[File] [PATCH] Detect Android APK files
flx at obfusk.net
Sun Jan 8 20:38:20 UTC 2023
* FC Stegerman <flx at obfusk.net> [2023-01-08 17:17]:
> I've attached a patch to detect (many, but sadly not all) Android APK
> files (which are Zip archives) based on APK-specific file names found
> in the first local file header.
> I've tested it on a collection of about 2000 .apk files from F-Droid
> (from a build in 2021) and a few hundred recent ones (e.g. to test
> zipflinger virtual entry  detection): it identified 99% of them
I've attached a v2 of my patch, which also detects the APK Signing
Block (when it can).
I noticed the APK Signing Block detection only works for APK files no
larger than about 7MiB (at least that's the only correlation I could
find for when it doesn't work even though I can manually locate the
expected string at the expected offset); is this a known limitation?
Either way it's nice to have when it works but not an issue when it
I was also unable to get it to work without some duplication,
unfortunately, but I could not get name/use to work with negative +
relative offsets. And there doesn't seem to be an inverse of default,
which I would need to append ", with ..." only when one of the
previous blocks matched. But perhaps I've overlooked something?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 2906 bytes
Desc: not available
More information about the File