NikitolProject/android-encrypted-archiver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
230f4477113996132c1d451ef75cb4636fb685d7
android-encrypted-archiver/.planning/ROADMAP.md
NikitolProject 230f447711 docs(05-02): complete shell decoder cross-validation tests plan 
- SUMMARY.md: 6/6 tests pass (single, multi, no-compress, empty, large, Cyrillic)
- STATE.md: Phase 5 complete, 8 plans total, 80% progress
- ROADMAP.md: Phase 5 marked complete (2/2 plans)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-25 01:46:27 +03:00

7.3 KiB
Raw Blame History

Roadmap: Encrypted Archive

Overview

Build a custom encrypted archive format that standard tools cannot recognize or extract. The format spec comes first (it governs all three implementations), then the Rust archiver with full crypto pipeline, then round-trip verification to catch format bugs early, then Kotlin decoder (primary extraction on Android), then shell decoder (busybox fallback), and finally obfuscation hardening to defeat binwalk/file/strings analysis.

Phases

Phase Numbering:

  • Integer phases (1, 2, 3): Planned milestone work
  • Decimal phases (2.1, 2.2): Urgent insertions (marked with INSERTED)

Decimal phases appear between their surrounding integers in numeric order.

  • Phase 1: Format Specification - Document the complete binary format before writing any code (completed 2026-02-24)
  • Phase 2: Core Archiver - Rust CLI that compresses, encrypts, and packs files into the custom format (completed 2026-02-24)
  • Phase 3: Round-Trip Verification - Rust unpack command + golden test vectors + unit tests proving byte-identical round-trips (completed 2026-02-24)
  • Phase 4: Kotlin Decoder - Android 13 decoder using javax.crypto and java.util.zip (primary extraction path) (completed 2026-02-25)
  • Phase 5: Shell Decoder - Busybox shell script decoder using dd/xxd/openssl/gunzip (fallback extraction) (completed 2026-02-25)
  • Phase 6: Obfuscation Hardening - XOR-obfuscated headers, encrypted file table, decoy padding to defeat casual analysis

Phase Details

Phase 1: Format Specification

Goal: A complete, unambiguous binary format document that all three implementations can build against Depends on: Nothing (first phase) Requirements: FMT-05 Success Criteria (what must be TRUE):

  1. Format spec document exists with byte-level field definitions (offsets, sizes, types) for header, file table, and data blocks
  2. Spec defines magic bytes, version field, encryption parameters (AES-256-CBC, IV storage, HMAC placement), and compression flags
  3. Spec includes a worked example: a concrete archive with 2 files showing exact byte layout
  4. Spec addresses all obfuscation features (XOR headers, encrypted TOC, decoy padding) even though implementation is Phase 6 Plans: 1 plan

Plans:

  • 01-01-PLAN.md -- Write complete binary format specification with byte-level field definitions, worked example, and shell reference appendix

Phase 2: Core Archiver

Goal: A working Rust CLI that takes input files and produces a valid encrypted archive Depends on: Phase 1 Requirements: FMT-01, FMT-02, FMT-03, FMT-04, ENC-01, ENC-02, ENC-03, ENC-04, ENC-05, CMP-01, CMP-02, INT-01, CLI-01, CLI-02, CLI-03 Success Criteria (what must be TRUE):

  1. Running encrypted_archive pack file1.txt file2.apk -o archive.bin produces a single binary file
  2. The output file is not recognized by file, binwalk, or 7z (custom magic bytes, no standard signatures)
  3. Each file in the archive is independently compressed (gzip) and encrypted (AES-256-CBC) with a unique random IV
  4. HMAC-SHA256 is computed over IV+ciphertext for each file (encrypt-then-MAC)
  5. Running encrypted_archive inspect archive.bin shows file count, names, and sizes without decrypting content Plans: 2 plans

Plans:

  • 02-01-PLAN.md -- Project scaffolding, binary format types, crypto pipeline, and compression module
  • 02-02-PLAN.md -- Pack, inspect, and unpack commands with full archive orchestration

