1 files changed, 100 insertions, 0 deletions

diff --git a/contrib/file/magic/Magdir/android b/contrib/file/magic/Magdir/android
new file mode 100644
index 000000000000..4a4c3feb8923
--- /dev/null
+++ b/contrib/file/magic/Magdir/android
@@ -0,0 +1,100 @@
+
+#------------------------------------------------------------
+# $File: android,v 1.4 2014/06/03 19:01:34 christos Exp $
+# Various android related magic entries
+#------------------------------------------------------------
+
+# Dalvik .dex format. http://retrodev.com/android/dexformat.html
+# From <mkf@google.com> "Mike Fleming"
+# Fixed to avoid regexec 17 errors on some dex files
+# From <diff@lookout.com> "Tim Strazzere"
+0	string	dex\n
+>0	regex	dex\n[0-9]{2}\0	Dalvik dex file
+>4	string	>000			version %s
+0	string	dey\n
+>0	regex	dey\n[0-9]{2}\0	Dalvik dex file (optimized for host)
+>4	string	>000			version %s
+
+# http://android.stackexchange.com/questions/23357/\
+# is-there-a-way-to-look-inside-and-modify-an-adb-backup-created-file/\
+# 23608#23608
+0	string	ANDROID\040BACKUP\n	Android Backup
+>15	string	1\n			\b, version 1
+>17	string	0\n			\b, uncompressed
+>17	string	1\n			\b, compressed
+>19	string	none\n			\b, unencrypted
+>19	string	AES-256\n		\b, encrypted AES-256
+
+# Android bootimg format
+# From https://android.googlesource.com/\
+# platform/system/core/+/master/mkbootimg/bootimg.h
+0		string	ANDROID!	Android bootimg
+>8		lelong	>0			\b, kernel
+>>12	lelong	>0			\b (0x%x)
+>16		lelong	>0			\b, ramdisk
+>>20	lelong	>0			\b (0x%x)
+>24		lelong	>0			\b, second stage
+>>28	lelong	>0			\b (0x%x)
+>36		lelong	>0			\b, page size: %d
+>38		string	>0			\b, name: %s
+>64		string	>0		 	\b, cmdline (%s)
+# Dalvik .dex format. http://retrodev.com/android/dexformat.html
+# From <mkf@google.com> "Mike Fleming"
+# Fixed to avoid regexec 17 errors on some dex files
+# From <diff@lookout.com> "Tim Strazzere"
+0	string	dex\n
+>0	regex	dex\n[0-9]{2}\0	Dalvik dex file
+>4	string	>000			version %s
+0	string	dey\n
+>0	regex	dey\n[0-9]{2}\0	Dalvik dex file (optimized for host)
+>4	string	>000			version %s
+
+# http://android.stackexchange.com/questions/23357/\
+# is-there-a-way-to-look-inside-and-modify-an-adb-backup-created-file/\
+# 23608#23608
+0	string	ANDROID\040BACKUP\n	Android Backup
+>15	string	1\n			\b, version 1
+>17	string	0\n			\b, uncompressed
+>17	string	1\n			\b, compressed
+>19	string	none\n			\b, unencrypted
+>19	string	AES-256\n		\b, encrypted AES-256
+
+# Android bootimg format
+# From https://android.googlesource.com/\
+# platform/system/core/+/master/mkbootimg/bootimg.h
+0		string	ANDROID!	Android bootimg
+>8		lelong	>0			\b, kernel
+>>12	lelong	>0			\b (0x%x)
+>16		lelong	>0			\b, ramdisk
+>>20	lelong	>0			\b (0x%x)
+>24		lelong	>0			\b, second stage
+>>28	lelong	>0			\b (0x%x)
+>36		lelong	>0			\b, page size: %d
+>38		string	>0			\b, name: %s
+>64		string	>0		 	\b, cmdline (%s)
+
+# Android Backup archive
+# From: Ariel Shkedi
+# File extension: .ab
+# No mime-type defined
+# URL: https://github.com/android/platform_frameworks_base/blob/\
+# 0bacfd2ba68d21a68a3df345b830bc2a1e515b5a/services/java/com/\
+# android/server/BackupManagerService.java#L2367
+# After the header comes a tar file
+# If compressed, the entire tar file is compressed with JAVA deflate
+#
+# Include the version number hardcoded with the magic string to avoid
+# false positives
+0	string/b	ANDROID\ BACKUP\n1\n	Android Backup
+>17	string		0\n			\b, Not-Compressed
+>17	string		1\n			\b, Compressed
+# any string as long as it's not the word none (which is matched below)
+>>19    regex/1l	\^([^n\n]|n[^o]|no[^n]|non[^e]|none.+).*	\b, Encrypted (%s)
+>>19	string		none\n			\b, Not-Encrypted
+# Commented out because they don't seem useful to print
+# (but they are part of the header - the tar file comes after them):
+#>>>&1		regex/1l .*	\b, Password salt: %s
+#>>>>&1		regex/1l .*	\b, Master salt: %s
+#>>>>>&1	regex/1l .*	\b, PBKDF2 rounds: %s
+#>>>>>>&1	regex/1l .*	\b, IV: %s
+#>>>>>>>&1	regex/1l .*	\b, Key: %s