Potentially Cryptographic Vulnerability: Hardcoded key

Description

The data is encrypted using a weak key

Recommendation

We recommend AES for general-purpose use. If you're willing to go against the grain and are paranoid, you can use Serpent, which isn't quite as fast as AES but is believed to have a much higher security margin.

If you really feel that you need the fastest possible secure solution, consider the SNOW 2.0 stream cipher, which currently looks very good. It appears to have a much better security margin than the popular favorite, RC4, and is even faster. However, it is fairly new. If you're highly risk-adverse, we recommend AES or Serpent. Although popular, RC4 would never be the best available choice.

Technical details
[TAINT] String 'tk' ==>>> Sink '['Ljavax/crypto/spec/SecretKeySpec;', '<init>', '([B Ljava/lang/String;)V', '0', 'CRYPTO_SINK']' [[('Lregister/ibl_locationtracking/IBL_Location_Tracker$1;', 'onLocationChanged', '(Landroid/location/Location;)V'), ('Lregister/ibl_locationtracking/DBHandler;', 'Insert_LocationTracking', '(Lregister/ibl_locationtracking/Trackingdetails;)V'), ('Lregister/ibl_locationtracking/Maraiyeettiyal;', 'MaraikuriyakkuAngikaramString', '(Ljava/lang/String;)Ljava/lang/String;'), ('Ljavax/crypto/spec/SecretKeySpec;', '<init>', '([B Ljava/lang/String;)V')]]

The application uses a hardcoded secret key 'tk' to encrypt the data

Method register.ibl_locationtracking.IBL_Location_Tracker$1.onLocationChanged():


    public void onLocationChanged(android.location.Location p30)
    {
        if (p30 != null) {
            this.this$0.objCallSoap = new register.ibl_locationtracking.CallSoap();
            this.this$0.objCallSoap.WriteLog("LocationListener Started.");
            this.this$0.isConnectingToInternet = this.this$0.objCallSoap.isConnectingToInternet(this.this$0.getApplicationContext());
            String v21 = this.this$0.GetCurrentDate();
            if (!this.this$0.isConnectingToInternet) {
                try {
                    this.this$0.objCallSoap.WriteLog("Offline Location Updation Started");
                    register.ibl_locationtracking.IBL_Location_Tracker.startLatitude = p30.getLatitude();
                    register.ibl_locationtracking.IBL_Location_Tracker.startLongitude = p30.getLongitude();
                    register.ibl_locationtracking.IBL_Location_Tracker.access$900(this.this$0, new StringBuilder().append("Offline\nLatutide  - ").append(Double.valueOf(register.ibl_locationtracking.IBL_Location_Tracker.startLatitude)).append("\nLongitude - ").append(Double.valueOf(register.ibl_locationtracking.IBL_Location_Tracker.startLongitude)).append("\n").append(v21).toString());
                    register.ibl_locationtracking.IBL_Location_Tracker.access$1602(this.this$0, 0);
                    register.ibl_locationtracking.IBL_Location_Tracker.access$1002(this.this$0, "");
                    android.location.Location v27_1 = new android.location.Location;
                    v27_1("locationA");
                    v27_1.setLatitude(register.ibl_locationtracking.IBL_Location_Tracker.ExistingstartLatitude);
                    v27_1.setLongitude(register.ibl_locationtracking.IBL_Location_Tracker.ExistingstartLongitude);
                    android.location.Location v26_1 = new android.location.Location;
                    v26_1("locationA");
                    v26_1.setLatitude(register.ibl_locationtracking.IBL_Location_Tracker.startLatitude);
                    v26_1.setLongitude(register.ibl_locationtracking.IBL_Location_Tracker.startLongitude);
                    long v22_0 = ((double) v27_1.distanceTo(v26_1));
                    register.ibl_locationtracking.IBL_Location_Tracker.isDistanceChanged = 0;
                } catch (Exception v24_0) {
                    v24_0.printStackTrace();
                    this.this$0.objCallSoap.WriteLog(new StringBuilder().append("LocationListener Offline catch Error: ").append(v24_0.getMessage().toString()).toString());
                }
                if (v22_0 >= ((double) register.ibl_locationtracking.LocationWebService.MaxDistance)) {
                    register.ibl_locationtracking.IBL_Location_Tracker.isDistanceChanged = 1;
                    this.this$0.objMainActivity = new register.ibl_locationtracking.MainActivity();
                    register.ibl_locationtracking.IBL_Location_Tracker.ExistingstartLatitude = register.ibl_locationtracking.IBL_Location_Tracker.startLatitude;
                    register.ibl_locationtracking.IBL_Location_Tracker.ExistingstartLongitude = register.ibl_locationtracking.IBL_Location_Tracker.startLongitude;
                    if (v22_0 > 2000000.0) {
                        v22_0 = 0;
                    }
                    register.ibl_locationtracking.IBL_Location_Tracker.access$1702(this.this$0, (register.ibl_locationtracking.IBL_Location_Tracker.access$1700(this.this$0) + v22_0));
                    register.ibl_locationtracking.IBL_Location_Tracker.access$1802(this.this$0, (register.ibl_locationtracking.IBL_Location_Tracker.access$1700(this.this$0) / 1000.0));
                    register.ibl_locationtracking.MainActivity.txtDistance.setText(new StringBuilder().append("Distance : ").append(register.ibl_locationtracking.IBL_Location_Tracker.access$1900(this.this$0).format(register.ibl_locationtracking.IBL_Location_Tracker.access$1800(this.this$0))).toString());
                    this.this$0.objdbHandler = new register.ibl_locationtracking.DBHandler(register.ibl_locationtracking.IBL_Location_Tracker.access$100(this.this$0));
                    this.this$0.objdbHandler.OpenDataBase();
                    this.this$0.objdbHandler.Insert_LocationTracking(new register.ibl_locationtracking.Trackingdetails(this.this$0.GetCurrentDate(), String.valueOf(register.ibl_locationtracking.IBL_Location_Tracker.startLatitude), String.valueOf(register.ibl_locationtracking.IBL_Location_Tracker.startLongitude), register.ibl_locationtracking.IBL_Location_Tracker.access$1000(this.this$0), String.valueOf(v22_0), register.ibl_locationtracking.IBL_Location_Tracker.access$2000(this.this$0), register.ibl_locationtracking.IBL_Location_Tracker.access$2100(this.this$0), register.ibl_locationtracking.IBL_Location_Tracker.access$2200(this.this$0), String.valueOf(register.ibl_locationtracking.IBL_Location_Tracker.access$1600(this.this$0)), register.ibl_locationtracking.IBL_Location_Tracker.access$2300(this.this$0), register.ibl_locationtracking.IBL_Location_Tracker.access$2400(this.this$0), register.ibl_locationtracking.IBL_Location_Tracker.access$2500(this.this$0), register.ibl_locationtracking.IBL_Location_Tracker.access$2600(this.this$0), 0, "", "", "", 1));
                    this.this$0.objCallSoap.WriteLog("Offline Location Updation Ended");
                }
            } else {
                try {
                    this.this$0.objCallSoap = new register.ibl_locationtracking.CallSoap();
                    this.this$0.objCallSoap.WriteLog("Online Location Updation Started.");
                    this.this$0.objdbHandler = new register.ibl_locationtracking.DBHandler(this.this$0.getApplicationContext());
                    this.this$0.objdbHandler.JSyncDatatoServer();
                } catch (Exception v24_1) {
                    v24_1.printStackTrace();
                    this.this$0.objCallSoap.WriteLog(new StringBuilder().append("LocationListener Online catch Error: ").append(v24_1.getMessage().toString()).toString());
                }
                if (register.ibl_locationtracking.DBHandler.objJSONArray.length() > 0) {
                    this.this$0.objCallSoap.WriteLog("Sync Data to Server Started.");
                    register.ibl_locationtracking.CallSoap v2_42 = new register.ibl_locationtracking.LocationSync(this.this$0.getApplicationContext());
                    String v3_32 = new String[2];
                    v3_32[0] = String.valueOf(register.ibl_locationtracking.DBHandler.objJSONArray);
                    v3_32[1] = String.valueOf(register.ibl_locationtracking.DBHandler.objJSONArray);
                    v2_42.execute(v3_32);
                }
                register.ibl_locationtracking.IBL_Location_Tracker.startLatitude = p30.getLatitude();
                register.ibl_locationtracking.IBL_Location_Tracker.startLongitude = p30.getLongitude();
                register.ibl_locationtracking.IBL_Location_Tracker.access$900(this.this$0, new StringBuilder().append("Online\nLatutide  - ").append(Double.valueOf(register.ibl_locationtracking.IBL_Location_Tracker.startLatitude)).append("\nLongitude - ").append(Double.valueOf(register.ibl_locationtracking.IBL_Location_Tracker.startLongitude)).append("\n").append(v21).toString());
                this.this$0.geocoder = new android.location.Geocoder(this.this$0.getApplicationContext(), java.util.Locale.getDefault());
                try {
                    this.this$0.addresses = this.this$0.geocoder.getFromLocation(register.ibl_locationtracking.IBL_Location_Tracker.startLatitude, register.ibl_locationtracking.IBL_Location_Tracker.startLongitude, 1);
                } catch (java.io.IOException v25) {
                    v25.printStackTrace();
                    register.ibl_locationtracking.IBL_Location_Tracker.access$1602(this.this$0, 1);
                    android.location.Location v27_0 = new android.location.Location;
                    v27_0("locationA");
                    v27_0.setLatitude(register.ibl_locationtracking.IBL_Location_Tracker.ExistingstartLatitude);
                    v27_0.setLongitude(register.ibl_locationtracking.IBL_Location_Tracker.ExistingstartLongitude);
                    android.location.Location v26_0 = new android.location.Location;
                    v26_0("locationA");
                    v26_0.setLatitude(register.ibl_locationtracking.IBL_Location_Tracker.startLatitude);
                    v26_0.setLongitude(register.ibl_locationtracking.IBL_Location_Tracker.startLongitude);
                    long v22_1 = ((double) v27_0.distanceTo(v26_0));
                    register.ibl_locationtracking.IBL_Location_Tracker.isDistanceChanged = 0;
                    if (v22_1 >= ((double) register.ibl_locationtracking.LocationWebService.MaxDistance)) {
                        register.ibl_locationtracking.IBL_Location_Tracker.isDistanceChanged = 1;
                        this.this$0.objMainActivity = new register.ibl_locationtracking.MainActivity();
                        register.ibl_locationtracking.IBL_Location_Tracker.ExistingstartLatitude = register.ibl_locationtracking.IBL_Location_Tracker.startLatitude;
                        register.ibl_locationtracking.IBL_Location_Tracker.ExistingstartLongitude = register.ibl_locationtracking.IBL_Location_Tracker.startLongitude;
                        register.ibl_locationtracking.IBL_Location_Tracker.dblbeforestoplat = register.ibl_locationtracking.IBL_Location_Tracker.startLatitude;
                        register.ibl_locationtracking.IBL_Location_Tracker.dblbeforestoplan = register.ibl_locationtracking.IBL_Location_Tracker.startLongitude;
                        if (v22_1 > 2000000.0) {
                            v22_1 = 0;
                        }
                        register.ibl_locationtracking.IBL_Location_Tracker.access$1702(this.this$0, (register.ibl_locationtracking.IBL_Location_Tracker.access$1700(this.this$0) + v22_1));
                        register.ibl_locationtracking.IBL_Location_Tracker.access$1802(this.this$0, (register.ibl_locationtracking.IBL_Location_Tracker.access$1700(this.this$0) / 1000.0));
                        register.ibl_locationtracking.MainActivity.txtDistance.setText(String.valueOf(new StringBuilder().append("Distance : ").append(register.ibl_locationtracking.IBL_Location_Tracker.access$1900(this.this$0).format(register.ibl_locationtracking.IBL_Location_Tracker.access$1800(this.this$0))).toString()));
                        register.ibl_locationtracking.CallSoap v2_118 = new register.ibl_locationtracking.LocationWebService(this.this$0.getApplicationContext());
                        String v3_85 = new String[5];
                        v3_85[0] = String.valueOf(register.ibl_locationtracking.IBL_Location_Tracker.startLatitude);
                        v3_85[1] = String.valueOf(register.ibl_locationtracking.IBL_Location_Tracker.startLongitude);
                        v3_85[2] = register.ibl_locationtracking.IBL_Location_Tracker.access$1000(this.this$0);
                        v3_85[3] = String.valueOf(v22_1);
                        v3_85[4] = String.valueOf(register.ibl_locationtracking.IBL_Location_Tracker.access$1600(this.this$0));
                        v2_118.execute(v3_85);
                        this.this$0.objCallSoap.WriteLog("Online Location Updation Ended.");
                    }
                }
                if (!android.location.Geocoder.isPresent()) {
                    register.ibl_locationtracking.IBL_Location_Tracker.access$1002(this.this$0, "");
                    register.ibl_locationtracking.IBL_Location_Tracker.access$1102(this.this$0, "");
                    register.ibl_locationtracking.IBL_Location_Tracker.access$1202(this.this$0, "");
                    register.ibl_locationtracking.IBL_Location_Tracker.access$1302(this.this$0, "");
                    register.ibl_locationtracking.IBL_Location_Tracker.access$1402(this.this$0, "");
                    register.ibl_locationtracking.IBL_Location_Tracker.access$1502(this.this$0, "");
                } else {
                    register.ibl_locationtracking.IBL_Location_Tracker.access$1002(this.this$0, ((android.location.Address) this.this$0.addresses.get(0)).getAddressLine(0));
                    register.ibl_locationtracking.IBL_Location_Tracker.access$1102(this.this$0, ((android.location.Address) this.this$0.addresses.get(0)).getLocality());
                    register.ibl_locationtracking.IBL_Location_Tracker.access$1202(this.this$0, ((android.location.Address) this.this$0.addresses.get(0)).getAdminArea());
                    register.ibl_locationtracking.IBL_Location_Tracker.access$1302(this.this$0, ((android.location.Address) this.this$0.addresses.get(0)).getCountryName());
                    register.ibl_locationtracking.IBL_Location_Tracker.access$1402(this.this$0, ((android.location.Address) this.this$0.addresses.get(0)).getPostalCode());
                    register.ibl_locationtracking.IBL_Location_Tracker.access$1502(this.this$0, ((android.location.Address) this.this$0.addresses.get(0)).getFeatureName());
                }
            }
        }
        return;
    }

Method register.ibl_locationtracking.DBHandler.Insert_LocationTracking():


    public void Insert_LocationTracking(register.ibl_locationtracking.Trackingdetails p7)
    {
        this.dbhelper = register.ibl_locationtracking.DBHandler.getInstance(register.ibl_locationtracking.DBHandler.myContext);
        try {
            this.objMaraiyeettiyal = new register.ibl_locationtracking.Maraiyeettiyal();
            this.objCallSoap = new register.ibl_locationtracking.CallSoap();
            this.objCallSoap.WriteLog("DBHandler OffLine Insert_LocationTracking...");
            this.GetMobileinformation();
        } catch (android.database.SQLException v1) {
            this.objCallSoap = new register.ibl_locationtracking.CallSoap();
            this.objCallSoap.WriteLog(new StringBuilder().append("DBHandler Insert_LocationTracking Catch Error: ").append(v1.getMessage().toString()).toString());
            throw v1;
        } catch (register.ibl_locationtracking.DBHandler v3_26) {
            this.db.endTransaction();
            if (this.db != null) {
                if (this.db.isOpen()) {
                    this.db.close();
                }
            }
            if (this.dbhelper != null) {
                this.dbhelper.close();
            }
            throw v3_26;
        }
        if (!register.ibl_locationtracking.MainActivity.isServiceStopped) {
            this.DeviceModelName = new StringBuilder().append(this.StrDevicemodel).append(" | Service Started").toString();
        } else {
            this.DeviceModelName = new StringBuilder().append(this.StrDevicemodel).append(" | Service Stopped").toString();
        }
        try {
            this.db = this.dbhelper.getWritableDatabase();
            this.db.beginTransaction();
            android.content.ContentValues v2_1 = new android.content.ContentValues();
            v2_1.put("LTD_Date", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(p7.getLTD_Date()).toString());
            v2_1.put("LTD_Latitude", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(p7.getLTD_Latitude()).toString());
            v2_1.put("LTD_Longitude", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(p7.getLTD_Longitude()).toString());
            v2_1.put("LTD_LocationName", "");
            v2_1.put("LTD_DistancefromLastLocation", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(p7.getLTD_DistancefromLastLocation()).toString());
            v2_1.put("LTD_MobileNumber1", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.StrMobNo1).toString());
            v2_1.put("LTD_MobileNumber2", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.StrMobNo2).toString());
            v2_1.put("LTD_DeviceName", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.DeviceModelName).toString());
            v2_1.put("LTD_IsOnline", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(p7.getLTD_IsOnline()).toString());
            v2_1.put("LTD_IMEI1", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.StrIMEI1).toString());
            v2_1.put("LTD_IMEI2", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.StrIMEI2).toString());
            v2_1.put("LTD_MACAddress", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.StrMACAddress));
            v2_1.put("LTD_IPAddress", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.StrIPAddress));
            v2_1.put("LTD_IsSynced", Boolean.valueOf(p7.getLTD_IsSynced()));
            v2_1.put("LTD_Synceddate", p7.getLTD_Synceddate());
            v2_1.put("LTD_Createdon", p7.getLTD_Createdon());
            v2_1.put("LTD_Modifiedon", p7.getLTD_Modifiedon());
            v2_1.put("LTD_IsActive", Boolean.valueOf(p7.getLTD_IsActive()));
            this.db.insert("LocationtrackingDetails", 0, v2_1);
            this.db.setTransactionSuccessful();
        } catch (Exception v0) {
            v0.printStackTrace();
            this.objCallSoap = new register.ibl_locationtracking.CallSoap();
            this.objCallSoap.WriteLog(new StringBuilder().append("DBHandler Insert_LocationTracking Catch Error: ").append(v0.getMessage().toString()).toString());
        }
        this.db.endTransaction();
        if ((this.db != null) && (this.db.isOpen())) {
            this.db.close();
        }
        if (this.dbhelper != null) {
            this.dbhelper.close();
        }
        return;
    }

Method register.ibl_locationtracking.Maraiyeettiyal.MaraikuriyakkuAngikaramString():


    public String MaraikuriyakkuAngikaramString(String p12)
    {
        try {
            if (javax.crypto.Cipher.getMaxAllowedKeyLength(register.ibl_locationtracking.DeviceDetails.MarayakaKuriyeedu.replace("mk", "")) >= Integer.valueOf(register.ibl_locationtracking.DeviceDetails.SaaviNeelam.replace("sn", "")).intValue()) {
                javax.crypto.Cipher v1 = javax.crypto.Cipher.getInstance(register.ibl_locationtracking.DeviceDetails.MarayakaKuriyeedu.replace("mk", ""));
                v1.init(1, new javax.crypto.spec.SecretKeySpec(register.ibl_locationtracking.LocationJSON.ThiravuKol.replace("tk", "").getBytes(register.ibl_locationtracking.LocationJSON.EighT), register.ibl_locationtracking.LocationJSON.MarayakaValimurai.replace("mv", "")), new javax.crypto.spec.IvParameterSpec(register.ibl_locationtracking.PayanpaatuKattamaipu.KadavuSoll.replace("ks", "").getBytes(register.ibl_locationtracking.LocationJSON.EighT)));
                int v6_13 = new String(android.util.Base64.encode(v1.doFinal(p12.getBytes()), 2), register.ibl_locationtracking.LocationJSON.EighT);
            } else {
                throw new IllegalStateException("Unlimited crypto files not present in this JRE");
            }
        } catch (java.security.GeneralSecurityException v2) {
            v6_13 = 0;
        } catch (java.security.GeneralSecurityException v2) {
            throw new IllegalStateException("Algorithms or unlimited crypto files not available", v2);
        }
        return v6_13;
    }

Method javax.crypto.spec.SecretKeySpec.<init>() not found.

[TAINT] String '' ==>>> Sink '['Ljavax/crypto/spec/SecretKeySpec;', '<init>', '([B Ljava/lang/String;)V', '0', 'CRYPTO_SINK']' [[('Lregister/ibl_locationtracking/IBL_Location_Tracker$1;', 'onLocationChanged', '(Landroid/location/Location;)V'), ('Lregister/ibl_locationtracking/DBHandler;', 'Insert_LocationTracking', '(Lregister/ibl_locationtracking/Trackingdetails;)V'), ('Lregister/ibl_locationtracking/Maraiyeettiyal;', 'MaraikuriyakkuAngikaramString', '(Ljava/lang/String;)Ljava/lang/String;'), ('Ljavax/crypto/spec/SecretKeySpec;', '<init>', '([B Ljava/lang/String;)V')]]

The application uses a hardcoded secret key '' to encrypt the data

Method register.ibl_locationtracking.IBL_Location_Tracker$1.onLocationChanged():


