aboutsummaryrefslogtreecommitdiff
path: root/contrib/file/magic/Magdir/android
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/file/magic/Magdir/android')
-rw-r--r--contrib/file/magic/Magdir/android83
1 files changed, 76 insertions, 7 deletions
diff --git a/contrib/file/magic/Magdir/android b/contrib/file/magic/Magdir/android
index 1265d95925a7..8a2dedf3d2d9 100644
--- a/contrib/file/magic/Magdir/android
+++ b/contrib/file/magic/Magdir/android
@@ -1,6 +1,6 @@
#------------------------------------------------------------
-# $File: android,v 1.16 2019/11/15 21:03:14 christos Exp $
+# $File: android,v 1.24 2023/02/20 16:51:59 christos Exp $
# Various android related magic entries
#------------------------------------------------------------
@@ -24,11 +24,11 @@
>>1028 lelong 0 \b (boot)
>>1028 lelong 1 \b (recovery)
>8 lelong >0 \b, kernel
->>12 lelong >0 \b (0x%x)
+>>12 lelong >0 \b (%#x)
>16 lelong >0 \b, ramdisk
->>20 lelong >0 \b (0x%x)
+>>20 lelong >0 \b (%#x)
>24 lelong >0 \b, second stage
->>28 lelong >0 \b (0x%x)
+>>28 lelong >0 \b (%#x)
>36 lelong >0 \b, page size: %d
>38 string >0 \b, name: %s
>64 string >0 \b, cmdline (%s)
@@ -64,7 +64,7 @@
# look for backup content after line with encryption info
#>>19 search/7 \n
# data part after header for not encrypted Android Backup
-#>>>&0 ubequad x \b, content 0x%16.16llx...
+#>>>&0 ubequad x \b, content %#16.16llx...
# look for zlib compressed by ./compress after message with 1 space at end
#>>>&0 indirect x \b; contains
# look for tar archive block by ./archive for package name manifest
@@ -155,9 +155,9 @@
# flags
>>>0x0C ulelong&0x00000002 2 \b+RW
# partition ID:
-# 0~IPL,MOVINAND,GANG;1~PIT,GPT;2~HIDDEN;3~SBL,HIDDEN;4~SBL2,HIDDEN;5~BOOT;6~KENREl,RECOVER,misc;7~RECOVER
+# 0~IPL,MOVINAND,GANG;1~PIT,GPT;2~HIDDEN;3~SBL,HIDDEN;4~SBL2,HIDDEN;5~BOOT;6~kernel,RECOVER,misc;7~RECOVER
# ;11~MODEM;20~efs;21~PARAM;22~FACTORY,SYSTEM;23~DBDATAFS,USERDATA;24~CACHE;80~BOOTLOADER;81~TZSW
->>>0x08 ulelong x (0x%x)
+>>>0x08 ulelong x (%#x)
# filename
>>>0x44 string >\0 "%-.64s"
#>>>0x18 ulelong >0
@@ -180,7 +180,9 @@
# In include/androidfw/ResourceTypes.h:
# RES_XML_TYPE = 0x0003 followed by the size of the header (ResXMLTree_header),
# which is 8 bytes (2 bytes type + 2 bytes header size + 4 bytes size).
+# The strength is increased to avoid misidentifying as Targa image data
0 lelong 0x00080003 Android binary XML
+!:strength +1
# Android cryptfs footer
# From https://android.googlesource.com/\
@@ -188,3 +190,70 @@
0 lelong 0xd0b5b1c4 Android cryptfs footer
>4 leshort x \b, version: %d
>6 leshort x \b.%d
+
+# Android Vdex format
+# From https://android.googlesource.com/\
+# platform/art/+/master/runtime/vdex_file.h
+0 string vdex Android vdex file,
+>4 string >000 verifier deps version: %s,
+>8 string >000 dex section version: %s,
+>12 lelong >0 number of dex files: %d,
+>16 lelong >0 verifier deps size: %d
+
+# Android Vdex format, dexfile is currently being updated
+# by android system
+# From https://android.googlesource.com/\
+# platform/art/+/master/dex2oat/dex2oat.cc
+0 string wdex Android vdex file, being processed by dex2oat,
+>4 string >000 verifier deps version: %s,
+>8 string >000 dex section version: %s,
+>12 lelong >0 number of dex files: %d,
+>16 lelong >0 verifier deps size: %d
+
+# Disassembled DEX files
+0 string/t .class\x20
+>&0 regex/512 \^\\.super\x20L.*;$ disassembled Android DEX Java class (smali/baksmali)
+!:ext smali
+
+# Android ART (baseline) profile + metadata: baseline.prof, baseline.profm
+# Reference: https://android.googlesource.com/platform/frameworks/support/\
+# +/refs/heads/androidx-main/profileinstaller/profileinstaller/\
+# src/main/java/androidx/profileinstaller/ProfileTranscoder.java
+# Reference: https://android.googlesource.com/platform/frameworks/support/\
+# +/refs/heads/androidx-main/profileinstaller/profileinstaller/\
+# src/main/java/androidx/profileinstaller/ProfileVersion.java
+0 string pro\x00
+>0 regex pro\x000[0-9][0-9]\x00 Android ART profile
+!:ext prof
+>>4 string 001\x00 \b, version 001 N
+>>4 string 005\x00 \b, version 005 O
+>>4 string 009\x00 \b, version 009 O MR1
+>>4 string 010\x00 \b, version 010 P
+>>4 string 015\x00 \b, version 015 S
+0 string prm\x00
+>0 regex prm\x000[0-9][0-9]\x00 Android ART profile metadata
+!:ext profm
+>>4 string 001\x00 \b, version 001 N
+>>4 string 002\x00 \b, version 002
+
+# Android package resource table (ARSC): resources.arsc
+# Reference: https://android.googlesource.com/platform/tools/base/\
+# +/refs/heads/mirror-goog-studio-main/apkparser/binary-resources/\
+# src/main/java/com/google/devrel/gmscore/tools/apk/arsc
+# 00: resource table type = 0x0002 (2) + header size = 12 (2)
+# 04: chunk size (4, skipped)
+# 08: #packages (4)
+0 ulelong 0x000c0002 Android package resource table (ARSC)
+!:ext arsc
+>8 ulelong !1 \b, %d packages
+# 12: string pool type = 0x0001 (2) + header size = 28 (2)
+# 16: chunk size (4, skipped)
+# 20: #strings (4), #styles (4), flags (4)
+>12 ulelong 0x001c0001
+>>20 ulelong !0 \b, %d string(s)
+>>24 ulelong !0 \b, %d style(s)
+>>28 ulelong &1 \b, sorted
+>>28 ulelong &256 \b, utf8
+
+# extracted APK Signing Block
+-16 string APK\x20Sig\x20Block\x2042 APK Signing Block
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-25 14:49:04 +0000