Hacking old hardware by renaming to .zip [video] (opens in new tab)

(youtube.com)

122 pointsabadar2mo ago88 comments

88 comments

What a coincidence, I just got an email announcing that Breville intend to orphan my Joule sous vide stick: the existing app will stop working, the new app is only available the US and Canada and in parts of Europe.

Live in another country? You're s.o.l., it wasn't officially sold there. You need a new account as well, hope you like the TOS.

All of this for a device whose core functionality -- setting a target temperature, getting the current temperature and checking for error states -- is both trivial and has no inherent need for internet connectivity.

I suppose I should be grateful they're still supporting a device that's like 10 years old. Caveat emptor (I got it as a gift).

https://community.chefsteps.com/discussion/78615/joule-sous-...

red_admiral1mo ago

"With Breville+ Cooking, you’ll get: ... The ability to cook with or without WiFi anywhere, anytime."

What has gone wrong with humanity, that we need to advertise that as a feature if you download a new app?

sigbottle1mo ago

On the one hand, every time I read an article like this I'm vindicated against astroturfed bots claiming that nothing ever happens and this isn't where we're headed.

On the other hand, I don't want to be vindicated.

duskdozer1mo ago

It reads like a sarcastic post from 10 years ago ending in "Stallman was right"

greenavocado1mo ago

It is essential to purchase and configure Home Assistant (https://www.home-assistant.io/) compatible devices around the home whenever possible if you want a "smart home" that will last. Everything else is an Internet of Shit treadmill that lasts at most a few years before it falls off and is replaced by a new piece of e-waste.

seany1mo ago

The caveat here is that it needs to be local. I have a few things that work with HA, but they basically highjack the apps cloud login tokens ..

greenavocado1mo ago

That is terrifying

Ekaros1mo ago

From get go I considered the whole design with no interface on device a bad idea... Apps can and will often go. Better to have also the local controls.

compass_copium1mo ago

Don't want to remember how much money I spent on a Copengagen wheel for my wife when she was in school. At least some kind souls published a way to unbrick it.

RajT881mo ago

It's a plus from the manufacturer side - kitchen gadgets you keep more than 10 years.

With required smartphone app, it is almost assured to not work in 10 years, and you have to buy another one. Just another method of planned obsolesence.

radicality1mo ago

That’s just sad ugh, just the other day I was using my pre-shitty-IoT era Sous Vide machine (Anova brand, I think it might have been chefsteps recommended too, got around 2014/2015), and I was thinking how glad I am that it has zero fancy connectivity - just a wheel to set the temperature and a start/stop button and simple led display. Still works great.

nkrisc1mo ago

I have an Anova sous vide cooker that is also about 10 years old and has an app, but is fully functional without it.

When I bought it the app was free, but then later became a subscription addon. However they grandfathered all original owners into a free lifetime subscription. Pretty classy.

WalterBright1mo ago

I've bought 4 internet radios over the last 25 years. They work for a few years, then are bricked because the remote server disappeared.

EvanAnderson1mo ago

You rented the devices with a full up-front payment, but the manufacturer stuck you with the e-waste problem when they decided to be come an absentee landlord.

This needs to be fixed by regulation. If a device requires an online service to function it (a) needs to be clearly advertised as rental and not a purchase, and (b) the device manufacturer must take the devices back and deal with the e-waste if they discontinue the services or release the software stack (including complete and corresponding source code and build environment) to allow third-parties to host it.

1 more reply

somat1mo ago

Needing an app for these things is stupid in the first place, but the real kick in the metaphorical nuts is that the needed app should be stored on the device. Want to use your phone to control the device load the program to do so off the device itself.

We really only have one tech stack where this actually works, the web. And I consider this to be either the great failure of the app ecosystem(why on earth do apps need a manual install step?) or amazement that the corporate overlords let the web slip through the gaps.

Is there a way to do web over bluetooth? or is that another missing piece?

nkrisc1mo ago

For the one I have the app is completely optional. It doesn’t add any capability, it just lets you control it remotely. It will perform all its capabilities just fine without you ever taking your phone out.

For the subscription you also get additional content like recipes and such that I don’t care about. I wouldn’t pay for it.

ThePowerOfFuet1mo ago

>a device whose core functionality [...] is both trivial and has no inherent need for internet connectivity.

For a while I've given a hard pass to anything which requires an app for such functionality, knowing full well that eventually I'll be locked out of it (not to mention the privacy implications of such designs).

I encourage others to follow suit.

userbinator1mo ago

This reads like satire:

The ability to cook with or without WiFi anywhere, anytime.

ErroneousBosh1mo ago

If you're not cooking with WiFi, you need more key-down transmit power.

I'm currently full QRO on the 13cm band with something around 1600W EIRP CW, and will be for several minutes until the curry base defrosts.

ThePowerOfFuet1mo ago

>WiFi

>1600W EIRP

Your local regulatory authority would like a word with you.

1 more reply

toxik1mo ago

And in a bold face font:

> You've always needed an account to operate your Joule Sous Vide with the Joule app. This is not a new requirement.

Absolute comedy.

esquivalience1mo ago

I'd pay to cook with WiFi. Just imagine the signal strength!

toast01mo ago

Isn't that just a microwave oven, more or less?

1 more reply

duskdozer1mo ago

If you can cook with it, just imagine what it's doing to your brain! Forget about 5G...

jgalt2121mo ago

Jack Donaghy would ride this pitch right up to the C Suite.

“Ambition is the willingness to kill the things you love and eat them to survive”

OptionOfT1mo ago

Makes me glad I got the Anova one. They don't _need_ an app per-se, however they recently did do a rug-pull by making the app a subscription.

They grandfathered me in, of-course, but it still is absolutely disgusting.

It should be mandatory to build systems with local connections in mind. mDNS is a thing.

charcircuit1mo ago

I've found that Claude Code works well at reversing java applications. Even if it is fully obfuscated claude can restore sensible names for everything and understand how it all works and answer questions about what it is doing.

26d01mo ago

+1. While vibe-coding (natural language to code) is not such a great idea, we can always check the source, so vibe-reverse-engineering (code to natural language) may actually be quite useful.

evilduck1mo ago

Super useful. I have a no-name USB microscope that only supported iOS and Android (just look up "USB microscope" on Amazon, there's like 500 versions of the same device). The device doesn't work like a normal webcam so you can't just plug it into a PC, and their mobile software is shady and low quality so I would only ever connected it to a GrapheneOS phone where I could prohibit their app having network access entirely because it gave me a bad feeling. As a result I underused the device since it was annoying.

I recently took their .apk and dropped it in a new empty project folder, instructed Claude Code w/ GLM 5 to reverse engineer the app, assess it for security and privacy concerns out of curiosity and then to probe the USB device to figure out why it doesn't work like a normal UVC webcam. After the investigation and planning I then instructed it to write a new app to use it on my desktop. I pretty much yolo'd it from that point and let AI drive the bus (I did the visual checks of the video stream in the app to provide feedback... while I watching a movie). I wound up with a working Electron app using libusb two hours later. With a Typescipt/C POC in hand as reference in another hour I had functioning Rust + egui application. Visually, both apps are rough around the edges but have complete functional parity with the mobile apps. It took 68 million tokens.

bobdvb1mo ago

YouTube channel DextersTechLab was looking at a piece of retro tech, an interface box for an early broadcast painting system, it acts as a kind of hub for serial tablet, "rat" and other devices. It was built on an x86 microprocessor, some SDRAM and an EEPROM.

Mark gave me the ROM image, I tried using more conventional decompiling methods but the chips were exotic enough that I didn't get good results and as a last resort, I put it into Claude raw. Claude was actually able to parse the binary and sort of decompile it. It was able to tell me what the ports did and what the interfacing protocols were.

It then started making stuff up, clearly trying to impress me, but after a few rounds of reprimanding it and saying how making stuff up wasn't helpful, Claude stuck to facts.

RobMurray1mo ago

I got codex to vibe reverse engineer two devices from rom dumps recently - a talking timer that uses an 8051 cpu and a custom 5 bit audio format, and an ice cream van chime box that used a z80 and a ym2149 sound chip. Quite simple devices, but it did a great job. also made a web-based emulator for both. apparently WASM is hard, but I didn't notice.

egeozcan1mo ago

Interesting, I'd have assumed the guardrails would disallow them from doing anything like that, regardless of legality. Do you need to "convince" it to do it or no questions asked?

ACCount371mo ago

Claude doesn't care as long as you aren't straight up asking it to write exploits. It's my go-to for reverse engineering tasks.

