android revision 303975 
1217309Snwhitehorn
2251843Sbapt#------------------------------------------------------------
3217309Snwhitehorn# $File: android,v 1.9 2016/01/11 21:19:18 christos Exp $
4217309Snwhitehorn# Various android related magic entries
5217309Snwhitehorn#------------------------------------------------------------
6251843Sbapt
7217309Snwhitehorn# Dalvik .dex format. http://retrodev.com/android/dexformat.html
8217309Snwhitehorn# From <mkf@google.com> "Mike Fleming"
9217309Snwhitehorn# Fixed to avoid regexec 17 errors on some dex files
10217309Snwhitehorn# From <diff@lookout.com> "Tim Strazzere"
11217309Snwhitehorn0	string	dex\n
12217309Snwhitehorn>0	regex	dex\n[0-9]{2}\0	Dalvik dex file
13217309Snwhitehorn>4	string	>000			version %s
14217309Snwhitehorn0	string	dey\n
15217309Snwhitehorn>0	regex	dey\n[0-9]{2}\0	Dalvik dex file (optimized for host)
16217309Snwhitehorn>4	string	>000			version %s
17217309Snwhitehorn
18217309Snwhitehorn# Android bootimg format
19217309Snwhitehorn# From https://android.googlesource.com/\
20217309Snwhitehorn# platform/system/core/+/master/mkbootimg/bootimg.h
21217309Snwhitehorn0		string	ANDROID!	Android bootimg
22217309Snwhitehorn>1024	string	LOKI\01		\b, LOKI'd
23217309Snwhitehorn>8		lelong	>0			\b, kernel
24217309Snwhitehorn>>12	lelong	>0			\b (0x%x)
25217309Snwhitehorn>16		lelong	>0			\b, ramdisk
26217309Snwhitehorn>>20	lelong	>0			\b (0x%x)
27217309Snwhitehorn>24		lelong	>0			\b, second stage
28217309Snwhitehorn>>28	lelong	>0			\b (0x%x)
29217309Snwhitehorn>36		lelong	>0			\b, page size: %d
30217309Snwhitehorn>38		string	>0			\b, name: %s
31217309Snwhitehorn>64		string	>0		 	\b, cmdline (%s)
32217309Snwhitehorn
33217309Snwhitehorn# Android Backup archive
34251843Sbapt# From: Ariel Shkedi
35251843Sbapt# File extension: .ab
36251843Sbapt# No mime-type defined
37251843Sbapt# URL: https://github.com/android/platform_frameworks_base/blob/\
38251843Sbapt# 0bacfd2ba68d21a68a3df345b830bc2a1e515b5a/services/java/com/\
39251843Sbapt# android/server/BackupManagerService.java#L2367
40251843Sbapt# After the header comes a tar file
41251843Sbapt# If compressed, the entire tar file is compressed with JAVA deflate
42251843Sbapt#
43251843Sbapt# Include the version number hardcoded with the magic string to avoid
44251843Sbapt# false positives
45251843Sbapt0	string/b	ANDROID\ BACKUP\n1\n	Android Backup
46251843Sbapt>17	string		0\n			\b, Not-Compressed
47251843Sbapt>17	string		1\n			\b, Compressed
48251843Sbapt# any string as long as it's not the word none (which is matched below)
49251843Sbapt>>19    regex/1l	\^([^n\n]|n[^o]|no[^n]|non[^e]|none.+).*	\b, Encrypted (%s)
50217309Snwhitehorn>>19	string		none\n			\b, Not-Encrypted
51217309Snwhitehorn# Commented out because they don't seem useful to print
52217309Snwhitehorn# (but they are part of the header - the tar file comes after them):
53217309Snwhitehorn#>>>&1		regex/1l .*	\b, Password salt: %s
54217309Snwhitehorn#>>>>&1		regex/1l .*	\b, Master salt: %s
55217309Snwhitehorn#>>>>>&1	regex/1l .*	\b, PBKDF2 rounds: %s
56251843Sbapt#>>>>>>&1	regex/1l .*	\b, IV: %s
57251843Sbapt#>>>>>>>&1	regex/1l .*	\b, Key: %s
58217309Snwhitehorn
59217309Snwhitehorn# *.pit files by Joerg Jenderek
60217309Snwhitehorn# http://forum.xda-developers.com/showthread.php?p=9122369
61217309Snwhitehorn# http://forum.xda-developers.com/showthread.php?t=816449
62217309Snwhitehorn# Partition Information Table for Samsung's smartphone with Android
63220749Snwhitehorn# used by flash software Odin
64217309Snwhitehorn0		ulelong			0x12349876	
65251843Sbapt# 1st pit entry marker
66251843Sbapt>0x01C	ulequad&0xFFFFFFFCFFFFFFFC	=0x0000000000000000	
