Inbuilt sha256 algorithm returns wrong results #56
Description
Hello
I found that this tool's inbuilt sha256 computation returns wrong results in the case if the actual file's sha256 starts with a zero.
Here's a couple of examples:
sha256sum tbank-7*apk
0cc57d3fa1166d95265a3c27760651ac5decef66d3b73d87673f4e8bdab64d0a tbank-7-5-0-10169.apk
0e84a9e3701063e4d2c4ac5262f66ce483b6660817bc7c48dfbb28d96699bd7d tbank-7.5.0-10184.apk
java -jar ./uber-apk-signer-1.3.0.jar -a tbank-7*.apk --onlyVerify | grep checksum
checksum: cc57d3fa1166d95265a3c27760651ac5decef66d3b73d87673f4e8bdab64d0a (sha256)
checksum: e84a9e3701063e4d2c4ac5262f66ce483b6660817bc7c48dfbb28d96699bd7d (sha256)
sha256sum Sesame_v3.7.0\(37000\).apk
08e630a897bd9d007093ba2fea051b488919d05761e22862a4e1eb31e9f0fdfd Sesame_v3.7.0(37000).apk
java -jar ./uber-apk-signer-1.3.0.jar -a Sesame_v3.7.0\(37000\).apk --onlyVerify | grep checksum
checksum: 8e630a897bd9d007093ba2fea051b488919d05761e22862a4e1eb31e9f0fdfd (sha256)
sha256sum 1.1.1.1_6.26\(3276\)ZT.apk
07d9b93df6330a08e6e3a04cdbcedde221e26731586026c57661ae57fb49b297 1.1.1.1_6.26(3276)ZT.apk
java -jar ./uber-apk-signer-1.3.0.jar -a 1.1.1.1_6.26\(3276\)ZT.apk --onlyVerify | grep checksum
checksum: 7d9b93df6330a08e6e3a04cdbcedde221e26731586026c57661ae57fb49b297 (sha256)
As you can see the checksum returned by this tool lacks leading zero in comparison to the system's tool which gives correct result.
This is the only inconsistency I've found so far. IDK if it corrupts anything else or not.
I believe you can check this with any file you have. I just picked some random files lying around and the result was the same. Here are the links to the first two files in case you'd want to test them (yet I'm not sure if they are permanent and give you a download forever. I'm not affiliated with them in any way):
https://acdn.t-bank-app.ru/download_apk/tbank-7-5-0-10184.apk
https://acdn.t-bank-app.ru/download_apk/tbank-7-5-0-10169.apk
Hope it helps
Regards
Anton