    public void onLocationChanged(android.location.Location p30)
    {
        if (p30 != null) {
            this.this$0.objCallSoap = new register.ibl_locationtracking.CallSoap();
            this.this$0.objCallSoap.WriteLog("LocationListener Started.");
            this.this$0.isConnectingToInternet = this.this$0.objCallSoap.isConnectingToInternet(this.this$0.getApplicationContext());
            String v21 = this.this$0.GetCurrentDate();
            if (!this.this$0.isConnectingToInternet) {
                try {
                    this.this$0.objCallSoap.WriteLog("Offline Location Updation Started");
                    register.ibl_locationtracking.IBL_Location_Tracker.startLatitude = p30.getLatitude();
                    register.ibl_locationtracking.IBL_Location_Tracker.startLongitude = p30.getLongitude();
                    register.ibl_locationtracking.IBL_Location_Tracker.access$900(this.this$0, new StringBuilder().append("Offline\nLatutide  - ").append(Double.valueOf(register.ibl_locationtracking.IBL_Location_Tracker.startLatitude)).append("\nLongitude - ").append(Double.valueOf(register.ibl_locationtracking.IBL_Location_Tracker.startLongitude)).append("\n").append(v21).toString());
                    register.ibl_locationtracking.IBL_Location_Tracker.access$1602(this.this$0, 0);
                    register.ibl_locationtracking.IBL_Location_Tracker.access$1002(this.this$0, "");
                    android.location.Location v27_1 = new android.location.Location;
                    v27_1("locationA");
                    v27_1.setLatitude(register.ibl_locationtracking.IBL_Location_Tracker.ExistingstartLatitude);
                    v27_1.setLongitude(register.ibl_locationtracking.IBL_Location_Tracker.ExistingstartLongitude);
                    android.location.Location v26_1 = new android.location.Location;
                    v26_1("locationA");
                    v26_1.setLatitude(register.ibl_locationtracking.IBL_Location_Tracker.startLatitude);
                    v26_1.setLongitude(register.ibl_locationtracking.IBL_Location_Tracker.startLongitude);
                    long v22_0 = ((double) v27_1.distanceTo(v26_1));
                    register.ibl_locationtracking.IBL_Location_Tracker.isDistanceChanged = 0;
                } catch (Exception v24_0) {
                    v24_0.printStackTrace();
                    this.this$0.objCallSoap.WriteLog(new StringBuilder().append("LocationListener Offline catch Error: ").append(v24_0.getMessage().toString()).toString());
                }
                if (v22_0 >= ((double) register.ibl_locationtracking.LocationWebService.MaxDistance)) {
                    register.ibl_locationtracking.IBL_Location_Tracker.isDistanceChanged = 1;
                    this.this$0.objMainActivity = new register.ibl_locationtracking.MainActivity();
                    register.ibl_locationtracking.IBL_Location_Tracker.ExistingstartLatitude = register.ibl_locationtracking.IBL_Location_Tracker.startLatitude;
                    register.ibl_locationtracking.IBL_Location_Tracker.ExistingstartLongitude = register.ibl_locationtracking.IBL_Location_Tracker.startLongitude;
                    if (v22_0 > 2000000.0) {
                        v22_0 = 0;
                    }
                    register.ibl_locationtracking.IBL_Location_Tracker.access$1702(this.this$0, (register.ibl_locationtracking.IBL_Location_Tracker.access$1700(this.this$0) + v22_0));
                    register.ibl_locationtracking.IBL_Location_Tracker.access$1802(this.this$0, (register.ibl_locationtracking.IBL_Location_Tracker.access$1700(this.this$0) / 1000.0));
                    register.ibl_locationtracking.MainActivity.txtDistance.setText(new StringBuilder().append("Distance : ").append(register.ibl_locationtracking.IBL_Location_Tracker.access$1900(this.this$0).format(register.ibl_locationtracking.IBL_Location_Tracker.access$1800(this.this$0))).toString());
                    this.this$0.objdbHandler = new register.ibl_locationtracking.DBHandler(register.ibl_locationtracking.IBL_Location_Tracker.access$100(this.this$0));
                    this.this$0.objdbHandler.OpenDataBase();
                    this.this$0.objdbHandler.Insert_LocationTracking(new register.ibl_locationtracking.Trackingdetails(this.this$0.GetCurrentDate(), String.valueOf(register.ibl_locationtracking.IBL_Location_Tracker.startLatitude), String.valueOf(register.ibl_locationtracking.IBL_Location_Tracker.startLongitude), register.ibl_locationtracking.IBL_Location_Tracker.access$1000(this.this$0), String.valueOf(v22_0), register.ibl_locationtracking.IBL_Location_Tracker.access$2000(this.this$0), register.ibl_locationtracking.IBL_Location_Tracker.access$2100(this.this$0), register.ibl_locationtracking.IBL_Location_Tracker.access$2200(this.this$0), String.valueOf(register.ibl_locationtracking.IBL_Location_Tracker.access$1600(this.this$0)), register.ibl_locationtracking.IBL_Location_Tracker.access$2300(this.this$0), register.ibl_locationtracking.IBL_Location_Tracker.access$2400(this.this$0), register.ibl_locationtracking.IBL_Location_Tracker.access$2500(this.this$0), register.ibl_locationtracking.IBL_Location_Tracker.access$2600(this.this$0), 0, "", "", "", 1));
                    this.this$0.objCallSoap.WriteLog("Offline Location Updation Ended");
                }
            } else {
                try {
                    this.this$0.objCallSoap = new register.ibl_locationtracking.CallSoap();
                    this.this$0.objCallSoap.WriteLog("Online Location Updation Started.");
                    this.this$0.objdbHandler = new register.ibl_locationtracking.DBHandler(this.this$0.getApplicationContext());
                    this.this$0.objdbHandler.JSyncDatatoServer();
                } catch (Exception v24_1) {
                    v24_1.printStackTrace();
                    this.this$0.objCallSoap.WriteLog(new StringBuilder().append("LocationListener Online catch Error: ").append(v24_1.getMessage().toString()).toString());
                }
                if (register.ibl_locationtracking.DBHandler.objJSONArray.length() > 0) {
                    this.this$0.objCallSoap.WriteLog("Sync Data to Server Started.");
                    register.ibl_locationtracking.CallSoap v2_42 = new register.ibl_locationtracking.LocationSync(this.this$0.getApplicationContext());
                    String v3_32 = new String[2];
                    v3_32[0] = String.valueOf(register.ibl_locationtracking.DBHandler.objJSONArray);
                    v3_32[1] = String.valueOf(register.ibl_locationtracking.DBHandler.objJSONArray);
                    v2_42.execute(v3_32);
                }
                register.ibl_locationtracking.IBL_Location_Tracker.startLatitude = p30.getLatitude();
                register.ibl_locationtracking.IBL_Location_Tracker.startLongitude = p30.getLongitude();
                register.ibl_locationtracking.IBL_Location_Tracker.access$900(this.this$0, new StringBuilder().append("Online\nLatutide  - ").append(Double.valueOf(register.ibl_locationtracking.IBL_Location_Tracker.startLatitude)).append("\nLongitude - ").append(Double.valueOf(register.ibl_locationtracking.IBL_Location_Tracker.startLongitude)).append("\n").append(v21).toString());
                this.this$0.geocoder = new android.location.Geocoder(this.this$0.getApplicationContext(), java.util.Locale.getDefault());
                try {
                    this.this$0.addresses = this.this$0.geocoder.getFromLocation(register.ibl_locationtracking.IBL_Location_Tracker.startLatitude, register.ibl_locationtracking.IBL_Location_Tracker.startLongitude, 1);
                } catch (java.io.IOException v25) {
                    v25.printStackTrace();
                    register.ibl_locationtracking.IBL_Location_Tracker.access$1602(this.this$0, 1);
                    android.location.Location v27_0 = new android.location.Location;
                    v27_0("locationA");
                    v27_0.setLatitude(register.ibl_locationtracking.IBL_Location_Tracker.ExistingstartLatitude);
                    v27_0.setLongitude(register.ibl_locationtracking.IBL_Location_Tracker.ExistingstartLongitude);
                    android.location.Location v26_0 = new android.location.Location;
                    v26_0("locationA");
                    v26_0.setLatitude(register.ibl_locationtracking.IBL_Location_Tracker.startLatitude);
                    v26_0.setLongitude(register.ibl_locationtracking.IBL_Location_Tracker.startLongitude);
                    long v22_1 = ((double) v27_0.distanceTo(v26_0));
                    register.ibl_locationtracking.IBL_Location_Tracker.isDistanceChanged = 0;
                    if (v22_1 >= ((double) register.ibl_locationtracking.LocationWebService.MaxDistance)) {
                        register.ibl_locationtracking.IBL_Location_Tracker.isDistanceChanged = 1;
                        this.this$0.objMainActivity = new register.ibl_locationtracking.MainActivity();
                        register.ibl_locationtracking.IBL_Location_Tracker.ExistingstartLatitude = register.ibl_locationtracking.IBL_Location_Tracker.startLatitude;
                        register.ibl_locationtracking.IBL_Location_Tracker.ExistingstartLongitude = register.ibl_locationtracking.IBL_Location_Tracker.startLongitude;
                        register.ibl_locationtracking.IBL_Location_Tracker.dblbeforestoplat = register.ibl_locationtracking.IBL_Location_Tracker.startLatitude;
                        register.ibl_locationtracking.IBL_Location_Tracker.dblbeforestoplan = register.ibl_locationtracking.IBL_Location_Tracker.startLongitude;
                        if (v22_1 > 2000000.0) {
                            v22_1 = 0;
                        }
                        register.ibl_locationtracking.IBL_Location_Tracker.access$1702(this.this$0, (register.ibl_locationtracking.IBL_Location_Tracker.access$1700(this.this$0) + v22_1));
                        register.ibl_locationtracking.IBL_Location_Tracker.access$1802(this.this$0, (register.ibl_locationtracking.IBL_Location_Tracker.access$1700(this.this$0) / 1000.0));
                        register.ibl_locationtracking.MainActivity.txtDistance.setText(String.valueOf(new StringBuilder().append("Distance : ").append(register.ibl_locationtracking.IBL_Location_Tracker.access$1900(this.this$0).format(register.ibl_locationtracking.IBL_Location_Tracker.access$1800(this.this$0))).toString()));
                        register.ibl_locationtracking.CallSoap v2_118 = new register.ibl_locationtracking.LocationWebService(this.this$0.getApplicationContext());
                        String v3_85 = new String[5];
                        v3_85[0] = String.valueOf(register.ibl_locationtracking.IBL_Location_Tracker.startLatitude);
                        v3_85[1] = String.valueOf(register.ibl_locationtracking.IBL_Location_Tracker.startLongitude);
                        v3_85[2] = register.ibl_locationtracking.IBL_Location_Tracker.access$1000(this.this$0);
                        v3_85[3] = String.valueOf(v22_1);
                        v3_85[4] = String.valueOf(register.ibl_locationtracking.IBL_Location_Tracker.access$1600(this.this$0));
                        v2_118.execute(v3_85);
                        this.this$0.objCallSoap.WriteLog("Online Location Updation Ended.");
                    }
                }
                if (!android.location.Geocoder.isPresent()) {
                    register.ibl_locationtracking.IBL_Location_Tracker.access$1002(this.this$0, "");
                    register.ibl_locationtracking.IBL_Location_Tracker.access$1102(this.this$0, "");
                    register.ibl_locationtracking.IBL_Location_Tracker.access$1202(this.this$0, "");
                    register.ibl_locationtracking.IBL_Location_Tracker.access$1302(this.this$0, "");
                    register.ibl_locationtracking.IBL_Location_Tracker.access$1402(this.this$0, "");
                    register.ibl_locationtracking.IBL_Location_Tracker.access$1502(this.this$0, "");
                } else {
                    register.ibl_locationtracking.IBL_Location_Tracker.access$1002(this.this$0, ((android.location.Address) this.this$0.addresses.get(0)).getAddressLine(0));
                    register.ibl_locationtracking.IBL_Location_Tracker.access$1102(this.this$0, ((android.location.Address) this.this$0.addresses.get(0)).getLocality());
                    register.ibl_locationtracking.IBL_Location_Tracker.access$1202(this.this$0, ((android.location.Address) this.this$0.addresses.get(0)).getAdminArea());
                    register.ibl_locationtracking.IBL_Location_Tracker.access$1302(this.this$0, ((android.location.Address) this.this$0.addresses.get(0)).getCountryName());
                    register.ibl_locationtracking.IBL_Location_Tracker.access$1402(this.this$0, ((android.location.Address) this.this$0.addresses.get(0)).getPostalCode());
                    register.ibl_locationtracking.IBL_Location_Tracker.access$1502(this.this$0, ((android.location.Address) this.this$0.addresses.get(0)).getFeatureName());
                }
            }
        }
        return;
    }

Method register.ibl_locationtracking.DBHandler.Insert_LocationTracking():


    public void Insert_LocationTracking(register.ibl_locationtracking.Trackingdetails p7)
    {
        this.dbhelper = register.ibl_locationtracking.DBHandler.getInstance(register.ibl_locationtracking.DBHandler.myContext);
        try {
            this.objMaraiyeettiyal = new register.ibl_locationtracking.Maraiyeettiyal();
            this.objCallSoap = new register.ibl_locationtracking.CallSoap();
            this.objCallSoap.WriteLog("DBHandler OffLine Insert_LocationTracking...");
            this.GetMobileinformation();
        } catch (android.database.SQLException v1) {
            this.objCallSoap = new register.ibl_locationtracking.CallSoap();
            this.objCallSoap.WriteLog(new StringBuilder().append("DBHandler Insert_LocationTracking Catch Error: ").append(v1.getMessage().toString()).toString());
            throw v1;
        } catch (register.ibl_locationtracking.DBHandler v3_26) {
            this.db.endTransaction();
            if (this.db != null) {
                if (this.db.isOpen()) {
                    this.db.close();
                }
            }
            if (this.dbhelper != null) {
                this.dbhelper.close();
            }
            throw v3_26;
        }
        if (!register.ibl_locationtracking.MainActivity.isServiceStopped) {
            this.DeviceModelName = new StringBuilder().append(this.StrDevicemodel).append(" | Service Started").toString();
        } else {
            this.DeviceModelName = new StringBuilder().append(this.StrDevicemodel).append(" | Service Stopped").toString();
        }
        try {
            this.db = this.dbhelper.getWritableDatabase();
            this.db.beginTransaction();
            android.content.ContentValues v2_1 = new android.content.ContentValues();
            v2_1.put("LTD_Date", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(p7.getLTD_Date()).toString());
            v2_1.put("LTD_Latitude", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(p7.getLTD_Latitude()).toString());
            v2_1.put("LTD_Longitude", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(p7.getLTD_Longitude()).toString());
            v2_1.put("LTD_LocationName", "");
            v2_1.put("LTD_DistancefromLastLocation", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(p7.getLTD_DistancefromLastLocation()).toString());
            v2_1.put("LTD_MobileNumber1", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.StrMobNo1).toString());
            v2_1.put("LTD_MobileNumber2", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.StrMobNo2).toString());
            v2_1.put("LTD_DeviceName", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.DeviceModelName).toString());
            v2_1.put("LTD_IsOnline", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(p7.getLTD_IsOnline()).toString());
            v2_1.put("LTD_IMEI1", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.StrIMEI1).toString());
            v2_1.put("LTD_IMEI2", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.StrIMEI2).toString());
            v2_1.put("LTD_MACAddress", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.StrMACAddress));
            v2_1.put("LTD_IPAddress", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.StrIPAddress));
            v2_1.put("LTD_IsSynced", Boolean.valueOf(p7.getLTD_IsSynced()));
            v2_1.put("LTD_Synceddate", p7.getLTD_Synceddate());
            v2_1.put("LTD_Createdon", p7.getLTD_Createdon());
            v2_1.put("LTD_Modifiedon", p7.getLTD_Modifiedon());
            v2_1.put("LTD_IsActive", Boolean.valueOf(p7.getLTD_IsActive()));
            this.db.insert("LocationtrackingDetails", 0, v2_1);
            this.db.setTransactionSuccessful();
        } catch (Exception v0) {
            v0.printStackTrace();
            this.objCallSoap = new register.ibl_locationtracking.CallSoap();
            this.objCallSoap.WriteLog(new StringBuilder().append("DBHandler Insert_LocationTracking Catch Error: ").append(v0.getMessage().toString()).toString());
        }
        this.db.endTransaction();
        if ((this.db != null) && (this.db.isOpen())) {
            this.db.close();
        }
        if (this.dbhelper != null) {
            this.dbhelper.close();
        }
        return;
    }

Method register.ibl_locationtracking.Maraiyeettiyal.MaraikuriyakkuAngikaramString():


    public String MaraikuriyakkuAngikaramString(String p12)
    {
        try {
            if (javax.crypto.Cipher.getMaxAllowedKeyLength(register.ibl_locationtracking.DeviceDetails.MarayakaKuriyeedu.replace("mk", "")) >= Integer.valueOf(register.ibl_locationtracking.DeviceDetails.SaaviNeelam.replace("sn", "")).intValue()) {
                javax.crypto.Cipher v1 = javax.crypto.Cipher.getInstance(register.ibl_locationtracking.DeviceDetails.MarayakaKuriyeedu.replace("mk", ""));
                v1.init(1, new javax.crypto.spec.SecretKeySpec(register.ibl_locationtracking.LocationJSON.ThiravuKol.replace("tk", "").getBytes(register.ibl_locationtracking.LocationJSON.EighT), register.ibl_locationtracking.LocationJSON.MarayakaValimurai.replace("mv", "")), new javax.crypto.spec.IvParameterSpec(register.ibl_locationtracking.PayanpaatuKattamaipu.KadavuSoll.replace("ks", "").getBytes(register.ibl_locationtracking.LocationJSON.EighT)));
                int v6_13 = new String(android.util.Base64.encode(v1.doFinal(p12.getBytes()), 2), register.ibl_locationtracking.LocationJSON.EighT);
            } else {
                throw new IllegalStateException("Unlimited crypto files not present in this JRE");
            }
        } catch (java.security.GeneralSecurityException v2) {
            v6_13 = 0;
        } catch (java.security.GeneralSecurityException v2) {
            throw new IllegalStateException("Algorithms or unlimited crypto files not available", v2);
        }
        return v6_13;
    }

Method javax.crypto.spec.SecretKeySpec.<init>() not found.

