Skip to content

Instantly share code, notes, and snippets.

View obfusk's full-sized avatar
🏳️‍🌈
hacking ⇒ ¬sleeping 😸

FC (Fay) Stegerman obfusk

🏳️‍🌈
hacking ⇒ ¬sleeping 😸
187 followers · 66 following
View GitHub Profile
@obfusk
obfusk / break.py
Last active November 10, 2025 05:32
python "breakpoint" (more or less equivalent to ruby's binding.pry); for a proper debugger, use https://docs.python.org/3/library/pdb.html
import code; code.interact(local=dict(globals(), **locals()))
@obfusk
obfusk / sigblock.md
Last active September 19, 2025 08:22
APK Signing Block considerations

APK Signing Block considerations

Some considerations regarding the APK Signing Block and how F-Droid handles Reproducible Builds.

Block types

APK Signature Scheme Block

The signature part of the APK Signing Block can contain more than one signature.
AFAIK android and apksigner (unlike apksigtool) only check the one with the strongest supported signature algorithm ID, not all of them.

@obfusk
obfusk / openssl-gen-apk-signing-cert-and-privkey.sh
Created November 19, 2022 20:14
generate certificate & private key for APK siging using openssl
openssl req -x509 -newkey rsa:4096 -sha512 -outform DER -out cert.der -days 10000 -nodes -subj '/CN=test key' -keyout - | openssl pkcs8 -topk8 -nocrypt -outform DER -out privkey.der
@obfusk
obfusk / icons.py
Last active February 16, 2025 20:12
test apkrepotool icon extraction
import dataclasses
import sys
import zipfile
from pathlib import Path
import PIL
import PIL.Image
import apkrepotool
import apkrepotool.xml_icons as xml_icons
@obfusk
obfusk / reload.js
Last active February 15, 2025 22:03
reload all broken images
// firefox only
(async () => { for (const x of document.querySelectorAll("img:-moz-broken")) { x.src = x.src; await new Promise(r => setTimeout(r, 100)); console.log(x) }; console.log("done") })()
// generic
(async () => { for (const x of document.querySelectorAll("img")) { if (!x.naturalWidth) { x.src = x.src; await new Promise(r => setTimeout(r, 100)); console.log(x) } }; console.log("done") })()
@obfusk
obfusk / LICENSE.GPLv3
Last active February 15, 2025 20:43
-> https://github.com/obfusk/gradle-wrapper-verify | check gradle wrapper checksums
GNU GENERAL PUBLIC LICENSE
Version 3, 29 June 2007
Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The GNU General Public License is a free, copyleft license for
@obfusk
obfusk / zipalignment.py
Last active January 25, 2025 21:25
-> https://github.com/obfusk/reproducible-apk-tools#zipalignmentpy
#!/usr/bin/python3
# encoding: utf-8
# SPDX-FileCopyrightText: 2024 FC (Fay) Stegerman <flx@obfusk.net>
# SPDX-License-Identifier: AGPL-3.0-or-later
import os
import struct
import zipfile
from dataclasses import dataclass
@obfusk
obfusk / cdata.py
Last active January 25, 2025 21:24
#!/usr/bin/python3
import struct
import sys
import zipfile
zfile, entry = sys.argv[1:]
with zipfile.ZipFile(zfile) as zf:
info = zf.getinfo(entry)
with open(zfile, "rb") as fh:
@obfusk
obfusk / apkrepotool-cert.py
Last active January 19, 2025 22:42
get APK cert fingerprint using apkrepotool
#!/usr/bin/env python3
import hashlib
import sys
import apkrepotool
from pathlib import Path
for apk in sys.argv[1:]:
certs, _ = apkrepotool.get_signing_certs(Path(apk))
@obfusk
obfusk / per-day-downloads.py
Created January 18, 2025 00:23
per-day downloads for a specific IoD app
import glob
import json
import sys
from typing import Dict
appid, = sys.argv[1:]
results: Dict[str, int] = {}
for json_file in sorted(glob.glob("apk_downloads/*/*.json")):
with open(json_file, encoding="utf-8") as fh: