Merge pull request #93 from mikusjelly/master

feat: 🎸 Support Android Dex, Dey file
h2non · Nov 30, 2020 · f60988a · f60988a
2 parents 27da4bf + a1337e2
commit f60988a
Show file tree

Hide file tree

Showing 5 changed files with 27 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -270,6 +270,8 @@ func main() {
 #### Application
 
 - **wasm** - `application/wasm`
+- **dex** - `application/vnd.android.dex`
+- **dey** - `application/vnd.android.dey`
 
 ## Benchmarks
 

diff --git a/fixtures/sample.dex b/fixtures/sample.dex
diff --git a/fixtures/sample.dey b/fixtures/sample.dey
diff --git a/match_test.go b/match_test.go
@@ -51,6 +51,8 @@ func TestMatchFile(t *testing.T) {
 		{"mov"},
 		{"wasm"},
 		{"dwg"},
+		{"dex"},
+		{"dey"},
 	}
 
 	for _, test := range cases {

diff --git a/matchers/application.go b/matchers/application.go
@@ -2,10 +2,14 @@ package matchers
 
 var (
 	TypeWasm = newType("wasm", "application/wasm")
+	TypeDex  = newType("dex", "application/vnd.android.dex")
+	TypeDey  = newType("dey", "application/vnd.android.dey")
 )
 
 var Application = Map{
 	TypeWasm: Wasm,
+	TypeDex:  Dex,
+	TypeDey:  Dey,
 }
 
 // Wasm detects a Web Assembly 1.0 filetype.
@@ -18,3 +22,22 @@ func Wasm(buf []byte) bool {
 		buf[4] == 0x01 && buf[5] == 0x00 &&
 		buf[6] == 0x00 && buf[7] == 0x00
 }
+
+// Dex detects dalvik executable(DEX)
+func Dex(buf []byte) bool {
+	// https://source.android.com/devices/tech/dalvik/dex-format#dex-file-magic
+	return len(buf) > 36 &&
+		// magic
+		buf[0] == 0x64 && buf[1] == 0x65 && buf[2] == 0x78 && buf[3] == 0x0A &&
+		// file sise
+		buf[36] == 0x70
+}
+
+// Dey Optimized Dalvik Executable(ODEX)
+func Dey(buf []byte) bool {
+	return len(buf) > 100 &&
+		// dey magic
+		buf[0] == 0x64 && buf[1] == 0x65 && buf[2] == 0x79 && buf[3] == 0x0A &&
+		// dex
+		Dex(buf[40:100])
+}