Last active
February 5, 2023 03:40
-
-
Save obfusk/8b1d6f017c8f37852f3448b3979f3205 to your computer and use it in GitHub Desktop.
magic(5) files for .smali & .apk files
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Android APK file (Zip archive) | |
| 0 string PK\003\004 | |
| !:strength +1 | |
| # Starts with AndroidManifest.xml (file name length = 19) | |
| >26 uleshort 19 | |
| >>30 string AndroidManifest.xml Android package (APK), with AndroidManifest.xml | |
| >>>-22 string PK\005\006 | |
| >>>>(-6.l-16) string APK\x20Sig\x20Block\x2042 \b, with APK Signing Block | |
| !:mime application/vnd.android.package-archive | |
| !:ext apk | |
| # Starts with META-INF/com/android/build/gradle/app-metadata.properties | |
| >26 uleshort 57 | |
| >>30 string META-INF/com/android/build/gradle/ | |
| >>>&0 string app-metadata.properties Android package (APK), with gradle app-metadata.properties | |
| >>>>-22 string PK\005\006 | |
| >>>>>(-6.l-16) string APK\x20Sig\x20Block\x2042 \b, with APK Signing Block | |
| !:mime application/vnd.android.package-archive | |
| !:ext apk | |
| # Starts with classes.dex (file name length = 11) | |
| >26 uleshort 11 | |
| >>30 string classes.dex Android package (APK), with classes.dex | |
| >>>-22 string PK\005\006 | |
| >>>>(-6.l-16) string APK\x20Sig\x20Block\x2042 \b, with APK Signing Block | |
| !:mime application/vnd.android.package-archive | |
| !:ext apk | |
| # Starts with META-INF/MANIFEST.MF (file name length = 20) | |
| # NB: checks for resources.arsc or drawables as well to avoid matching JAR files | |
| >26 uleshort 20 | |
| >>30 string META-INF/MANIFEST.MF | |
| # Contains resources.arsc (near the end, in the central directory) | |
| >>>-512 search resources.arsc Android package (APK), with MANIFEST.MF and resources.arsc | |
| >>>>-22 string PK\005\006 | |
| >>>>>(-6.l-16) string APK\x20Sig\x20Block\x2042 \b, with APK Signing Block | |
| !:mime application/vnd.android.package-archive | |
| !:ext apk | |
| >>>-512 default x | |
| # Contains drawables (near the end, in the central directory) | |
| >>>>-512 search res/drawable Android package (APK), with MANIFEST.MF and drawables | |
| >>>>>-22 string PK\005\006 | |
| >>>>>>(-6.l-16) string APK\x20Sig\x20Block\x2042 \b, with APK Signing Block | |
| !:mime application/vnd.android.package-archive | |
| !:ext apk | |
| # Starts with zipflinger virtual entry (28 + 104 = 132 bytes) | |
| # See https://github.com/obfusk/apksigcopier/blob/666f5b7/apksigcopier/__init__.py#L230 | |
| >4 string \x00\x00\x00\x00\x00\x00 | |
| >>&0 string \x21\x08\x21\x02 | |
| >>>&0 string \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 | |
| >>>>&0 string \x00\x00 Android package (APK), with zipflinger virtual entry | |
| >>>>>-22 string PK\005\006 | |
| >>>>>>(-6.l-16) string APK\x20Sig\x20Block\x2042 \b, with APK Signing Block | |
| !:mime application/vnd.android.package-archive | |
| !:ext apk | |
| # APK Signing Block | |
| >0 default x | |
| >>-22 string PK\005\006 | |
| >>>(-6.l-16) string APK\x20Sig\x20Block\x2042 Android package (APK), with APK Signing Block | |
| !:mime application/vnd.android.package-archive | |
| !:ext apk |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- a/magic/Magdir/archive | |
| +++ b/magic/Magdir/archive | |
| @@ -1505,6 +1505,65 @@ | |
| !:mime application/zip | |
| !:ext zip/cbz | |
| +# Android APK file (Zip archive) | |
| +0 string PK\003\004 | |
| +!:strength +1 | |
| +# Starts with AndroidManifest.xml (file name length = 19) | |
| +>26 uleshort 19 | |
| +>>30 string AndroidManifest.xml Android package (APK), with AndroidManifest.xml | |
| +>>>-22 string PK\005\006 | |
| +>>>>(-6.l-16) string APK\x20Sig\x20Block\x2042 \b, with APK Signing Block | |
| +!:mime application/vnd.android.package-archive | |
| +!:ext apk | |
| +# Starts with META-INF/com/android/build/gradle/app-metadata.properties | |
| +>26 uleshort 57 | |
| +>>30 string META-INF/com/android/build/gradle/ | |
| +>>>&0 string app-metadata.properties Android package (APK), with gradle app-metadata.properties | |
| +>>>>-22 string PK\005\006 | |
| +>>>>>(-6.l-16) string APK\x20Sig\x20Block\x2042 \b, with APK Signing Block | |
| +!:mime application/vnd.android.package-archive | |
| +!:ext apk | |
| +# Starts with classes.dex (file name length = 11) | |
| +>26 uleshort 11 | |
| +>>30 string classes.dex Android package (APK), with classes.dex | |
| +>>>-22 string PK\005\006 | |
