android 3.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100
  1. #------------------------------------------------------------
  2. # $File: android,v 1.4 2014/06/03 19:01:34 christos Exp $
  3. # Various android related magic entries
  4. #------------------------------------------------------------
  5. # Dalvik .dex format. http://retrodev.com/android/dexformat.html
  6. # From <mkf@google.com> "Mike Fleming"
  7. # Fixed to avoid regexec 17 errors on some dex files
  8. # From <diff@lookout.com> "Tim Strazzere"
  9. 0 string dex\n
  10. >0 regex dex\n[0-9]{2}\0 Dalvik dex file
  11. >4 string >000 version %s
  12. 0 string dey\n
  13. >0 regex dey\n[0-9]{2}\0 Dalvik dex file (optimized for host)
  14. >4 string >000 version %s
  15. # http://android.stackexchange.com/questions/23357/\
  16. # is-there-a-way-to-look-inside-and-modify-an-adb-backup-created-file/\
  17. # 23608#23608
  18. 0 string ANDROID\040BACKUP\n Android Backup
  19. >15 string 1\n \b, version 1
  20. >17 string 0\n \b, uncompressed
  21. >17 string 1\n \b, compressed
  22. >19 string none\n \b, unencrypted
  23. >19 string AES-256\n \b, encrypted AES-256
  24. # Android bootimg format
  25. # From https://android.googlesource.com/\
  26. # platform/system/core/+/master/mkbootimg/bootimg.h
  27. 0 string ANDROID! Android bootimg
  28. >8 lelong >0 \b, kernel
  29. >>12 lelong >0 \b (0x%x)
  30. >16 lelong >0 \b, ramdisk
  31. >>20 lelong >0 \b (0x%x)
  32. >24 lelong >0 \b, second stage
  33. >>28 lelong >0 \b (0x%x)
  34. >36 lelong >0 \b, page size: %d
  35. >38 string >0 \b, name: %s
  36. >64 string >0 \b, cmdline (%s)
  37. # Dalvik .dex format. http://retrodev.com/android/dexformat.html
  38. # From <mkf@google.com> "Mike Fleming"
  39. # Fixed to avoid regexec 17 errors on some dex files
  40. # From <diff@lookout.com> "Tim Strazzere"
  41. 0 string dex\n
  42. >0 regex dex\n[0-9]{2}\0 Dalvik dex file
  43. >4 string >000 version %s
  44. 0 string dey\n
  45. >0 regex dey\n[0-9]{2}\0 Dalvik dex file (optimized for host)
  46. >4 string >000 version %s
  47. # http://android.stackexchange.com/questions/23357/\
  48. # is-there-a-way-to-look-inside-and-modify-an-adb-backup-created-file/\
  49. # 23608#23608
  50. 0 string ANDROID\040BACKUP\n Android Backup
  51. >15 string 1\n \b, version 1
  52. >17 string 0\n \b, uncompressed
  53. >17 string 1\n \b, compressed
  54. >19 string none\n \b, unencrypted
  55. >19 string AES-256\n \b, encrypted AES-256
  56. # Android bootimg format
  57. # From https://android.googlesource.com/\
  58. # platform/system/core/+/master/mkbootimg/bootimg.h
  59. 0 string ANDROID! Android bootimg
  60. >8 lelong >0 \b, kernel
  61. >>12 lelong >0 \b (0x%x)
  62. >16 lelong >0 \b, ramdisk
  63. >>20 lelong >0 \b (0x%x)
  64. >24 lelong >0 \b, second stage
  65. >>28 lelong >0 \b (0x%x)
  66. >36 lelong >0 \b, page size: %d
  67. >38 string >0 \b, name: %s
  68. >64 string >0 \b, cmdline (%s)
  69. # Android Backup archive
  70. # From: Ariel Shkedi
  71. # File extension: .ab
  72. # No mime-type defined
  73. # URL: https://github.com/android/platform_frameworks_base/blob/\
  74. # 0bacfd2ba68d21a68a3df345b830bc2a1e515b5a/services/java/com/\
  75. # android/server/BackupManagerService.java#L2367
  76. # After the header comes a tar file
  77. # If compressed, the entire tar file is compressed with JAVA deflate
  78. #
  79. # Include the version number hardcoded with the magic string to avoid
  80. # false positives
  81. 0 string/b ANDROID\ BACKUP\n1\n Android Backup
  82. >17 string 0\n \b, Not-Compressed
  83. >17 string 1\n \b, Compressed
  84. # any string as long as it's not the word none (which is matched below)
  85. >>19 regex/1l \^([^n\n]|n[^o]|no[^n]|non[^e]|none.+).* \b, Encrypted (%s)
  86. >>19 string none\n \b, Not-Encrypted
  87. # Commented out because they don't seem useful to print
  88. # (but they are part of the header - the tar file comes after them):
  89. #>>>&1 regex/1l .* \b, Password salt: %s
  90. #>>>>&1 regex/1l .* \b, Master salt: %s
  91. #>>>>>&1 regex/1l .* \b, PBKDF2 rounds: %s
  92. #>>>>>>&1 regex/1l .* \b, IV: %s
  93. #>>>>>>>&1 regex/1l .* \b, Key: %s