Piracy on Android is a very big problem but I wonder do users realise how easy it is to inadvertently download apps with malware. Cracked copies of PC and iPhone apps can have malware as well of course but on both those platforms most software is compiled to machine code. Android apps are coded in Java and compiled to byte code that is run on the Dalvik VM and this byte code is not that hard to edit and insert back into an APK.
SwiftKey Keyboard is the top paid app in the Play store at the moment and it’s a great app, best 4 I spent but I knew it’d be heavily pirated at that price. Now your standard malware-ridden homemade ice cream maker Android app or game might have some code that sends you annoying notification ads but anyone who sideloads a dodgy copy of a Android keyboard is taking a serious risk of a keylogger being inserted and people tracking all their passwords, Google searches and Credit Card numbers. In this post, I’ll show you how to do exactly that with apktool and Swiftkey from start to finish, all you need is a basic knowledge of Java and Android.
The end result is this Keylogger SwiftKey APK that sends all keylogs to my server. homemade ice cream maker Try it out for yourself, download and install the modified APK, start using it and visit my logger page at www.android-app-development.ie/swiftkey_keylogger/keylogs.php , select your IP and see your keylogs being sent. Scary huh? Goes without homemade ice cream maker saying, be sure to uninstall homemade ice cream maker the app when you see how it works! Continue reading below to see how to do it. SwiftKey APK
First you’ve got to understand the Android file format that SwiftKey and all other Android apps are in. The Android package , or APK, is the container for an Android app s resources and executables. It s a zipped file that for SwiftKey contains simply: AndroidManifest.xml (serialized, but apktool decodes to source) classes.dex homemade ice cream maker lib/ assets/ res/ META-INF/
The actual bytecode of the application is the classes.dex file, or the Dalvik executable that runs on the device. The application s resources (i.e. images, sound files) reside in the res directory, and the AndroidManifest.xml is more or less the link between the two, providing some additional information about the application to the OS. The lib directory contains native libraries that Swiftkey uses via NDK, and the META-INF directory contains information regarding the application s signature . The Tools
There’s a few different tools out there to decompile, compile and resign homemade ice cream maker APKs. All the decompilers are based on or use smali to decompile/compile the classes.dex file. apktool wraps up a few of these tools in one but you still have to re-sign and then install on a device. So then there’s APK multitool which wraps apktool, keytool and other things to let you press one button and have your edited code compiled, zipped, signed and installed homemade ice cream maker to your device homemade ice cream maker via adb all in one go. So download that and set it up but remember it’s just a collection of other tools. Disassembling SwiftKey
Once you ve installed APK multitool, you’d normally place your APK in the ‘place-apk-here-for-modding’ folder, homemade ice cream maker open up Script.bat and enter 9 to decompile source and resources. Unfortunately SwiftKey throws errors when you try and recompile resources as it has capitalised resource filenames homemade ice cream maker and was probably compiled with a modified aapt. We call these magick APKs and apktool can’t recompile edited resources but we can still compile edited smali code, which is all we want to make our keylogger anyway.
So enter 27 to change the decompile mode to ‘Source Files only’, then enter 9 to decompile. If nothing goes wrong, there’ll be a folder created inside projects called ‘com.touchtype.swiftkey-1.apk’ containing: AndroidManifest.xml (still serialized, remember homemade ice cream maker we didn’t decompile resources) res/ (same as in APK) smali/ apktool.yml
The smali directory is probably the most important of the three, as it contains a set of smali files, or bytecode representation of the application s dex file. You can think of it as an intermediate file between the .java and the executable. Inside the directory we have ‘com’,'oauth’ and ‘org’. We’re looking for code that we can place our keylogger so we can ignore oauth as that’s obviously a library for oauth access. org contains some Apache Commons library so that can be ignored as well. Inside com, android homemade ice cream maker and google directories are to be ingored as well, it’s the touchtype and touchtype_fluency directories that we’re interested in.
