Metasploit have introduced a reverse tcp module for android. Its quite straight forward to set up just like any other windows/linux reverse tcp. The result is an apk file which will open up a meterpreter session on your server. On inspection it has a button called reverse tcp and the icon of the metasploit emblem. I wanted to explore changing things around in the App and customizing it for my own needs. I may use it for an upcoming project in college.
There are some tools on Kali and Backtrack pre-installed for this purpose. I had some issues recompiling with these tools and failed to get them to work. Decompilling the apk worked fine, but after making changes and recompilling, it would throw up errors.
I ended up installing the same tools on a windows machine and they worked straight away.
Tools
apktool (to decompile + recompile apk)
dex2jar (useful for having a look at the underlying java)
Also resigning the apk in kali you can generate your own keys.
Its quite straightforward. Via command line:
DECOMPILE: apktool d (nameOfApp.apk) (name of folder you want to put it in)
From here you can look into the files and do some editing. Change some of the permissions, add some more? Edit the xml files.
RECOMPILE: apktool b [directory in which you have decoded the files]
To look at the java code and figure out how it works you can use dex2jar.
The metasploit android reverse apk is quite a small file as regards what code is already in it. It should be quite simple to customize your own version of the app and play around with it.
I was looking into ways of autostarting an apk on boot from an android device. Adding this addition to the android reverse tcp apk would mean a consistent connection. I have found some ideas on how to achieve this and would like to see if I can get it working.