Skip to content

Instantly share code, notes, and snippets.

Avatar
🌈
hacking ⇒ ¬sleeping 😸

Felix C. Stegerman obfusk

🌈
hacking ⇒ ¬sleeping 😸
View GitHub Profile
@obfusk
obfusk / apksigcopier.md
Last active Apr 19, 2021
[draft] apksigcopier abstract
View apksigcopier.md

F-Droid is "an installable catalogue of FOSS (Free and Open Source Software) applications for the Android platform." [1] All applications are built by the F-Droid build server from source. Usually they are then signed by F-Droid, but F-Droid also "supports reproducible builds of apps, so that anyone can run the build process again and reproduce the same APK as the original release. This means that F-Droid can verify that an app is 100% free software while still using the original developer’s APK signatures." [2,3]

In order to verify that the APK built by the build server is identical to the one signed by the (upstream) developer, the signature from the signed APK is copied to the unsigned APK and the APK with the copied signature is verified.

The older v1 (JAR) signing scheme used a signature that guaranteed integrity of the contents of the APK (which uses the ZIP file format) only. Differences in ordering, metadata, or extra bytes ignored by the ZIP format were irrelevant. This made copying the signature

@obfusk
obfusk / get-axml.py
Created Apr 16, 2021
fast way to get the minSdkVersion from an APK
View get-axml.py
#!/usr/bin/python3
# encoding: utf-8
import os
import struct
import sys
# import zipfile
import zlib
from collections import namedtuple
@obfusk
obfusk / apk-find-utc.py
Last active Apr 15, 2021
find/strip UTC timestamps from ZIP files' CD extra fields
View apk-find-utc.py
#!/usr/bin/python3
# encoding: utf-8
import struct
import sys
import zipfile
def _has_timestamp(info):
xtr = info.extra
@obfusk
obfusk / copy-v2-sig.py
Last active Mar 24, 2021
apk signature copying
View copy-v2-sig.py
#!/usr/bin/env python3
import os
import shutil
import subprocess
import sys
import zipfile
from collections import namedtuple
@obfusk
obfusk / github-sshkeys.sh
Created Feb 13, 2021
ssh authorized_keys from github
View github-sshkeys.sh
#!/bin/bash
# Usage: github-sshkeys.sh USERNAME >> ~/.ssh/authorized_keys
curl "https://api.github.com/users/$1/keys" | jq -r '.[] | .key'
@obfusk
obfusk / tags.sh
Created Jan 17, 2021
differentiate annotated & lightweight git tags
View tags.sh
for x in $( git tag ); do echo $x; git show --stat $x | head -1; done
View gbp.sh
git clone --no-checkout -o upstream git@github.com:obfusk/jiten.git
git tag v0.3.6-26-ga981f30 remotes/upstream/master
git checkout -b debian/sid v0.3.6-26-ga981f30
gbp export-orig
dpkg-source --include-binaries --build .
gbp buildpackage --git-pristine-tar --git-pristine-tar-commit --git-debian-branch=debian/sid
@obfusk
obfusk / default.nix
Last active Feb 20, 2021
jiten for nixos
View default.nix
{ nixpkgs ? import <nixpkgs> {} }:
with nixpkgs;
let
callPkg = lib.callPackageWith (nixpkgs // pkgs);
pkgs = rec {
jiten = callPkg (
{ lib
, fetchFromGitHub
, python3Packages
, makeWrapper
View external-screen-fu
#!/bin/bash
case "${1:-on}" in
on)
xrandr --output HDMI-1 --auto --output eDP-1 --off
xrdb -merge <<< 'Xft.dpi: 96'
;;
off)
xrandr --output HDMI-1 --off --output eDP-1 --auto
xrdb -merge <<< 'Xft.dpi: 120'
;;
View virsh
#!/bin/bash
/bin/virsh -c qemu:///system "$@"