I’ve done the hard work already homemade ice cream maker and found what we’re looking for in the ‘touchtype\keyboard\inputeventmodel\events’ directory. Go there and open up KeyInputEvent.smali in a text editor. We’re very lucky that SwiftKey
SwiftKey Keyboard is the top paid app in the Play store at the moment and it’s a great app, best 4 I spent but I knew it’d be heavily pirated at that price. Now your standard malware-ridden homemade ice cream maker Android app or game might have some code that sends you annoying notification ads but anyone who sideloads a dodgy copy of a Android keyboard is taking a serious risk of a keylogger being inserted and people tracking all their passwords, Google searches and Credit Card numbers. In this post, I’ll show you how to do exactly that with apktool and Swiftkey from start to finish, all you need is a basic knowledge of Java and Android.
The end result is this Keylogger SwiftKey APK that sends all keylogs to my server. homemade ice cream maker Try it out for yourself, download and install the modified APK, start using it and visit my logger page at www.android-app-development.ie/swiftkey_keylogger/keylogs.php , select your IP and see your keylogs being sent. Scary huh? Goes without homemade ice cream maker saying, be sure to uninstall homemade ice cream maker the app when you see how it works! Continue reading below to see how to do it. SwiftKey APK
First you’ve got to understand the Android file format that SwiftKey and all other Android apps are in. The Android package , or APK, is the container for an Android app s resources and executables. It s a zipped file that for SwiftKey contains simply: AndroidManifest.xml (serialized, but apktool decodes to source) classes.dex homemade ice cream maker lib/ assets/ res/ META-INF/
The actual bytecode of the application is the classes.dex file, or the Dalvik executable that runs on the device. The application s resources (i.e. images, sound files) reside in the res directory, and the AndroidManifest.xml is more or less the link between the two, providing some additional information about the application to the OS. The lib directory contains native libraries that Swiftkey uses via NDK, and the META-INF directory contains information regarding the application s signature . The Tools
There’s a few different tools out there to decompile, compile and resign homemade ice cream maker APKs. All the decompilers are based on or use smali to decompile/compile the classes.dex file. apktool wraps up a few of these tools in one but you still have to re-sign and then install on a device. So then there’s APK multitool which wraps apktool, keytool and other things to let you press one button and have your edited code compiled, zipped, signed and installed homemade ice cream maker to your device homemade ice cream maker via adb all in one go. So download that and set it up but remember it’s just a collection of other tools. Disassembling SwiftKey
Once you ve installed APK multitool, you’d normally place your APK in the ‘place-apk-here-for-modding’ folder, homemade ice cream maker open up Script.bat and enter 9 to decompile source and resources. Unfortunately SwiftKey throws errors when you try and recompile resources as it has capitalised resource filenames homemade ice cream maker and was probably compiled with a modified aapt. We call these magick APKs and apktool can’t recompile edited resources but we can still compile edited smali code, which is all we want to make our keylogger anyway.
So enter 27 to change the decompile mode to ‘Source Files only’, then enter 9 to decompile. If nothing goes wrong, there’ll be a folder created inside projects called ‘com.touchtype.swiftkey-1.apk’ containing: AndroidManifest.xml (still serialized, remember homemade ice cream maker we didn’t decompile resources) res/ (same as in APK) smali/ apktool.yml
The smali directory is probably the most important of the three, as it contains a set of smali files, or bytecode representation of the application s dex file. You can think of it as an intermediate file between the .java and the executable. Inside the directory we have ‘com’,'oauth’ and ‘org’. We’re looking for code that we can place our keylogger so we can ignore oauth as that’s obviously a library for oauth access. org contains some Apache Commons library so that can be ignored as well. Inside com, android homemade ice cream maker and google directories are to be ingored as well, it’s the touchtype and touchtype_fluency directories that we’re interested in.
I’ve done the hard work already homemade ice cream maker and found what we’re looking for in the ‘touchtype\keyboard\inputeventmodel\events’ directory. Go there and open up KeyInputEvent.smali in a text editor. We’re very lucky that SwiftKey
No comments:
Post a Comment