67251843Sbapt# minimal 13 and maximal 18 PIT entries found
68251843Sbapt>>4		ulelong			<128	Partition Information Table for Samsung smartphone
69251843Sbapt>>>4		ulelong			x	\b, %d entries
70251843Sbapt# 1. pit entry
71217309Snwhitehorn>>>4		ulelong			>0	\b; #1
72217309Snwhitehorn>>>0x01C	use				PIT-entry
73251843Sbapt>>>4		ulelong			>1	\b; #2
74217309Snwhitehorn>>>0x0A0	use				PIT-entry
75251843Sbapt>>>4		ulelong			>2	\b; #3
76217309Snwhitehorn>>>0x124	use				PIT-entry
77217309Snwhitehorn>>>4		ulelong			>3	\b; #4
78251843Sbapt>>>0x1A8	use				PIT-entry
79251843Sbapt>>>4		ulelong			>4	\b; #5
80217309Snwhitehorn>>>0x22C	use				PIT-entry
81251843Sbapt>>>4		ulelong			>5	\b; #6
82217309Snwhitehorn>>>0x2B0	use				PIT-entry
83251843Sbapt>>>4		ulelong			>6	\b; #7
84217309Snwhitehorn>>>0x334	use				PIT-entry
85217309Snwhitehorn>>>4		ulelong			>7 	\b; #8
86251843Sbapt>>>0x3B8	use				PIT-entry
87251843Sbapt>>>4		ulelong			>8 	\b; #9
88251843Sbapt>>>0x43C	use				PIT-entry
89251843Sbapt>>>4		ulelong			>9	\b; #10
90217309Snwhitehorn>>>0x4C0	use				PIT-entry
91251843Sbapt>>>4		ulelong			>10	\b; #11
92251843Sbapt>>>0x544	use				PIT-entry
93217309Snwhitehorn>>>4		ulelong			>11	\b; #12
94251843Sbapt>>>0x5C8	use				PIT-entry
95251843Sbapt>>>4		ulelong			>12	\b; #13
96217309Snwhitehorn>>>>0x64C	use				PIT-entry
97251843Sbapt# 14. pit entry
98251843Sbapt>>>4		ulelong			>13	\b; #14
99217309Snwhitehorn>>>>0x6D0	use				PIT-entry
100251843Sbapt>>>4		ulelong			>14	\b; #15
101251843Sbapt>>>0x754	use				PIT-entry
102251843Sbapt>>>4		ulelong			>15	\b; #16
103251843Sbapt>>>0x7D8	use				PIT-entry
104251843Sbapt>>>4		ulelong			>16	\b; #17
105217309Snwhitehorn>>>0x85C	use				PIT-entry
106251843Sbapt# 18. pit entry
107251843Sbapt>>>4		ulelong			>17	\b; #18
108251843Sbapt>>>0x8E0	use				PIT-entry
109251843Sbapt
110251843Sbapt0	name			PIT-entry
111251843Sbapt# garbage value implies end of pit entries
112251843Sbapt>0x00		ulequad&0xFFFFFFFCFFFFFFFC	=0x0000000000000000	
113217309Snwhitehorn# skip empty partition name
114251843Sbapt>>0x24		ubyte				!0			
115217309Snwhitehorn# partition name
116251843Sbapt>>>0x24		string				>\0			%-.32s
117251843Sbapt# flags
118251843Sbapt>>>0x0C		ulelong&0x00000002		2			\b+RW
119251843Sbapt# partition ID:
120251843Sbapt# 0~IPL,MOVINAND,GANG;1~PIT,GPT;2~HIDDEN;3~SBL,HIDDEN;4~SBL2,HIDDEN;5~BOOT;6~KENREl,RECOVER,misc;7~RECOVER
121251843Sbapt# ;11~MODEM;20~efs;21~PARAM;22~FACTORY,SYSTEM;23~DBDATAFS,USERDATA;24~CACHE;80~BOOTLOADER;81~TZSW
122251843Sbapt>>>0x08	ulelong		x			(0x%x)
123251843Sbapt# filename
124251843Sbapt>>>0x44		string				>\0			"%-.64s"
125251843Sbapt#>>>0x18	ulelong				>0			
126251843Sbapt# blocksize in 512 byte units ?
127251843Sbapt#>>>>0x18	ulelong				x			\b, %db
128251843Sbapt# partition size in blocks ?
129251843Sbapt#>>>>0x22	ulelong				x			\b*%d
130251843Sbapt
131251843Sbapt# Android sparse img format
132251843Sbapt# From https://android.googlesource.com/\
133251843Sbapt# platform/system/core/+/master/libsparse/sparse_format.h
134251843Sbapt0		lelong	0xed26ff3a		Android sparse image
135251843Sbapt>4		leshort	x			\b, version: %d
136251843Sbapt>6		leshort	x			\b.%d
137251843Sbapt>16		lelong	x			\b, Total of %d
138251843Sbapt>12		lelong	x			\b %d-byte output blocks in
139251843Sbapt>20		lelong	x			\b %d input chunks.
140251843Sbapt
141217309Snwhitehorn# Android binary XML magic
142251843Sbapt# In include/androidfw/ResourceTypes.h:
143217309Snwhitehorn# RES_XML_TYPE = 0x0003 followed by the size of the header (ResXMLTree_header),
144217309Snwhitehorn# which is 8 bytes (2 bytes type + 2 bytes header size + 4 bytes size).
145217309Snwhitehorn0	lelong	0x00080003	Android binary XML
146217309Snwhitehorn