Phase 3: Round-Trip Verification

Goal: Proven byte-identical round-trips through the Rust unpack command, backed by golden test vectors Depends on: Phase 2 Requirements: INT-02, TST-01, TST-02, TST-03 Success Criteria (what must be TRUE):

  1. Running encrypted_archive unpack archive.bin -o output_dir/ extracts all files byte-identical to originals (verified by SHA-256 comparison)
  2. Golden test vectors exist: a known plaintext + known key + known IV produces an expected ciphertext (checked in CI)
  3. Unit tests cover each pipeline stage independently: compression, encryption, HMAC, format serialization/deserialization
  4. Round-trip succeeds for edge cases: empty file, large APK (>10MB), file with non-ASCII name (Cyrillic) Plans: 2 plans

Plans:

  • 03-01-PLAN.md -- Library crate structure, dev-dependencies, and unit tests for crypto/compression/format modules
  • 03-02-PLAN.md -- Golden test vectors with fixed IV/key and CLI round-trip integration tests

Phase 4: Kotlin Decoder

Goal: Android 13 Kotlin code that extracts files from the custom archive using only Android SDK built-ins Depends on: Phase 3 Requirements: KOT-01, KOT-02, KOT-03, KOT-04 Success Criteria (what must be TRUE):

  1. Kotlin decoder extracts all files from an archive created by the Rust archiver, producing byte-identical output
  2. Decoder uses only javax.crypto (AES/CBC/PKCS5Padding) and java.util.zip.GZIPInputStream -- no native libraries or third-party dependencies
  3. Decoder verifies HMAC-SHA256 before attempting decryption (fails fast on tampered data)
  4. Decoder verifies SHA-256 checksum after decompression (catches decompression corruption) Plans: 1 plan

Plans:

  • 04-01-PLAN.md -- Kotlin ArchiveDecoder with full decode pipeline and cross-validation test script

Phase 5: Shell Decoder

Goal: A busybox-compatible shell script that extracts files from the custom archive as a fallback when Kotlin is unavailable Depends on: Phase 3 Requirements: SHL-01, SHL-02, SHL-03 Success Criteria (what must be TRUE):

  1. Shell script extracts all files from an archive created by the Rust archiver, producing byte-identical output
  2. Script uses only standard busybox commands: dd, xxd, openssl (with -K/-iv/-nosalt for raw key mode), gunzip
  3. Script correctly handles files with non-ASCII names (Cyrillic characters) Plans: 2 plans

Plans:

  • 05-01-PLAN.md -- Shell decode.sh: busybox-compatible decoder with full pipeline (dd/xxd/openssl/gunzip)
  • 05-02-PLAN.md -- Cross-validation test script and end-to-end verification (6 test cases)

Phase 6: Obfuscation Hardening

Goal: Archive format resists casual analysis -- binwalk, file, strings, and hex editors reveal nothing useful Depends on: Phase 4, Phase 5 Requirements: FMT-06, FMT-07, FMT-08 Success Criteria (what must be TRUE):

  1. File table (names, sizes, offsets) is encrypted with its own IV -- hex dump of archive reveals no plaintext metadata
  2. All headers are XOR-obfuscated with a fixed key -- no recognizable structure patterns in first 256 bytes
  3. Random decoy padding exists between data blocks -- file boundaries are not detectable by size analysis
  4. All three decoders (Rust, Kotlin, Shell) still produce byte-identical output after obfuscation is applied Plans: TBD

Plans:

  • 06-01: TBD

Progress

Execution Order: Phases execute in numeric order: 1 -> 2 -> 3 -> 4 -> 5 -> 6

Phase Plans Complete Status Completed
1. Format Specification 1/1 Complete 2026-02-24
2. Core Archiver 2/2 Complete 2026-02-24
3. Round-Trip Verification 2/2 Complete 2026-02-24
4. Kotlin Decoder 1/1 Complete 2026-02-24
5. Shell Decoder 2/2 Complete 2026-02-25
6. Obfuscation Hardening 0/1 Not started -
Reference in New Issue View Git Blame Copy Permalink