Encryption and decryption on the client side
Developers are often forced to create custom encryption methods due to various reasons, such as performance and efficiency issues. Broken cryptography happens mainly due to the following three reasons:
- Using a weak, custom, or known algorithm (RC4, MD4, MD5, SHA1) that has been proven to be vulnerable for the encryption and decryption process
- Poorly implementing strong algorithms
- The key management process being flawed
In this section, let's go ahead and explore the insecure usage of custom encryption and its implementation. Since we downloaded the app Herd Financials, let's convert the .apk file into a .jar file using dex2jar, as shown in the following code snippet:
C:\Hackbox\A-Tools\dex2jar-2.0>d2j-dex2jar.bat ...Get Mobile Application Penetration Testing now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
