Hi everyone, I’ve been working on a Rust library that parses APK files.
Key features:
A malware friendly zip extractor:
Lately, a bunch of malware has been using BadPack technique, which break “normal” zip parsers. This library handles them without skipping anything.
A full-fledged Android Binary XML and Android Resource parser:
There are many libraries that claim they can do this, but most don’t actually parse everything correctly, because for this you need to understand the Android sources, and they are not written very well 😄
Support for extracting information contained in the APK Signature Block 42:
APK Signature scheme v1, v2, v3, v3.1;
Stamp Block v1 & v2;
Apk Channel Block;
U…
Hi everyone, I’ve been working on a Rust library that parses APK files.
Key features:
A malware friendly zip extractor:
Lately, a bunch of malware has been using BadPack technique, which break “normal” zip parsers. This library handles them without skipping anything.
A full-fledged Android Binary XML and Android Resource parser:
There are many libraries that claim they can do this, but most don’t actually parse everything correctly, because for this you need to understand the Android sources, and they are not written very well 😄
Support for extracting information contained in the APK Signature Block 42:
APK Signature scheme v1, v2, v3, v3.1;
Stamp Block v1 & v2;
Apk Channel Block;
Usually, no on extracts stamp blocks, but they’re useful if you want to know where an APK came from - like if it’s from Google Play or somewhere else. Similarly with Apk Channel Block.
The library also handles many obfuscation tricks in AndroidManifest.xml that are meant to break static analysis. I’ve only seen this in commercial tools, opensource tools like androguard or jadx can’t always open and process files correctly.
Would love to hear what you think!