poc repackaging

2024-01-22 16:50:26 +01:00 · 2024-01-22 16:50:26 +01:00 · d3e005fd68
commit d3e005fd68
parent 0f5764c340
3 changed files with 121 additions and 74 deletions
--- a/apk_frauder/src/zip_reader.rs
+++ b/apk_frauder/src/zip_reader.rs
@ -207,15 +207,7 @@ impl<T: Read + Seek> ZipFileReader<T> {
    pub fn get_jar_sig_files(&self) -> Vec<&FileInfo> {
        self.files
            .iter()
-            .filter(|file| {
-                let name = file.get_name();
-                let l = name.len();
-                (name == "META-INF/MANIFEST.MF")
-                    || (l >= 13 && &name[..9] == "META-INF/" && &name[l - 3..] == ".SF")
-                    || (l >= 14 && &name[..9] == "META-INF/" && &name[l - 4..] == ".DSA")
-                    || (l >= 14 && &name[..9] == "META-INF/" && &name[l - 4..] == ".RSA")
-                    || (l >= 14 && &name[..13] == "META-INF/SIG-")
-            })
+            .filter(|file| match_v1_signature_file(&file.get_name()))
            .collect()
    }

@ -237,6 +229,24 @@ impl<T: Read + Seek> ZipFileReader<T> {
        self.apk_sign_block.is_some()
    }

+    /// Remove v1 signature files from the file index.
+    ///
+    /// This function does no modify the original file, only the index store
+    /// in the struct.
+    pub fn unlink_signature_files(&mut self) {
+        self.files
+            .retain(|file| !match_v1_signature_file(&file.get_name()));
+    }
+
+    /// Unlink bytecode files.
+    ///
+    /// This function does no modify the original file, only the index store
+    /// in the struct.
+    pub fn unlink_bytecode_files(&mut self) {
+        self.files
+            .retain(|file| !match_dexfile_name(&file.get_name()));
+    }
+
    pub fn check_holes(&self) {
        let mut files: Vec<&FileInfo> = self.files.iter().collect();
        files.sort_by_key(|f| f.get_offset_local_header());
@ -262,7 +272,7 @@ impl<T: Read + Seek> ZipFileReader<T> {
                );
            }

-            lst_offset += apk_sign_block.size() as u64;
+            lst_offset = self.get_cd_offset();
        }
        if self.get_cd_offset() != lst_offset {
            println!(
@ -285,4 +295,37 @@ impl<T: Read + Seek> ZipFileReader<T> {
    pub fn get_file_info(&self, name: &str) -> Option<&FileInfo> {
        self.files.iter().find(|&file| file.get_name() == name)
    }
+
+    pub fn get_classes_file_info(&self) -> Vec<&FileInfo> {
+        self.files
+            .iter()
+            .filter(|&file| match_dexfile_name(&file.get_name()))
+            .collect()
+    }
+}
+
+// Not worth a regex
+/// Check if a file is a bytecode file (from its name)
+fn match_dexfile_name(name: &str) -> bool {
+    if name.len() < 11 {
+        return false;
+    }
+    if &name[0..7] != "classes" {
+        return false;
+    }
+    if &name[name.len() - 4..name.len()] != ".dex" {
+        return false;
+    }
+
+    name.len() == 11 || name[7..name.len() - 4].parse::<u32>().is_ok()
+}
+
+/// Check if a file is used to sign the APK with signature scheme v1.
+fn match_v1_signature_file(name: &str) -> bool {
+    let l = name.len();
+    (name == "META-INF/MANIFEST.MF")
+        || (l >= 13 && &name[..9] == "META-INF/" && &name[l - 3..] == ".SF")
+        || (l >= 14 && &name[..9] == "META-INF/" && &name[l - 4..] == ".DSA")
+        || (l >= 14 && &name[..9] == "META-INF/" && &name[l - 4..] == ".RSA")
+        || (l >= 14 && &name[..13] == "META-INF/SIG-")
 }