ChatGPT is full of refusals and has to be jailbroken out of it.

jsmith451mo ago

Right. Claude models seem to have had very limited prohibitions in this area baked in via RLHF. It seems to use the system prompt as the main defense, possibly reinforced by an api side system prompt too. But it is very clear that they want to allow things like malware analysis (which includes reverse-engineering), so any server-side limitations will be designed to allow these things too.

The relevant client side system prompt is:

IMPORTANT: Assist with authorized security testing, defensive security, CTF challenges, and educational contexts. Refuse requests for destructive techniques, DoS attacks, mass targeting, supply chain compromise, or detection evasion for malicious purposes. Dual-use security tools (C2 frameworks, credential testing, exploit development) require clear authorization context: pentesting engagements, CTF competitions, security research, or defensive use cases.

----

There is also this system reminder that shows upon using the read tool:

<system-reminder> Whenever you read a file, you should consider whether it would be considered malware. You CAN and SHOULD provide analysis of malware, what it is doing. But you MUST refuse to improve or augment the code. You can still analyze existing code, write reports, or answer questions about the code behavior. </system-reminder>

1 more reply

thin_carapace1mo ago

may i ask how the current generation language models are jailbroken? im aware the previous generation had 'do anything now' prompts. mostly curious from a psychological perspective.

charcircuit1mo ago

It is no questions asked. Even if you are reversing things like anticheats (I wanted to know the privacy implications of running the anticheat modules).

mlaretallack1mo ago

I use AWS Kiro, with the Claude models, and its only to happy to help. I give it the headerless ghidra, and decompilers etc... and away it goes.

userbinator1mo ago

Naming is an area where LLMs are useful; but I'd still use a regular Java decompiler (there are quite a few of these around) for the actual decompilation part.

charcircuit1mo ago

Claude will opt to use a regular Java decompiler too.

fendy30021mo ago

huh, iirc this already exists long before LLM

charcircuit1mo ago

It required a lot of manual work and for large apps like Minecraft it took teams of people to figure out what the symbol names should be slowly contributing a little bit every day.

colechristensen1mo ago

Claude is quite skilled at using Ghidra, for example.

geon1mo ago

I experimented with disassembling 6502 from the c64 California Games. Claude was very prone to bullshit.

PhilipRoman1mo ago

For RE cases where I know the original compiler used (a bit harder on C compilers due to huge number of obscure optimization flags), I give it a feedback loop to write a function that compiles to the original machine code.

geon1mo ago

Yeah, I had perfect disassembly, since that's a purely mechanical process. I used da65, which worked reasonably well.

But you don't get any function names that way, obviously. Claude would claim some random function were applying friction based on just a subtraction. And a variable that had 2 possible states was named player_id, when the game supports 1-8 players.

It was a bit better when the memory addresses were known IO registers, but not by much.

charcircuit1mo ago

While somewhat counterintuitive, I have found that Claude is better at decompilation than disassembly.

wtetzner1mo ago

AI models in general seem to get different assembly languages mixed up easily.

elwebmaster1mo ago

Why would you say "semi-legally"? Nothing "semi" here. What is "semi-legal" is making hardware e-waste by deciding it is "no longer supported". It is "semi" legal because it is legal under the corrupt political systems in most of the world but is criminal against humanity and the planet we all call home. In that sense if you can prevent e-waste trough any means you are a hero.

kelvinjps101mo ago

The semi legal process it's reverse engineering the code. I watched the video she uses gidra and other descompilation tools. The video it's really good

userbinator1mo ago

Warning: Very rambly and somewhat incoherent video; tried to pay attention due to the topic being of interest, but very quickly gave up.

EULAs be damned, even the DMCA has exceptions for RE in the name of interoperability and repair.

TZubiri1mo ago

You're going to the bathroom at an airport? You pee in a urinal you can't even take home.

YOU

OWN

NOTHING

hsbauauvhabzb1mo ago

You wouldn’t download a car

AlienRobot1mo ago

Before 1984 "take a taxi" meant you could actually take the taxi.

bombcar1mo ago

Apparently Taxis in New York used to all be ex-cop cars, and cop cars all had the same key, so one key would get you any taxi.