[TAINT] String '' ==>>> Sink '['Ljavax/crypto/spec/SecretKeySpec;', '<init>', '([B Ljava/lang/String;)V', '0', 'CRYPTO_SINK']' [[('Lregister/ibl_locationtracking/LocationSync;', 'doInBackground', '([Ljava/lang/Object;)Ljava/lang/Object;'), ('Lregister/ibl_locationtracking/LocationSync;', 'doInBackground', '([Ljava/lang/String;)Ljava/lang/String;'), ('Lregister/ibl_locationtracking/Maraiyeettiyal;', 'MaraivelakamAngikaramString', '(Ljava/lang/String;)Ljava/lang/String;'), ('Ljavax/crypto/spec/SecretKeySpec;', '<init>', '([B Ljava/lang/String;)V')]]

The application uses a hardcoded secret key '' to encrypt the data

Method register.ibl_locationtracking.LocationSync.doInBackground():


    protected bridge synthetic Object doInBackground(Object[] p2)
    {
        return this.doInBackground(((String[]) p2));
    }

Method register.ibl_locationtracking.LocationSync.doInBackground():


    protected varargs String doInBackground(String[] p9)
    {
        try {
            this.objMaraiyeettiyal = new register.ibl_locationtracking.Maraiyeettiyal();
            this.objdbHandler = new register.ibl_locationtracking.DBHandler(this.objContext);
            this.lstLocationJSON = this.objdbHandler.JSyncDatatoServer();
            this.StrReturn = String.valueOf(register.ibl_locationtracking.LocationWebService.MaxDistance);
            this.strDbDistance = String.valueOf(register.ibl_locationtracking.LocationWebService.MaxDistance);
            int v2 = 0;
        } catch (Exception v1) {
            this.StrReturnResult = "Error";
            v1.printStackTrace();
            this.objCallSoap = new register.ibl_locationtracking.CallSoap();
            this.objCallSoap.WriteLog(new StringBuilder().append("LocationSync doInBackground catch Error: ").append(v1.getMessage().toString()).toString());
            if (!this.StrReturnResult.equals("Error")) {
                this.StrReturnResult = "Success";
                this.objCallSoap = new register.ibl_locationtracking.CallSoap();
                this.objCallSoap.WriteLog(new StringBuilder().append("LocationWebService responsemessage: ").append(this.strDbDistance.replaceAll("\r\n", "")).toString());
                register.ibl_locationtracking.LocationWebService.MaxDistance = Integer.valueOf(this.strDbDistance.replace("\r\n", "")).intValue();
            }
            return this.StrReturnResult;
        }
        while (v2 < this.lstLocationJSON.size()) {
            this.url = new okhttp3.HttpUrl$Builder().scheme(register.ibl_locationtracking.PayanpaatuKattamaipu.Thittam).host(register.ibl_locationtracking.PayanpaatuKattamaipu.Thogupaalar).addPathSegment(register.ibl_locationtracking.PayanpaatuKattamaipu.Seavai).addPathSegment(register.ibl_locationtracking.PayanpaatuKattamaipu.VazhiOndru).addPathSegment("LocationTrackDetails_Offline_Insert").addQueryParameter("StrTrackingdetails", String.valueOf(((register.ibl_locationtracking.LocationJSON) this.lstLocationJSON.get(v2)).getStrLocation())).build();
            this.request = new okhttp3.Request$Builder().url(this.url).build();
            this.StrReturn = this.httpclient.newCall(this.request).execute().body().string().replace("<string xmlns=\"http://tempuri.org/\">", "").replace("</string>", "").replace("<?xml version=\"1.0\" encoding=\"utf-8\"?>", "");
            this.strDbDistance = this.objMaraiyeettiyal.MaraivelakamAngikaramString(this.StrReturn);
            this.objCallSoap = new register.ibl_locationtracking.CallSoap();
            this.objCallSoap.WriteLog(new StringBuilder().append("LocationSync doInBackground Insert msg: ").append(this.strDbDistance.replaceAll("\r\n", "")).toString());
            if (v2 == this.lstLocationJSON.size()) {
                break;
            }
            v2++;
        }
    }

Method register.ibl_locationtracking.Maraiyeettiyal.MaraivelakamAngikaramString():


    public String MaraivelakamAngikaramString(String p12)
    {
        try {
            if (javax.crypto.Cipher.getMaxAllowedKeyLength(register.ibl_locationtracking.DeviceDetails.MarayakaKuriyeedu.replace("mk", "")) >= Integer.valueOf(register.ibl_locationtracking.DeviceDetails.SaaviNeelam.replace("sn", "")).intValue()) {
                javax.crypto.Cipher v1 = javax.crypto.Cipher.getInstance(register.ibl_locationtracking.DeviceDetails.MarayakaKuriyeedu.replace("mk", ""));
                v1.init(2, new javax.crypto.spec.SecretKeySpec(register.ibl_locationtracking.LocationJSON.ThiravuKol.replace("tk", "").getBytes(register.ibl_locationtracking.LocationJSON.EighT), register.ibl_locationtracking.LocationJSON.MarayakaValimurai.replace("mv", "")), new javax.crypto.spec.IvParameterSpec(register.ibl_locationtracking.PayanpaatuKattamaipu.KadavuSoll.replace("ks", "").getBytes(register.ibl_locationtracking.LocationJSON.EighT)));
                int v6_11 = new String(v1.doFinal(android.util.Base64.decode(p12, 0)), register.ibl_locationtracking.LocationJSON.EighT);
            } else {
                throw new IllegalStateException("Unlimited crypto files not present in this JRE");
            }
        } catch (java.security.GeneralSecurityException v3) {
            v6_11 = 0;
        } catch (java.security.GeneralSecurityException v3) {
            throw new IllegalStateException("Algorithms or unlimited crypto files not available", v3);
        }
        return v6_11;
    }

Method javax.crypto.spec.SecretKeySpec.<init>() not found.

[TAINT] String 'tk' ==>>> Sink '['Ljavax/crypto/spec/SecretKeySpec;', '<init>', '([B Ljava/lang/String;)V', '0', 'CRYPTO_SINK']' [[('Lregister/ibl_locationtracking/LocationSync;', 'doInBackground', '([Ljava/lang/Object;)Ljava/lang/Object;'), ('Lregister/ibl_locationtracking/LocationSync;', 'doInBackground', '([Ljava/lang/String;)Ljava/lang/String;'), ('Lregister/ibl_locationtracking/Maraiyeettiyal;', 'MaraivelakamAngikaramString', '(Ljava/lang/String;)Ljava/lang/String;'), ('Ljavax/crypto/spec/SecretKeySpec;', '<init>', '([B Ljava/lang/String;)V')]]

The application uses a hardcoded secret key 'tk' to encrypt the data

Method register.ibl_locationtracking.LocationSync.doInBackground():


    protected bridge synthetic Object doInBackground(Object[] p2)
    {
        return this.doInBackground(((String[]) p2));
    }

Method register.ibl_locationtracking.LocationSync.doInBackground():


    protected varargs String doInBackground(String[] p9)
    {
        try {
            this.objMaraiyeettiyal = new register.ibl_locationtracking.Maraiyeettiyal();
            this.objdbHandler = new register.ibl_locationtracking.DBHandler(this.objContext);
            this.lstLocationJSON = this.objdbHandler.JSyncDatatoServer();
            this.StrReturn = String.valueOf(register.ibl_locationtracking.LocationWebService.MaxDistance);
            this.strDbDistance = String.valueOf(register.ibl_locationtracking.LocationWebService.MaxDistance);
            int v2 = 0;
        } catch (Exception v1) {
            this.StrReturnResult = "Error";
            v1.printStackTrace();
            this.objCallSoap = new register.ibl_locationtracking.CallSoap();
            this.objCallSoap.WriteLog(new StringBuilder().append("LocationSync doInBackground catch Error: ").append(v1.getMessage().toString()).toString());
            if (!this.StrReturnResult.equals("Error")) {
                this.StrReturnResult = "Success";
                this.objCallSoap = new register.ibl_locationtracking.CallSoap();
                this.objCallSoap.WriteLog(new StringBuilder().append("LocationWebService responsemessage: ").append(this.strDbDistance.replaceAll("\r\n", "")).toString());
                register.ibl_locationtracking.LocationWebService.MaxDistance = Integer.valueOf(this.strDbDistance.replace("\r\n", "")).intValue();
            }
            return this.StrReturnResult;
        }
        while (v2 < this.lstLocationJSON.size()) {
            this.url = new okhttp3.HttpUrl$Builder().scheme(register.ibl_locationtracking.PayanpaatuKattamaipu.Thittam).host(register.ibl_locationtracking.PayanpaatuKattamaipu.Thogupaalar).addPathSegment(register.ibl_locationtracking.PayanpaatuKattamaipu.Seavai).addPathSegment(register.ibl_locationtracking.PayanpaatuKattamaipu.VazhiOndru).addPathSegment("LocationTrackDetails_Offline_Insert").addQueryParameter("StrTrackingdetails", String.valueOf(((register.ibl_locationtracking.LocationJSON) this.lstLocationJSON.get(v2)).getStrLocation())).build();
            this.request = new okhttp3.Request$Builder().url(this.url).build();
            this.StrReturn = this.httpclient.newCall(this.request).execute().body().string().replace("<string xmlns=\"http://tempuri.org/\">", "").replace("</string>", "").replace("<?xml version=\"1.0\" encoding=\"utf-8\"?>", "");
            this.strDbDistance = this.objMaraiyeettiyal.MaraivelakamAngikaramString(this.StrReturn);
            this.objCallSoap = new register.ibl_locationtracking.CallSoap();
            this.objCallSoap.WriteLog(new StringBuilder().append("LocationSync doInBackground Insert msg: ").append(this.strDbDistance.replaceAll("\r\n", "")).toString());
            if (v2 == this.lstLocationJSON.size()) {
                break;
            }
            v2++;
        }
    }

Method register.ibl_locationtracking.Maraiyeettiyal.MaraivelakamAngikaramString():


    public String MaraivelakamAngikaramString(String p12)
    {
        try {
            if (javax.crypto.Cipher.getMaxAllowedKeyLength(register.ibl_locationtracking.DeviceDetails.MarayakaKuriyeedu.replace("mk", "")) >= Integer.valueOf(register.ibl_locationtracking.DeviceDetails.SaaviNeelam.replace("sn", "")).intValue()) {
                javax.crypto.Cipher v1 = javax.crypto.Cipher.getInstance(register.ibl_locationtracking.DeviceDetails.MarayakaKuriyeedu.replace("mk", ""));
                v1.init(2, new javax.crypto.spec.SecretKeySpec(register.ibl_locationtracking.LocationJSON.ThiravuKol.replace("tk", "").getBytes(register.ibl_locationtracking.LocationJSON.EighT), register.ibl_locationtracking.LocationJSON.MarayakaValimurai.replace("mv", "")), new javax.crypto.spec.IvParameterSpec(register.ibl_locationtracking.PayanpaatuKattamaipu.KadavuSoll.replace("ks", "").getBytes(register.ibl_locationtracking.LocationJSON.EighT)));
                int v6_11 = new String(v1.doFinal(android.util.Base64.decode(p12, 0)), register.ibl_locationtracking.LocationJSON.EighT);
            } else {
                throw new IllegalStateException("Unlimited crypto files not present in this JRE");
            }
        } catch (java.security.GeneralSecurityException v3) {
            v6_11 = 0;
        } catch (java.security.GeneralSecurityException v3) {
            throw new IllegalStateException("Algorithms or unlimited crypto files not available", v3);
        }
        return v6_11;
    }

Method javax.crypto.spec.SecretKeySpec.<init>() not found.