| +>>>>(-6.l-16) string APK\x20Sig\x20Block\x2042 \b, with APK Signing Block | |
| +!:mime application/vnd.android.package-archive | |
| +!:ext apk | |
| +# Starts with META-INF/MANIFEST.MF (file name length = 20) | |
| +# NB: checks for resources.arsc or drawables as well to avoid matching JAR files | |
| +>26 uleshort 20 | |
| +>>30 string META-INF/MANIFEST.MF | |
| +# Contains resources.arsc (near the end, in the central directory) | |
| +>>>-512 search resources.arsc Android package (APK), with MANIFEST.MF and resources.arsc | |
| +>>>>-22 string PK\005\006 | |
| +>>>>>(-6.l-16) string APK\x20Sig\x20Block\x2042 \b, with APK Signing Block | |
| +!:mime application/vnd.android.package-archive | |
| +!:ext apk | |
| +>>>-512 default x | |
| +# Contains drawables (near the end, in the central directory) | |
| +>>>>-512 search res/drawable Android package (APK), with MANIFEST.MF and drawables | |
| +>>>>>-22 string PK\005\006 | |
| +>>>>>>(-6.l-16) string APK\x20Sig\x20Block\x2042 \b, with APK Signing Block | |
| +!:mime application/vnd.android.package-archive | |
| +!:ext apk | |
| +# Starts with zipflinger virtual entry (28 + 104 = 132 bytes) | |
| +# See https://github.com/obfusk/apksigcopier/blob/666f5b7/apksigcopier/__init__.py#L230 | |
| +>4 string \x00\x00\x00\x00\x00\x00 | |
| +>>&0 string \x21\x08\x21\x02 | |
| +>>>&0 string \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 | |
| +>>>>&0 string \x00\x00 Android package (APK), with zipflinger virtual entry | |
| +>>>>>-22 string PK\005\006 | |
| +>>>>>>(-6.l-16) string APK\x20Sig\x20Block\x2042 \b, with APK Signing Block | |
| +!:mime application/vnd.android.package-archive | |
| +!:ext apk | |
| +# APK Signing Block | |
| +>0 default x | |
| +>>-22 string PK\005\006 | |
| +>>>(-6.l-16) string APK\x20Sig\x20Block\x2042 Android package (APK), with APK Signing Block | |
| +!:mime application/vnd.android.package-archive | |
| +!:ext apk | |
| + | |
| # Zip archives (Greg Roelofs, c/o [email protected]) | |
| 0 string PK\005\006 Zip archive data (empty) | |
| !:mime application/zip |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Android APK file (Zip archive) | |
| 0 string PK\003\004 | |
| !:strength +1 | |
| # Starts with AndroidManifest.xml (file name length = 19) | |
| >26 uleshort 19 | |
| >>30 string AndroidManifest.xml Android package (APK), with AndroidManifest.xml | |
| >>>-22 string PK\005\006 | |
| >>>>(-6.l-16) string APK\x20Sig\x20Block\x2042 \b, with APK Signing Block | |
| !:mime application/vnd.android.package-archive | |
| !:ext apk | |
| # Starts with META-INF/com/android/build/gradle/app-metadata.properties | |
| >26 uleshort 57 | |
| >>30 string META-INF/com/android/build/gradle/ | |
| >>>&0 string app-metadata.properties Android package (APK), with gradle app-metadata.properties | |
| >>>>-22 string PK\005\006 | |
| >>>>>(-6.l-16) string APK\x20Sig\x20Block\x2042 \b, with APK Signing Block | |
| !:mime application/vnd.android.package-archive | |
| !:ext apk | |
| # Starts with classes.dex (file name length = 11) | |
| >26 uleshort 11 | |
| >>30 string classes.dex Android package (APK), with classes.dex | |
| >>>-22 string PK\005\006 | |
| >>>>(-6.l-16) string APK\x20Sig\x20Block\x2042 \b, with APK Signing Block | |
| !:mime application/vnd.android.package-archive | |
| !:ext apk | |
| # Starts with META-INF/MANIFEST.MF (file name length = 20) | |
| # NB: checks for resources.arsc, classes.dex, etc. as well to avoid matching JAR files | |
| >26 uleshort 20 | |
| >>30 string META-INF/MANIFEST.MF | |
| # Contains resources.arsc (near the end, in the central directory) | |
| >>>-512 search resources.arsc Android package (APK), with MANIFEST.MF and resources.arsc | |
| >>>>-22 string PK\005\006 | |
| >>>>>(-6.l-16) string APK\x20Sig\x20Block\x2042 \b, with APK Signing Block | |
| !:mime application/vnd.android.package-archive | |
| !:ext apk | |
| >>>-512 default x | |
| # Contains classes.dex (near the end, in the central directory) | |
| >>>>-512 search classes.dex Android package (APK), with MANIFEST.MF and classes.dex | |
| >>>>>-22 string PK\005\006 | |
| >>>>>>(-6.l-16) string APK\x20Sig\x20Block\x2042 \b, with APK Signing Block | |
| !:mime application/vnd.android.package-archive | |
| !:ext apk | |
| >>>>-512 default x | |
| # Contains lib/armeabi (near the end, in the central directory) | |
| >>>>>-512 search lib/armeabi Android package (APK), with MANIFEST.MF and armeabi lib | |
