APKs like several other file formats are actually Zip archive files with standardized contents.
But about 2018 when Android moved from JAR signing to APK signing, they added a new section to the APK format that is not in the normal file format.
I've written code to parse ZIP archives before so know my way around. The new section is just before the "Central Directory" and ends with a 16-byte ASCII magic word APK Sig Block 42. Just before that there's a 64-bit length field giving us the size of the whole Sig Block, which itself begins with the same 64-bit length as its first field.
I understand the contents contains key-value pairs detailing what kind of encryption is used and I understand that some of the fields are undocumented proprietary fields to do with the Google Play store sometimes referred to as "Frosting".
I don't need the details for the proprietary fields but despite reading the docs I can find over and over, I can't make sense of how to parse the non-secret parts of the APK Sig Block.
Can somebody provide an overview of its structure or point to a better description that the one I linked?
