[File] [PATCH] Detect Android APK files

FC Stegerman flx at obfusk.net
Sun Jan 8 20:38:20 UTC 2023


Hi (again)!

* FC Stegerman <flx at obfusk.net> [2023-01-08 17:17]:
> I've attached a patch to detect (many, but sadly not all) Android APK
> files (which are Zip archives) based on APK-specific file names found
> in the first local file header.
> 
> I've tested it on a collection of about 2000 .apk files from F-Droid
> (from a build in 2021) and a few hundred recent ones (e.g. to test
> zipflinger virtual entry [1] detection): it identified 99% of them
> correctly.

I've attached a v2 of my patch, which also detects the APK Signing
Block (when it can).

I noticed the APK Signing Block detection only works for APK files no
larger than about 7MiB (at least that's the only correlation I could
find for when it doesn't work even though I can manually locate the
expected string at the expected offset); is this a known limitation?
Either way it's nice to have when it works but not an issue when it
doesn't.

I was also unable to get it to work without some duplication,
unfortunately, but I could not get name/use to work with negative +
relative offsets.  And there doesn't seem to be an inverse of default,
which I would need to append ", with ..." only when one of the
previous blocks matched.  But perhaps I've overlooked something?

- FC
-------------- next part --------------
A non-text attachment was scrubbed...
Name: apk-sigblock.patch
Type: text/x-diff
Size: 2906 bytes
Desc: not available
URL: <https://mailman.astron.com/pipermail/file/attachments/20230108/452d8731/attachment.bin>


More information about the File mailing list