Skip to content

Instantly share code, notes, and snippets.

hacking ⇒ ¬sleeping 😸

FC Stegerman obfusk

hacking ⇒ ¬sleeping 😸
View GitHub Profile
obfusk /
Last active Sep 28, 2021
wire-android maven stuff
obfusk /
Last active Aug 20, 2021
download latest signal APK
set -e
yaml2json() {
python3 -c 'import json, sys, yaml; json.dump(yaml.safe_load(sys.stdin), sys.stdout)'
json="$( curl )"
obfusk /
Created Aug 11, 2021
LineageOS update_verifier using cryptography instead of oscrypto
from __future__ import print_function
from asn1crypto.cms import ContentInfo
from asn1crypto.algos import DigestAlgorithmId
# from oscrypto.asymmetric import rsa_pkcs1v15_verify, load_public_key
# from oscrypto.errors import SignatureError
if [ -z "$name" ]; then
read -r -p 'name> '
read -r -p 'key> '
printf '%s' "$key" | gpg -r YOUR_KEY_ID -e > /some/path/"$name".gpg
View npv.knk
{ prev: 0.11 spec: 0.98 sens: 0.95 } let[ 'spec 1 'prev - * 1 'sens - 'prev * 'spec 1 'prev - * + / ]
obfusk /
Created Jun 18, 2021
fix fdroid apkcache timestamps
import collections, glob, json, os
with open("tmp/apkcache.json") as f:
apkcache = json.load(f, object_pairs_hook=collections.OrderedDict)
for apk in glob.glob("repo/*.apk"):
mtime = os.stat(apk).st_mtime
apkcache[os.path.basename(apk)]["added"] = mtime
with open("tmp/apkcache.json", "w") as f:
json.dump(apkcache, f, indent=2)
obfusk / swirl
Created Jun 12, 2021
debian swirl
View swirl
obfusk / fonts.conf
Created Jun 4, 2021
View fonts.conf
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
<family>DejaVu Serif</family>
<family>Noto Serif CJK JP</family>
obfusk /
Created May 23, 2021
find fonts that have a glyph for a specific character on Linux
# Usage: 💩
fc-list ":charset=$(printf '%x' "'$1")"
obfusk /
Last active Apr 19, 2021
[draft] apksigcopier abstract

F-Droid is "an installable catalogue of FOSS (Free and Open Source Software) applications for the Android platform." [1] All applications are built by the F-Droid build server from source. Usually they are then signed by F-Droid, but F-Droid also "supports reproducible builds of apps, so that anyone can run the build process again and reproduce the same APK as the original release. This means that F-Droid can verify that an app is 100% free software while still using the original developer’s APK signatures." [2,3]

In order to verify that the APK built by the build server is identical to the one signed by the (upstream) developer, the signature from the signed APK is copied to the unsigned APK and the APK with the copied signature is verified.

The older v1 (JAR) signing scheme used a signature that guaranteed integrity of the contents of the APK (which uses the ZIP file format) only. Differences in ordering, metadata, or extra bytes ignored by the ZIP format were irrelevant. This made copying the signature