chiark / gitweb /
~ianmdlvl / fdroidserver.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5fd014a) | patch
scan APKs for signs of "Master Key" exploit
authorHans-Christoph Steiner <hans@eds.org>
Wed, 21 Jun 2017 12:01:01 +0000 (14:01 +0200)
committerHans-Christoph Steiner <hans@eds.org>
Wed, 28 Jun 2017 21:14:57 +0000 (23:14 +0200)
commit9886e539d3b1b0a033ca5d9dbe58d82caf87b0f4
tree876b3574c67fcec3aed46ff80834631bced0b262tree | snapshot
parent5fd014a8524b38f183e3ee6918645b4aaac2fea9commit | diff
scan APKs for signs of "Master Key" exploit

This exploit is old, and was fixed in 4.4.  But it was easy to exploit,
so it is still worth scanning for it.  It is also easy to scan for, since
valid APKs should not have files with duplicate names.  In theory, this
could look for duplicate file names for any file, but this limits the
false positives by only checking names of files related to executing code.

fdroidclient#40
fdroidserver/update.py diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.