Skip to content

.so files are compared using a binary diff within in Android APKs

This bug was originally reported by Hans-Christoph Steiner (hans@eds.org) in Debian bug #988789:

Package: diffoscope
Version: 172~bpo10+1
Severity: important

APKs (Android app files) often contain Linux ELF shared library files, e.g.
lib/arm64-v8a/libtor.so.  These are only compared using a binary diff, but they
should use the shared library comparison.  The output looks like:

├── lib/arm64-v8a/libtor.so
│┄ Command `'strings --all --bytes=8 {}'` failed with exit code 1. Standard
output:
│┄     /usr/bin/strings:
'/tmp/diffoscope_4_ifbg_p_release/tmpqowyi8ycapk/org.torproject.torservices_2004.apk/lib/arm64-v8a/libtor.so':
No such file
│ @@ -386405,15 +386405,15 @@
│  005e5640: 0800 0000 0000 0000 0000 0000 0000 0000  ................
│  005e5650: 5d00 0000 0400 0000 0200 0000 0000 0000  ]...............
│  005e5660: 08cc 0a00 0000 0000 08cc 0a00 0000 0000  ................
│  005e5670: d06f 0500 0000 0000 0500 0000 0000 0000  .o..............
│  005e5680: 0800 0000 0000 0000 1800 0000 0000 0000  ................
│  005e5690: 6700 0000 0400 0000 4200 0000 0000 0000  g.......B.......
│  005e56a0: d83b 1000 0000 0000 d83b 1000 0000 0000  .;.......;......
│ -005e56b0: b016 0000 0000 0000 0500 0000 0b00 0000  ................
│ +005e56b0: b016 0000 0000 0000 0500 0000 1500 0000  ................
│  005e56c0: 0800 0000 0000 0000 1800 0000 0000 0000  ................
│  005e56d0: 6c00 0000 0100 0000 0600 0000 0000 0000  l...............
│  005e56e0: 9052 1000 0000 0000 9052 1000 0000 0000  .R.......R......
│  005e56f0: 400f 0000 0000 0000 0000 0000 0000 0000  @...............
│  005e5700: 1000 0000 0000 0000 1000 0000 0000 0000  ................
│  005e5710: 7100 0000 0100 0000 0600 0000 0000 0000  q...............
│  005e5720: 0070 1000 0000 0000 0070 1000 0000 0000  .p.......p......


When running diffoscope directly on the extracted libtor.so files, then I get
useful output:

--- ./ciarang/lib/arm64-v8a/libtor.so
+++
./app/build/intermediates/stripped_native_libs/release/out/lib/arm64-v8a/libtor.so
├── readelf --wide --sections {}
│ @@ -8,15 +8,15 @@
│    [ 3] .hash             HASH            00000000000002e8 0002e8 012eb8 04
A  5   0  8
│    [ 4] .gnu.hash         GNU_HASH        00000000000131a0 0131a0 014ae4 00
A  5   0  8
│    [ 5] .dynsym           DYNSYM          0000000000027c88 027c88 041688 18
A  6   3  8
│    [ 6] .dynstr           STRTAB          0000000000069310 069310 03e17b 00
A  0   0  1
│    [ 7] .gnu.version      VERSYM          00000000000a748c 0a748c 005736 02
A  5   0  2
│    [ 8] .gnu.version_r    VERNEED         00000000000acbc8 0acbc8 000040 00
A  6   2  8
│    [ 9] .rela.dyn         RELA            00000000000acc08 0acc08 056fd0 18
A  5   0  8
│ -  [10] .rela.plt         RELA            0000000000103bd8 103bd8 0016b0 18
AI  5  11  8
│ +  [10] .rela.plt         RELA            0000000000103bd8 103bd8 0016b0 18
AI  5  21  8
│    [11] .plt              PROGBITS        0000000000105290 105290 000f40 10
AX  0   0 16
│    [12] .text             PROGBITS        0000000000107000 107000 392da4 00
AX  0   0 4096
│    [13] .rodata           PROGBITS        0000000000499db0 499db0 0c5418 00
A  0   0 16
│    [14] .eh_frame_hdr     PROGBITS        000000000055f1c8 55f1c8 00af84 00
A  0   0  4
│    [15] .eh_frame         PROGBITS        000000000056a150 56a150 031280 00
A  0   0  8
│    [16] .preinit_array    PREINIT_ARRAY   000000000059cae0 59bae0 000010 08
WA  0   0  8
│    [17] .init_array       INIT_ARRAY      000000000059caf0 59baf0 000018 08
WA  0   0  8
├── readelf --wide --decompress --hex-dump=.plt {}
│ @@ -1,10 +1,9 @@

│  Hex dump of section '.plt':
│ - NOTE: This section has relocations against it, but these have NOT been
applied to this dump.
│    0x00105290 f07bbfa9 90260090 11b644f9 10a22591 .{...&....D...%.
│    0x001052a0 20021fd6 1f2003d5 1f2003d5 1f2003d5  .... ... ... ..
│    0x001052b0 90260090 11ba44f9 10c22591 20021fd6 .&....D...%. ...
│    0x001052c0 90260090 11be44f9 10e22591 20021fd6 .&....D...%. ...
│    0x001052d0 90260090 11c244f9 10022691 20021fd6 .&....D...&. ...
│    0x001052e0 90260090 11c644f9 10222691 20021fd6 .&....D.."&. ...
│    0x001052f0 90260090 11ca44f9 10422691 20021fd6 .&....D..B&. ...
├── readelf --wide --decompress --hex-dump=.got {}
│ @@ -1,9 +1,10 @@

│  Hex dump of section '.got':
│ + NOTE: This section has relocations against it, but these have NOT been
applied to this dump.
│    0x005d5958 00000000 00000000 00000000 00000000 ................
│    0x005d5968 00000000 00000000 90521000 00000000 .........R......
│    0x005d5978 90521000 00000000 90521000 00000000 .R.......R......
│    0x005d5988 90521000 00000000 90521000 00000000 .R.......R......
│    0x005d5998 90521000 00000000 90521000 00000000 .R.......R......
│    0x005d59a8 90521000 00000000 90521000 00000000 .R.......R......
│    0x005d59b8 90521000 00000000 90521000 00000000 .R.......R......
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information