[File] [PATCH] Detect Android APK files

Christos Zoulas christos at zoulas.com
Thu Jan 12 00:07:11 UTC 2023


Committed, thanks!

christos

> On Jan 8, 2023, at 3:38 PM, FC Stegerman <flx at obfusk.net> wrote:
> 
> Hi (again)!
> 
> * FC Stegerman <flx at obfusk.net> [2023-01-08 17:17]:
>> I've attached a patch to detect (many, but sadly not all) Android APK
>> files (which are Zip archives) based on APK-specific file names found
>> in the first local file header.
>> 
>> I've tested it on a collection of about 2000 .apk files from F-Droid
>> (from a build in 2021) and a few hundred recent ones (e.g. to test
>> zipflinger virtual entry [1] detection): it identified 99% of them
>> correctly.
> 
> I've attached a v2 of my patch, which also detects the APK Signing
> Block (when it can).
> 
> I noticed the APK Signing Block detection only works for APK files no
> larger than about 7MiB (at least that's the only correlation I could
> find for when it doesn't work even though I can manually locate the
> expected string at the expected offset); is this a known limitation?
> Either way it's nice to have when it works but not an issue when it
> doesn't.
> 
> I was also unable to get it to work without some duplication,
> unfortunately, but I could not get name/use to work with negative +
> relative offsets.  And there doesn't seem to be an inverse of default,
> which I would need to append ", with ..." only when one of the
> previous blocks matched.  But perhaps I've overlooked something?
> 
> - FC
> <apk-sigblock.patch>--
> File mailing list
> File at astron.com
> https://mailman.astron.com/mailman/listinfo/file

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 235 bytes
Desc: Message signed with OpenPGP
URL: <https://mailman.astron.com/pipermail/file/attachments/20230111/f7fe2767/attachment.asc>


More information about the File mailing list