Skip to main content

ZipEntry

apk_info

Struct ZipEntry 

Source 
pub struct ZipEntry { /* private fields */ }
Expand description

Represents a parsed ZIP archive.

Implementations§

Source§

impl ZipEntry

Implementation of basic methods

Source

pub fn new(input: Vec<u8>) -> Result<ZipEntry, ZipError>

Creates a new ZipEntry from raw ZIP data.

§Errors

Returns a ZipError if:

§Examples
let data = std::fs::read("archive.zip").unwrap();
let zip = ZipEntry::new(data).expect("failed to parse ZIP archive");
Source

pub fn namelist(&self) -> impl Iterator<Item = &str>

Returns an iterator over the names of all files in the ZIP archive.

§Examples
for filename in zip.namelist() {
    println!("{}", filename);
}
Source

pub fn read( &self, filename: &str, ) -> Result<(Vec<u8>, FileCompressionType), ZipError>

Reads the contents of a file from the ZIP archive.

This method handles both normally compressed files and tampered files where the compression metadata may be inconsistent. It returns the uncompressed file contents along with the detected compression type.

§Notes

The method attempts to handle files that have tampered headers:

§Examples
let (data, compression) = zip.read("example.txt").expect("failed to read file");
match compression {
    FileCompressionType::Stored | FileCompressionType::Deflated => println!("all fine"),
    FileCompressionType::StoredTampered | FileCompressionType::DeflatedTampered => println!("tampering detected"),
}
Source§

impl ZipEntry

Implementation for certificate parsing

Very cool research about signature blocks: https://goa2023.nullcon.net/doc/goa-2023/Android-SigMorph-Covert-Communication-Exploiting-Android-Signing-Schemes.pdf

Source

pub const APK_SIGNATURE_MAGIC: &'static [u8] = b"APK Sig Block 42"

Magic of APK signing block

See: https://source.android.com/docs/security/features/apksigning/v2#apk-signing-block

Source

pub const SIGNATURE_SCHEME_V2_BLOCK_ID: u32 = 0x7109871a

Magic of V2 Signature Scheme

See: https://xrefandroid.com/android-16.0.0_r2/xref/tools/apksig/src/main/java/com/android/apksig/internal/apk/v2/V2SchemeConstants.java#23

Source

pub const SIGNATURE_SCHEME_V3_BLOCK_ID: u32 = 0xf05368c0

Magic of V3 Signature Scheme

See: https://xrefandroid.com/android-16.0.0_r2/xref/tools/apksig/src/main/java/com/android/apksig/internal/apk/v3/V3SchemeConstants.java#25

Source

pub const SIGNATURE_SCHEME_V31_BLOCK_ID: u32 = 0x1b93ad61

Magic of V3.1 Signature Scheme

See: https://xrefandroid.com/android-16.0.0_r2/xref/tools/apksig/src/main/java/com/android/apksig/internal/apk/v3/V3SchemeConstants.java#26

Source

pub const V1_SOURCE_STAMP_BLOCK_ID: u32 = 0x2b09189e

Magic of V1 source stamp signing

Includes metadata such as timestamp of the build, the version of the build tools, source code’s git commit hash, etc

See: https://xrefandroid.com/android-16.0.0_r2/xref/tools/apksig/src/main/java/com/android/apksig/internal/apk/stamp/SourceStampConstants.java#23

Source

pub const V2_SOURCE_STAMP_BLOCK_ID: u32 = 0x6dff800d

Magic of V2 source stamp signing

Includes metadata such as timestamp of the build, the version of the build tools, source code’s git commit hash, etc

See: https://xrefandroid.com/android-16.0.0_r2/xref/tools/apksig/src/main/java/com/android/apksig/internal/apk/stamp/SourceStampConstants.java#24

Source

pub const VERITY_PADDING_BLOCK_ID: u32 = 0x42726577

Used to increase the size of the signing block (including the length and magic) to a mulitple 4096

See: https://xrefandroid.com/android-16.0.0_r2/xref/tools/apksig/src/main/java/com/android/apksig/internal/apk/ApkSigningBlockUtils.java#100

Source

pub const DEPENDENCY_INFO_BLOCK_ID: u32 = 0x504b4453

Block that contains dependency metadata, which is saved by the Android Gradle plugin to identify any issues related to dependencies

This data is compressed, encrypted by a Google Play signing key, so we can’t extract it.

Dependency information for Play Console: https://developer.android.com/build/dependencies#dependency-info-play

See: https://cs.android.com/android-studio/platform/tools/base/+/mirror-goog-studio-main:signflinger/src/com/android/signflinger/SignedApk.java;l=58?q=0x504b4453

Source

pub const APK_CHANNEL_BLOCK_ID: u32 = 0x71777777

Used to track channels of distribution for an APK, mostly Chinese APKs have this

Alsow known as MEITAN_APK_CHANNEL_BLOCK

Source

pub const GOOGLE_PLAY_FROSTING_ID: u32 = 0x2146444e

Google Play Frosting ID

Source

pub const ZERO_BLOCK_ID: u32 = 0xff3b5998

Zero block ID

Source

pub const PACKER_NG_SIG_V2: u32 = 0x7a786b21

The signature of some Chinese packer

See: https://github.com/mcxiaoke/packer-ng-plugin/blob/ffbe05a2d27406f3aea574d083cded27f0742160/common/src/main/java/com/mcxiaoke/packer/common/PackerCommon.java#L29

Source

pub const VASDOLLY_V2: u32 = 0x881155ff

Some apk protector/parser, idk, seen in the wild

The channel information in the ID-Value pair

See: https://edgeone.ai/document/58005

Source

pub fn get_signature_v1(&self) -> Result<Signature, CertificateError>

Extracts information from a v1 (APK-style) signature in the ZIP archive.

This method searches for signature files in the META-INF/ directory with extensions .DSA, .EC, or .RSA, reads the PKCS#7 data, and returns the associated certificates.

§Example
match archive.get_signature_v1() {
    Ok(Signature::V1(certs)) => println!("Found {} certificates", certs.len()),
    Ok(Signature::Unknown) => println!("No v1 signature found"),
    Err(err) => eprintln!("Error parsing signature: {:?}", err),
}
Source

pub fn get_signatures_other(&self) -> Result<Vec<Signature>, CertificateError>

Parses the APK Signature Block and extracts useful information.

This method checks for the presence of an APK Signature Scheme block at the end of the ZIP archive and attempts to parse all contained signatures (v2, v3, etc.).

This method handles only v2+ signature blocks.

v1 signatures are handled separately - ZipEntry::get_signature_v1.

Trait Implementations§

Source§

impl Debug for ZipEntry

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.