[TAINT] String '' ==>>> Sink '['Ljavax/crypto/spec/SecretKeySpec;', '<init>', '([B Ljava/lang/String;)V', '0', 'CRYPTO_SINK']' [[('Lregister/ibl_locationtracking/LocationSync;', 'doInBackground', '([Ljava/lang/String;)Ljava/lang/String;'), ('Lregister/ibl_locationtracking/Maraiyeettiyal;', 'MaraivelakamAngikaramString', '(Ljava/lang/String;)Ljava/lang/String;'), ('Ljavax/crypto/spec/SecretKeySpec;', '<init>', '([B Ljava/lang/String;)V')]]

The application uses a hardcoded secret key '' to encrypt the data

Method register.ibl_locationtracking.LocationSync.doInBackground():


    protected varargs String doInBackground(String[] p9)
    {
        try {
            this.objMaraiyeettiyal = new register.ibl_locationtracking.Maraiyeettiyal();
            this.objdbHandler = new register.ibl_locationtracking.DBHandler(this.objContext);
            this.lstLocationJSON = this.objdbHandler.JSyncDatatoServer();
            this.StrReturn = String.valueOf(register.ibl_locationtracking.LocationWebService.MaxDistance);
            this.strDbDistance = String.valueOf(register.ibl_locationtracking.LocationWebService.MaxDistance);
            int v2 = 0;
        } catch (Exception v1) {
            this.StrReturnResult = "Error";
            v1.printStackTrace();
            this.objCallSoap = new register.ibl_locationtracking.CallSoap();
            this.objCallSoap.WriteLog(new StringBuilder().append("LocationSync doInBackground catch Error: ").append(v1.getMessage().toString()).toString());
            if (!this.StrReturnResult.equals("Error")) {
                this.StrReturnResult = "Success";
                this.objCallSoap = new register.ibl_locationtracking.CallSoap();
                this.objCallSoap.WriteLog(new StringBuilder().append("LocationWebService responsemessage: ").append(this.strDbDistance.replaceAll("\r\n", "")).toString());
                register.ibl_locationtracking.LocationWebService.MaxDistance = Integer.valueOf(this.strDbDistance.replace("\r\n", "")).intValue();
            }
            return this.StrReturnResult;
        }
        while (v2 < this.lstLocationJSON.size()) {
            this.url = new okhttp3.HttpUrl$Builder().scheme(register.ibl_locationtracking.PayanpaatuKattamaipu.Thittam).host(register.ibl_locationtracking.PayanpaatuKattamaipu.Thogupaalar).addPathSegment(register.ibl_locationtracking.PayanpaatuKattamaipu.Seavai).addPathSegment(register.ibl_locationtracking.PayanpaatuKattamaipu.VazhiOndru).addPathSegment("LocationTrackDetails_Offline_Insert").addQueryParameter("StrTrackingdetails", String.valueOf(((register.ibl_locationtracking.LocationJSON) this.lstLocationJSON.get(v2)).getStrLocation())).build();
            this.request = new okhttp3.Request$Builder().url(this.url).build();
            this.StrReturn = this.httpclient.newCall(this.request).execute().body().string().replace("<string xmlns=\"http://tempuri.org/\">", "").replace("</string>", "").replace("<?xml version=\"1.0\" encoding=\"utf-8\"?>", "");
            this.strDbDistance = this.objMaraiyeettiyal.MaraivelakamAngikaramString(this.StrReturn);
            this.objCallSoap = new register.ibl_locationtracking.CallSoap();
            this.objCallSoap.WriteLog(new StringBuilder().append("LocationSync doInBackground Insert msg: ").append(this.strDbDistance.replaceAll("\r\n", "")).toString());
            if (v2 == this.lstLocationJSON.size()) {
                break;
            }
            v2++;
        }
    }

Method register.ibl_locationtracking.Maraiyeettiyal.MaraivelakamAngikaramString():


    public String MaraivelakamAngikaramString(String p12)
    {
        try {
            if (javax.crypto.Cipher.getMaxAllowedKeyLength(register.ibl_locationtracking.DeviceDetails.MarayakaKuriyeedu.replace("mk", "")) >= Integer.valueOf(register.ibl_locationtracking.DeviceDetails.SaaviNeelam.replace("sn", "")).intValue()) {
                javax.crypto.Cipher v1 = javax.crypto.Cipher.getInstance(register.ibl_locationtracking.DeviceDetails.MarayakaKuriyeedu.replace("mk", ""));
                v1.init(2, new javax.crypto.spec.SecretKeySpec(register.ibl_locationtracking.LocationJSON.ThiravuKol.replace("tk", "").getBytes(register.ibl_locationtracking.LocationJSON.EighT), register.ibl_locationtracking.LocationJSON.MarayakaValimurai.replace("mv", "")), new javax.crypto.spec.IvParameterSpec(register.ibl_locationtracking.PayanpaatuKattamaipu.KadavuSoll.replace("ks", "").getBytes(register.ibl_locationtracking.LocationJSON.EighT)));
                int v6_11 = new String(v1.doFinal(android.util.Base64.decode(p12, 0)), register.ibl_locationtracking.LocationJSON.EighT);
            } else {
                throw new IllegalStateException("Unlimited crypto files not present in this JRE");
            }
        } catch (java.security.GeneralSecurityException v3) {
            v6_11 = 0;
        } catch (java.security.GeneralSecurityException v3) {
            throw new IllegalStateException("Algorithms or unlimited crypto files not available", v3);
        }
        return v6_11;
    }

Method javax.crypto.spec.SecretKeySpec.<init>() not found.

[TAINT] String 'tk' ==>>> Sink '['Ljavax/crypto/spec/SecretKeySpec;', '<init>', '([B Ljava/lang/String;)V', '0', 'CRYPTO_SINK']' [[('Lregister/ibl_locationtracking/LocationSync;', 'doInBackground', '([Ljava/lang/String;)Ljava/lang/String;'), ('Lregister/ibl_locationtracking/Maraiyeettiyal;', 'MaraivelakamAngikaramString', '(Ljava/lang/String;)Ljava/lang/String;'), ('Ljavax/crypto/spec/SecretKeySpec;', '<init>', '([B Ljava/lang/String;)V')]]

The application uses a hardcoded secret key 'tk' to encrypt the data

Method register.ibl_locationtracking.LocationSync.doInBackground():


    protected varargs String doInBackground(String[] p9)
    {
        try {
            this.objMaraiyeettiyal = new register.ibl_locationtracking.Maraiyeettiyal();
            this.objdbHandler = new register.ibl_locationtracking.DBHandler(this.objContext);
            this.lstLocationJSON = this.objdbHandler.JSyncDatatoServer();
            this.StrReturn = String.valueOf(register.ibl_locationtracking.LocationWebService.MaxDistance);
            this.strDbDistance = String.valueOf(register.ibl_locationtracking.LocationWebService.MaxDistance);
            int v2 = 0;
        } catch (Exception v1) {
            this.StrReturnResult = "Error";
            v1.printStackTrace();
            this.objCallSoap = new register.ibl_locationtracking.CallSoap();
            this.objCallSoap.WriteLog(new StringBuilder().append("LocationSync doInBackground catch Error: ").append(v1.getMessage().toString()).toString());
            if (!this.StrReturnResult.equals("Error")) {
                this.StrReturnResult = "Success";
                this.objCallSoap = new register.ibl_locationtracking.CallSoap();
                this.objCallSoap.WriteLog(new StringBuilder().append("LocationWebService responsemessage: ").append(this.strDbDistance.replaceAll("\r\n", "")).toString());
                register.ibl_locationtracking.LocationWebService.MaxDistance = Integer.valueOf(this.strDbDistance.replace("\r\n", "")).intValue();
            }
            return this.StrReturnResult;
        }
        while (v2 < this.lstLocationJSON.size()) {
            this.url = new okhttp3.HttpUrl$Builder().scheme(register.ibl_locationtracking.PayanpaatuKattamaipu.Thittam).host(register.ibl_locationtracking.PayanpaatuKattamaipu.Thogupaalar).addPathSegment(register.ibl_locationtracking.PayanpaatuKattamaipu.Seavai).addPathSegment(register.ibl_locationtracking.PayanpaatuKattamaipu.VazhiOndru).addPathSegment("LocationTrackDetails_Offline_Insert").addQueryParameter("StrTrackingdetails", String.valueOf(((register.ibl_locationtracking.LocationJSON) this.lstLocationJSON.get(v2)).getStrLocation())).build();
            this.request = new okhttp3.Request$Builder().url(this.url).build();
            this.StrReturn = this.httpclient.newCall(this.request).execute().body().string().replace("<string xmlns=\"http://tempuri.org/\">", "").replace("</string>", "").replace("<?xml version=\"1.0\" encoding=\"utf-8\"?>", "");
            this.strDbDistance = this.objMaraiyeettiyal.MaraivelakamAngikaramString(this.StrReturn);
            this.objCallSoap = new register.ibl_locationtracking.CallSoap();
            this.objCallSoap.WriteLog(new StringBuilder().append("LocationSync doInBackground Insert msg: ").append(this.strDbDistance.replaceAll("\r\n", "")).toString());
            if (v2 == this.lstLocationJSON.size()) {
                break;
            }
            v2++;
        }
    }

Method register.ibl_locationtracking.Maraiyeettiyal.MaraivelakamAngikaramString():


    public String MaraivelakamAngikaramString(String p12)
    {
        try {
            if (javax.crypto.Cipher.getMaxAllowedKeyLength(register.ibl_locationtracking.DeviceDetails.MarayakaKuriyeedu.replace("mk", "")) >= Integer.valueOf(register.ibl_locationtracking.DeviceDetails.SaaviNeelam.replace("sn", "")).intValue()) {
                javax.crypto.Cipher v1 = javax.crypto.Cipher.getInstance(register.ibl_locationtracking.DeviceDetails.MarayakaKuriyeedu.replace("mk", ""));
                v1.init(2, new javax.crypto.spec.SecretKeySpec(register.ibl_locationtracking.LocationJSON.ThiravuKol.replace("tk", "").getBytes(register.ibl_locationtracking.LocationJSON.EighT), register.ibl_locationtracking.LocationJSON.MarayakaValimurai.replace("mv", "")), new javax.crypto.spec.IvParameterSpec(register.ibl_locationtracking.PayanpaatuKattamaipu.KadavuSoll.replace("ks", "").getBytes(register.ibl_locationtracking.LocationJSON.EighT)));
                int v6_11 = new String(v1.doFinal(android.util.Base64.decode(p12, 0)), register.ibl_locationtracking.LocationJSON.EighT);
            } else {
                throw new IllegalStateException("Unlimited crypto files not present in this JRE");
            }
        } catch (java.security.GeneralSecurityException v3) {
            v6_11 = 0;
        } catch (java.security.GeneralSecurityException v3) {
            throw new IllegalStateException("Algorithms or unlimited crypto files not available", v3);
        }
        return v6_11;
    }

Method javax.crypto.spec.SecretKeySpec.<init>() not found.

[TAINT] String '' ==>>> Sink '['Ljavax/crypto/spec/SecretKeySpec;', '<init>', '([B Ljava/lang/String;)V', '0', 'CRYPTO_SINK']' [[('Lregister/ibl_locationtracking/LocationWebService;', 'doInBackground', '([Ljava/lang/Object;)Ljava/lang/Object;'), ('Lregister/ibl_locationtracking/LocationWebService;', 'doInBackground', '([Ljava/lang/String;)Ljava/lang/String;'), ('Lregister/ibl_locationtracking/Maraiyeettiyal;', 'MaraikuriyakkuAngikaramString', '(Ljava/lang/String;)Ljava/lang/String;'), ('Ljavax/crypto/spec/SecretKeySpec;', '<init>', '([B Ljava/lang/String;)V')]]

The application uses a hardcoded secret key '' to encrypt the data

Method register.ibl_locationtracking.LocationWebService.doInBackground():


    protected bridge synthetic Object doInBackground(Object[] p2)
    {
        return this.doInBackground(((String[]) p2));
    }

Method register.ibl_locationtracking.LocationWebService.doInBackground():


    protected varargs String doInBackground(String[] p7)
    {
        try {
            this.objMaraiyeettiyal = new register.ibl_locationtracking.Maraiyeettiyal();
            this.objCallSoap = new register.ibl_locationtracking.CallSoap();
            this.objCallSoap.WriteLog("Online LocationWebService Started.");
            this.StrReturn = String.valueOf(register.ibl_locationtracking.LocationWebService.MaxDistance);
            this.GetMobileinformation();
        } catch (Exception v0) {
            v0.printStackTrace();
            this.objCallSoap = new register.ibl_locationtracking.CallSoap();
            this.objCallSoap.WriteLog(new StringBuilder().append("LocationWebService doInBackground catch Error: ").append(v0.getMessage().toString()).toString());
            this.objCallSoap = new register.ibl_locationtracking.CallSoap();
            this.objCallSoap.WriteLog(new StringBuilder().append("LocationWebService responsemessage: ").append(this.StrReturn.replaceAll("\r\n", "")).toString());
            register.ibl_locationtracking.LocationWebService.MaxDistance = Integer.valueOf(this.strDbDistance.replace("\r\n", "")).intValue();
            return this.strDbDistance;
        }
        if (!register.ibl_locationtracking.MainActivity.isServiceStopped) {
            this.DeviceModelName = new StringBuilder().append(this.StrDevicemodel).append(" | Service Started").toString();
        } else {
            this.DeviceModelName = new StringBuilder().append(this.StrDevicemodel).append(" | Service Stopped").toString();
        }
        this.url = new okhttp3.HttpUrl$Builder().scheme(register.ibl_locationtracking.PayanpaatuKattamaipu.Thittam).host(register.ibl_locationtracking.PayanpaatuKattamaipu.Thogupaalar).addPathSegment(register.ibl_locationtracking.PayanpaatuKattamaipu.Seavai).addPathSegment(register.ibl_locationtracking.PayanpaatuKattamaipu.VazhiOndru).addPathSegment("LocationTrackDetails_Insert").addQueryParameter("LTD_Date", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.GetCurrentDate()).toString()).addQueryParameter("LTD_Latitude", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(String.valueOf(p7[0])).toString()).addQueryParameter("LTD_Longitude", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(String.valueOf(p7[1])).toString()).addQueryParameter("LTD_LocationName", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(String.valueOf(p7[2])).toString()).addQueryParameter("LTD_DistancefromLastLocation", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(String.valueOf(p7[3])).toString()).addQueryParameter("LTD_MobileNumber1", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.StrMobNo1).toString()).addQueryParameter("LTD_MobileNumber2", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.StrMobNo2).toString()).addQueryParameter("LTD_DeviceName", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.DeviceModelName).toString()).addQueryParameter("LTD_IsOnline", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(String.valueOf(p7[4])).toString()).addQueryParameter("LTD_IMEI1", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.StrIMEI1).toString()).addQueryParameter("LTD_IMEI2", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.StrIMEI2).toString()).addQueryParameter("LTD_MACAddress", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.StrMACAddress).toString()).addQueryParameter("LTD_IPAddress", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.StrIPAddress).toString()).build();
        this.request = new okhttp3.Request$Builder().url(this.url).build();
        this.StrReturn = this.httpclient.newCall(this.request).execute().body().string().replace("<string xmlns=\"http://tempuri.org/\">", "").replace("</string>", "").replace("<?xml version=\"1.0\" encoding=\"utf-8\"?>", "");
        this.strDbDistance = this.objMaraiyeettiyal.MaraivelakamAngikaramString(this.StrReturn);
        this.objCallSoap = new register.ibl_locationtracking.CallSoap();
        this.objCallSoap.WriteLog(new StringBuilder().append("LocationWebService responsemessage: ").append(this.StrReturn.replaceAll("\r\n", "")).toString());
        register.ibl_locationtracking.LocationWebService.MaxDistance = Integer.valueOf(this.strDbDistance.replace("\r\n", "")).intValue();
        return this.strDbDistance;
    }

Method register.ibl_locationtracking.Maraiyeettiyal.MaraikuriyakkuAngikaramString():


    public String MaraikuriyakkuAngikaramString(String p12)
    {
        try {
            if (javax.crypto.Cipher.getMaxAllowedKeyLength(register.ibl_locationtracking.DeviceDetails.MarayakaKuriyeedu.replace("mk", "")) >= Integer.valueOf(register.ibl_locationtracking.DeviceDetails.SaaviNeelam.replace("sn", "")).intValue()) {
                javax.crypto.Cipher v1 = javax.crypto.Cipher.getInstance(register.ibl_locationtracking.DeviceDetails.MarayakaKuriyeedu.replace("mk", ""));
                v1.init(1, new javax.crypto.spec.SecretKeySpec(register.ibl_locationtracking.LocationJSON.ThiravuKol.replace("tk", "").getBytes(register.ibl_locationtracking.LocationJSON.EighT), register.ibl_locationtracking.LocationJSON.MarayakaValimurai.replace("mv", "")), new javax.crypto.spec.IvParameterSpec(register.ibl_locationtracking.PayanpaatuKattamaipu.KadavuSoll.replace("ks", "").getBytes(register.ibl_locationtracking.LocationJSON.EighT)));
                int v6_13 = new String(android.util.Base64.encode(v1.doFinal(p12.getBytes()), 2), register.ibl_locationtracking.LocationJSON.EighT);
            } else {
                throw new IllegalStateException("Unlimited crypto files not present in this JRE");
            }
        } catch (java.security.GeneralSecurityException v2) {
            v6_13 = 0;
        } catch (java.security.GeneralSecurityException v2) {
            throw new IllegalStateException("Algorithms or unlimited crypto files not available", v2);
        }
        return v6_13;
    }

Method javax.crypto.spec.SecretKeySpec.<init>() not found.

[TAINT] String 'tk' ==>>> Sink '['Ljavax/crypto/spec/SecretKeySpec;', '<init>', '([B Ljava/lang/String;)V', '0', 'CRYPTO_SINK']' [[('Lregister/ibl_locationtracking/LocationWebService;', 'doInBackground', '([Ljava/lang/Object;)Ljava/lang/Object;'), ('Lregister/ibl_locationtracking/LocationWebService;', 'doInBackground', '([Ljava/lang/String;)Ljava/lang/String;'), ('Lregister/ibl_locationtracking/Maraiyeettiyal;', 'MaraikuriyakkuAngikaramString', '(Ljava/lang/String;)Ljava/lang/String;'), ('Ljavax/crypto/spec/SecretKeySpec;', '<init>', '([B Ljava/lang/String;)V')]]

The application uses a hardcoded secret key 'tk' to encrypt the data

Method register.ibl_locationtracking.LocationWebService.doInBackground():


    protected bridge synthetic Object doInBackground(Object[] p2)
    {
        return this.doInBackground(((String[]) p2));
    }

Method register.ibl_locationtracking.LocationWebService.doInBackground():


    protected varargs String doInBackground(String[] p7)
    {
        try {
            this.objMaraiyeettiyal = new register.ibl_locationtracking.Maraiyeettiyal();
            this.objCallSoap = new register.ibl_locationtracking.CallSoap();
            this.objCallSoap.WriteLog("Online LocationWebService Started.");
            this.StrReturn = String.valueOf(register.ibl_locationtracking.LocationWebService.MaxDistance);
            this.GetMobileinformation();
        } catch (Exception v0) {
            v0.printStackTrace();
            this.objCallSoap = new register.ibl_locationtracking.CallSoap();
            this.objCallSoap.WriteLog(new StringBuilder().append("LocationWebService doInBackground catch Error: ").append(v0.getMessage().toString()).toString());
            this.objCallSoap = new register.ibl_locationtracking.CallSoap();
            this.objCallSoap.WriteLog(new StringBuilder().append("LocationWebService responsemessage: ").append(this.StrReturn.replaceAll("\r\n", "")).toString());
            register.ibl_locationtracking.LocationWebService.MaxDistance = Integer.valueOf(this.strDbDistance.replace("\r\n", "")).intValue();
            return this.strDbDistance;
        }
        if (!register.ibl_locationtracking.MainActivity.isServiceStopped) {
            this.DeviceModelName = new StringBuilder().append(this.StrDevicemodel).append(" | Service Started").toString();
        } else {
            this.DeviceModelName = new StringBuilder().append(this.StrDevicemodel).append(" | Service Stopped").toString();
        }
        this.url = new okhttp3.HttpUrl$Builder().scheme(register.ibl_locationtracking.PayanpaatuKattamaipu.Thittam).host(register.ibl_locationtracking.PayanpaatuKattamaipu.Thogupaalar).addPathSegment(register.ibl_locationtracking.PayanpaatuKattamaipu.Seavai).addPathSegment(register.ibl_locationtracking.PayanpaatuKattamaipu.VazhiOndru).addPathSegment("LocationTrackDetails_Insert").addQueryParameter("LTD_Date", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.GetCurrentDate()).toString()).addQueryParameter("LTD_Latitude", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(String.valueOf(p7[0])).toString()).addQueryParameter("LTD_Longitude", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(String.valueOf(p7[1])).toString()).addQueryParameter("LTD_LocationName", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(String.valueOf(p7[2])).toString()).addQueryParameter("LTD_DistancefromLastLocation", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(String.valueOf(p7[3])).toString()).addQueryParameter("LTD_MobileNumber1", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.StrMobNo1).toString()).addQueryParameter("LTD_MobileNumber2", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.StrMobNo2).toString()).addQueryParameter("LTD_DeviceName", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.DeviceModelName).toString()).addQueryParameter("LTD_IsOnline", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(String.valueOf(p7[4])).toString()).addQueryParameter("LTD_IMEI1", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.StrIMEI1).toString()).addQueryParameter("LTD_IMEI2", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.StrIMEI2).toString()).addQueryParameter("LTD_MACAddress", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.StrMACAddress).toString()).addQueryParameter("LTD_IPAddress", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.StrIPAddress).toString()).build();
        this.request = new okhttp3.Request$Builder().url(this.url).build();
        this.StrReturn = this.httpclient.newCall(this.request).execute().body().string().replace("<string xmlns=\"http://tempuri.org/\">", "").replace("</string>", "").replace("<?xml version=\"1.0\" encoding=\"utf-8\"?>", "");
        this.strDbDistance = this.objMaraiyeettiyal.MaraivelakamAngikaramString(this.StrReturn);
        this.objCallSoap = new register.ibl_locationtracking.CallSoap();
        this.objCallSoap.WriteLog(new StringBuilder().append("LocationWebService responsemessage: ").append(this.StrReturn.replaceAll("\r\n", "")).toString());
        register.ibl_locationtracking.LocationWebService.MaxDistance = Integer.valueOf(this.strDbDistance.replace("\r\n", "")).intValue();
        return this.strDbDistance;
    }

Method register.ibl_locationtracking.Maraiyeettiyal.MaraikuriyakkuAngikaramString():


    public String MaraikuriyakkuAngikaramString(String p12)
    {
        try {
            if (javax.crypto.Cipher.getMaxAllowedKeyLength(register.ibl_locationtracking.DeviceDetails.MarayakaKuriyeedu.replace("mk", "")) >= Integer.valueOf(register.ibl_locationtracking.DeviceDetails.SaaviNeelam.replace("sn", "")).intValue()) {
                javax.crypto.Cipher v1 = javax.crypto.Cipher.getInstance(register.ibl_locationtracking.DeviceDetails.MarayakaKuriyeedu.replace("mk", ""));
                v1.init(1, new javax.crypto.spec.SecretKeySpec(register.ibl_locationtracking.LocationJSON.ThiravuKol.replace("tk", "").getBytes(register.ibl_locationtracking.LocationJSON.EighT), register.ibl_locationtracking.LocationJSON.MarayakaValimurai.replace("mv", "")), new javax.crypto.spec.IvParameterSpec(register.ibl_locationtracking.PayanpaatuKattamaipu.KadavuSoll.replace("ks", "").getBytes(register.ibl_locationtracking.LocationJSON.EighT)));
                int v6_13 = new String(android.util.Base64.encode(v1.doFinal(p12.getBytes()), 2), register.ibl_locationtracking.LocationJSON.EighT);
            } else {
                throw new IllegalStateException("Unlimited crypto files not present in this JRE");
            }
        } catch (java.security.GeneralSecurityException v2) {
            v6_13 = 0;
        } catch (java.security.GeneralSecurityException v2) {
            throw new IllegalStateException("Algorithms or unlimited crypto files not available", v2);
        }
        return v6_13;
    }

Method javax.crypto.spec.SecretKeySpec.<init>() not found.

[TAINT] String 'tk' ==>>> Sink '['Ljavax/crypto/spec/SecretKeySpec;', '<init>', '([B Ljava/lang/String;)V', '0', 'CRYPTO_SINK']' [[('Lregister/ibl_locationtracking/LocationWebService;', 'doInBackground', '([Ljava/lang/String;)Ljava/lang/String;'), ('Lregister/ibl_locationtracking/Maraiyeettiyal;', 'MaraikuriyakkuAngikaramString', '(Ljava/lang/String;)Ljava/lang/String;'), ('Ljavax/crypto/spec/SecretKeySpec;', '<init>', '([B Ljava/lang/String;)V')]]

The application uses a hardcoded secret key 'tk' to encrypt the data

Method register.ibl_locationtracking.LocationWebService.doInBackground():


    protected varargs String doInBackground(String[] p7)
    {
        try {
            this.objMaraiyeettiyal = new register.ibl_locationtracking.Maraiyeettiyal();
            this.objCallSoap = new register.ibl_locationtracking.CallSoap();
            this.objCallSoap.WriteLog("Online LocationWebService Started.");
            this.StrReturn = String.valueOf(register.ibl_locationtracking.LocationWebService.MaxDistance);
            this.GetMobileinformation();
        } catch (Exception v0) {
            v0.printStackTrace();
            this.objCallSoap = new register.ibl_locationtracking.CallSoap();
            this.objCallSoap.WriteLog(new StringBuilder().append("LocationWebService doInBackground catch Error: ").append(v0.getMessage().toString()).toString());
            this.objCallSoap = new register.ibl_locationtracking.CallSoap();
            this.objCallSoap.WriteLog(new StringBuilder().append("LocationWebService responsemessage: ").append(this.StrReturn.replaceAll("\r\n", "")).toString());
            register.ibl_locationtracking.LocationWebService.MaxDistance = Integer.valueOf(this.strDbDistance.replace("\r\n", "")).intValue();
            return this.strDbDistance;
        }
        if (!register.ibl_locationtracking.MainActivity.isServiceStopped) {
            this.DeviceModelName = new StringBuilder().append(this.StrDevicemodel).append(" | Service Started").toString();
        } else {
            this.DeviceModelName = new StringBuilder().append(this.StrDevicemodel).append(" | Service Stopped").toString();
        }
        this.url = new okhttp3.HttpUrl$Builder().scheme(register.ibl_locationtracking.PayanpaatuKattamaipu.Thittam).host(register.ibl_locationtracking.PayanpaatuKattamaipu.Thogupaalar).addPathSegment(register.ibl_locationtracking.PayanpaatuKattamaipu.Seavai).addPathSegment(register.ibl_locationtracking.PayanpaatuKattamaipu.VazhiOndru).addPathSegment("LocationTrackDetails_Insert").addQueryParameter("LTD_Date", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.GetCurrentDate()).toString()).addQueryParameter("LTD_Latitude", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(String.valueOf(p7[0])).toString()).addQueryParameter("LTD_Longitude", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(String.valueOf(p7[1])).toString()).addQueryParameter("LTD_LocationName", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(String.valueOf(p7[2])).toString()).addQueryParameter("LTD_DistancefromLastLocation", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(String.valueOf(p7[3])).toString()).addQueryParameter("LTD_MobileNumber1", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.StrMobNo1).toString()).addQueryParameter("LTD_MobileNumber2", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.StrMobNo2).toString()).addQueryParameter("LTD_DeviceName", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.DeviceModelName).toString()).addQueryParameter("LTD_IsOnline", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(String.valueOf(p7[4])).toString()).addQueryParameter("LTD_IMEI1", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.StrIMEI1).toString()).addQueryParameter("LTD_IMEI2", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.StrIMEI2).toString()).addQueryParameter("LTD_MACAddress", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.StrMACAddress).toString()).addQueryParameter("LTD_IPAddress", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.StrIPAddress).toString()).build();
        this.request = new okhttp3.Request$Builder().url(this.url).build();
        this.StrReturn = this.httpclient.newCall(this.request).execute().body().string().replace("<string xmlns=\"http://tempuri.org/\">", "").replace("</string>", "").replace("<?xml version=\"1.0\" encoding=\"utf-8\"?>", "");
        this.strDbDistance = this.objMaraiyeettiyal.MaraivelakamAngikaramString(this.StrReturn);
        this.objCallSoap = new register.ibl_locationtracking.CallSoap();
        this.objCallSoap.WriteLog(new StringBuilder().append("LocationWebService responsemessage: ").append(this.StrReturn.replaceAll("\r\n", "")).toString());
        register.ibl_locationtracking.LocationWebService.MaxDistance = Integer.valueOf(this.strDbDistance.replace("\r\n", "")).intValue();
        return this.strDbDistance;
    }