| >>>>>>-22 string PK\005\006 | |
| >>>>>>>(-6.l-16) string APK\x20Sig\x20Block\x2042 \b, with APK Signing Block | |
| !:mime application/vnd.android.package-archive | |
| !:ext apk | |
| >>>>>-512 default x | |
| # Contains drawables (near the end, in the central directory) | |
| >>>>>>-512 search res/drawable Android package (APK), with MANIFEST.MF and drawables | |
| >>>>>>>-22 string PK\005\006 | |
| >>>>>>>>(-6.l-16) string APK\x20Sig\x20Block\x2042 \b, with APK Signing Block | |
| !:mime application/vnd.android.package-archive | |
| !:ext apk | |
| # Starts with zipflinger virtual entry (28 + 104 = 132 bytes) | |
| # See https://github.com/obfusk/apksigcopier/blob/666f5b7/apksigcopier/__init__.py#L230 | |
| >4 string \x00\x00\x00\x00\x00\x00 | |
| >>&0 string \x21\x08\x21\x02 | |
| >>>&0 string \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 | |
| >>>>&0 string \x00\x00 Android package (APK), with zipflinger virtual entry | |
| >>>>>-22 string PK\005\006 | |
| >>>>>>(-6.l-16) string APK\x20Sig\x20Block\x2042 \b, with APK Signing Block | |
| !:mime application/vnd.android.package-archive | |
| !:ext apk | |
| # APK Signing Block | |
| >0 default x | |
| >>-22 string PK\005\006 | |
| >>>(-6.l-16) string APK\x20Sig\x20Block\x2042 Android package (APK), with APK Signing Block | |
| !:mime application/vnd.android.package-archive | |
| !:ext apk |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- a/magic/Magdir/archive | |
| +++ b/magic/Magdir/archive | |
| @@ -1531,7 +1531,7 @@ | |
| !:mime application/vnd.android.package-archive | |
| !:ext apk | |
| # Starts with META-INF/MANIFEST.MF (file name length = 20) | |
| -# NB: checks for resources.arsc or drawables as well to avoid matching JAR files | |
| +# NB: checks for resources.arsc, classes.dex, etc. as well to avoid matching JAR files | |
| >26 uleshort 20 | |
| >>30 string META-INF/MANIFEST.MF | |
| # Contains resources.arsc (near the end, in the central directory) | |
| @@ -1540,13 +1540,27 @@ | |
| >>>>>(-6.l-16) string APK\x20Sig\x20Block\x2042 \b, with APK Signing Block | |
| !:mime application/vnd.android.package-archive | |
| !:ext apk | |
| ->>>-512 default x | |
| -# Contains drawables (near the end, in the central directory) | |
| ->>>>-512 search res/drawable Android package (APK), with MANIFEST.MF and drawables | |
| +>>>-512 default x | |
| +# Contains classes.dex (near the end, in the central directory) | |
| +>>>>-512 search classes.dex Android package (APK), with MANIFEST.MF and classes.dex | |
| >>>>>-22 string PK\005\006 | |
| >>>>>>(-6.l-16) string APK\x20Sig\x20Block\x2042 \b, with APK Signing Block | |
| !:mime application/vnd.android.package-archive | |
| !:ext apk | |
| +>>>>-512 default x | |
| +# Contains lib/armeabi (near the end, in the central directory) | |
| +>>>>>-512 search lib/armeabi Android package (APK), with MANIFEST.MF and armeabi lib | |
| +>>>>>>-22 string PK\005\006 | |
| +>>>>>>>(-6.l-16) string APK\x20Sig\x20Block\x2042 \b, with APK Signing Block | |
| +!:mime application/vnd.android.package-archive | |
| +!:ext apk | |
| +>>>>>-512 default x | |
| +# Contains drawables (near the end, in the central directory) | |
| +>>>>>>-512 search res/drawable Android package (APK), with MANIFEST.MF and drawables | |
| +>>>>>>>-22 string PK\005\006 | |
| +>>>>>>>>(-6.l-16) string APK\x20Sig\x20Block\x2042 \b, with APK Signing Block | |
| +!:mime application/vnd.android.package-archive | |
| +!:ext apk | |
| # Starts with zipflinger virtual entry (28 + 104 = 132 bytes) | |
| # See https://github.com/obfusk/apksigcopier/blob/666f5b7/apksigcopier/__init__.py#L230 | |
| >4 string \x00\x00\x00\x00\x00\x00 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Android APK file (Zip archive) | |
| 0 string PK\003\004 | |
| !:strength +1 | |
| # Starts with AndroidManifest.xml (file name length = 19) | |
| >26 uleshort 19 | |
| >>30 string AndroidManifest.xml Android package (APK), with AndroidManifest.xml | |
| !:mime application/vnd.android.package-archive | |
| !:ext apk | |
| >>>-22 string PK\005\006 | |
| >>>>(-6.l-16) string APK\x20Sig\x20Block\x2042 \b, with APK Signing Block | |
| # Starts with META-INF/com/android/build/gradle/app-metadata.properties | |
| >26 uleshort 57 | |
| >>30 string META-INF/com/android/build/gradle/ | |
| >>>&0 string app-metadata.properties Android package (APK), with gradle app-metadata.properties | |
| !:mime application/vnd.android.package-archive | |
