Hi, I've tried your script so far, and an error comes out at the final step of the script before the signing phase. I have apktool 2.2.1 currently installed on my Kali 2016 rolling system. I got 2 different errors, for two different original .apk:
First error (a LinkedIn apk):
[8] Rebuilding linkedin.apk with metasploit payload W: /tmp/K9REEEW/original/AndroidManifest.xml:46: error: No resource identifier found for attribute 'networkSecurityConfig' in package 'android' W: Exception in thread "main" brut.androlib.AndrolibException: brut.androlib.AndrolibException: brut.common.BrutException: could not exec (exit code = 1): [/tmp/brut_util_Jar_1166162700259302219.tmp, p, --forced-package-id, 127, --min-sdk-version, 15, --target-sdk-version, 25, --version-code, 88800, --version-name, 4.0.85, -F, /tmp/APKTOOL5712275118375082832.tmp, -0, arsc, -0, webp, -0, arsc, -I, /root/.local/share/apktool/framework/1.apk, -S, /tmp/K9REEEW/original/res, -M, /tmp/K9REEEW/original/AndroidManifest.xml] at brut.androlib.Androlib.buildResourcesFull(Androlib.java:478) at brut.androlib.Androlib.buildResources(Androlib.java:412) at brut.androlib.Androlib.build(Androlib.java:311) at brut.androlib.Androlib.build(Androlib.java:264) at brut.apktool.Main.cmdBuild(Main.java:227) at brut.apktool.Main.main(Main.java:84) Caused by: brut.androlib.AndrolibException: brut.common.BrutException: could not exec (exit code = 1): [/tmp/brut_util_Jar_1166162700259302219.tmp, p, --forced-package-id, 127, --min-sdk-version, 15, --target-sdk-version, 25, --version-code, 88800, --version-name, 4.0.85, -F, /tmp/APKTOOL5712275118375082832.tmp, -0, arsc, -0, webp, -0, arsc, -I, /root/.local/share/apktool/framework/1.apk, -S, /tmp/K9REEEW/original/res, -M, /tmp/K9REEEW/original/AndroidManifest.xml] at brut.androlib.res.AndrolibResources.aaptPackage(AndrolibResources.java:439) at brut.androlib.Androlib.buildResourcesFull(Androlib.java:464) ... 5 more Caused by: brut.common.BrutException: could not exec (exit code = 1): [/tmp/brut_util_Jar_1166162700259302219.tmp, p, --forced-package-id, 127, --min-sdk-version, 15, --target-sdk-version, 25, --version-code, 88800, --version-name, 4.0.85, -F, /tmp/APKTOOL5712275118375082832.tmp, -0, arsc, -0, webp, -0, arsc, -I, /root/.local/share/apktool/framework/1.apk, -S, /tmp/K9REEEW/original/res, -M, /tmp/K9REEEW/original/AndroidManifest.xml] at brut.util.OS.exec(OS.java:95) at brut.androlib.res.AndrolibResources.aaptPackage(AndrolibResources.java:433) ... 6 more [!] Upgrade apktool to the latest apktool.jar fixes the issue completely
Then with FacebookLite apk I got:
[+] Adding android.permission.WRITE_CALL_LOG [8] Rebuilding facebooklite.apk with metasploit payload ../../../../tmp/WP3V3KK/original/smali/com/facebook/lite/MainActivity.smali[522,4] Invalid register: v22. Must be between v0 and v15, inclusive. Exception in thread "main" brut.androlib.AndrolibException: Could not smali file: com/facebook/lite/MainActivity.smali at brut.androlib.src.SmaliBuilder.buildFile(SmaliBuilder.java:77) at brut.androlib.src.SmaliBuilder.build(SmaliBuilder.java:61) at brut.androlib.src.SmaliBuilder.build(SmaliBuilder.java:38) at brut.androlib.Androlib.buildSourcesSmali(Androlib.java:405) at brut.androlib.Androlib.buildSources(Androlib.java:336) at brut.androlib.Androlib.build(Androlib.java:292) at brut.androlib.Androlib.build(Androlib.java:264) at brut.apktool.Main.cmdBuild(Main.java:227) at brut.apktool.Main.main(Main.java:84) [!] Upgrade apktool to the latest apktool.jar fixes the issue completely
In both cases your script stopped before I can even test an app with embedded payload.