-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 okay, but thats not very good?
so the dex doc says about the checksum the following: adler32 checksum of the rest of the file (everything but magic and this field); used to detect file corruption so why the dalivkvm does not check it? i mean ok, it takes some time but what if there is a real corruption? In my case i found out that nearly 50% of my samples (all of them are malware) have a wrong adler32 checksum but all samples have a correct sha1 sum - which is really odd because then its prooven, that the file isnt corrupted at all but just the adler32 checksum is wrong! so what could probably be done with this? A wrong checksum just forces a creation of a new odex? nothing more? any hints? thanks! On 2012-09-07 23:09, Brian Carlstrom wrote: > On Fri, Sep 7, 2012 at 12:16 PM, <[email protected]> wrote: > >> No wait, its about the dex file inside the apk. Not the odex! >> > > if the source of the odex was a .dex file and not a zip archive, > that the odex checksum is matched against the .dex checksum to > check if things are up-to-date. if source is a zip/jar/apk ,then > the checksum of the classes.dex is not looked at, just the checksum > of the zip entry of the classes.dex > > nothing is validating checksums at runtime, just comparing them. > > -bri > > >> >> >> >> Brian Carlstrom <[email protected]> schrieb: >> >>> The checksum in the odex files in /data/dalvik-cache/ are used >>> to tell if they are out of date with respect to the source >>> classes.dex files in APKs and jars as well as on bootclasspath >>> dependencies. >>> >>> In practice in user and userdebug builds, the odex files should >>> be produced at install time for apps, but they are validated at >>> startup so they can be updated after a system update. in eng >>> builds they are updated more lazily before an program is >>> started. all of these cases are handled by installd invoking >>> dexopt. >>> >>> the command like dalvikvm has the ability to run dexopt itself >>> for test use. a few command line tools also validate the >>> checksum, but in the usage above, it is more typically used a >>> simple fingerprint to see if things are out-of-date. file >>> system modifications times cannot be used since the clock on >>> the system can move forward and back unexpectedly. >>> >>> -bri >>> >>> >>> On Fri, Sep 7, 2012 at 1:31 AM, Sebastian Bachmann >>> <[email protected]>wrote: >>> >>>> Is it possible that the DalvikVM does not check the file >>>> against its Adler32 checksum? I have many files with >>>> missmatching sum here and I'm not sure if the sum is broken >>>> because of file corruption or wasnt even computed right. But >>>> most of these files can even be installed... >>>> >>>> thanks! >>>> >>>> -- You received this message because you are subscribed to >>>> the Google Groups "Android Security Discussions" group. To >>>> post to this group, send email to >>>> [email protected]. To unsubscribe >>>> from this group, send email to >>>> [email protected]. For >>>> more options, visit this group at >>>> http://groups.google.com/group/android-security-discuss?hl=en. >>>> >>>> >>> >> >>>> - -- >> Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 >> Mail gesendet. >> > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJQSmeaAAoJEAhgHfpCPcyb4mwH/ifH6gPmCLAHRvXOg0vZwTlE 1hMEGzPGjS367Mw6x1zJ6uF2iEACpbwgTbmSlIjDQfwmXq2rTlNpGxazsePNVOKu yTEiRy42tkGApYj/9DNPdhlu3OO0WK3ekdXd+FZtBmRFCoAR3dAXIAlKgtUDs7V6 nR/o9uA6m0S9tcwmXkspgXEq5R45ApNe9306VRc4erE3WKIWMDBknIYGZNDxd/2X vzALd6UoBgIoXLrA7B6gINcFIG4avIGugdaeSuK9OILcxwMeIk493+Ey58BSX1lN n9eOb4GTkajFthLiv/9yI/NJu7A0OTpVrju4La9kODyKoF7pmTv+yJTCFJU+Hs4= =gnlh -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