| !:ext apk | |
| >>>>-22 string PK\005\006 | |
| >>>>>(-6.l-16) string APK\x20Sig\x20Block\x2042 \b, with APK Signing Block | |
| # Starts with classes.dex (file name length = 11) | |
| >26 uleshort 11 | |
| >>30 string classes.dex Android package (APK), with classes.dex | |
| !:mime application/vnd.android.package-archive | |
| !:ext apk | |
| >>>-22 string PK\005\006 | |
| >>>>(-6.l-16) string APK\x20Sig\x20Block\x2042 \b, with APK Signing Block | |
| # Starts with META-INF/MANIFEST.MF (file name length = 20) | |
| # NB: checks for resources.arsc, classes.dex, etc. as well to avoid matching JAR files | |
| >26 uleshort 20 | |
| >>30 string META-INF/MANIFEST.MF | |
| # Contains resources.arsc (near the end, in the central directory) | |
| >>>-512 search resources.arsc Android package (APK), with MANIFEST.MF and resources.arsc | |
| !:mime application/vnd.android.package-archive | |
| !:ext apk | |
| >>>>-22 string PK\005\006 | |
| >>>>>(-6.l-16) string APK\x20Sig\x20Block\x2042 \b, with APK Signing Block | |
| >>>-512 default x | |
| # Contains classes.dex (near the end, in the central directory) | |
| >>>>-512 search classes.dex Android package (APK), with MANIFEST.MF and classes.dex | |
| !:mime application/vnd.android.package-archive | |
| !:ext apk | |
| >>>>>-22 string PK\005\006 | |
| >>>>>>(-6.l-16) string APK\x20Sig\x20Block\x2042 \b, with APK Signing Block | |
| >>>>-512 default x | |
| # Contains lib/armeabi (near the end, in the central directory) | |
| >>>>>-512 search lib/armeabi Android package (APK), with MANIFEST.MF and armeabi lib | |
| !:mime application/vnd.android.package-archive | |
| !:ext apk | |
| >>>>>>-22 string PK\005\006 | |
| >>>>>>>(-6.l-16) string APK\x20Sig\x20Block\x2042 \b, with APK Signing Block | |
| >>>>>-512 default x | |
| # Contains drawables (near the end, in the central directory) | |
| >>>>>>-512 search res/drawable Android package (APK), with MANIFEST.MF and drawables | |
| !:mime application/vnd.android.package-archive | |
| !:ext apk | |
| >>>>>>>-22 string PK\005\006 | |
| >>>>>>>>(-6.l-16) string APK\x20Sig\x20Block\x2042 \b, with APK Signing Block | |
| # It may or may not be an APK file, but it's definitely a Java JAR file | |
| >>>>>>-512 default x Java archive data (JAR) | |
| !:mime application/java-archive | |
| !:ext jar | |
| # Starts with zipflinger virtual entry (28 + 104 = 132 bytes) | |
| # See https://github.com/obfusk/apksigcopier/blob/666f5b7/apksigcopier/__init__.py#L230 | |
| >4 string \x00\x00\x00\x00\x00\x00 | |
| >>&0 string \x21\x08\x21\x02 | |
| >>>&0 string \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 | |
| >>>>&0 string \x00\x00 Android package (APK), with zipflinger virtual entry | |
| !:mime application/vnd.android.package-archive | |
| !:ext apk | |
| >>>>>-22 string PK\005\006 | |
| >>>>>>(-6.l-16) string APK\x20Sig\x20Block\x2042 \b, with APK Signing Block | |
| # APK Signing Block | |
| >0 default x | |
| >>-22 string PK\005\006 | |
| >>>(-6.l-16) string APK\x20Sig\x20Block\x2042 Android package (APK), with APK Signing Block | |
| !:mime application/vnd.android.package-archive | |
| !:ext apk |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- a/magic/Magdir/archive | |
| +++ b/magic/Magdir/archive | |
| @@ -1511,66 +1511,70 @@ | |
| # Starts with AndroidManifest.xml (file name length = 19) | |
| >26 uleshort 19 | |
| >>30 string AndroidManifest.xml Android package (APK), with AndroidManifest.xml | |
| ->>>-22 string PK\005\006 | |
| ->>>>(-6.l-16) string APK\x20Sig\x20Block\x2042 \b, with APK Signing Block | |
| !:mime application/vnd.android.package-archive | |
| !:ext apk | |
| +>>>-22 string PK\005\006 | |
| +>>>>(-6.l-16) string APK\x20Sig\x20Block\x2042 \b, with APK Signing Block | |
| # Starts with META-INF/com/android/build/gradle/app-metadata.properties | |
| >26 uleshort 57 | |
| >>30 string META-INF/com/android/build/gradle/ | |
| >>>&0 string app-metadata.properties Android package (APK), with gradle app-metadata.properties | |
| ->>>>-22 string PK\005\006 | |
| ->>>>>(-6.l-16) string APK\x20Sig\x20Block\x2042 \b, with APK Signing Block | |
| !:mime application/vnd.android.package-archive | |
| !:ext apk | |
| +>>>>-22 string PK\005\006 | |
| +>>>>>(-6.l-16) string APK\x20Sig\x20Block\x2042 \b, with APK Signing Block | |
| # Starts with classes.dex (file name length = 11) | |
| >26 uleshort 11 | |
