mhils/android-manifest.ksy Secret

## android-manifest.ksy
meta:
  id: android_binary_manifest
  title: Android Binary manifest xml
  file-extension: xml
  endian: le
doc: |
  Android OS applications have special file with metadata information - Manifest.
  This Manifest has XML format with binary data. It has a lot of the structure of XML,
  just not any of the XML markup.
seq:
  - id: tree
    type: chunk

types:
  chunk:
    seq:
    - id: chunk_type
      type: u2
    - id: header_size
      type: u2
    - id: chunk_size
      type: u4
    - id: body
      size: chunk_size - 8
      type:
        switch-on: chunk_type
        cases:
          0x0001: string_pool
          0x0003: xml_tree
          0x0102: xml_start_element
          0x0103: xml_end_element
          0x0180: xml_resource_map
  xml_tree:
    seq:
    - id: chunks
      type: chunk
      repeat: eos
  string_pool:
    seq:
    - id: string_count
      type: u4
    - id: style_count
      type: u4
    - id: flags
      type: u4
    - id: strings_start
      type: u4
    - id: styles_start
      type: u4
    - id: string_indices
      type: u4
      repeat: expr
      repeat-expr: string_count
    - id: style_indices
      type: u4
      repeat: expr
      repeat-expr: style_count
    instances:
      strings:
        type:
          switch-on: flags & (1<<8)
          cases:
            0: u16_string(_index)
        repeat: expr
        repeat-expr: string_count
  u16_string:
    params:
    - id: i
      type: u4
    instances:
      len:
        io: _parent._parent._io
        pos: _parent.strings_start + _parent.string_indices[i]
        type: u2
      body:
        io: _parent._parent._io
        pos: _parent.strings_start + _parent.string_indices[i] + 2
        type: str
        encoding: UTF-16LE
        size: len * 2
  string_ref:
    seq:
    - id: offset
      type: u4
    instances:
      body:
        value: "offset == 0xffffffff ? '' :_root.tree.body.as<xml_tree>.chunks[0].body.as<string_pool>.strings[offset].body"
  attribute_name_ref:
    seq:
    - id: offset
      type: u4
    instances:
      body:
        value: "offset == 0xffffffff ? '' :_root.tree.body.as<xml_tree>.chunks[0].body.as<string_pool>.strings[offset].body"
      resource:
        value: "offset == 0xffffffff ? 0  :_root.tree.body.as<xml_tree>.chunks[1].body.as<xml_resource_map>.resources[offset]"
  xml_start_element:
    seq:
    - id: line_number
      type: u4
    - id: comment
      type: string_ref
    - id: ns
      type: string_ref
    - id: name
      type: string_ref
    - id: attr_start
      contents: [0x14, 0x00]
    - id: attr_size
      type: u2
    - id: attr_count
      type: u2
    - id: indexes
      size: 6
    - id: attributes
      type: xml_attribute
      repeat: expr
      repeat-expr: attr_count
  xml_end_element:
    seq:
    - id: unparsed
      size-eos: true
  xml_resource_map:
    seq:
    - id: resources
      type: u4
      repeat: eos
  xml_attribute:
    seq:
      - id: ns
        type: string_ref
      - id: name
        type: attribute_name_ref
      - id: raw
        type: string_ref
      - id: val
        type: res_val
  res_val:
    seq:
      - id: size
        contents: [0x08,0x00]
      - id: res0
        contents: [0x00]
      - id: dtype
        type: u1
      - id: data
        type: u4
	meta:
	id: android_binary_manifest
	title: Android Binary manifest xml
	file-extension: xml
	endian: le
	doc: \|
	Android OS applications have special file with metadata information - Manifest.
	This Manifest has XML format with binary data. It has a lot of the structure of XML,
	just not any of the XML markup.
	seq:
	- id: tree
	type: chunk

	types:
	chunk:
	seq:
	- id: chunk_type
	type: u2
	- id: header_size
	type: u2
	- id: chunk_size
	type: u4
	- id: body
	size: chunk_size - 8
	type:
	switch-on: chunk_type
	cases:
	0x0001: string_pool
	0x0003: xml_tree
	0x0102: xml_start_element
	0x0103: xml_end_element
	0x0180: xml_resource_map
	xml_tree:
	seq:
	- id: chunks
	type: chunk
	repeat: eos
	string_pool:
	seq:
	- id: string_count
	type: u4
	- id: style_count
	type: u4
	- id: flags
	type: u4
	- id: strings_start
	type: u4
	- id: styles_start
	type: u4
	- id: string_indices
	type: u4
	repeat: expr
	repeat-expr: string_count
	- id: style_indices
	type: u4
	repeat: expr
	repeat-expr: style_count
	instances:
	strings:
	type:
	switch-on: flags & (1<<8)
	cases:
	0: u16_string(_index)
	repeat: expr
	repeat-expr: string_count
	u16_string:
	params:
	- id: i
	type: u4
	instances:
	len:
	io: _parent._parent._io
	pos: _parent.strings_start + _parent.string_indices[i]
	type: u2
	body:
	io: _parent._parent._io
	pos: _parent.strings_start + _parent.string_indices[i] + 2
	type: str
	encoding: UTF-16LE
	size: len * 2
	string_ref:
	seq:
	- id: offset
	type: u4
	instances:
	body:
	value: "offset == 0xffffffff ? '' :_root.tree.body.as<xml_tree>.chunks[0].body.as<string_pool>.strings[offset].body"
	attribute_name_ref:
	seq:
	- id: offset
	type: u4
	instances:
	body:
	value: "offset == 0xffffffff ? '' :_root.tree.body.as<xml_tree>.chunks[0].body.as<string_pool>.strings[offset].body"
	resource:
	value: "offset == 0xffffffff ? 0 :_root.tree.body.as<xml_tree>.chunks[1].body.as<xml_resource_map>.resources[offset]"
	xml_start_element:
	seq:
	- id: line_number
	type: u4
	- id: comment
	type: string_ref
	- id: ns
	type: string_ref
	- id: name
	type: string_ref
	- id: attr_start
	contents: [0x14, 0x00]
	- id: attr_size
	type: u2
	- id: attr_count
	type: u2
	- id: indexes
	size: 6
	- id: attributes
	type: xml_attribute
	repeat: expr
	repeat-expr: attr_count
	xml_end_element:
	seq:
	- id: unparsed
	size-eos: true
	xml_resource_map:
	seq:
	- id: resources
	type: u4
	repeat: eos
	xml_attribute:
	seq:
	- id: ns
	type: string_ref
	- id: name
	type: attribute_name_ref
	- id: raw
	type: string_ref
	- id: val
	type: res_val
	res_val:
	seq:
	- id: size
	contents: [0x08,0x00]
	- id: res0
	contents: [0x00]
	- id: dtype
	type: u1
	- id: data
	type: u4