Created
September 15, 2015 23:12
-
-
Save strazzere/3b5ba525b2ac82e35276 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| rule Signed_APK_with_dex | |
| { | |
| meta: | |
| author = "Tim Strazzere" | |
| twitter = "@timstrazz" | |
| date = "10/25/2012" | |
| version = "1.0" | |
| tag = "Android" | |
| comment = "Attempted to detect an APK file with a classes.dex that is signed" | |
| strings: | |
| $PK_HEADER = {50 4B 03 04} | |
| $MANIFEST = "META-INF/MANIFEST.MF" | |
| $DEX_FILE = "classes.dex" | |
| condition: | |
| $PK_HEADER in (0..4) and $MANIFEST and $DEX_FILE | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment