I'm working on a testing
known vulnerable android app that uses insecure storing methods. I need to develop an app to exploit it, but my java
skills are a little weak, so I'm wondering if I could get some guidance on the best way to do this.
So far my code can pull the encrypted password from the sqlite db. now I need to take that password and decrypt it and display it on the screen. This is where I need some help.
Based on an online AES Decryption tool, I was able to determine the following:
-Key Size: 256
-Secret Key: we'll just say it's 123abc for example (Secret key was hardcoded in the app)
I confirmed by running it through the online tool that the cleartext password it spit out works in the vulnerable app.
How can I take the encrypted string
I have(called "password"), and decrypt it using android studio so it gives me the same cleartext passwords as the online tool does? The less code the better, as I want to try to understand what I'm doing so I learn.
For reference, this looks like it may be something very similar to what I'm working on: https://coderanch.com/t/692714/display-file-Application