Method register.ibl_locationtracking.Maraiyeettiyal.MaraikuriyakkuAngikaramString():


    public String MaraikuriyakkuAngikaramString(String p12)
    {
        try {
            if (javax.crypto.Cipher.getMaxAllowedKeyLength(register.ibl_locationtracking.DeviceDetails.MarayakaKuriyeedu.replace("mk", "")) >= Integer.valueOf(register.ibl_locationtracking.DeviceDetails.SaaviNeelam.replace("sn", "")).intValue()) {
                javax.crypto.Cipher v1 = javax.crypto.Cipher.getInstance(register.ibl_locationtracking.DeviceDetails.MarayakaKuriyeedu.replace("mk", ""));
                v1.init(1, new javax.crypto.spec.SecretKeySpec(register.ibl_locationtracking.LocationJSON.ThiravuKol.replace("tk", "").getBytes(register.ibl_locationtracking.LocationJSON.EighT), register.ibl_locationtracking.LocationJSON.MarayakaValimurai.replace("mv", "")), new javax.crypto.spec.IvParameterSpec(register.ibl_locationtracking.PayanpaatuKattamaipu.KadavuSoll.replace("ks", "").getBytes(register.ibl_locationtracking.LocationJSON.EighT)));
                int v6_13 = new String(android.util.Base64.encode(v1.doFinal(p12.getBytes()), 2), register.ibl_locationtracking.LocationJSON.EighT);
            } else {
                throw new IllegalStateException("Unlimited crypto files not present in this JRE");
            }
        } catch (java.security.GeneralSecurityException v2) {
            v6_13 = 0;
        } catch (java.security.GeneralSecurityException v2) {
            throw new IllegalStateException("Algorithms or unlimited crypto files not available", v2);
        }
        return v6_13;
    }

Method javax.crypto.spec.SecretKeySpec.<init>() not found.

[TAINT] String '' ==>>> Sink '['Ljavax/crypto/spec/SecretKeySpec;', '<init>', '([B Ljava/lang/String;)V', '0', 'CRYPTO_SINK']' [[('Lregister/ibl_locationtracking/LocationWebService;', 'doInBackground', '([Ljava/lang/String;)Ljava/lang/String;'), ('Lregister/ibl_locationtracking/Maraiyeettiyal;', 'MaraikuriyakkuAngikaramString', '(Ljava/lang/String;)Ljava/lang/String;'), ('Ljavax/crypto/spec/SecretKeySpec;', '<init>', '([B Ljava/lang/String;)V')]]

The application uses a hardcoded secret key '' to encrypt the data

Method register.ibl_locationtracking.LocationWebService.doInBackground():


    protected varargs String doInBackground(String[] p7)
    {
        try {
            this.objMaraiyeettiyal = new register.ibl_locationtracking.Maraiyeettiyal();
            this.objCallSoap = new register.ibl_locationtracking.CallSoap();
            this.objCallSoap.WriteLog("Online LocationWebService Started.");
            this.StrReturn = String.valueOf(register.ibl_locationtracking.LocationWebService.MaxDistance);
            this.GetMobileinformation();
        } catch (Exception v0) {
            v0.printStackTrace();
            this.objCallSoap = new register.ibl_locationtracking.CallSoap();
            this.objCallSoap.WriteLog(new StringBuilder().append("LocationWebService doInBackground catch Error: ").append(v0.getMessage().toString()).toString());
            this.objCallSoap = new register.ibl_locationtracking.CallSoap();
            this.objCallSoap.WriteLog(new StringBuilder().append("LocationWebService responsemessage: ").append(this.StrReturn.replaceAll("\r\n", "")).toString());
            register.ibl_locationtracking.LocationWebService.MaxDistance = Integer.valueOf(this.strDbDistance.replace("\r\n", "")).intValue();
            return this.strDbDistance;
        }
        if (!register.ibl_locationtracking.MainActivity.isServiceStopped) {
            this.DeviceModelName = new StringBuilder().append(this.StrDevicemodel).append(" | Service Started").toString();
        } else {
            this.DeviceModelName = new StringBuilder().append(this.StrDevicemodel).append(" | Service Stopped").toString();
        }
        this.url = new okhttp3.HttpUrl$Builder().scheme(register.ibl_locationtracking.PayanpaatuKattamaipu.Thittam).host(register.ibl_locationtracking.PayanpaatuKattamaipu.Thogupaalar).addPathSegment(register.ibl_locationtracking.PayanpaatuKattamaipu.Seavai).addPathSegment(register.ibl_locationtracking.PayanpaatuKattamaipu.VazhiOndru).addPathSegment("LocationTrackDetails_Insert").addQueryParameter("LTD_Date", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.GetCurrentDate()).toString()).addQueryParameter("LTD_Latitude", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(String.valueOf(p7[0])).toString()).addQueryParameter("LTD_Longitude", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(String.valueOf(p7[1])).toString()).addQueryParameter("LTD_LocationName", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(String.valueOf(p7[2])).toString()).addQueryParameter("LTD_DistancefromLastLocation", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(String.valueOf(p7[3])).toString()).addQueryParameter("LTD_MobileNumber1", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.StrMobNo1).toString()).addQueryParameter("LTD_MobileNumber2", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.StrMobNo2).toString()).addQueryParameter("LTD_DeviceName", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.DeviceModelName).toString()).addQueryParameter("LTD_IsOnline", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(String.valueOf(p7[4])).toString()).addQueryParameter("LTD_IMEI1", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.StrIMEI1).toString()).addQueryParameter("LTD_IMEI2", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.StrIMEI2).toString()).addQueryParameter("LTD_MACAddress", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.StrMACAddress).toString()).addQueryParameter("LTD_IPAddress", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.StrIPAddress).toString()).build();
        this.request = new okhttp3.Request$Builder().url(this.url).build();
        this.StrReturn = this.httpclient.newCall(this.request).execute().body().string().replace("<string xmlns=\"http://tempuri.org/\">", "").replace("</string>", "").replace("<?xml version=\"1.0\" encoding=\"utf-8\"?>", "");
        this.strDbDistance = this.objMaraiyeettiyal.MaraivelakamAngikaramString(this.StrReturn);
        this.objCallSoap = new register.ibl_locationtracking.CallSoap();
        this.objCallSoap.WriteLog(new StringBuilder().append("LocationWebService responsemessage: ").append(this.StrReturn.replaceAll("\r\n", "")).toString());
        register.ibl_locationtracking.LocationWebService.MaxDistance = Integer.valueOf(this.strDbDistance.replace("\r\n", "")).intValue();
        return this.strDbDistance;
    }

Method register.ibl_locationtracking.Maraiyeettiyal.MaraikuriyakkuAngikaramString():


    public String MaraikuriyakkuAngikaramString(String p12)
    {
        try {
            if (javax.crypto.Cipher.getMaxAllowedKeyLength(register.ibl_locationtracking.DeviceDetails.MarayakaKuriyeedu.replace("mk", "")) >= Integer.valueOf(register.ibl_locationtracking.DeviceDetails.SaaviNeelam.replace("sn", "")).intValue()) {
                javax.crypto.Cipher v1 = javax.crypto.Cipher.getInstance(register.ibl_locationtracking.DeviceDetails.MarayakaKuriyeedu.replace("mk", ""));
                v1.init(1, new javax.crypto.spec.SecretKeySpec(register.ibl_locationtracking.LocationJSON.ThiravuKol.replace("tk", "").getBytes(register.ibl_locationtracking.LocationJSON.EighT), register.ibl_locationtracking.LocationJSON.MarayakaValimurai.replace("mv", "")), new javax.crypto.spec.IvParameterSpec(register.ibl_locationtracking.PayanpaatuKattamaipu.KadavuSoll.replace("ks", "").getBytes(register.ibl_locationtracking.LocationJSON.EighT)));
                int v6_13 = new String(android.util.Base64.encode(v1.doFinal(p12.getBytes()), 2), register.ibl_locationtracking.LocationJSON.EighT);
            } else {
                throw new IllegalStateException("Unlimited crypto files not present in this JRE");
            }
        } catch (java.security.GeneralSecurityException v2) {
            v6_13 = 0;
        } catch (java.security.GeneralSecurityException v2) {
            throw new IllegalStateException("Algorithms or unlimited crypto files not available", v2);
        }
        return v6_13;
    }

Method javax.crypto.spec.SecretKeySpec.<init>() not found.

[TAINT] String '' ==>>> Sink '['Ljavax/crypto/spec/SecretKeySpec;', '<init>', '([B Ljava/lang/String;)V', '0', 'CRYPTO_SINK']' [[('Lregister/ibl_locationtracking/MainActivity$6;', 'onLocationChanged', '(Landroid/location/Location;)V'), ('Lregister/ibl_locationtracking/DBHandler;', 'Insert_LocationTracking', '(Lregister/ibl_locationtracking/Trackingdetails;)V'), ('Lregister/ibl_locationtracking/Maraiyeettiyal;', 'MaraikuriyakkuAngikaramString', '(Ljava/lang/String;)Ljava/lang/String;'), ('Ljavax/crypto/spec/SecretKeySpec;', '<init>', '([B Ljava/lang/String;)V')]]

The application uses a hardcoded secret key '' to encrypt the data

Method register.ibl_locationtracking.MainActivity$6.onLocationChanged():