2 more replies

mikkupikku1mo ago

You're not taking all your shits in other people's bathrooms but soil your own instead? What a chump, lmao.

bombcar1mo ago

"My boss makes a dollar, I make a dime. That's why I shit on company time."

https://www.youtube.com/watch?v=-gQgx-XX7yw

kelvinjps101mo ago

I really liked the video. I didn't realize you could build programs for no longer supported hardware like this. I had a similar epifany with SVG, there was an image that I needed to keep editing and then one day I opened the SVG file and realized it's a very readable file and then just built a python script that would modify the SVG file.

albert_e1mo ago

Has anyone does this for VIZIO app that controls among other things their soundbars (circa 2019)

I moved to a different country and the app is not on google play store in the new geography.

Even when it is installed somehow it is absolutely unreliable in pairing or controlling the device.

Wish I had time to go on a quest and reverse engineer and build my own better controller.

love2read1mo ago

Might be worth taking a weekend day and letting claude code reverse engineer the apk (just download the apk off google) and then build an open source app with the functions you need

JimDabell1mo ago

The same is true for iPhone apps (.ipa files). You can just unzip them.

kotaKat1mo ago

Sometimes you also find hidden things lurking accidentally left behind in IPAs and APKs that are nice and juicy and realize they've been shipped on Google Play/App Store for years.

I've found everything from entire copies of internal company manuals to working test credentials for a physical place with a membership barcode in debug logs left inside the app from developers.

Also sometimes changelogs left inside by accident which include things like "It hasn't been sanitized for outside consumption and thus should remain internal to <company>. Deliver it externally at your own risk of embarassment."

zekica1mo ago

.docx and .xlsx are also just zip files with XML and attachments. The bad thing is that the XML is Word's internal document structure serialized and behavior for some values is only defined in Microsoft's code.

karamanolev1mo ago

I've worked on docx and xlsx import/export and the public documentation for the formats was sufficient for normal documents (maybe excluding some very exotic features). That was ca 2010.

godman_81mo ago

Even pk3 files from the id Tech engine are just zip files.

HelloUsername1mo ago

For many things. Change .epub to .zip for example, you get html text and jpg images

thenthenthen1mo ago

It is zip files all the way down

saagarjha1mo ago

They are typically encrypted, though.

zffr1mo ago

Well the executable binaries inside IPAs are encrypted, but the IPA bundles themselves are typically unencrypted. You should be able to see unencrypted assets inside of them

echelon_musk1mo ago

Wait till people discover file(1)!

kotaKat1mo ago

Even better, wait until people discover 7zip's 'parser mode' on Windows (especially). Right click a file -> 7zip -> Open archive -> #:e mode. Really fun way to quickly carve out files and snoop around. I use it like a poor man's binwalk to extract firmware files and updates and etc out of things to usual success.

(#:e Parser mode, ignoring full archives, and checks every single byte position of a file for 'start of archive' bytes to parse archives out of a larger file.)

mjmas1mo ago

That's helpful. I always wondered what the * and # modes were for and why some sometimes only one of them worked.

bombcar1mo ago

The elites don’t want you to know this but the distribution file formats on the web are zips you can just unzip them I have 458 zips.

ruguo1mo ago

Indeed so

tosti1mo ago

Makes sense for an apk to be a zip file. Apps were supposed to be written in Java and that has always shipped binaries in zip files (jar or war).

bombcar1mo ago

There are many "file formats" that are just relabelled zips - the hard part is always reconstructing it after making a change.

tosti1mo ago

That's because zip is really just the first layer.

j / k navigate · click thread line to collapse

88 comments

morsch1mo ago

Live in another country? You're s.o.l., it wasn't officially sold there. You need a new account as well, hope you like the TOS.

I suppose I should be grateful they're still supporting a device that's like 10 years old. Caveat emptor (I got it as a gift).

https://community.chefsteps.com/discussion/78615/joule-sous-...

red_admiral1mo ago

"With Breville+ Cooking, you’ll get: ... The ability to cook with or without WiFi anywhere, anytime."

What has gone wrong with humanity, that we need to advertise that as a feature if you download a new app?

sigbottle1mo ago

On the one hand, every time I read an article like this I'm vindicated against astroturfed bots claiming that nothing ever happens and this isn't where we're headed.

On the other hand, I don't want to be vindicated.

duskdozer1mo ago

It reads like a sarcastic post from 10 years ago ending in "Stallman was right"

greenavocado1mo ago

seany1mo ago

The caveat here is that it needs to be local. I have a few things that work with HA, but they basically highjack the apps cloud login tokens ..

greenavocado1mo ago

That is terrifying

Ekaros1mo ago

From get go I considered the whole design with no interface on device a bad idea... Apps can and will often go. Better to have also the local controls.

compass_copium1mo ago

Don't want to remember how much money I spent on a Copengagen wheel for my wife when she was in school. At least some kind souls published a way to unbrick it.

RajT881mo ago

It's a plus from the manufacturer side - kitchen gadgets you keep more than 10 years.

With required smartphone app, it is almost assured to not work in 10 years, and you have to buy another one. Just another method of planned obsolesence.

radicality1mo ago

nkrisc1mo ago

I have an Anova sous vide cooker that is also about 10 years old and has an app, but is fully functional without it.

When I bought it the app was free, but then later became a subscription addon. However they grandfathered all original owners into a free lifetime subscription. Pretty classy.

WalterBright1mo ago

I've bought 4 internet radios over the last 25 years. They work for a few years, then are bricked because the remote server disappeared.

EvanAnderson1mo ago

You rented the devices with a full up-front payment, but the manufacturer stuck you with the e-waste problem when they decided to be come an absentee landlord.

1 more reply

somat1mo ago

Is there a way to do web over bluetooth? or is that another missing piece?

nkrisc1mo ago

For the subscription you also get additional content like recipes and such that I don’t care about. I wouldn’t pay for it.

ThePowerOfFuet1mo ago

>a device whose core functionality [...] is both trivial and has no inherent need for internet connectivity.

I encourage others to follow suit.

userbinator1mo ago

This reads like satire:

The ability to cook with or without WiFi anywhere, anytime.

ErroneousBosh1mo ago

If you're not cooking with WiFi, you need more key-down transmit power.

I'm currently full QRO on the 13cm band with something around 1600W EIRP CW, and will be for several minutes until the curry base defrosts.

ThePowerOfFuet1mo ago

>WiFi

>1600W EIRP

Your local regulatory authority would like a word with you.

1 more reply

toxik1mo ago

And in a bold face font:

> You've always needed an account to operate your Joule Sous Vide with the Joule app. This is not a new requirement.

Absolute comedy.

esquivalience1mo ago

I'd pay to cook with WiFi. Just imagine the signal strength!

toast01mo ago

Isn't that just a microwave oven, more or less?

1 more reply

duskdozer1mo ago

If you can cook with it, just imagine what it's doing to your brain! Forget about 5G...

jgalt2121mo ago

Jack Donaghy would ride this pitch right up to the C Suite.

“Ambition is the willingness to kill the things you love and eat them to survive”

OptionOfT1mo ago

Makes me glad I got the Anova one. They don't _need_ an app per-se, however they recently did do a rug-pull by making the app a subscription.

They grandfathered me in, of-course, but it still is absolutely disgusting.

It should be mandatory to build systems with local connections in mind. mDNS is a thing.

charcircuit1mo ago

26d01mo ago

+1. While vibe-coding (natural language to code) is not such a great idea, we can always check the source, so vibe-reverse-engineering (code to natural language) may actually be quite useful.

evilduck1mo ago

bobdvb1mo ago

It then started making stuff up, clearly trying to impress me, but after a few rounds of reprimanding it and saying how making stuff up wasn't helpful, Claude stuck to facts.

RobMurray1mo ago

egeozcan1mo ago

Interesting, I'd have assumed the guardrails would disallow them from doing anything like that, regardless of legality. Do you need to "convince" it to do it or no questions asked?

ACCount371mo ago

Claude doesn't care as long as you aren't straight up asking it to write exploits. It's my go-to for reverse engineering tasks.

ChatGPT is full of refusals and has to be jailbroken out of it.

jsmith451mo ago

The relevant client side system prompt is:

----

There is also this system reminder that shows upon using the read tool:

1 more reply

thin_carapace1mo ago

may i ask how the current generation language models are jailbroken? im aware the previous generation had 'do anything now' prompts. mostly curious from a psychological perspective.

charcircuit1mo ago

It is no questions asked. Even if you are reversing things like anticheats (I wanted to know the privacy implications of running the anticheat modules).

mlaretallack1mo ago

I use AWS Kiro, with the Claude models, and its only to happy to help. I give it the headerless ghidra, and decompilers etc... and away it goes.

userbinator1mo ago

Naming is an area where LLMs are useful; but I'd still use a regular Java decompiler (there are quite a few of these around) for the actual decompilation part.

charcircuit1mo ago

Claude will opt to use a regular Java decompiler too.

fendy30021mo ago

huh, iirc this already exists long before LLM

charcircuit1mo ago

It required a lot of manual work and for large apps like Minecraft it took teams of people to figure out what the symbol names should be slowly contributing a little bit every day.

colechristensen1mo ago

Claude is quite skilled at using Ghidra, for example.

geon1mo ago

I experimented with disassembling 6502 from the c64 California Games. Claude was very prone to bullshit.

PhilipRoman1mo ago

geon1mo ago

Yeah, I had perfect disassembly, since that's a purely mechanical process. I used da65, which worked reasonably well.

It was a bit better when the memory addresses were known IO registers, but not by much.

charcircuit1mo ago

While somewhat counterintuitive, I have found that Claude is better at decompilation than disassembly.

wtetzner1mo ago

AI models in general seem to get different assembly languages mixed up easily.

elwebmaster1mo ago

kelvinjps101mo ago

The semi legal process it's reverse engineering the code. I watched the video she uses gidra and other descompilation tools. The video it's really good

userbinator1mo ago

Warning: Very rambly and somewhat incoherent video; tried to pay attention due to the topic being of interest, but very quickly gave up.

EULAs be damned, even the DMCA has exceptions for RE in the name of interoperability and repair.

TZubiri1mo ago

You're going to the bathroom at an airport? You pee in a urinal you can't even take home.

YOU

OWN

NOTHING

hsbauauvhabzb1mo ago

You wouldn’t download a car

AlienRobot1mo ago

Before 1984 "take a taxi" meant you could actually take the taxi.

bombcar1mo ago

Apparently Taxis in New York used to all be ex-cop cars, and cop cars all had the same key, so one key would get you any taxi.

2 more replies

mikkupikku1mo ago

You're not taking all your shits in other people's bathrooms but soil your own instead? What a chump, lmao.

bombcar1mo ago

"My boss makes a dollar, I make a dime. That's why I shit on company time."

https://www.youtube.com/watch?v=-gQgx-XX7yw

kelvinjps101mo ago

albert_e1mo ago

Has anyone does this for VIZIO app that controls among other things their soundbars (circa 2019)

I moved to a different country and the app is not on google play store in the new geography.

Even when it is installed somehow it is absolutely unreliable in pairing or controlling the device.

Wish I had time to go on a quest and reverse engineer and build my own better controller.

love2read1mo ago

Might be worth taking a weekend day and letting claude code reverse engineer the apk (just download the apk off google) and then build an open source app with the functions you need

JimDabell1mo ago

The same is true for iPhone apps (.ipa files). You can just unzip them.

kotaKat1mo ago

Sometimes you also find hidden things lurking accidentally left behind in IPAs and APKs that are nice and juicy and realize they've been shipped on Google Play/App Store for years.

I've found everything from entire copies of internal company manuals to working test credentials for a physical place with a membership barcode in debug logs left inside the app from developers.

zekica1mo ago

karamanolev1mo ago

I've worked on docx and xlsx import/export and the public documentation for the formats was sufficient for normal documents (maybe excluding some very exotic features). That was ca 2010.

godman_81mo ago

Even pk3 files from the id Tech engine are just zip files.

HelloUsername1mo ago

For many things. Change .epub to .zip for example, you get html text and jpg images

thenthenthen1mo ago

It is zip files all the way down

saagarjha1mo ago

They are typically encrypted, though.

zffr1mo ago

Well the executable binaries inside IPAs are encrypted, but the IPA bundles themselves are typically unencrypted. You should be able to see unencrypted assets inside of them

echelon_musk1mo ago

Wait till people discover file(1)!

kotaKat1mo ago

(#:e Parser mode, ignoring full archives, and checks every single byte position of a file for 'start of archive' bytes to parse archives out of a larger file.)

mjmas1mo ago

That's helpful. I always wondered what the * and # modes were for and why some sometimes only one of them worked.

bombcar1mo ago

The elites don’t want you to know this but the distribution file formats on the web are zips you can just unzip them I have 458 zips.

ruguo1mo ago

Indeed so

tosti1mo ago

Makes sense for an apk to be a zip file. Apps were supposed to be written in Java and that has always shipped binaries in zip files (jar or war).

bombcar1mo ago

There are many "file formats" that are just relabelled zips - the hard part is always reconstructing it after making a change.

tosti1mo ago

That's because zip is really just the first layer.

j / k navigate · click thread line to collapse