CVE-2017-13156

This Metasploit module exploits CVE-2017-13156, a vulnerability in Android's APK Signature Scheme v1, allowing an attacker to modify an APK without invalidating its signature. It injects a payload into a target APK and prompts the user to install it as an update.

This repository contains a proof-of-concept exploit for CVE-2017-13156, which is a vulnerability in Android's APK parsing logic (Janus). The tool merges a dex file into an APK file by manipulating ZIP file offsets, allowing for code execution bypassing signature verification.

This repository contains a proof-of-concept for CVE-2017-13156, a vulnerability in Android's signature scheme V1 that allows attackers to modify APK files without invalidating their signatures. The PoC includes a Python script (`janus.py`) to inject modified DEX files into an APK while preserving its signature.

This repository contains tools to exploit CVE-2017-13156 (Janus vulnerability), which allows injecting custom code into APKs without altering their v1 signatures. It includes Go and Python scripts to manipulate APK files by exploiting the vulnerability in Android's APK parsing logic.

This repository contains a Python script that checks if an APK is vulnerable to CVE-2017-13156 by analyzing its signing scheme and minSdkVersion. It does not exploit the vulnerability but identifies potentially vulnerable APKs.

This exploit manipulates the APK file structure to exploit CVE-2017-13156, a vulnerability in Janus that allows an attacker to modify the APK without invalidating its signature. It injects a DEX file into the APK and updates checksums to bypass signature verification.

This repository contains a writeup and demonstration of Android security vulnerabilities, specifically focusing on data exfiltration via Android backups and exposed broadcast receivers. It includes detailed explanations, proof-of-concept code, and mitigation strategies.

This exploit manipulates the APK signing process by injecting a malicious DEX file into a target APK, bypassing signature verification. It modifies the APK's central directory offsets and checksums to maintain structural integrity while embedding arbitrary code.

This repository contains a Python script that scans APK files and Android devices for vulnerability to CVE-2017-13156 (Janus Vulnerability). It checks for signature schemes and SDK versions to determine if the APK or device is vulnerable.

This Metasploit module exploits CVE-2017-13156, a vulnerability in Android's APK Signature Scheme v1, allowing an attacker to inject a payload into a legitimate APK without invalidating its signature. The exploit modifies the APK's classes.dex and updates the ZIP central directory to maintain signature validity, then prompts the user to install the malicious update.