind With An Original Apk) By Changing SDK Version to 30 or above Manually in APK TOOL #465
Comments
Yes I am quite well aware of this, when you bind to APK, AhMyth changes the For now just bind to the payload automatically with AhMyth using the "On Activity" and install it to the device, if you get problems with the payload afterwards then you'll need to try a different APK until I update the payload. |
I do Appreciate someone finally opening an Issue Ticket for this though, it helps me keep track of everything I need to do 😁 |
Any update??? |
This one is going to take a while, please be patient |
Update :I have replaced default apktool jar file (present in Ahmyth Server folder) with latest version of apktool (2.9.1). Then I bind an original APK (using very latest version of Gb Whatsapp with very latest SDK) with OnActivity Method . Ahmyth generate apk successfully. Then I install this apk into my physical device. Now there is no unsafe app blocked error OR error of app was built for an older version of android. But yes, due to latest version of SDK, Permissions are not being requested at app start. (Yes I know you are working on Ahmyth-Client side to request permissions at app startup in SDKs above 22) |
Sorry for closing and reopening this issue. This was due to wrong comment button click. I apologies. |
Yes but I make modifications to the Apktool source code by adding what's called "res_type_styles" and these are used by apps like Facebook, and another seperate problem is that currently with people using Debian 12 they're unable to install Java 11 from the terminal anymore and the current version of Apktool that AhMyth utilises right now, contains Java 11 Support and with Apktool 2.9.1, according to iBotPeache's release notes, build support was added to Apktool 2.9.1 for Java 21, but unfortunately when I used an Apktool snapshot built with java 21 in AhMyth, it failed everytime but worked from the terminal or command line without problem, which is a major issue.... as for the |
Permissions above Android 6.0 (SDK 23) can ONLY be granted during runtime! Install Time permissions are deprecated as of Android 6.0 (SDK 23)..... this is why I've made the SDK change function happen when binding to an original application with AhMyth if the Keep in mind that this is basically a dirty workaround for binding with modern apps with a legacy payload, and it will not work for all apps despite whether is successful or not unfortunately, however I am working on a modern payload as we speak, but like I said, slot of stuff changed with Android after Android 5.1 (SDK 22). Here are a few things listed below that AhMyth relies on, that have changed with Android versions over the years:
And those are just a few things that changed.... So yeah..... I've got my work cut out for me, so it looks like the modern payload won't be available until the release of So let's be hopeful |
No this is going to take a while with this one guys, I need to figure out something decent for this, I can't just implement any sort of dirt workaround. I added a dirty workaround in the binding process that modifies min and max SDK values that I told you about further up this issue post and that only works sometimes, other times it causes problems. So I need time to do research on this problem. |
I bind an original APK (FM WhatsApp) with your default payload with all custom permissions selected. Everything works fine and injected APK is generated. Then I Install this generated APK In my Physical Android of Version 13. During APK Installation I figure Out 2 Problems that look suspicious to a user and also it's not a good way and cause trust issues. A user may postpone the APK installation.
1st : As attached screenshot, Google Play Protect detecting app as a older android version because generated APK via Ahmyth is targeted by older version of SDK . It will be suspicious to the user and if a User clicks on "Got It" , backdooring finishes at that instance. HAHAHA
2nd : Same like error as described above. It also looks suspicious.
Permissions Note : At that stage custom permissions are working perfectly and app is requesting all the permissions.
WHAT I HAVE DONE MANUALLY
Then I decided to Decompile the Generated Ahmyth Binded APK (Of FM WhatsApp) using latest version of APKTOOL. Then I changed the SDK Version to 30 In the Manifest of decompiled APK and also changes the Value of SDK to Latest Version 30 In apktool.yml file.
After that I recompile the project with 100 percent success in APKTOOL. Then I installed this newly generated APK into my Physical Android Device. Now there are no suspicious popup as seen in 1st and 2nd Screenshot above and app installed successfully. Device connection is also active and victim is connected.
BUT...
Now, there is no custom permission selection activity or page popups at App first startup and also there is no access to sms, call log or camera or other permissions in Ahmyth Server.
Manually allowing permissions in APP Info page is not a good practice and also this is not convincing method.
I Hope I am able to describe my problem well to you. Thanks
The text was updated successfully, but these errors were encountered: