[File] [PATCH] Detect Android APK files
christos at zoulas.com
Thu Jan 12 00:07:11 UTC 2023
> On Jan 8, 2023, at 3:38 PM, FC Stegerman <flx at obfusk.net> wrote:
> Hi (again)!
> * FC Stegerman <flx at obfusk.net> [2023-01-08 17:17]:
>> I've attached a patch to detect (many, but sadly not all) Android APK
>> files (which are Zip archives) based on APK-specific file names found
>> in the first local file header.
>> I've tested it on a collection of about 2000 .apk files from F-Droid
>> (from a build in 2021) and a few hundred recent ones (e.g. to test
>> zipflinger virtual entry  detection): it identified 99% of them
> I've attached a v2 of my patch, which also detects the APK Signing
> Block (when it can).
> I noticed the APK Signing Block detection only works for APK files no
> larger than about 7MiB (at least that's the only correlation I could
> find for when it doesn't work even though I can manually locate the
> expected string at the expected offset); is this a known limitation?
> Either way it's nice to have when it works but not an issue when it
> I was also unable to get it to work without some duplication,
> unfortunately, but I could not get name/use to work with negative +
> relative offsets. And there doesn't seem to be an inverse of default,
> which I would need to append ", with ..." only when one of the
> previous blocks matched. But perhaps I've overlooked something?
> - FC
> File mailing list
> File at astron.com
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 235 bytes
Desc: Message signed with OpenPGP
More information about the File