-
Notifications
You must be signed in to change notification settings - Fork 55
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug 9695860 output invalid #9
Comments
What android device is this? It may have been patched. |
It is the case that this tool will generate zip files which are not valid with regard to the spec (or a particular implementation), but are used to exploit an edgecase. So, it may be the case that normal unix tools don't like the files produced. |
It's a Samsung S4 running 4.2.2 which Cydia Impactor still works on, and which the Bluebox checker claims is still vulnerable to 9695860. Will try the example APK now |
bug9695860.apk installs fine on the phone. unzip -v bug9695860.apk also does not return any errors, whereas unzip -v on MasterKeysModded-orig.apk returns errors. |
Hmm, this seems like maybe the command line params are getting messed up somewhere. |
If you're just trying to gain system permissions, did you try just replacing the manifest? |
$ java -jar ~/ZipArbitrage/bin/AndroidZipArbitrage.jar --9695860 orig.apk patched.apk
Using Bug 9695860 to circumvent Android signatures
All seems fine, but:
$ adb install patched.apk
Whoops: didn't find expected signature
read_central_directory_entry failed
file 'MasterKeysModded-orig.apk' is not a valid zip file
rm failed for /data/local/tmp/MasterKeysModded-orig.apk, No such file or directory
The text was updated successfully, but these errors were encountered: