Potentially Cryptographic Vulnerability: Insecure Algorithm

Description

The mode of operation used to encrypt the data is vulnerable

Recommendation

We recommend AES for general-purpose use. If you're willing to go against the grain and are paranoid, you can use Serpent, which isn't quite as fast as AES but is believed to have a much higher security margin.

If you really feel that you need the fastest possible secure solution, consider the SNOW 2.0 stream cipher, which currently looks very good. It appears to have a much better security margin than the popular favorite, RC4, and is even faster. However, it is fairly new. If you're highly risk-adverse, we recommend AES or Serpent. Although popular, RC4 would never be the best available choice.

Technical details
[TAINT] String 'AES' ==>>> Sink '['Ljavax/crypto/KeyGenerator;', 'getInstance', '(Ljava/lang/String; Ljava/lang/String;)Ljavax/crypto/KeyGenerator;', '0', 'CRYPTO_SINK']' [[('Lcom/paysys/nbpdigital/d/a;', 'a', '(I)Ljavax/crypto/Cipher;'), ('Lcom/paysys/nbpdigital/d/a;', 'f', '()Z'), ('Ljavax/crypto/KeyGenerator;', 'getInstance', '(Ljava/lang/String; Ljava/lang/String;)Ljavax/crypto/KeyGenerator;')]]

The insecure algorithm AES is used.

Method com.paysys.nbpdigital.d.a.a():


    private javax.crypto.Cipher a(int p7)
    {
        String v0_1 = javax.crypto.Cipher.getInstance("AES/CBC/PKCS7Padding");
        java.security.Key v1_1 = this.d.getKey("MY_APP_ALIAS", 0);
        if (v1_1 != null) {
            if (p7 != 1) {
                v0_1.init(p7, v1_1, new javax.crypto.spec.IvParameterSpec(this.h()));
            } else {
                this.i();
                String v2_2 = this.i().edit();
                v2_2.remove("ENCRYPTED_PASS_SHARED_PREF_KEY");
                v2_2.remove("LAST_USED_IV_SHARED_PREF_KEY");
                v2_2.apply();
                this.d.deleteEntry("MY_APP_ALIAS");
                this.f();
                try {
                    v0_1.init(p7, v1_1);
                } catch (String v2_4) {
                    StringBuilder v4_1 = new StringBuilder();
                    v4_1.append("Encryption error =");
                    v4_1.append(v2_4);
                    android.util.Log.d("fingerPrint", v4_1.toString());
                }
                v0_1.init(p7, v1_1);
                this.b(v0_1.getIV());
            }
            return v0_1;
        } else {
            this.f();
            android.util.Log.d("fingerPrint", "keystore = null");
            return 0;
        }
    }

Method com.paysys.nbpdigital.d.a.f():


    private boolean f()
    {
        try {
            this.d = java.security.KeyStore.getInstance("AndroidKeyStore");
            this.e = javax.crypto.KeyGenerator.getInstance("AES", "AndroidKeyStore");
            this.d.load(0);
        } catch (int v0_6) {
            javax.crypto.KeyGenerator v1_3 = new StringBuilder();
            v1_3.append("Failed init of keyStore & keyGenerator: ");
            v1_3.append(v0_6.getMessage());
            this.c(v1_3.toString());
            return 0;
        }
        if (this.h() == null) {
            this.c("null array found");
            this.e.init(this.e());
            this.e.generateKey();
        }
        return 1;
    }

Method javax.crypto.KeyGenerator.getInstance() not found.

[TAINT] String 'AES' ==>>> Sink '['Ljavax/crypto/KeyGenerator;', 'getInstance', '(Ljava/lang/String; Ljava/lang/String;)Ljavax/crypto/KeyGenerator;', '0', 'CRYPTO_SINK']' [[('Lcom/paysys/nbpdigital/d/a;', 'a', '(Landroid/os/CancellationSignal; Lcom/paysys/nbpdigital/d/a$b; I)V'), ('Lcom/paysys/nbpdigital/d/a;', 'a', '(I)Ljavax/crypto/Cipher;'), ('Lcom/paysys/nbpdigital/d/a;', 'f', '()Z'), ('Ljavax/crypto/KeyGenerator;', 'getInstance', '(Ljava/lang/String; Ljava/lang/String;)Ljavax/crypto/KeyGenerator;')]]

The insecure algorithm AES is used.

