How does msfvenom know which Smali file in an APK to target, in order to inject it's hook? #16260
-
Basically I'd like to know how msfvenom knows which Smali file in an APK to target in order to inject it's hook, most projects I see these days only target the main activity unless their project uses msfvenom which most projects these days do. I'm asking because I want to port the option to use a custom executable as a template for a payload ( the |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
I think it chooses any class that extends Application first, and if that fails it uses a suitable Activity (one with the LAUNCHER/MAIN intent). This seems to work for most apks, but there are always exceptions. You could also look at how https://github.com/sensepost/objection injects the frida gadget. |
Beta Was this translation helpful? Give feedback.
I think it chooses any class that extends Application first, and if that fails it uses a suitable Activity (one with the LAUNCHER/MAIN intent).
The code is here: https://github.com/rapid7/metasploit-framework/blob/master/lib/msf/core/payload/apk.rb#L37
This seems to work for most apks, but there are always exceptions.
You could also look at how https://github.com/sensepost/objection injects the frida gadget.