diff options
Diffstat (limited to 'contrib/file/magic/Magdir/android')
-rw-r--r-- | contrib/file/magic/Magdir/android | 83 |
1 files changed, 76 insertions, 7 deletions
diff --git a/contrib/file/magic/Magdir/android b/contrib/file/magic/Magdir/android index 1265d95925a7..8a2dedf3d2d9 100644 --- a/contrib/file/magic/Magdir/android +++ b/contrib/file/magic/Magdir/android @@ -1,6 +1,6 @@ #------------------------------------------------------------ -# $File: android,v 1.16 2019/11/15 21:03:14 christos Exp $ +# $File: android,v 1.24 2023/02/20 16:51:59 christos Exp $ # Various android related magic entries #------------------------------------------------------------ @@ -24,11 +24,11 @@ >>1028 lelong 0 \b (boot) >>1028 lelong 1 \b (recovery) >8 lelong >0 \b, kernel ->>12 lelong >0 \b (0x%x) +>>12 lelong >0 \b (%#x) >16 lelong >0 \b, ramdisk ->>20 lelong >0 \b (0x%x) +>>20 lelong >0 \b (%#x) >24 lelong >0 \b, second stage ->>28 lelong >0 \b (0x%x) +>>28 lelong >0 \b (%#x) >36 lelong >0 \b, page size: %d >38 string >0 \b, name: %s >64 string >0 \b, cmdline (%s) @@ -64,7 +64,7 @@ # look for backup content after line with encryption info #>>19 search/7 \n # data part after header for not encrypted Android Backup -#>>>&0 ubequad x \b, content 0x%16.16llx... +#>>>&0 ubequad x \b, content %#16.16llx... # look for zlib compressed by ./compress after message with 1 space at end #>>>&0 indirect x \b; contains # look for tar archive block by ./archive for package name manifest @@ -155,9 +155,9 @@ # flags >>>0x0C ulelong&0x00000002 2 \b+RW # partition ID: -# 0~IPL,MOVINAND,GANG;1~PIT,GPT;2~HIDDEN;3~SBL,HIDDEN;4~SBL2,HIDDEN;5~BOOT;6~KENREl,RECOVER,misc;7~RECOVER +# 0~IPL,MOVINAND,GANG;1~PIT,GPT;2~HIDDEN;3~SBL,HIDDEN;4~SBL2,HIDDEN;5~BOOT;6~kernel,RECOVER,misc;7~RECOVER # ;11~MODEM;20~efs;21~PARAM;22~FACTORY,SYSTEM;23~DBDATAFS,USERDATA;24~CACHE;80~BOOTLOADER;81~TZSW ->>>0x08 ulelong x (0x%x) +>>>0x08 ulelong x (%#x) # filename >>>0x44 string >\0 "%-.64s" #>>>0x18 ulelong >0 @@ -180,7 +180,9 @@ # In include/androidfw/ResourceTypes.h: # RES_XML_TYPE = 0x0003 followed by the size of the header (ResXMLTree_header), # which is 8 bytes (2 bytes type + 2 bytes header size + 4 bytes size). +# The strength is increased to avoid misidentifying as Targa image data 0 lelong 0x00080003 Android binary XML +!:strength +1 # Android cryptfs footer # From https://android.googlesource.com/\ @@ -188,3 +190,70 @@ 0 lelong 0xd0b5b1c4 Android cryptfs footer >4 leshort x \b, version: %d >6 leshort x \b.%d + +# Android Vdex format +# From https://android.googlesource.com/\ +# platform/art/+/master/runtime/vdex_file.h +0 string vdex Android vdex file, +>4 string >000 verifier deps version: %s, +>8 string >000 dex section version: %s, +>12 lelong >0 number of dex files: %d, +>16 lelong >0 verifier deps size: %d + +# Android Vdex format, dexfile is currently being updated +# by android system +# From https://android.googlesource.com/\ +# platform/art/+/master/dex2oat/dex2oat.cc +0 string wdex Android vdex file, being processed by dex2oat, +>4 string >000 verifier deps version: %s, +>8 string >000 dex section version: %s, +>12 lelong >0 number of dex files: %d, +>16 lelong >0 verifier deps size: %d + +# Disassembled DEX files +0 string/t .class\x20 +>&0 regex/512 \^\\.super\x20L.*;$ disassembled Android DEX Java class (smali/baksmali) +!:ext smali + +# Android ART (baseline) profile + metadata: baseline.prof, baseline.profm +# Reference: https://android.googlesource.com/platform/frameworks/support/\ +# +/refs/heads/androidx-main/profileinstaller/profileinstaller/\ +# src/main/java/androidx/profileinstaller/ProfileTranscoder.java +# Reference: https://android.googlesource.com/platform/frameworks/support/\ +# +/refs/heads/androidx-main/profileinstaller/profileinstaller/\ +# src/main/java/androidx/profileinstaller/ProfileVersion.java +0 string pro\x00 +>0 regex pro\x000[0-9][0-9]\x00 Android ART profile +!:ext prof +>>4 string 001\x00 \b, version 001 N +>>4 string 005\x00 \b, version 005 O +>>4 string 009\x00 \b, version 009 O MR1 +>>4 string 010\x00 \b, version 010 P +>>4 string 015\x00 \b, version 015 S +0 string prm\x00 +>0 regex prm\x000[0-9][0-9]\x00 Android ART profile metadata +!:ext profm +>>4 string 001\x00 \b, version 001 N +>>4 string 002\x00 \b, version 002 + +# Android package resource table (ARSC): resources.arsc +# Reference: https://android.googlesource.com/platform/tools/base/\ +# +/refs/heads/mirror-goog-studio-main/apkparser/binary-resources/\ +# src/main/java/com/google/devrel/gmscore/tools/apk/arsc +# 00: resource table type = 0x0002 (2) + header size = 12 (2) +# 04: chunk size (4, skipped) +# 08: #packages (4) +0 ulelong 0x000c0002 Android package resource table (ARSC) +!:ext arsc +>8 ulelong !1 \b, %d packages +# 12: string pool type = 0x0001 (2) + header size = 28 (2) +# 16: chunk size (4, skipped) +# 20: #strings (4), #styles (4), flags (4) +>12 ulelong 0x001c0001 +>>20 ulelong !0 \b, %d string(s) +>>24 ulelong !0 \b, %d style(s) +>>28 ulelong &1 \b, sorted +>>28 ulelong &256 \b, utf8 + +# extracted APK Signing Block +-16 string APK\x20Sig\x20Block\x2042 APK Signing Block |