Method com.paysys.nbpdigital.d.a.a():


    private void a(android.os.CancellationSignal p7, com.paysys.nbpdigital.d.a$b p8, int p9)
    {
        try {
            if (!this.j()) {
                p8.a().onFailure("User hasn\'t granted permission to use Fingerprint");
            } else {
                this.b.authenticate(new android.hardware.fingerprint.FingerprintManager$CryptoObject(this.a(p9)), p7, 0, p8, 0);
            }
        } catch (com.paysys.nbpdigital.d.a$a v7_1) {
            com.paysys.nbpdigital.d.a$a v8_1 = p8.a();
            String v9_2 = new StringBuilder();
            v9_2.append("An error occurred: ");
            v9_2.append(v7_1.getMessage());
            v8_1.onFailure(v9_2.toString());
        }
        return;
    }

Method com.paysys.nbpdigital.d.a.a():


    private javax.crypto.Cipher a(int p7)
    {
        String v0_1 = javax.crypto.Cipher.getInstance("AES/CBC/PKCS7Padding");
        java.security.Key v1_1 = this.d.getKey("MY_APP_ALIAS", 0);
        if (v1_1 != null) {
            if (p7 != 1) {
                v0_1.init(p7, v1_1, new javax.crypto.spec.IvParameterSpec(this.h()));
            } else {
                this.i();
                String v2_2 = this.i().edit();
                v2_2.remove("ENCRYPTED_PASS_SHARED_PREF_KEY");
                v2_2.remove("LAST_USED_IV_SHARED_PREF_KEY");
                v2_2.apply();
                this.d.deleteEntry("MY_APP_ALIAS");
                this.f();
                try {
                    v0_1.init(p7, v1_1);
                } catch (String v2_4) {
                    StringBuilder v4_1 = new StringBuilder();
                    v4_1.append("Encryption error =");
                    v4_1.append(v2_4);
                    android.util.Log.d("fingerPrint", v4_1.toString());
                }
                v0_1.init(p7, v1_1);
                this.b(v0_1.getIV());
            }
            return v0_1;
        } else {
            this.f();
            android.util.Log.d("fingerPrint", "keystore = null");
            return 0;
        }
    }

Method com.paysys.nbpdigital.d.a.f():


    private boolean f()
    {
        try {
            this.d = java.security.KeyStore.getInstance("AndroidKeyStore");
            this.e = javax.crypto.KeyGenerator.getInstance("AES", "AndroidKeyStore");
            this.d.load(0);
        } catch (int v0_6) {
            javax.crypto.KeyGenerator v1_3 = new StringBuilder();
            v1_3.append("Failed init of keyStore & keyGenerator: ");
            v1_3.append(v0_6.getMessage());
            this.c(v1_3.toString());
            return 0;
        }
        if (this.h() == null) {
            this.c("null array found");
            this.e.init(this.e());
            this.e.generateKey();
        }
        return 1;
    }

Method javax.crypto.KeyGenerator.getInstance() not found.

[TAINT] String 'AES' ==>>> Sink '['Ljavax/crypto/KeyGenerator;', 'getInstance', '(Ljava/lang/String; Ljava/lang/String;)Ljavax/crypto/KeyGenerator;', '0', 'CRYPTO_SINK']' [[('Lcom/paysys/nbpdigital/d/a;', 'f', '()Z'), ('Ljavax/crypto/KeyGenerator;', 'getInstance', '(Ljava/lang/String; Ljava/lang/String;)Ljavax/crypto/KeyGenerator;')]]

The insecure algorithm AES is used.

Method com.paysys.nbpdigital.d.a.f():


    private boolean f()
    {
        try {
            this.d = java.security.KeyStore.getInstance("AndroidKeyStore");
            this.e = javax.crypto.KeyGenerator.getInstance("AES", "AndroidKeyStore");
            this.d.load(0);
        } catch (int v0_6) {
            javax.crypto.KeyGenerator v1_3 = new StringBuilder();
            v1_3.append("Failed init of keyStore & keyGenerator: ");
            v1_3.append(v0_6.getMessage());
            this.c(v1_3.toString());
            return 0;
        }
        if (this.h() == null) {
            this.c("null array found");
            this.e.init(this.e());
            this.e.generateKey();
        }
        return 1;
    }

Method javax.crypto.KeyGenerator.getInstance() not found.