| >>30 string classes.dex Android package (APK), with classes.dex | |
| ->>>-22 string PK\005\006 | |
| ->>>>(-6.l-16) string APK\x20Sig\x20Block\x2042 \b, with APK Signing Block | |
| !:mime application/vnd.android.package-archive | |
| !:ext apk | |
| +>>>-22 string PK\005\006 | |
| +>>>>(-6.l-16) string APK\x20Sig\x20Block\x2042 \b, with APK Signing Block | |
| # Starts with META-INF/MANIFEST.MF (file name length = 20) | |
| # NB: checks for resources.arsc, classes.dex, etc. as well to avoid matching JAR files | |
| >26 uleshort 20 | |
| >>30 string META-INF/MANIFEST.MF | |
| # Contains resources.arsc (near the end, in the central directory) | |
| >>>-512 search resources.arsc Android package (APK), with MANIFEST.MF and resources.arsc | |
| ->>>>-22 string PK\005\006 | |
| ->>>>>(-6.l-16) string APK\x20Sig\x20Block\x2042 \b, with APK Signing Block | |
| !:mime application/vnd.android.package-archive | |
| !:ext apk | |
| +>>>>-22 string PK\005\006 | |
| +>>>>>(-6.l-16) string APK\x20Sig\x20Block\x2042 \b, with APK Signing Block | |
| >>>-512 default x | |
| # Contains classes.dex (near the end, in the central directory) | |
| >>>>-512 search classes.dex Android package (APK), with MANIFEST.MF and classes.dex | |
| ->>>>>-22 string PK\005\006 | |
| ->>>>>>(-6.l-16) string APK\x20Sig\x20Block\x2042 \b, with APK Signing Block | |
| !:mime application/vnd.android.package-archive | |
| !:ext apk | |
| +>>>>>-22 string PK\005\006 | |
| +>>>>>>(-6.l-16) string APK\x20Sig\x20Block\x2042 \b, with APK Signing Block | |
| >>>>-512 default x | |
| # Contains lib/armeabi (near the end, in the central directory) | |
| >>>>>-512 search lib/armeabi Android package (APK), with MANIFEST.MF and armeabi lib | |
| ->>>>>>-22 string PK\005\006 | |
| ->>>>>>>(-6.l-16) string APK\x20Sig\x20Block\x2042 \b, with APK Signing Block | |
| !:mime application/vnd.android.package-archive | |
| !:ext apk | |
| +>>>>>>-22 string PK\005\006 | |
| +>>>>>>>(-6.l-16) string APK\x20Sig\x20Block\x2042 \b, with APK Signing Block | |
| >>>>>-512 default x | |
| # Contains drawables (near the end, in the central directory) | |
| >>>>>>-512 search res/drawable Android package (APK), with MANIFEST.MF and drawables | |
| ->>>>>>>-22 string PK\005\006 | |
| ->>>>>>>>(-6.l-16) string APK\x20Sig\x20Block\x2042 \b, with APK Signing Block | |
| !:mime application/vnd.android.package-archive | |
| !:ext apk | |
| +>>>>>>>-22 string PK\005\006 | |
| +>>>>>>>>(-6.l-16) string APK\x20Sig\x20Block\x2042 \b, with APK Signing Block | |
| +# It may or may not be an APK file, but it's definitely a Java JAR file | |
| +>>>>>>-512 default x Java archive data (JAR) | |
| +!:mime application/java-archive | |
| +!:ext jar | |
| # Starts with zipflinger virtual entry (28 + 104 = 132 bytes) | |
| # See https://github.com/obfusk/apksigcopier/blob/666f5b7/apksigcopier/__init__.py#L230 | |
| >4 string \x00\x00\x00\x00\x00\x00 | |
| >>&0 string \x21\x08\x21\x02 | |
| >>>&0 string \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 | |
| >>>>&0 string \x00\x00 Android package (APK), with zipflinger virtual entry | |
| ->>>>>-22 string PK\005\006 | |
| ->>>>>>(-6.l-16) string APK\x20Sig\x20Block\x2042 \b, with APK Signing Block | |
| !:mime application/vnd.android.package-archive | |
| !:ext apk | |
| +>>>>>-22 string PK\005\006 | |
| +>>>>>>(-6.l-16) string APK\x20Sig\x20Block\x2042 \b, with APK Signing Block | |
| # APK Signing Block | |
| >0 default x | |
| >>-22 string PK\005\006 | |
| @@ -1795,9 +1799,10 @@ | |
| >>>38 regex [!-OQ-~]+ Zip data (MIME type "%s"?) | |
| !:mime application/zip | |
| -# Java Jar files | |
| +# Java Jar files (see also APK files above) | |
| >(26.s+30) leshort 0xcafe Java archive data (JAR) | |
| !:mime application/java-archive | |
| +!:ext jar | |
| # iOS App | |
| >(26.s+30) leshort !0xcafe |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # extracted APK Signing Block | |
| -16 string APK\x20Sig\x20Block\x2042 APK Signing Block |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- a/magic/Magdir/android | |
| +++ b/magic/Magdir/android | |
| @@ -254,3 +254,6 @@ | |
| >>24 ulelong !0 \b, %d style(s) | |
| >>28 ulelong &1 \b, sorted | |
| >>28 ulelong &256 \b, utf8 | |
| + | |
| +# extracted APK Signing Block | |
| +-16 string APK\x20Sig\x20Block\x2042 APK Signing Block |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Android package resource table (ARSC): resources.arsc | |
