git Service of IN-Ulm e.V. Explore Help
Sign In
cbiedl
/
file
1
0
Fork 0
Files Pull Requests 0 Wiki
Tree: d18c1eecca
Branches Tags
file
/
magic
/
Magdir
/
android

android 4.9 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145 
  1. 

  2. #------------------------------------------------------------
    3. 

  3. # $File: android,v 1.9 2016/01/11 21:19:18 christos Exp $
    4. 

  4. # Various android related magic entries
    5. 

  5. #------------------------------------------------------------
    6. 

  6. 

  7. # Dalvik .dex format. http://retrodev.com/android/dexformat.html
    8. 

  8. # From <mkf@google.com> "Mike Fleming"
    9. 

  9. # Fixed to avoid regexec 17 errors on some dex files
    10. 

  10. # From <diff@lookout.com> "Tim Strazzere"
    11. 

  11. 0	string	dex\n
    12. 

  12. >0	regex	dex\n[0-9]{2}\0	Dalvik dex file
    13. 

  13. >4	string	>000			version %s
    14. 

  14. 0	string	dey\n
    15. 

  15. >0	regex	dey\n[0-9]{2}\0	Dalvik dex file (optimized for host)
    16. 

  16. >4	string	>000			version %s
    17. 

  17. 

  18. # Android bootimg format
    19. 

  19. # From https://android.googlesource.com/\
    20. 

  20. # platform/system/core/+/master/mkbootimg/bootimg.h
    21. 

  21. 0		string	ANDROID!	Android bootimg
    22. 

  22. >1024	string	LOKI\01		\b, LOKI'd
    23. 

  23. >8		lelong	>0			\b, kernel
    24. 

  24. >>12	lelong	>0			\b (0x%x)
    25. 

  25. >16		lelong	>0			\b, ramdisk
    26. 

  26. >>20	lelong	>0			\b (0x%x)
    27. 

  27. >24		lelong	>0			\b, second stage
    28. 

  28. >>28	lelong	>0			\b (0x%x)
    29. 

  29. >36		lelong	>0			\b, page size: %d
    30. 

  30. >38		string	>0			\b, name: %s
    31. 

  31. >64		string	>0		 	\b, cmdline (%s)
    32. 

  32. 

  33. # Android Backup archive
    34. 

  34. # From: Ariel Shkedi
    35. 

  35. # File extension: .ab
    36. 

  36. # No mime-type defined
    37. 

  37. # URL: https://github.com/android/platform_frameworks_base/blob/\
    38. 

  38. # 0bacfd2ba68d21a68a3df345b830bc2a1e515b5a/services/java/com/\
    39. 

  39. # android/server/BackupManagerService.java#L2367
    40. 

  40. # After the header comes a tar file
    41. 

  41. # If compressed, the entire tar file is compressed with JAVA deflate
    42. 

  42. #
    43. 

  43. # Include the version number hardcoded with the magic string to avoid
    44. 

  44. # false positives
    45. 

  45. 0	string/b	ANDROID\ BACKUP\n1\n	Android Backup
    46. 

  46. >17	string		0\n			\b, Not-Compressed
    47. 

  47. >17	string		1\n			\b, Compressed
    48. 

  48. # any string as long as it's not the word none (which is matched below)
    49. 

  49. >>19    regex/1l	\^([^n\n]|n[^o]|no[^n]|non[^e]|none.+).*	\b, Encrypted (%s)
    50. 

  50. >>19	string		none\n			\b, Not-Encrypted
    51. 

  51. # Commented out because they don't seem useful to print
    52. 

  52. # (but they are part of the header - the tar file comes after them):
    53. 

  53. #>>>&1		regex/1l .*	\b, Password salt: %s
    54. 

  54. #>>>>&1		regex/1l .*	\b, Master salt: %s
    55. 

  55. #>>>>>&1	regex/1l .*	\b, PBKDF2 rounds: %s
    56. 

  56. #>>>>>>&1	regex/1l .*	\b, IV: %s
    57. 

  57. #>>>>>>>&1	regex/1l .*	\b, Key: %s
    58. 

  58. 

  59. # *.pit files by Joerg Jenderek
    60. 

  60. # http://forum.xda-developers.com/showthread.php?p=9122369
    61. 

  61. # http://forum.xda-developers.com/showthread.php?t=816449
    62. 

  62. # Partition Information Table for Samsung's smartphone with Android
    63. 

  63. # used by flash software Odin
    64. 

  64. 0		ulelong			0x12349876	
    65. 

  65. # 1st pit entry marker
    66. 

  66. >0x01C	ulequad&0xFFFFFFFCFFFFFFFC	=0x0000000000000000	
    67. 

  67. # minimal 13 and maximal 18 PIT entries found
    68. 

  68. >>4		ulelong			<128	Partition Information Table for Samsung smartphone
    69. 

  69. >>>4		ulelong			x	\b, %d entries
    70. 

  70. # 1. pit entry
    71. 

  71. >>>4		ulelong			>0	\b; #1
    72. 