[TAINT] String 'AES' ==>>> Sink '['Ljavax/crypto/KeyGenerator;', 'getInstance', '(Ljava/lang/String; Ljava/lang/String;)Ljavax/crypto/KeyGenerator;', '0', 'CRYPTO_SINK']' [[('Lcom/paysys/nbpdigital/d/a;', 'a', '(Landroid/os/CancellationSignal; Lcom/paysys/nbpdigital/d/a$a;)V'), ('Lcom/paysys/nbpdigital/d/a;', 'a', '(Landroid/os/CancellationSignal; Lcom/paysys/nbpdigital/d/a$b; I)V'), ('Lcom/paysys/nbpdigital/d/a;', 'a', '(I)Ljavax/crypto/Cipher;'), ('Lcom/paysys/nbpdigital/d/a;', 'f', '()Z'), ('Ljavax/crypto/KeyGenerator;', 'getInstance', '(Ljava/lang/String; Ljava/lang/String;)Ljavax/crypto/KeyGenerator;')]]

The insecure algorithm AES is used.

Method com.paysys.nbpdigital.d.a.a():


    public void a(android.os.CancellationSignal p2, com.paysys.nbpdigital.d.a$a p3)
    {
        this.a(p2, new com.paysys.nbpdigital.d.a$c(this, p3), 2);
        return;
    }

Method com.paysys.nbpdigital.d.a.a():


    private void a(android.os.CancellationSignal p7, com.paysys.nbpdigital.d.a$b p8, int p9)
    {
        try {
            if (!this.j()) {
                p8.a().onFailure("User hasn\'t granted permission to use Fingerprint");
            } else {
                this.b.authenticate(new android.hardware.fingerprint.FingerprintManager$CryptoObject(this.a(p9)), p7, 0, p8, 0);
            }
        } catch (com.paysys.nbpdigital.d.a$a v7_1) {
            com.paysys.nbpdigital.d.a$a v8_1 = p8.a();
            String v9_2 = new StringBuilder();
            v9_2.append("An error occurred: ");
            v9_2.append(v7_1.getMessage());
            v8_1.onFailure(v9_2.toString());
        }
        return;
    }

Method com.paysys.nbpdigital.d.a.a():


    private javax.crypto.Cipher a(int p7)
    {
        String v0_1 = javax.crypto.Cipher.getInstance("AES/CBC/PKCS7Padding");
        java.security.Key v1_1 = this.d.getKey("MY_APP_ALIAS", 0);
        if (v1_1 != null) {
            if (p7 != 1) {
                v0_1.init(p7, v1_1, new javax.crypto.spec.IvParameterSpec(this.h()));
            } else {
                this.i();
                String v2_2 = this.i().edit();
                v2_2.remove("ENCRYPTED_PASS_SHARED_PREF_KEY");
                v2_2.remove("LAST_USED_IV_SHARED_PREF_KEY");
                v2_2.apply();
                this.d.deleteEntry("MY_APP_ALIAS");
                this.f();
                try {
                    v0_1.init(p7, v1_1);
                } catch (String v2_4) {
                    StringBuilder v4_1 = new StringBuilder();
                    v4_1.append("Encryption error =");
                    v4_1.append(v2_4);
                    android.util.Log.d("fingerPrint", v4_1.toString());
                }
                v0_1.init(p7, v1_1);
                this.b(v0_1.getIV());
            }
            return v0_1;
        } else {
            this.f();
            android.util.Log.d("fingerPrint", "keystore = null");
            return 0;
        }
    }

Method com.paysys.nbpdigital.d.a.f():


    private boolean f()
    {
        try {
            this.d = java.security.KeyStore.getInstance("AndroidKeyStore");
            this.e = javax.crypto.KeyGenerator.getInstance("AES", "AndroidKeyStore");
            this.d.load(0);
        } catch (int v0_6) {
            javax.crypto.KeyGenerator v1_3 = new StringBuilder();
            v1_3.append("Failed init of keyStore & keyGenerator: ");
            v1_3.append(v0_6.getMessage());
            this.c(v1_3.toString());
            return 0;
        }
        if (this.h() == null) {
            this.c("null array found");
            this.e.init(this.e());
            this.e.generateKey();
        }
        return 1;
    }

Method javax.crypto.KeyGenerator.getInstance() not found.

[TAINT] String 'AES' ==>>> Sink '['Ljavax/crypto/KeyGenerator;', 'getInstance', '(Ljava/lang/String; Ljava/lang/String;)Ljavax/crypto/KeyGenerator;', '0', 'CRYPTO_SINK']' [[('Lcom/paysys/nbpdigital/d/a;', 'a', '(Ljava/lang/String; Landroid/os/CancellationSignal; Lcom/paysys/nbpdigital/d/a$a;)V'), ('Lcom/paysys/nbpdigital/d/a;', 'a', '(Landroid/os/CancellationSignal; Lcom/paysys/nbpdigital/d/a$b; I)V'), ('Lcom/paysys/nbpdigital/d/a;', 'a', '(I)Ljavax/crypto/Cipher;'), ('Lcom/paysys/nbpdigital/d/a;', 'f', '()Z'), ('Ljavax/crypto/KeyGenerator;', 'getInstance', '(Ljava/lang/String; Ljava/lang/String;)Ljavax/crypto/KeyGenerator;')]]

The insecure algorithm AES is used.

Method com.paysys.nbpdigital.d.a.a():


    public void a(String p2, android.os.CancellationSignal p3, com.paysys.nbpdigital.d.a$a p4)
    {
        this.a(p3, new com.paysys.nbpdigital.d.a$d(this, p4, p2), 1);
        return;
    }

Method com.paysys.nbpdigital.d.a.a():


    private void a(android.os.CancellationSignal p7, com.paysys.nbpdigital.d.a$b p8, int p9)
    {
        try {
            if (!this.j()) {
                p8.a().onFailure("User hasn\'t granted permission to use Fingerprint");
            } else {
                this.b.authenticate(new android.hardware.fingerprint.FingerprintManager$CryptoObject(this.a(p9)), p7, 0, p8, 0);
            }
        } catch (com.paysys.nbpdigital.d.a$a v7_1) {
            com.paysys.nbpdigital.d.a$a v8_1 = p8.a();
            String v9_2 = new StringBuilder();
            v9_2.append("An error occurred: ");
            v9_2.append(v7_1.getMessage());
            v8_1.onFailure(v9_2.toString());
        }
        return;
    }

Method com.paysys.nbpdigital.d.a.a():


    private javax.crypto.Cipher a(int p7)
    {
        String v0_1 = javax.crypto.Cipher.getInstance("AES/CBC/PKCS7Padding");
        java.security.Key v1_1 = this.d.getKey("MY_APP_ALIAS", 0);
        if (v1_1 != null) {
            if (p7 != 1) {
                v0_1.init(p7, v1_1, new javax.crypto.spec.IvParameterSpec(this.h()));
            } else {
                this.i();
                String v2_2 = this.i().edit();
                v2_2.remove("ENCRYPTED_PASS_SHARED_PREF_KEY");
                v2_2.remove("LAST_USED_IV_SHARED_PREF_KEY");
                v2_2.apply();
                this.d.deleteEntry("MY_APP_ALIAS");
                this.f();
                try {
                    v0_1.init(p7, v1_1);
                } catch (String v2_4) {
                    StringBuilder v4_1 = new StringBuilder();
                    v4_1.append("Encryption error =");
                    v4_1.append(v2_4);
                    android.util.Log.d("fingerPrint", v4_1.toString());
                }
                v0_1.init(p7, v1_1);
                this.b(v0_1.getIV());
            }
            return v0_1;
        } else {
            this.f();
            android.util.Log.d("fingerPrint", "keystore = null");
            return 0;
        }
    }

Method com.paysys.nbpdigital.d.a.f():


    private boolean f()
    {
        try {
            this.d = java.security.KeyStore.getInstance("AndroidKeyStore");
            this.e = javax.crypto.KeyGenerator.getInstance("AES", "AndroidKeyStore");
            this.d.load(0);
        } catch (int v0_6) {
            javax.crypto.KeyGenerator v1_3 = new StringBuilder();
            v1_3.append("Failed init of keyStore & keyGenerator: ");
            v1_3.append(v0_6.getMessage());
            this.c(v1_3.toString());
            return 0;
        }
        if (this.h() == null) {
            this.c("null array found");
            this.e.init(this.e());
            this.e.generateKey();
        }
        return 1;
    }

Method javax.crypto.KeyGenerator.getInstance() not found.

[TAINT] String 'AES' ==>>> Sink '['Ljavax/crypto/KeyGenerator;', 'getInstance', '(Ljava/lang/String; Ljava/lang/String;)Ljavax/crypto/KeyGenerator;', '0', 'CRYPTO_SINK']' [[('Lcom/paysys/nbpdigital/d/a;', 'b', '()Z'), ('Lcom/paysys/nbpdigital/d/a;', 'f', '()Z'), ('Ljavax/crypto/KeyGenerator;', 'getInstance', '(Ljava/lang/String; Ljava/lang/String;)Ljavax/crypto/KeyGenerator;')]]

The insecure algorithm AES is used.

Method com.paysys.nbpdigital.d.a.b():


    public boolean b()
    {
        boolean v0_12;
        this.a = ((android.app.KeyguardManager) this.c.getSystemService("keyguard"));
        this.b = ((android.hardware.fingerprint.FingerprintManager) this.c.getSystemService("fingerprint"));
        if (android.os.Build$VERSION.SDK_INT >= 23) {
            if (this.b.isHardwareDetected()) {
                if (this.a.isKeyguardSecure()) {
                    if (this.j()) {
                        if (this.b.hasEnrolledFingerprints()) {
                            // Both branches of the condition point to the same code.
                            // if (this.f()) {
                                return 0;
                            // }
                        } else {
                            v0_12 = "User hasn\'t registered any fingerprints";
                        }
                    } else {
                        v0_12 = "User hasn\'t granted permission to use Fingerprint";
                    }
                } else {
                    v0_12 = "User hasn\'t enabled Lock Screen";
                }
            } else {
                v0_12 = "Device doesn\'t support fingerprint authentication";
            }
        } else {
            v0_12 = "Fingerprint API only available on from Android 6.0 (M)";
        }
        this.c(v0_12);
        return 0;
    }

Method com.paysys.nbpdigital.d.a.f():


    private boolean f()
    {
        try {
            this.d = java.security.KeyStore.getInstance("AndroidKeyStore");
            this.e = javax.crypto.KeyGenerator.getInstance("AES", "AndroidKeyStore");
            this.d.load(0);
        } catch (int v0_6) {
            javax.crypto.KeyGenerator v1_3 = new StringBuilder();
            v1_3.append("Failed init of keyStore & keyGenerator: ");
            v1_3.append(v0_6.getMessage());
            this.c(v1_3.toString());
            return 0;
        }
        if (this.h() == null) {
            this.c("null array found");
            this.e.init(this.e());
            this.e.generateKey();
        }
        return 1;
    }

Method javax.crypto.KeyGenerator.getInstance() not found.

[TAINT] String 'AES' ==>>> Sink '['Ljavax/crypto/KeyGenerator;', 'getInstance', '(Ljava/lang/String; Ljava/lang/String;)Ljavax/crypto/KeyGenerator;', '0', 'CRYPTO_SINK']' [[('Lcom/paysys/nbpdigital/d/a;', 'd', '()Z'), ('Lcom/paysys/nbpdigital/d/a;', 'f', '()Z'), ('Ljavax/crypto/KeyGenerator;', 'getInstance', '(Ljava/lang/String; Ljava/lang/String;)Ljavax/crypto/KeyGenerator;')]]

The insecure algorithm AES is used.

Method com.paysys.nbpdigital.d.a.d():


    public boolean d()
    {
        java.security.KeyStoreException v0_4 = this.i().edit();
        v0_4.remove("ENCRYPTED_PASS_SHARED_PREF_KEY");
        v0_4.remove("LAST_USED_IV_SHARED_PREF_KEY");
        v0_4.apply();
        if (android.os.Build$VERSION.SDK_INT >= 23) {
            try {
                this.d.deleteEntry("MY_APP_ALIAS");
            } catch (java.security.KeyStoreException v0_2) {
                v0_2.printStackTrace();
            }
            this.f();
        }
        return 1;
    }

Method com.paysys.nbpdigital.d.a.f():


    private boolean f()
    {
        try {
            this.d = java.security.KeyStore.getInstance("AndroidKeyStore");
            this.e = javax.crypto.KeyGenerator.getInstance("AES", "AndroidKeyStore");
            this.d.load(0);
        } catch (int v0_6) {
            javax.crypto.KeyGenerator v1_3 = new StringBuilder();
            v1_3.append("Failed init of keyStore & keyGenerator: ");
            v1_3.append(v0_6.getMessage());
            this.c(v1_3.toString());
            return 0;
        }
        if (this.h() == null) {
            this.c("null array found");
            this.e.init(this.e());
            this.e.generateKey();
        }
        return 1;
    }

Method javax.crypto.KeyGenerator.getInstance() not found.

[TAINT] String 'AES' ==>>> Sink '['Ljavax/crypto/KeyGenerator;', 'getInstance', '(Ljava/lang/String; Ljava/lang/String;)Ljavax/crypto/KeyGenerator;', '0', 'CRYPTO_SINK']' [[('Lcom/paysys/nbpdigital/fragments/LoginFragment$onClickListener;', 'onClick', '(Landroid/view/View;)V'), ('Lcom/paysys/nbpdigital/fragments/LoginFragment;', 'access$400', '(Lcom/paysys/nbpdigital/fragments/LoginFragment;)V'), ('Lcom/paysys/nbpdigital/fragments/LoginFragment;', 'InitiateTouchID', '()V'), ('Lcom/paysys/nbpdigital/d/a;', 'a', '(Landroid/os/CancellationSignal; Lcom/paysys/nbpdigital/d/a$a;)V'), ('Lcom/paysys/nbpdigital/d/a;', 'a', '(Landroid/os/CancellationSignal; Lcom/paysys/nbpdigital/d/a$b; I)V'), ('Lcom/paysys/nbpdigital/d/a;', 'a', '(I)Ljavax/crypto/Cipher;'), ('Lcom/paysys/nbpdigital/d/a;', 'f', '()Z'), ('Ljavax/crypto/KeyGenerator;', 'getInstance', '(Ljava/lang/String; Ljava/lang/String;)Ljavax/crypto/KeyGenerator;')]]

The insecure algorithm AES is used.

Method com.paysys.nbpdigital.fragments.LoginFragment$onClickListener.onClick():


    public void onClick(android.view.View p2)
    {
        com.paysys.nbpdigital.fragments.registration.RegistrationFragment v0_1;
        com.paysys.nbpdigital.fragments.LoginFragment v2_4;
        switch (p2.getId()) {
            case 2131296309:
                v2_4 = this.this$0.getMainActivity();
                v0_1 = new com.paysys.nbpdigital.fragments.Gmap();
                v2_4.addDockableFragment(v0_1);
                break;
            case 2131296310:
                v2_4 = this.this$0.getMainActivity();
                v0_1 = new com.paysys.nbpdigital.fragments.ContactUsFragment();
                break;
            case 2131296311:
                v2_4 = this.this$0.getMainActivity();
                v0_1 = new com.paysys.nbpdigital.fragments.FAQFragment();
                break;
            case 2131296314:
                v2_4 = this.this$0.getMainActivity();
                v0_1 = new com.paysys.nbpdigital.fragments.TNCFragment();
                break;
            case 2131296315:
                v2_4 = this.this$0.getMainActivity();
                v0_1 = new com.paysys.nbpdigital.fragments.TouchIdOperationsFragment();
                break;
            case 2131296331:
                v2_4 = this.this$0.getMainActivity();
                v0_1 = new com.paysys.nbpdigital.fragments.ForgotPasswordFragment();
                break;
            case 2131296342:
                v2_4 = this.this$0.getMainActivity();
                v0_1 = new com.paysys.nbpdigital.fragments.registration.RegistrationFragment();
                break;
            case 2131296346:
                com.paysys.nbpdigital.fragments.LoginFragment.access$100(this.this$0);
                if (!com.paysys.nbpdigital.fragments.LoginFragment.access$200(this.this$0)) {
                } else {
                    com.paysys.nbpdigital.fragments.LoginFragment.access$300(this.this$0);
                }
                break;
            case 2131296352:
                com.paysys.nbpdigital.fragments.LoginFragment.access$400(this.this$0);
                break;
            default:
        }
        return;
    }

Method com.paysys.nbpdigital.fragments.LoginFragment.access$400():


    static synthetic void access$400(com.paysys.nbpdigital.fragments.LoginFragment p0)
    {
        p0.InitiateTouchID();
        return;
    }

Method com.paysys.nbpdigital.fragments.LoginFragment.InitiateTouchID():


    private void InitiateTouchID()
    {
        if (android.os.Build$VERSION.SDK_INT >= 23) {
            if (!this.fingerPrintAuthHelper.c()) {
                this.getMainActivity().addDockableFragment(new com.paysys.nbpdigital.fragments.TouchIdFragment());
            } else {
                this.initTouchIDDialoge(this.getString(2131558507));
                this.fingerPrintAuthHelper.a(new android.os.CancellationSignal(), this.getAuthListener(1));
            }
        }
        return;
    }

Method com.paysys.nbpdigital.d.a.a():


    public void a(android.os.CancellationSignal p2, com.paysys.nbpdigital.d.a$a p3)
    {
        this.a(p2, new com.paysys.nbpdigital.d.a$c(this, p3), 2);
        return;
    }

Method com.paysys.nbpdigital.d.a.a():


    private void a(android.os.CancellationSignal p7, com.paysys.nbpdigital.d.a$b p8, int p9)
    {
        try {
            if (!this.j()) {
                p8.a().onFailure("User hasn\'t granted permission to use Fingerprint");
            } else {
                this.b.authenticate(new android.hardware.fingerprint.FingerprintManager$CryptoObject(this.a(p9)), p7, 0, p8, 0);
            }
        } catch (com.paysys.nbpdigital.d.a$a v7_1) {
            com.paysys.nbpdigital.d.a$a v8_1 = p8.a();
            String v9_2 = new StringBuilder();
            v9_2.append("An error occurred: ");
            v9_2.append(v7_1.getMessage());
            v8_1.onFailure(v9_2.toString());
        }
        return;
    }

Method com.paysys.nbpdigital.d.a.a():


    private javax.crypto.Cipher a(int p7)
    {
        String v0_1 = javax.crypto.Cipher.getInstance("AES/CBC/PKCS7Padding");
        java.security.Key v1_1 = this.d.getKey("MY_APP_ALIAS", 0);
        if (v1_1 != null) {
            if (p7 != 1) {
                v0_1.init(p7, v1_1, new javax.crypto.spec.IvParameterSpec(this.h()));
            } else {
                this.i();
                String v2_2 = this.i().edit();
                v2_2.remove("ENCRYPTED_PASS_SHARED_PREF_KEY");
                v2_2.remove("LAST_USED_IV_SHARED_PREF_KEY");
                v2_2.apply();
                this.d.deleteEntry("MY_APP_ALIAS");
                this.f();
                try {
                    v0_1.init(p7, v1_1);
                } catch (String v2_4) {
                    StringBuilder v4_1 = new StringBuilder();
                    v4_1.append("Encryption error =");
                    v4_1.append(v2_4);
                    android.util.Log.d("fingerPrint", v4_1.toString());
                }
                v0_1.init(p7, v1_1);
                this.b(v0_1.getIV());
            }
            return v0_1;
        } else {
            this.f();
            android.util.Log.d("fingerPrint", "keystore = null");
            return 0;
        }
    }

Method com.paysys.nbpdigital.d.a.f():


    private boolean f()
    {
        try {
            this.d = java.security.KeyStore.getInstance("AndroidKeyStore");
            this.e = javax.crypto.KeyGenerator.getInstance("AES", "AndroidKeyStore");
            this.d.load(0);
        } catch (int v0_6) {
            javax.crypto.KeyGenerator v1_3 = new StringBuilder();
            v1_3.append("Failed init of keyStore & keyGenerator: ");
            v1_3.append(v0_6.getMessage());
            this.c(v1_3.toString());
            return 0;
        }
        if (this.h() == null) {
            this.c("null array found");
            this.e.init(this.e());
            this.e.generateKey();
        }
        return 1;
    }

Method javax.crypto.KeyGenerator.getInstance() not found.

[TAINT] String 'AES' ==>>> Sink '['Ljavax/crypto/KeyGenerator;', 'getInstance', '(Ljava/lang/String; Ljava/lang/String;)Ljavax/crypto/KeyGenerator;', '0', 'CRYPTO_SINK']' [[('Lcom/paysys/nbpdigital/fragments/TouchIdOperationsFragment$onClickListner;', 'onClick', '(Landroid/view/View;)V'), ('Lcom/paysys/nbpdigital/fragments/TouchIdOperationsFragment;', 'access$200', '(Lcom/paysys/nbpdigital/fragments/TouchIdOperationsFragment;)V'), ('Lcom/paysys/nbpdigital/fragments/TouchIdOperationsFragment;', 'disableTouchID', '()V'), ('Lcom/paysys/nbpdigital/d/a;', 'd', '()Z'), ('Lcom/paysys/nbpdigital/d/a;', 'f', '()Z'), ('Ljavax/crypto/KeyGenerator;', 'getInstance', '(Ljava/lang/String; Ljava/lang/String;)Ljavax/crypto/KeyGenerator;')]]

The insecure algorithm AES is used.

Method com.paysys.nbpdigital.fragments.TouchIdOperationsFragment$onClickListner.onClick():


    public void onClick(android.view.View p1)
    {
        switch (p1.getId()) {
            case 2131296890:
                com.paysys.nbpdigital.fragments.TouchIdOperationsFragment.access$200(this.this$0);
                break;
            case 2131296891:
                com.paysys.nbpdigital.fragments.TouchIdOperationsFragment.access$100(this.this$0);
                break;
            default:
        }
        return;
    }

Method com.paysys.nbpdigital.fragments.TouchIdOperationsFragment.access$200():


    static synthetic void access$200(com.paysys.nbpdigital.fragments.TouchIdOperationsFragment p0)
    {
        p0.disableTouchID();
        return;
    }

Method com.paysys.nbpdigital.fragments.TouchIdOperationsFragment.disableTouchID():


    private void disableTouchID()
    {
        if ((this.isValidateSuccessTouchID()) && (this.fingerPrintAuthHelper.d())) {
            this.dialogBox("Touch ID is now disable", 0);
        }
        return;
    }

Method com.paysys.nbpdigital.d.a.d():


    public boolean d()
    {
        java.security.KeyStoreException v0_4 = this.i().edit();
        v0_4.remove("ENCRYPTED_PASS_SHARED_PREF_KEY");
        v0_4.remove("LAST_USED_IV_SHARED_PREF_KEY");
        v0_4.apply();
        if (android.os.Build$VERSION.SDK_INT >= 23) {
            try {
                this.d.deleteEntry("MY_APP_ALIAS");
            } catch (java.security.KeyStoreException v0_2) {
                v0_2.printStackTrace();
            }
            this.f();
        }
        return 1;
    }

Method com.paysys.nbpdigital.d.a.f():


    private boolean f()
    {
        try {
            this.d = java.security.KeyStore.getInstance("AndroidKeyStore");
            this.e = javax.crypto.KeyGenerator.getInstance("AES", "AndroidKeyStore");
            this.d.load(0);
        } catch (int v0_6) {
            javax.crypto.KeyGenerator v1_3 = new StringBuilder();
            v1_3.append("Failed init of keyStore & keyGenerator: ");
            v1_3.append(v0_6.getMessage());
            this.c(v1_3.toString());
            return 0;
        }
        if (this.h() == null) {
            this.c("null array found");
            this.e.init(this.e());
            this.e.generateKey();
        }
        return 1;
    }

Method javax.crypto.KeyGenerator.getInstance() not found.