| # Reference: https://android.googlesource.com/platform/tools/base/\ | |
| # +/refs/heads/mirror-goog-studio-main/apkparser/binary-resources/\ | |
| # src/main/java/com/google/devrel/gmscore/tools/apk/arsc | |
| # 00: resource table type = 0x0002 (2) + header size = 12 (2) | |
| # 04: chunk size (4, skipped) | |
| # 08: #packages (4) | |
| 0 ulelong 0x000c0002 Android package resource table (ARSC) | |
| !:ext arsc | |
| >8 ulelong !1 \b, %d packages | |
| # 12: string pool type = 0x0001 (2) + header size = 28 (2) | |
| # 16: chunk size (4, skipped) | |
| # 20: #strings (4), #styles (4), flags (4) | |
| >12 ulelong 0x001c0001 | |
| >>20 ulelong !0 \b, %d string(s) | |
| >>24 ulelong !0 \b, %d style(s) | |
| >>28 ulelong &1 \b, sorted | |
| >>28 ulelong &256 \b, utf8 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- a/magic/Magdir/android | |
| +++ b/magic/Magdir/android | |
| @@ -233,3 +233,22 @@ | |
| !:ext profm | |
| >>4 string 001\x00 \b, version 001 N | |
| >>4 string 002\x00 \b, version 002 | |
| + | |
| +# Android package resource table (ARSC): resources.arsc | |
| +# Reference: https://android.googlesource.com/platform/tools/base/\ | |
| +# +/refs/heads/mirror-goog-studio-main/apkparser/binary-resources/\ | |
| +# src/main/java/com/google/devrel/gmscore/tools/apk/arsc | |
| +# 00: resource table type = 0x0002 (2) + header size = 12 (2) | |
| +# 04: chunk size (4, skipped) | |
| +# 08: #packages (4) | |
| +0 ulelong 0x000c0002 Android package resource table (ARSC) | |
| +!:ext arsc | |
| +>8 ulelong !1 \b, %d packages | |
| +# 12: string pool type = 0x0001 (2) + header size = 28 (2) | |
| +# 16: chunk size (4, skipped) | |
| +# 20: #strings (4), #styles (4), flags (4) | |
| +>12 ulelong 0x001c0001 | |
| +>>20 ulelong !0 \b, %d string(s) | |
| +>>24 ulelong !0 \b, %d style(s) | |
| +>>28 ulelong &1 \b, sorted | |
| +>>28 ulelong &256 \b, utf8 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Android ART (baseline) profile + metadata: baseline.prof, baseline.profm | |
| # Reference: https://android.googlesource.com/platform/frameworks/support/\ | |
| # +/refs/heads/androidx-main/profileinstaller/profileinstaller/\ | |
| # src/main/java/androidx/profileinstaller/ProfileTranscoder.java | |
| # Reference: https://android.googlesource.com/platform/frameworks/support/\ | |
| # +/refs/heads/androidx-main/profileinstaller/profileinstaller/\ | |
| # src/main/java/androidx/profileinstaller/ProfileVersion.java | |
| 0 string pro\x00 | |
| >0 regex pro\x000[0-9][0-9]\x00 Android ART profile | |
| !:ext prof | |
| >>4 string 001\x00 \b, version 001 N | |
| >>4 string 005\x00 \b, version 005 O | |
| >>4 string 009\x00 \b, version 009 O MR1 | |
| >>4 string 010\x00 \b, version 010 P | |
| >>4 string 015\x00 \b, version 015 S | |
| 0 string prm\x00 | |
| >0 regex prm\x000[0-9][0-9]\x00 Android ART profile metadata | |
| !:ext profm | |
| >>4 string 001\x00 \b, version 001 N | |
| >>4 string 002\x00 \b, version 002 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- a/magic/Magdir/android | |
| +++ b/magic/Magdir/android | |
| @@ -212,3 +212,24 @@ | |
| 0 string/t .class\x20 | |
| >&0 regex/512 \^\\.super\x20L.*;$ disassembled Android DEX Java class (smali/baksmali) | |
| !:ext smali | |
| + | |
| +# Android ART (baseline) profile + metadata: baseline.prof, baseline.profm | |
| +# Reference: https://android.googlesource.com/platform/frameworks/support/\ | |
| +# +/refs/heads/androidx-main/profileinstaller/profileinstaller/\ | |
| +# src/main/java/androidx/profileinstaller/ProfileTranscoder.java | |
| +# Reference: https://android.googlesource.com/platform/frameworks/support/\ | |
| +# +/refs/heads/androidx-main/profileinstaller/profileinstaller/\ | |
| +# src/main/java/androidx/profileinstaller/ProfileVersion.java | |
| +0 string pro\x00 | |
| +>0 regex pro\x000[0-9][0-9]\x00 Android ART profile | |
| +!:ext prof | |
| +>>4 string 001\x00 \b, version 001 N | |
| +>>4 string 005\x00 \b, version 005 O | |
| +>>4 string 009\x00 \b, version 009 O MR1 | |
| +>>4 string 010\x00 \b, version 010 P | |
| +>>4 string 015\x00 \b, version 015 S | |
| +0 string prm\x00 | |
| +>0 regex prm\x000[0-9][0-9]\x00 Android ART profile metadata | |
| +!:ext profm | |
| +>>4 string 001\x00 \b, version 001 N | |
| +>>4 string 002\x00 \b, version 002 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- a/magic/Magdir/android | |
| +++ b/magic/Magdir/android | |
| @@ -180,7 +180,9 @@ | |
| # In include/androidfw/ResourceTypes.h: | |
