2 #------------------------------------------------------------
3 # $File: android,v 1.3 2013/11/08 01:24:22 christos Exp $
4 # Various android related magic entries
5 #------------------------------------------------------------
7 # Dalvik .dex format. http://retrodev.com/android/dexformat.html
8 # From <mkf@google.com> "Mike Fleming"
9 # Fixed to avoid regexec 17 errors on some dex files
10 # From <diff@lookout.com> "Tim Strazzere"
12 >0 regex dex\n[0-9]{2}\0 Dalvik dex file
13 >4 string >000 version %s
15 >0 regex dey\n[0-9]{2}\0 Dalvik dex file (optimized for host)
16 >4 string >000 version %s
18 # http://android.stackexchange.com/questions/23357/\
19 # is-there-a-way-to-look-inside-and-modify-an-adb-backup-created-file/\
21 0 string ANDROID\040BACKUP\n Android Backup
22 >15 string 1\n \b, version 1
23 >17 string 0\n \b, uncompressed
24 >17 string 1\n \b, compressed
25 >19 string none\n \b, unencrypted
26 >19 string AES-256\n \b, encrypted AES-256
28 # Android bootimg format
29 # From https://android.googlesource.com/\
30 # platform/system/core/+/master/mkbootimg/bootimg.h
31 0 string ANDROID! Android bootimg
32 >8 lelong >0 \b, kernel
33 >>12 lelong >0 \b (0x%x)
34 >16 lelong >0 \b, ramdisk
35 >>20 lelong >0 \b (0x%x)
36 >24 lelong >0 \b, second stage
37 >>28 lelong >0 \b (0x%x)
38 >36 lelong >0 \b, page size: %d
39 >38 string >0 \b, name: %s
40 >64 string >0 \b, cmdline (%s)
41 # Dalvik .dex format. http://retrodev.com/android/dexformat.html
42 # From <mkf@google.com> "Mike Fleming"
43 # Fixed to avoid regexec 17 errors on some dex files
44 # From <diff@lookout.com> "Tim Strazzere"
46 >0 regex dex\n[0-9]{2}\0 Dalvik dex file
47 >4 string >000 version %s
49 >0 regex dey\n[0-9]{2}\0 Dalvik dex file (optimized for host)
50 >4 string >000 version %s
52 # http://android.stackexchange.com/questions/23357/\
53 # is-there-a-way-to-look-inside-and-modify-an-adb-backup-created-file/\
55 0 string ANDROID\040BACKUP\n Android Backup
56 >15 string 1\n \b, version 1
57 >17 string 0\n \b, uncompressed
58 >17 string 1\n \b, compressed
59 >19 string none\n \b, unencrypted
60 >19 string AES-256\n \b, encrypted AES-256
62 # Android bootimg format
63 # From https://android.googlesource.com/\
64 # platform/system/core/+/master/mkbootimg/bootimg.h
65 0 string ANDROID! Android bootimg
66 >8 lelong >0 \b, kernel
67 >>12 lelong >0 \b (0x%x)
68 >16 lelong >0 \b, ramdisk
69 >>20 lelong >0 \b (0x%x)
70 >24 lelong >0 \b, second stage
71 >>28 lelong >0 \b (0x%x)
72 >36 lelong >0 \b, page size: %d
73 >38 string >0 \b, name: %s
74 >64 string >0 \b, cmdline (%s)
76 # Android Backup archive
79 # No mime-type defined
80 # URL: https://github.com/android/platform_frameworks_base/blob/\
81 # 0bacfd2ba68d21a68a3df345b830bc2a1e515b5a/services/java/com/\
82 # android/server/BackupManagerService.java#L2367
83 # After the header comes a tar file
84 # If compressed, the entire tar file is compressed with JAVA deflate
86 # Include the version number hardcoded with the magic string to avoid
88 0 string/b ANDROID\ BACKUP\n1\n Android Backup
89 >17 string 0\n \b, Not-Compressed
90 >17 string 1\n \b, Compressed
91 # any string as long as it's not the word none (which is matched below)
92 >>19 regex/1 \^([^n\n]|n[^o]|no[^n]|non[^e]|none.+).* \b, Encrypted (%s)
93 >>19 string none\n \b, Not-Encrypted
94 # Commented out because they don't seem useful to print
95 # (but they are part of the header - the tar file comes after them):
96 #>>>&1 regex/1 .* \b, Password salt: %s
97 #>>>>&1 regex/1 .* \b, Master salt: %s
98 #>>>>>&1 regex/1 .* \b, PBKDF2 rounds: %s
99 #>>>>>>&1 regex/1 .* \b, IV: %s
100 #>>>>>>>&1 regex/1 .* \b, Key: %s