mirrors/fdroidserver
1
0
Fork 0
mirror of https://github.com/f-droid/fdroidserver.git synced 2025-09-13 14:32:28 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'rewordfrosting' into 'master'

Browse source 
Reword extra blocks

See merge request fdroid/fdroidserver!1555
This commit is contained in:
Hans-Christoph Steiner 2024-11-08 15:09:05 +00:00
commit dfbf54bbba
1 changed files with 14 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

22
fdroidserver/scanner.py
View file

@ -75,14 +75,18 @@ GRADLE_CATALOG_FILE_REGEX = re.compile(
)
VERSION_CATALOG_REGEX = re.compile(r'versionCatalogs\s*\{')
FROSTING_BLOCK_TYPES = {
# 0x7109871a: 'SIGNv2',
# 0xf05368c0: 'SIGNv3',
0x2146444E: 'Google metadata',
APK_SIGNING_BLOCK_IDS = {
# https://source.android.com/docs/security/features/apksigning/v2#apk-signing-block
# 0x7109871a: 'APK signature scheme v2',
# https://source.android.com/docs/security/features/apksigning/v3#apk-signing-block
# 0xf05368c0: 'APK signature scheme v3',
# See "Security metadata in early 2018"
# https://android-developers.googleblog.com/2017/12/improving-app-security-and-performance.html
0x2146444E: 'Google Play Signature aka "Frosting"',
# 0x42726577: 'Verity padding',
# 0x6DFF800D: 'Source stamp V2 X509 cert',
# JSON with some metadata, used by Chinese company Meituan
0x71777777: 'Meituan metadata',
0x71777777: 'Meituan payload',
# Dependencies metadata generated by Gradle and encrypted by Google Play.
# '...The data is compressed, encrypted by a Google Play signing key...'
# https://developer.android.com/studio/releases/gradle-plugin#dependency-metadata
@ -669,12 +673,14 @@ def scan_binary(apkfile):
logging.debug("Problem: found class '%s'" % classname)
problems += 1
logging.info(_('Scanning APK for known frosting blocks.'))
logging.info(_('Scanning APK for extra signing blocks.'))
a = common.get_androguard_APK(str(apkfile))
a.parse_v2_v3_signature()
for b in a._v2_blocks:
if b in FROSTING_BLOCK_TYPES:
logging.debug(f"Problem: found frosting block '{FROSTING_BLOCK_TYPES[b]}'")
if b in APK_SIGNING_BLOCK_IDS:
logging.debug(
f"Problem: found extra signing block '{APK_SIGNING_BLOCK_IDS[b]}'"
)
problems += 1
if warnings: