Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Permission Dialogue Is Unavailable (When Bind With An Original Apk) By Changing SDK Version to 30 or above Manually in APK TOOL #465

Open
tik-pro opened this issue Dec 12, 2023 · 11 comments
Assignees
Labels
Bug: Client Something isn't working right with the client Status: Updates Required Updates are required to fix this issue

Comments

@tik-pro
Copy link

tik-pro commented Dec 12, 2023

I bind an original APK (FM WhatsApp) with your default payload with all custom permissions selected. Everything works fine and injected APK is generated. Then I Install this generated APK In my Physical Android of Version 13. During APK Installation I figure Out 2 Problems that look suspicious to a user and also it's not a good way and cause trust issues. A user may postpone the APK installation.

1st : As attached screenshot, Google Play Protect detecting app as a older android version because generated APK via Ahmyth is targeted by older version of SDK . It will be suspicious to the user and if a User clicks on "Got It" , backdooring finishes at that instance. HAHAHA

Screenshot_20231213-003529

2nd : Same like error as described above. It also looks suspicious.

Screenshot_20231213-003729

Permissions Note : At that stage custom permissions are working perfectly and app is requesting all the permissions.

WHAT I HAVE DONE MANUALLY

Then I decided to Decompile the Generated Ahmyth Binded APK (Of FM WhatsApp) using latest version of APKTOOL. Then I changed the SDK Version to 30 In the Manifest of decompiled APK and also changes the Value of SDK to Latest Version 30 In apktool.yml file.

After that I recompile the project with 100 percent success in APKTOOL. Then I installed this newly generated APK into my Physical Android Device. Now there are no suspicious popup as seen in 1st and 2nd Screenshot above and app installed successfully. Device connection is also active and victim is connected.

BUT...

Now, there is no custom permission selection activity or page popups at App first startup and also there is no access to sms, call log or camera or other permissions in Ahmyth Server.

Manually allowing permissions in APP Info page is not a good practice and also this is not convincing method.

I Hope I am able to describe my problem well to you. Thanks

@Morsmalleo
Copy link
Owner

Morsmalleo commented Dec 13, 2023

I bind an original APK (FM WhatsApp) with your default payload with all custom permissions selected. Everything works fine and injected APK is generated. Then I Install this generated APK In my Physical Android of Version 13. During APK Installation I figure Out 2 Problems that look suspicious to a user and also it's not a good way and cause trust issues. A user may postpone the APK installation.

1st : As attached screenshot, Google Play Protect detecting app as a older android version because generated APK via Ahmyth is targeted by older version of SDK . It will be suspicious to the user and if a User clicks on "Got It" , backdooring finishes at that instance. HAHAHA

Screenshot_20231213-003529

2nd : Same like error as described above. It also looks suspicious.

Screenshot_20231213-003729

Permissions Note : At that stage custom permissions are working perfectly and app is requesting all the permissions.

WHAT I HAVE DONE MANUALLY

Then I decided to Decompile the Generated Ahmyth Binded APK (Of FM WhatsApp) using latest version of APKTOOL. Then I changed the SDK Version to 30 In the Manifest of decompiled APK and also changes the Value of SDK to Latest Version 30 In apktool.yml file.

After that I recompile the project with 100 percent success in APKTOOL. Then I installed this newly generated APK into my Physical Android Device. Now there are no suspicious popup as seen in 1st and 2nd Screenshot above and app installed successfully. Device connection is also active and victim is connected.

BUT...

Now, there is no custom permission selection activity or page popups at App first startup and also there is no access to sms, call log or camera or other permissions in Ahmyth Server.

Manually allowing permissions in APP Info page is not a good practice and also this is not convincing method.

I Hope I am able to describe my problem well to you. Thanks

Yes I am quite well aware of this, when you bind to APK, AhMyth changes the targetSdkVersion: in the apktool.yml file as well as the original application's Androidmanifest.xml file to SDK 22 for permissions to be asked for grant when the bound payload is installed on the victim device, a lot of things with Android changed after SDK 22 including how permissions are granted, the AhMyth payload is currently only built for older Android devices, but the next few releases will see this problem solved.

For now just bind to the payload automatically with AhMyth using the "On Activity" and install it to the device, if you get problems with the payload afterwards then you'll need to try a different APK until I update the payload.

@Morsmalleo Morsmalleo added Status: Updates Required Updates are required to fix this issue Bug: Client Something isn't working right with the client labels Dec 13, 2023
@Morsmalleo
Copy link
Owner

I do Appreciate someone finally opening an Issue Ticket for this though, it helps me keep track of everything I need to do 😁

@tik-pro
Copy link
Author

tik-pro commented Dec 17, 2023

I do Appreciate someone finally opening an Issue Ticket for this though, it helps me keep track of everything I need to do 😁

Any update???

@Morsmalleo
Copy link
Owner

I do Appreciate someone finally opening an Issue Ticket for this though, it helps me keep track of everything I need to do 😁

Any update???

This one is going to take a while, please be patient

@tik-pro
Copy link
Author

tik-pro commented Dec 22, 2023

Update :

I have replaced default apktool jar file (present in Ahmyth Server folder) with latest version of apktool (2.9.1). Then I bind an original APK (using very latest version of Gb Whatsapp with very latest SDK) with OnActivity Method . Ahmyth generate apk successfully. Then I install this apk into my physical device.

Now there is no unsafe app blocked error OR error of app was built for an older version of android.

But yes, due to latest version of SDK, Permissions are not being requested at app start. (Yes I know you are working on Ahmyth-Client side to request permissions at app startup in SDKs above 22)

@tik-pro tik-pro closed this as completed Dec 22, 2023
@tik-pro tik-pro reopened this Dec 22, 2023
@tik-pro
Copy link
Author

tik-pro commented Dec 22, 2023

I do Appreciate someone finally opening an Issue Ticket for this though, it helps me keep track of everything I need to do 😁

Any update???

This one is going to take a while, please be patient

Sorry for closing and reopening this issue. This was due to wrong comment button click. I apologies.

@Morsmalleo
Copy link
Owner

Morsmalleo commented Dec 23, 2023

Update :

I have replaced default apktool jar file (present in Ahmyth Server folder) with latest version of apktool (2.9.1). Then I bind an original APK (using very latest version of Gb Whatsapp with very latest SDK) with OnActivity Method . Ahmyth generate apk successfully. Then I install this apk into my physical device.

Now there is no unsafe app blocked error OR error of app was built for an older version of android.

But yes, due to latest version of SDK, Permissions are not being requested at app start. (Yes I know you are working on Ahmyth-Client side to request permissions at app startup in SDKs above 22)

Yes but I make modifications to the Apktool source code by adding what's called "res_type_styles" and these are used by apps like Facebook, and another seperate problem is that currently with people using Debian 12 they're unable to install Java 11 from the terminal anymore and the current version of Apktool that AhMyth utilises right now, contains Java 11 Support and with Apktool 2.9.1, according to iBotPeache's release notes, build support was added to Apktool 2.9.1 for Java 21, but unfortunately when I used an Apktool snapshot built with java 21 in AhMyth, it failed everytime but worked from the terminal or command line without problem, which is a major issue.... as for the res_type_styles I mentioned earlier, if I don't add these appropriately AhMyth won't be able to decompile or build a backdoored FB APK, and yes I am definitely working on the client update for permissions as well 😁

@Morsmalleo
Copy link
Owner

Morsmalleo commented Jan 23, 2024

Update :

I have replaced default apktool jar file (present in Ahmyth Server folder) with latest version of apktool (2.9.1). Then I bind an original APK (using very latest version of Gb Whatsapp with very latest SDK) with OnActivity Method . Ahmyth generate apk successfully. Then I install this apk into my physical device.

Now there is no unsafe app blocked error OR error of app was built for an older version of android.

But yes, due to latest version of SDK, Permissions are not being requested at app start. (Yes I know you are working on Ahmyth-Client side to request permissions at app startup in SDKs above 22)

Permissions above Android 6.0 (SDK 23) can ONLY be granted during runtime! Install Time permissions are deprecated as of Android 6.0 (SDK 23)..... this is why I've made the SDK change function happen when binding to an original application with AhMyth if the targetSdkVersion: in the Apktool.yml file is set to 22 with a minSdkVersion: of 19, then install time permissions will be granted!

Keep in mind that this is basically a dirty workaround for binding with modern apps with a legacy payload, and it will not work for all apps despite whether is successful or not unfortunately, however I am working on a modern payload as we speak, but like I said, slot of stuff changed with Android after Android 5.1 (SDK 22).

Here are a few things listed below that AhMyth relies on, that have changed with Android versions over the years:

  1. Android 6.0 (SDK 23) is the Android version that introduced the runtime permissions system that's used in modern phones today, the introduction of this permissions system deprecated the old Install Time Permissions system which is currently leveraged by the current AhMyth payload that the Server Builds.

  2. Then with Android 8.0 (SDK 26) came a lot of changes to how services are started and handled especially in the background, this presents a major workload since we can't just directly start the service in the background anymore, we need to a little bit more to make this happen according to my research.

  3. THEN MORE CHANGES with Android 10 came along, specifically with how background location is requested, as you probably know, Geolocation is one of AhMyth's most notable features, and obtaining Background access is one thing AhMyth relies on for accurate Geolocation.

And those are just a few things that changed....

So yeah..... I've got my work cut out for me, so it looks like the modern payload won't be available until the release of 1.0-beta.8 the next release will contain an updated version of the payload that's already available, as well as more server updates to stabilise the server a bit more and make it a bit more breezy for user to use, but that's about all I can do for the current payload until the new modern one is built, and even then once it's built I need to make sure it works with the current methods for binding as well, if it doesn't then we've got a problem....

So let's be hopeful

@Morsmalleo
Copy link
Owner

@Morsmalleo Any update bro?

No this is going to take a while with this one guys, I need to figure out something decent for this, I can't just implement any sort of dirt workaround. I added a dirty workaround in the binding process that modifies min and max SDK values that I told you about further up this issue post and that only works sometimes, other times it causes problems.

So I need time to do research on this problem.

@Morsmalleo Morsmalleo self-assigned this Sep 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Bug: Client Something isn't working right with the client Status: Updates Required Updates are required to fix this issue
Projects
None yet
Development

No branches or pull requests

3 participants
@Morsmalleo @tik-pro and others