Bug#849782: .apk files not consistently detected
Control: tags 849782 pending Hans-Christoph Steiner wrote... > APKs can be a totally standard JAR with a valid JAR signature, and they > can be assembled with any tool that can make a valid ZIP archive with a > valid JAR signature. The vast majority of APKs are made with the same > toolchain, e.g. the Android SDK. (...) The next upload of file (1:5.44-2) should happen within the next week and will see massive improvement of APK file detection. That should also solve the problems here. If not, please reopen then. Christoph signature.asc Description: PGP signature
Bug#849782: .apk files not consistently detected
So the test result files were cluttering things, and are small in a tarball, so I removed them from here: https://verification.f-droid.org/*.apk.file.txt https://verification.f-droid.org/*.apk.file.unsigned.txt And they are now attached. file-libmagic-tests.tar.bz2 Description: application/bzip
Bug#849782: .apk files not consistently detected
Control: tags 849782 upstream Hans-Christoph Steiner wrote... > I'm not sure exactly where and when or if things changed. The essential > part of the bug report is that valid APK files are being inconsistently > detected as either JAR or ZIP. Now I get it, it's "why are these files detected differently", and not a report about a regression. Well, from all I can see "tmp" is not a JAR file, at least based on the checks file(1) does. The magic line inspects the "extra field" ID code that follows the file name. It is: >(26.s+30) leshort 0xcafe Java archive data (JAR) Quick translation: Read a 16bit from offset 26, use it as an offset into the file, add 30, compare the little-endian 16bit value there with 0xcafe. Which is for "tmp": 50 4b 03 04 14 00 08 08 08 00 d0 29 d0 44 50 89 |PK.).DP.| 0010 88 5e bd 08 00 00 20 18 00 00 14 00 00 00 4d 45 |.^ ...ME| ^^ ^^ 0x14, +30 => 0x32 0020 54 41 2d 49 4e 46 2f 4d 41 4e 49 46 45 53 54 2e |TA-INF/MANIFEST.| 0030 4d 46 a5 58 c9 b2 a2 5a 16 9d 67 44 fe 43 0e ab |MF.X...Z..gD.C..| ^^ ^^ 0x58a5 -> fail ... while for "unsigned": 50 4b 03 04 14 00 08 08 08 00 00 00 21 38 00 00 |PK..!8..| 0010 00 00 00 00 00 00 00 00 00 00 13 00 04 00 41 6e |..An| ^^ ^^ 0x13, +30 => 0x31 0020 64 72 6f 69 64 4d 61 6e 69 66 65 73 74 2e 78 6d |droidManifest.xm| 0030 6c fe ca 00 00 ad 56 4d 50 5b 55 14 3e 2f 09 10 |l.VMP[U.>/..| ^^ ^^ 0xcafe -> match There's a also bug in file(1), not relevant here: It should inspect the "extra field" length at offset 28 first as for "unsigned" that value is zero. Anyway, no extra field at all, hence no JAR signature to check, hence no JAR. This isn't new, some of the apk files around here are from Android 2.3-ish and already lack that bit of information. However this should be fixed. If there is a way to get this done without having to list the central directory or even looking into files, it should be rather easy. I'll take hints. If you happen to have a bigger collection, could you please run "file -m test-jar " where test-jar is - 30 string >\0 '%s' - If there is (besides some garbage) no output that does *not* start with 'META-INF/MANIFEST.MF we could use that as an identifier. It's not bullet-proof but assuming there are very few tools around used to create apk files, it might be good enough. Christoph signature.asc Description: Digital signature
Bug#849782: .apk files not consistently detected
I'm not sure exactly where and when or if things changed. The essential part of the bug report is that valid APK files are being inconsistently detected as either JAR or ZIP. APK files are always JARs and always ZIPs. If they are not being detected as APK, then JAR would make the most sense, IMHO. I can't see what is causing file to detect those APKs differently. We ran into this as an issue in diffoscope: https://bugs.debian.org/849638 Oddly enough, the 'tmp' one, which is actually signed with a JAR signature (META-INF/* files) is the one that is being detected as ZIP. The 'unsigned' one which has no signature is detected as ZIP.
Bug#849782: .apk files not consistently detected
Control: tags 849782 moreinfo Control: merge 849782 849783 Hans-Christoph Steiner wrote... > Previously, with 1:5.29-2, APK files seemed to be always detected as JAR > files. Please clarify. The "tmp" (md5:67b44d779578cbddf6e17db92290e987) gets detected as Zip in all versions of file supported in Debian (wheezy: 5.11, jessie: 5.22, stretch/sid: 5.29). The "unsigned" (md5:f323c2eef912954fad38fe9ed0adf5ea) file changed from Zip to JAR between wheezy and jessie. Does this match your observation or did I miss your point? Christoph signature.asc Description: Digital signature
Bug#849782: .apk files not consistently detected
Package: file Version: 1:5.29-2 Severity: important Android APK files are the standard app package for Android. They are a slightly custom version of JAR format. Basically, they are JAR files with standard files included in them, a custom padding method, and now a new custom signature format. The first signature format was just a JAR signature. Previously, with 1:5.29-2, APK files seemed to be always detected as JAR files. Now sometimes they are detected as ZIP files: $ file unsigned/aarddict.android_26.apk unsigned/aarddict.android_26.apk: Java archive data (JAR) $ file tmp/aarddict.android_26.apk tmp/aarddict.android_26.apk: Zip archive data, at least v2.0 to extract You can get those two files here: unsigned/aarddict.android_26.apk https://verification.f-droid.org/aarddict.android_26.apk tmp/aarddict.android_26.apk https://f-droid.org/repo/aarddict.android_26.apk
