tech.lgbt is one of the many independent Mastodon servers you can use to participate in the fediverse.
We welcome all marginalized identities. This Mastodon instance is generally for folks who are LGBTQIA+ and Allies with an interest in tech work, academics, or technology in general.

Server stats:

3.3K
active users

Public

Great to see you're adopting some of the #security features we've implemented earlier this year at #IzzyOnDroid @fdroidorg! Maybe you want to check our documentation on them?

android.izzysoft.de/articles/n

* it's SIGNING blocks, not FROSTING blocks
* MEITUAN is about payload, not metadata
* there's no fixed number of blocks as your code assumes (gitlab.com/fdroid/fdroidserver)

The article you link to (bi-zone.medium.com/easter-egg-) tells you the same :wink:

@IzzyOnDroid

My Android APK signing block payload PoC from Feb 2023 can use either a custom block or hide the payload in the verity padding block.

The IzzyOnDroid scanner will catch either variant, but the F-Droid scanner will miss both.

github.com/obfusk/sigblock-cod

GitHubGitHub - obfusk/sigblock-code-poc: android apk signing block payload pocandroid apk signing block payload poc. Contribute to obfusk/sigblock-code-poc development by creating an account on GitHub.