| # RES_XML_TYPE = 0x0003 followed by the size of the header (ResXMLTree_header), | |
| # which is 8 bytes (2 bytes type + 2 bytes header size + 4 bytes size). | |
| +# The strength is increased to avoid misidentifying as Targa image data | |
| 0 lelong 0x00080003 Android binary XML | |
| +!:strength +1 | |
| # Android cryptfs footer | |
| # From https://android.googlesource.com/\ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- a/magic/Magdir/sgml | |
| +++ b/magic/Magdir/sgml | |
| @@ -57,6 +57,7 @@ | |
| !:mime text/html | |
| 0 string/ct \<!-- | |
| >&0 search/4096/cWt \<!doctype\ html HTML document text | |
| +!:mime text/html | |
| >&0 search/4096/ct \<html> HTML document text | |
| !:mime text/html | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # JAR Manifest & Signature File | |
| # Reference: https://docs.oracle.com/javase/8/docs/technotes/guides/jar/jar.html | |
| 0 string/t Manifest-Version:\x201.0 JAR Manifest | |
| !:ext MF | |
| 0 string/t Signature-Version:\x201.0 JAR Signature File | |
| !:ext SF | |
| # PKCS#7 Signed Data (e.g. JAR Signature Block File) | |
| # OID 1.2.840.113549.1.7.2 (2a864886f70d010702) | |
| # Reference: https://www.rfc-editor.org/rfc/rfc2315 | |
| 0 der seq | |
| >&0 der obj_id9=2a864886f70d010702 DER Encoded PKCS#7 Signed Data | |
| !:ext RSA/DSA/EC |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- a/magic/Magdir/java | |
| +++ b/magic/Magdir/java | |
| @@ -43,3 +43,10 @@ | |
| >6 leshort >0x00 \b, version %d | |
| >4 leshort x \b.%d | |
| !:mime application/x-java-image | |
| + | |
| +# JAR Manifest & Signature File | |
| +# Reference: https://docs.oracle.com/javase/8/docs/technotes/guides/jar/jar.html | |
| +0 string/t Manifest-Version:\x201.0 JAR Manifest | |
| +!:ext MF | |
| +0 string/t Signature-Version:\x201.0 JAR Signature File | |
| +!:ext SF | |
| --- a/magic/Magdir/der | |
| +++ b/magic/Magdir/der | |
| @@ -137,3 +137,10 @@ | |
| >>>>&0 der seq | |
| >>>>>&0 der obj_id3=550403 | |
| >>>>>&0 der utf8_str=x \b, Subject=%s | |
| + | |
| +# PKCS#7 Signed Data (e.g. JAR Signature Block File) | |
| +# OID 1.2.840.113549.1.7.2 (2a864886f70d010702) | |
| +# Reference: https://www.rfc-editor.org/rfc/rfc2315 | |
| +0 der seq | |
| +>&0 der obj_id9=2a864886f70d010702 DER Encoded PKCS#7 Signed Data | |
| +!:ext RSA/DSA/EC |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # JavaScript | |
| # The strength is increased to beat the C++ & HTML rules | |
| 0 search "use\x20strict" JavaScript source | |
| !:strength +30 | |
| !:mime application/javascript | |
| !:ext js | |
| 0 search 'use\x20strict' JavaScript source | |
| !:strength +30 | |
| !:mime application/javascript | |
| !:ext js | |
| 0 regex module(\\.|\\[["'])exports.*= JavaScript source | |
| !:strength +30 | |
| !:mime application/javascript | |
| !:ext js | |
| 0 regex \^(const|var|let).*=.*require\\( JavaScript source | |
| !:strength +30 | |
| !:mime application/javascript | |
| !:ext js | |
| 0 regex \^export\x20(function|class|default|const|var|let|async)\x20 JavaScript source | |
| !:strength +30 | |
| !:mime application/javascript | |
| !:ext js | |
| 0 regex \\((async\x20)?function[(\x20] JavaScript source | |
| !:strength +30 | |
| !:mime application/javascript | |
| !:ext js | |
| 0 regex \^(import|export).*\x20from\x20 JavaScript source | |
| !:strength +30 | |
| !:mime application/javascript | |
| !:ext js | |
| 0 regex \^(import|export)\x20["']\\./ JavaScript source | |
| !:strength +30 | |
| !:mime application/javascript | |
| !:ext js | |
| 0 regex \^require\\(["'] JavaScript source | |
| !:strength +30 | |
| !:mime application/javascript | |
| !:ext js | |
| 0 regex typeof.*[!=]== JavaScript source | |
| !:strength +30 | |
| !:mime application/javascript | |
| !:ext js | |
| # React Native minified JavaScript | |
| 0 search/128 __BUNDLE_START_TIME__= React Native minified JavaScript | |
| !:strength +30 | |
| !:mime application/javascript | |
| !:ext bundle/jsbundle | |
| # avoid misdetection as JavaScript | |
| 0 string/cWt \<!doctype\ html HTML document text | |
| !:mime text/html | |
| 0 string/ct \<html> HTML document text | |
| !:mime text/html | |
| 0 string/ct \<!-- | |
| >&0 search/4096/cWt \<!doctype\ html HTML document text | |
| >&0 search/4096/ct \<html> HTML document text | |
| !:mime text/html |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- a/magic/Magdir/javascript | |
