Fuzion24/AndroidZipArbitrage

Bug 9695860 output invalid

hubert3 opened this issue · 6 comments

$ java -jar ~/ZipArbitrage/bin/AndroidZipArbitrage.jar --9695860 orig.apk patched.apk
Using Bug 9695860 to circumvent Android signatures

All seems fine, but:

$ adb install patched.apk
Whoops: didn't find expected signature
read_central_directory_entry failed
file 'MasterKeysModded-orig.apk' is not a valid zip file
rm failed for /data/local/tmp/MasterKeysModded-orig.apk, No such file or directory

What android device is this? It may have been patched.
Does the example application of this bug install?

It is the case that this tool will generate zip files which are not valid with regard to the spec (or a particular implementation), but are used to exploit an edgecase. So, it may be the case that normal unix tools don't like the files produced.

It's a Samsung S4 running 4.2.2 which Cydia Impactor still works on, and which the Bluebox checker claims is still vulnerable to 9695860. Will try the example APK now

bug9695860.apk installs fine on the phone. unzip -v bug9695860.apk also does not return any errors, whereas unzip -v on MasterKeysModded-orig.apk returns errors.

Hmm, this seems like maybe the command line params are getting messed up somewhere.

If you're just trying to gain system permissions, did you try just replacing the manifest?