  72. >>>0x01C	use				PIT-entry
    73. 

  73. >>>4		ulelong			>1	\b; #2
    74. 

  74. >>>0x0A0	use				PIT-entry
    75. 

  75. >>>4		ulelong			>2	\b; #3
    76. 

  76. >>>0x124	use				PIT-entry
    77. 

  77. >>>4		ulelong			>3	\b; #4
    78. 

  78. >>>0x1A8	use				PIT-entry
    79. 

  79. >>>4		ulelong			>4	\b; #5
    80. 

  80. >>>0x22C	use				PIT-entry
    81. 

  81. >>>4		ulelong			>5	\b; #6
    82. 

  82. >>>0x2B0	use				PIT-entry
    83. 

  83. >>>4		ulelong			>6	\b; #7
    84. 

  84. >>>0x334	use				PIT-entry
    85. 

  85. >>>4		ulelong			>7 	\b; #8
    86. 

  86. >>>0x3B8	use				PIT-entry
    87. 

  87. >>>4		ulelong			>8 	\b; #9
    88. 

  88. >>>0x43C	use				PIT-entry
    89. 

  89. >>>4		ulelong			>9	\b; #10
    90. 

  90. >>>0x4C0	use				PIT-entry
    91. 

  91. >>>4		ulelong			>10	\b; #11
    92. 

  92. >>>0x544	use				PIT-entry
    93. 

  93. >>>4		ulelong			>11	\b; #12
    94. 

  94. >>>0x5C8	use				PIT-entry
    95. 

  95. >>>4		ulelong			>12	\b; #13
    96. 

  96. >>>>0x64C	use				PIT-entry
    97. 

  97. # 14. pit entry
    98. 

  98. >>>4		ulelong			>13	\b; #14
    99. 

  99. >>>>0x6D0	use				PIT-entry
    100. 

  100. >>>4		ulelong			>14	\b; #15
    101. 

  101. >>>0x754	use				PIT-entry
    102. 

  102. >>>4		ulelong			>15	\b; #16
    103. 

  103. >>>0x7D8	use				PIT-entry
    104. 

  104. >>>4		ulelong			>16	\b; #17
    105. 

  105. >>>0x85C	use				PIT-entry
    106. 

  106. # 18. pit entry
    107. 

  107. >>>4		ulelong			>17	\b; #18
    108. 

  108. >>>0x8E0	use				PIT-entry
    109. 

  109. 

  110. 0	name			PIT-entry
    111. 

  111. # garbage value implies end of pit entries
    112. 

  112. >0x00		ulequad&0xFFFFFFFCFFFFFFFC	=0x0000000000000000	
    113. 

  113. # skip empty partition name
    114. 

  114. >>0x24		ubyte				!0			
    115. 

  115. # partition name
    116. 

  116. >>>0x24		string				>\0			%-.32s
    117. 

  117. # flags
    118. 

  118. >>>0x0C		ulelong&0x00000002		2			\b+RW
    119. 

  119. # partition ID:
    120. 

  120. # 0~IPL,MOVINAND,GANG;1~PIT,GPT;2~HIDDEN;3~SBL,HIDDEN;4~SBL2,HIDDEN;5~BOOT;6~KENREl,RECOVER,misc;7~RECOVER
    121. 

  121. # ;11~MODEM;20~efs;21~PARAM;22~FACTORY,SYSTEM;23~DBDATAFS,USERDATA;24~CACHE;80~BOOTLOADER;81~TZSW
    122. 

  122. >>>0x08	ulelong		x			(0x%x)
    123. 

  123. # filename
    124. 

  124. >>>0x44		string				>\0			"%-.64s"
    125. 

  125. #>>>0x18	ulelong				>0			
    126. 

  126. # blocksize in 512 byte units ?
    127. 

  127. #>>>>0x18	ulelong				x			\b, %db
    128. 

  128. # partition size in blocks ?
    129. 

  129. #>>>>0x22	ulelong				x			\b*%d
    130. 

  130. 

  131. # Android sparse img format
    132. 

  132. # From https://android.googlesource.com/\
    133. 

  133. # platform/system/core/+/master/libsparse/sparse_format.h
    134. 

  134. 0		lelong	0xed26ff3a		Android sparse image
    135. 

  135. >4		leshort	x			\b, version: %d
    136. 

  136. >6		leshort	x			\b.%d
    137. 

  137. >16		lelong	x			\b, Total of %d
    138. 

  138. >12		lelong	x			\b %d-byte output blocks in
    139. 

  139. >20		lelong	x			\b %d input chunks.
    140. 

  140. 

  141. # Android binary XML magic
    142. 

  142. # In include/androidfw/ResourceTypes.h:
    143. 

  143. # RES_XML_TYPE = 0x0003 followed by the size of the header (ResXMLTree_header),
    144. 

  144. # which is 8 bytes (2 bytes type + 2 bytes header size + 4 bytes size).
    145. 

  145. 0	lelong	0x00080003	Android binary XML
    146.