| +++ b/magic/Magdir/javascript | |
| @@ -3,18 +3,68 @@ | |
| # $File: javascript,v 1.4 2022/09/02 08:08:17 christos Exp $ | |
| # javascript: magic for javascript and node.js scripts. | |
| # | |
| -0 string/w #!/bin/node Node.js script text executable | |
| +0 string/tw #!/bin/node Node.js script executable | |
| !:mime application/javascript | |
| -0 string/w #!/usr/bin/node Node.js script text executable | |
| +0 string/tw #!/usr/bin/node Node.js script executable | |
| !:mime application/javascript | |
| -0 string/w #!/bin/nodejs Node.js script text executable | |
| +0 string/tw #!/bin/nodejs Node.js script executable | |
| !:mime application/javascript | |
| -0 string/w #!/usr/bin/nodejs Node.js script text executable | |
| -!:mime application/javascript | |
| -0 string #!/usr/bin/env\ node Node.js script text executable | |
| -!:mime application/javascript | |
| -0 string #!/usr/bin/env\ nodejs Node.js script text executable | |
| +0 string/tw #!/usr/bin/nodejs Node.js script executable | |
| !:mime application/javascript | |
| +0 string/t #!/usr/bin/env\ node Node.js script executable | |
| +!:mime application/javascript | |
| +0 string/t #!/usr/bin/env\ nodejs Node.js script executable | |
| +!:mime application/javascript | |
| + | |
| +# JavaScript | |
| +# The strength is increased to beat the C++ & HTML rules | |
| +0 search "use\x20strict" JavaScript source | |
| +!:strength +30 | |
| +!:mime application/javascript | |
| +!:ext js | |
| +0 search 'use\x20strict' JavaScript source | |
| +!:strength +30 | |
| +!:mime application/javascript | |
| +!:ext js | |
| +0 regex module(\\.|\\[["'])exports.*= JavaScript source | |
| +!:strength +30 | |
| +!:mime application/javascript | |
| +!:ext js | |
| +0 regex \^(const|var|let).*=.*require\\( JavaScript source | |
| +!:strength +30 | |
| +!:mime application/javascript | |
| +!:ext js | |
| +0 regex \^export\x20(function|class|default|const|var|let|async)\x20 JavaScript source | |
| +!:strength +30 | |
| +!:mime application/javascript | |
| +!:ext js | |
| +0 regex \\((async\x20)?function[(\x20] JavaScript source | |
| +!:strength +30 | |
| +!:mime application/javascript | |
| +!:ext js | |
| +0 regex \^(import|export).*\x20from\x20 JavaScript source | |
| +!:strength +30 | |
| +!:mime application/javascript | |
| +!:ext js | |
| +0 regex \^(import|export)\x20["']\\./ JavaScript source | |
| +!:strength +30 | |
| +!:mime application/javascript | |
| +!:ext js | |
| +0 regex \^require\\(["'] JavaScript source | |
| +!:strength +30 | |
| +!:mime application/javascript | |
| +!:ext js | |
| +0 regex typeof.*[!=]== JavaScript source | |
| +!:strength +30 | |
| +!:mime application/javascript | |
| +!:ext js | |
| + | |
| +# React Native minified JavaScript | |
| +0 search/128 __BUNDLE_START_TIME__= React Native minified JavaScript | |
| +!:strength +30 | |
| +!:mime application/javascript | |
| +!:ext bundle/jsbundle | |
| + | |
| # Hermes by Facebook https://hermesengine.dev/ | |
| # https://github.com/facebook/hermes/blob/master/include/hermes/\ | |
| # BCGen/HBC/BytecodeFileFormat.h#L24 | |
| --- a/magic/Magdir/sgml | |
| +++ b/magic/Magdir/sgml | |
| @@ -50,6 +50,16 @@ | |
| !:mime text/html | |
| !:strength + 5 | |
| +# avoid misdetection as JavaScript | |
| +0 string/cWt \<!doctype\ html HTML document text | |
| +!:mime text/html | |
| +0 string/ct \<html> HTML document text | |
| +!:mime text/html | |
| +0 string/ct \<!-- | |
| +>&0 search/4096/cWt \<!doctype\ html HTML document text | |
| +>&0 search/4096/ct \<html> HTML document text | |
| +!:mime text/html | |
| + | |
| # SVG document | |
| # https://www.w3.org/TR/SVG/single-page.html | |
| 0 search/4096/cWbt \<!doctype\ svg SVG XML document |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Disassembled DEX files | |
| 0 string/t .class\x20 | |
| >&0 regex/512 \^\\.super\x20L.*;$ disassembled Android DEX Java class (smali/baksmali) | |
| !:ext smali |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- a/magic/Magdir/android | |
| +++ b/magic/Magdir/android | |
| @@ -207,3 +207,8 @@ | |
| >8 string >000 dex section version: %s, | |
| >12 lelong >0 number of dex files: %d, | |
| >16 lelong >0 verifier deps size: %d | |
| + | |
| +# Disassembled DEX files | |
| +0 string/t .class\x20 | |
| +>&0 regex/512 \^\\.super\x20L.*;$ disassembled Android DEX Java class (smali/baksmali) | |
| +!:ext smali |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment