On Fri, Sep 7, 2012 at 12:16 PM, <[email protected]> wrote: > No wait, its about the dex file inside the apk. Not the odex! >
if the source of the odex was a .dex file and not a zip archive, that the odex checksum is matched against the .dex checksum to check if things are up-to-date. if source is a zip/jar/apk ,then the checksum of the classes.dex is not looked at, just the checksum of the zip entry of the classes.dex nothing is validating checksums at runtime, just comparing them. -bri > > > > Brian Carlstrom <[email protected]> schrieb: > >> The checksum in the odex files in /data/dalvik-cache/ are used to tell if >> they are out of date with respect to the source classes.dex files in APKs >> and jars as well as on bootclasspath dependencies. >> >> In practice in user and userdebug builds, the odex files should be >> produced at install time for apps, but they are validated at startup so >> they can be updated after a system update. in eng builds they are updated >> more lazily before an program is started. all of these cases are handled by >> installd invoking dexopt. >> >> the command like dalvikvm has the ability to run dexopt itself for test >> use. a few command line tools also validate the checksum, but in the usage >> above, it is more typically used a simple fingerprint to see if things are >> out-of-date. file system modifications times cannot be used since the clock >> on the system can move forward and back unexpectedly. >> >> -bri >> >> >> On Fri, Sep 7, 2012 at 1:31 AM, Sebastian Bachmann >> <[email protected]>wrote: >> >>> Is it possible that the DalvikVM does not check the file against its >>> Adler32 checksum? I have many files with missmatching sum here and I'm >>> not >>> sure if the sum is broken because of file corruption or wasnt even >>> computed >>> right. But most of these files can even be installed... >>> >>> thanks! >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Android Security Discussions" group. >>> To post to this group, send email to >>> [email protected]. >>> To unsubscribe from this group, send email to >>> [email protected]. >>> For more options, visit this group at >>> http://groups.google.com/group/android-security-discuss?hl=en. >>> >>> >> > -- > Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail > gesendet. > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
