search

pmqs / zipdetails

zipdetails - Display details about the internal structure of Zip files.
47 stars 2 forks source link

iOS ipa files #2

Open pmqs opened 3 years ago

pmqs commented 3 years ago

These are zip file. Some use compression method 99 to store a payload compressed with LZFSE

Method 99 is already registered in APPNOTE for AES encryption.

May be able to infer LZFSE if it has a signature.

pmqs commented 2 years ago

Sample IPA File, 534.ipa, available at https://sourceforge.net/p/sevenzip/discussion/45797/thread/407a191c4f/

pmqs commented 1 year ago

https://github.com/lzfse/lzfse

pmqs commented 1 year ago

From https://github.com/lzfse/lzfse/blob/master/src/lzfse_internal.h

looks like magic id "bvx"

#define LZFSE_NO_BLOCK_MAGIC             0x00000000 // 0    (invalid)
#define LZFSE_ENDOFSTREAM_BLOCK_MAGIC    0x24787662 // bvx$ (end of stream)
#define LZFSE_UNCOMPRESSED_BLOCK_MAGIC   0x2d787662 // bvx- (raw data)
#define LZFSE_COMPRESSEDV1_BLOCK_MAGIC   0x31787662 // bvx1 (lzfse compressed, uncompressed tables)
#define LZFSE_COMPRESSEDV2_BLOCK_MAGIC   0x32787662 // bvx2 (lzfse compressed, compressed tables)
#define LZFSE_COMPRESSEDLZVN_BLOCK_MAGIC 0x6e787662 // bvxn (lzvn compressed)