    public void onLocationChanged(android.location.Location p30)
    {
        if (p30 != null) {
            this.this$0.objCallSoap = new register.ibl_locationtracking.CallSoap();
            this.this$0.objCallSoap.WriteLog("Stopped LocationListener Started.");
            this.this$0.isConnectingToInternet = this.this$0.objCallSoap.isConnectingToInternet(this.this$0.getApplicationContext());
            if (!this.this$0.isConnectingToInternet) {
                try {
                    this.this$0.IsOnline = Integer.valueOf(0);
                    this.this$0.address = "";
                    register.ibl_locationtracking.MainActivity.access$302(p30.getLatitude());
                    register.ibl_locationtracking.MainActivity.access$402(p30.getLongitude());
                    android.location.Location v27_1 = new android.location.Location;
                    v27_1("locationA");
                    v27_1.setLatitude(register.ibl_locationtracking.IBL_Location_Tracker.dblbeforestoplat);
                    v27_1.setLongitude(register.ibl_locationtracking.IBL_Location_Tracker.dblbeforestoplan);
                    android.location.Location v26_1 = new android.location.Location;
                    v26_1("locationA");
                    v26_1.setLatitude(register.ibl_locationtracking.MainActivity.access$300());
                    v26_1.setLongitude(register.ibl_locationtracking.MainActivity.access$400());
                    double v22_1 = ((double) v27_1.distanceTo(v26_1));
                    this.this$0.objdbHandler = new register.ibl_locationtracking.DBHandler(this.this$0.getApplicationContext());
                    this.this$0.objdbHandler.OpenDataBase();
                    this.this$0.objdbHandler.Insert_LocationTracking(new register.ibl_locationtracking.Trackingdetails(this.this$0.GetCurrentDate(), String.valueOf(register.ibl_locationtracking.MainActivity.access$300()), String.valueOf(register.ibl_locationtracking.MainActivity.access$400()), this.this$0.address, String.valueOf(v22_1), register.ibl_locationtracking.MainActivity.StrMobNo1, register.ibl_locationtracking.MainActivity.StrMobNo2, register.ibl_locationtracking.MainActivity.StrDevicemodel, String.valueOf(this.this$0.IsOnline), register.ibl_locationtracking.MainActivity.StrIMEI1, register.ibl_locationtracking.MainActivity.StrIMEI2, register.ibl_locationtracking.MainActivity.StrMACAddress, register.ibl_locationtracking.MainActivity.StrIPAddress, 0, "", "", "", 1));
                    this.this$0.objCallSoap.WriteLog("Stopped Offline Location Updation Ended");
                } catch (Exception v24_0) {
                    v24_0.printStackTrace();
                    this.this$0.objCallSoap.WriteLog(new StringBuilder().append("Stopped LocationListener Offline catch Error: ").append(v24_0.getMessage().toString()).toString());
                }
            } else {
                try {
                    this.this$0.geocoder = new android.location.Geocoder(this.this$0.getApplicationContext(), java.util.Locale.getDefault());
                    try {
                        register.ibl_locationtracking.MainActivity.access$302(p30.getLatitude());
                        register.ibl_locationtracking.MainActivity.access$402(p30.getLongitude());
                        this.this$0.addresses = this.this$0.geocoder.getFromLocation(register.ibl_locationtracking.MainActivity.access$300(), register.ibl_locationtracking.MainActivity.access$400(), 1);
                    } catch (java.io.IOException v25) {
                        v25.printStackTrace();
                        this.this$0.IsOnline = Integer.valueOf(1);
                        android.location.Location v27_0 = new android.location.Location;
                        v27_0("locationA");
                        v27_0.setLatitude(register.ibl_locationtracking.IBL_Location_Tracker.dblbeforestoplat);
                        v27_0.setLongitude(register.ibl_locationtracking.IBL_Location_Tracker.dblbeforestoplan);
                        this.this$0.objCallSoap.WriteLog(new StringBuilder().append("Existing on stop : lat ").append(register.ibl_locationtracking.IBL_Location_Tracker.dblbeforestoplat).append(" long : ").append(register.ibl_locationtracking.IBL_Location_Tracker.dblbeforestoplan).toString());
                        android.location.Location v26_0 = new android.location.Location;
                        v26_0("locationA");
                        v26_0.setLatitude(register.ibl_locationtracking.MainActivity.access$300());
                        v26_0.setLongitude(register.ibl_locationtracking.MainActivity.access$400());
                        this.this$0.objCallSoap.WriteLog(new StringBuilder().append("Current on stop : lat ").append(register.ibl_locationtracking.MainActivity.access$300()).append(" long : ").append(register.ibl_locationtracking.MainActivity.access$400()).toString());
                        double v22_0 = ((double) v27_0.distanceTo(v26_0));
                        this.this$0.objCallSoap.WriteLog(new StringBuilder().append("Distance on stop : ").append(v22_0).toString());
                        register.ibl_locationtracking.CallSoap v2_37 = new register.ibl_locationtracking.LocationWebService(this.this$0.getApplicationContext());
                        String v3_42 = new String[5];
                        v3_42[0] = String.valueOf(register.ibl_locationtracking.MainActivity.access$300());
                        v3_42[1] = String.valueOf(register.ibl_locationtracking.MainActivity.access$400());
                        v3_42[2] = this.this$0.address;
                        v3_42[3] = String.valueOf(v22_0);
                        v3_42[4] = String.valueOf(this.this$0.IsOnline);
                        v2_37.execute(v3_42);
                        this.this$0.objCallSoap.WriteLog("Stopped Online Location Updation Ended.");
                    }
                    if (!android.location.Geocoder.isPresent()) {
                        this.this$0.address = "";
                    } else {
                        this.this$0.address = ((android.location.Address) this.this$0.addresses.get(0)).getAddressLine(0);
                    }
                } catch (Exception v24_1) {
                    v24_1.printStackTrace();
                    this.this$0.objCallSoap.WriteLog(new StringBuilder().append("Stopped LocationListener Online catch Error: ").append(v24_1.getMessage().toString()).toString());
                }
            }
            if (register.ibl_locationtracking.MainActivity.access$500(this.this$0) != null) {
                register.ibl_locationtracking.MainActivity.access$500(this.this$0).removeUpdates(register.ibl_locationtracking.MainActivity.access$600(this.this$0));
            }
        }
        return;
    }

Method register.ibl_locationtracking.DBHandler.Insert_LocationTracking():


    public void Insert_LocationTracking(register.ibl_locationtracking.Trackingdetails p7)
    {
        this.dbhelper = register.ibl_locationtracking.DBHandler.getInstance(register.ibl_locationtracking.DBHandler.myContext);
        try {
            this.objMaraiyeettiyal = new register.ibl_locationtracking.Maraiyeettiyal();
            this.objCallSoap = new register.ibl_locationtracking.CallSoap();
            this.objCallSoap.WriteLog("DBHandler OffLine Insert_LocationTracking...");
            this.GetMobileinformation();
        } catch (android.database.SQLException v1) {
            this.objCallSoap = new register.ibl_locationtracking.CallSoap();
            this.objCallSoap.WriteLog(new StringBuilder().append("DBHandler Insert_LocationTracking Catch Error: ").append(v1.getMessage().toString()).toString());
            throw v1;
        } catch (register.ibl_locationtracking.DBHandler v3_26) {
            this.db.endTransaction();
            if (this.db != null) {
                if (this.db.isOpen()) {
                    this.db.close();
                }
            }
            if (this.dbhelper != null) {
                this.dbhelper.close();
            }
            throw v3_26;
        }
        if (!register.ibl_locationtracking.MainActivity.isServiceStopped) {
            this.DeviceModelName = new StringBuilder().append(this.StrDevicemodel).append(" | Service Started").toString();
        } else {
            this.DeviceModelName = new StringBuilder().append(this.StrDevicemodel).append(" | Service Stopped").toString();
        }
        try {
            this.db = this.dbhelper.getWritableDatabase();
            this.db.beginTransaction();
            android.content.ContentValues v2_1 = new android.content.ContentValues();
            v2_1.put("LTD_Date", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(p7.getLTD_Date()).toString());
            v2_1.put("LTD_Latitude", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(p7.getLTD_Latitude()).toString());
            v2_1.put("LTD_Longitude", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(p7.getLTD_Longitude()).toString());
            v2_1.put("LTD_LocationName", "");
            v2_1.put("LTD_DistancefromLastLocation", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(p7.getLTD_DistancefromLastLocation()).toString());
            v2_1.put("LTD_MobileNumber1", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.StrMobNo1).toString());
            v2_1.put("LTD_MobileNumber2", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.StrMobNo2).toString());
            v2_1.put("LTD_DeviceName", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.DeviceModelName).toString());
            v2_1.put("LTD_IsOnline", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(p7.getLTD_IsOnline()).toString());
            v2_1.put("LTD_IMEI1", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.StrIMEI1).toString());
            v2_1.put("LTD_IMEI2", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.StrIMEI2).toString());
            v2_1.put("LTD_MACAddress", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.StrMACAddress));
            v2_1.put("LTD_IPAddress", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.StrIPAddress));
            v2_1.put("LTD_IsSynced", Boolean.valueOf(p7.getLTD_IsSynced()));
            v2_1.put("LTD_Synceddate", p7.getLTD_Synceddate());
            v2_1.put("LTD_Createdon", p7.getLTD_Createdon());
            v2_1.put("LTD_Modifiedon", p7.getLTD_Modifiedon());
            v2_1.put("LTD_IsActive", Boolean.valueOf(p7.getLTD_IsActive()));
            this.db.insert("LocationtrackingDetails", 0, v2_1);
            this.db.setTransactionSuccessful();
        } catch (Exception v0) {
            v0.printStackTrace();
            this.objCallSoap = new register.ibl_locationtracking.CallSoap();
            this.objCallSoap.WriteLog(new StringBuilder().append("DBHandler Insert_LocationTracking Catch Error: ").append(v0.getMessage().toString()).toString());
        }
        this.db.endTransaction();
        if ((this.db != null) && (this.db.isOpen())) {
            this.db.close();
        }
        if (this.dbhelper != null) {
            this.dbhelper.close();
        }
        return;
    }

Method register.ibl_locationtracking.Maraiyeettiyal.MaraikuriyakkuAngikaramString():


    public String MaraikuriyakkuAngikaramString(String p12)
    {
        try {
            if (javax.crypto.Cipher.getMaxAllowedKeyLength(register.ibl_locationtracking.DeviceDetails.MarayakaKuriyeedu.replace("mk", "")) >= Integer.valueOf(register.ibl_locationtracking.DeviceDetails.SaaviNeelam.replace("sn", "")).intValue()) {
                javax.crypto.Cipher v1 = javax.crypto.Cipher.getInstance(register.ibl_locationtracking.DeviceDetails.MarayakaKuriyeedu.replace("mk", ""));
                v1.init(1, new javax.crypto.spec.SecretKeySpec(register.ibl_locationtracking.LocationJSON.ThiravuKol.replace("tk", "").getBytes(register.ibl_locationtracking.LocationJSON.EighT), register.ibl_locationtracking.LocationJSON.MarayakaValimurai.replace("mv", "")), new javax.crypto.spec.IvParameterSpec(register.ibl_locationtracking.PayanpaatuKattamaipu.KadavuSoll.replace("ks", "").getBytes(register.ibl_locationtracking.LocationJSON.EighT)));
                int v6_13 = new String(android.util.Base64.encode(v1.doFinal(p12.getBytes()), 2), register.ibl_locationtracking.LocationJSON.EighT);
            } else {
                throw new IllegalStateException("Unlimited crypto files not present in this JRE");
            }
        } catch (java.security.GeneralSecurityException v2) {
            v6_13 = 0;
        } catch (java.security.GeneralSecurityException v2) {
            throw new IllegalStateException("Algorithms or unlimited crypto files not available", v2);
        }
        return v6_13;
    }

Method javax.crypto.spec.SecretKeySpec.<init>() not found.

[TAINT] String 'tk' ==>>> Sink '['Ljavax/crypto/spec/SecretKeySpec;', '<init>', '([B Ljava/lang/String;)V', '0', 'CRYPTO_SINK']' [[('Lregister/ibl_locationtracking/MainActivity$6;', 'onLocationChanged', '(Landroid/location/Location;)V'), ('Lregister/ibl_locationtracking/DBHandler;', 'Insert_LocationTracking', '(Lregister/ibl_locationtracking/Trackingdetails;)V'), ('Lregister/ibl_locationtracking/Maraiyeettiyal;', 'MaraikuriyakkuAngikaramString', '(Ljava/lang/String;)Ljava/lang/String;'), ('Ljavax/crypto/spec/SecretKeySpec;', '<init>', '([B Ljava/lang/String;)V')]]

The application uses a hardcoded secret key 'tk' to encrypt the data

Method register.ibl_locationtracking.MainActivity$6.onLocationChanged():


    public void onLocationChanged(android.location.Location p30)
    {
        if (p30 != null) {
            this.this$0.objCallSoap = new register.ibl_locationtracking.CallSoap();
            this.this$0.objCallSoap.WriteLog("Stopped LocationListener Started.");
            this.this$0.isConnectingToInternet = this.this$0.objCallSoap.isConnectingToInternet(this.this$0.getApplicationContext());
            if (!this.this$0.isConnectingToInternet) {
                try {
                    this.this$0.IsOnline = Integer.valueOf(0);
                    this.this$0.address = "";
                    register.ibl_locationtracking.MainActivity.access$302(p30.getLatitude());
                    register.ibl_locationtracking.MainActivity.access$402(p30.getLongitude());
                    android.location.Location v27_1 = new android.location.Location;
                    v27_1("locationA");
                    v27_1.setLatitude(register.ibl_locationtracking.IBL_Location_Tracker.dblbeforestoplat);
                    v27_1.setLongitude(register.ibl_locationtracking.IBL_Location_Tracker.dblbeforestoplan);
                    android.location.Location v26_1 = new android.location.Location;
                    v26_1("locationA");
                    v26_1.setLatitude(register.ibl_locationtracking.MainActivity.access$300());
                    v26_1.setLongitude(register.ibl_locationtracking.MainActivity.access$400());
                    double v22_1 = ((double) v27_1.distanceTo(v26_1));
                    this.this$0.objdbHandler = new register.ibl_locationtracking.DBHandler(this.this$0.getApplicationContext());
                    this.this$0.objdbHandler.OpenDataBase();
                    this.this$0.objdbHandler.Insert_LocationTracking(new register.ibl_locationtracking.Trackingdetails(this.this$0.GetCurrentDate(), String.valueOf(register.ibl_locationtracking.MainActivity.access$300()), String.valueOf(register.ibl_locationtracking.MainActivity.access$400()), this.this$0.address, String.valueOf(v22_1), register.ibl_locationtracking.MainActivity.StrMobNo1, register.ibl_locationtracking.MainActivity.StrMobNo2, register.ibl_locationtracking.MainActivity.StrDevicemodel, String.valueOf(this.this$0.IsOnline), register.ibl_locationtracking.MainActivity.StrIMEI1, register.ibl_locationtracking.MainActivity.StrIMEI2, register.ibl_locationtracking.MainActivity.StrMACAddress, register.ibl_locationtracking.MainActivity.StrIPAddress, 0, "", "", "", 1));
                    this.this$0.objCallSoap.WriteLog("Stopped Offline Location Updation Ended");
                } catch (Exception v24_0) {
                    v24_0.printStackTrace();
                    this.this$0.objCallSoap.WriteLog(new StringBuilder().append("Stopped LocationListener Offline catch Error: ").append(v24_0.getMessage().toString()).toString());
                }
            } else {
                try {
                    this.this$0.geocoder = new android.location.Geocoder(this.this$0.getApplicationContext(), java.util.Locale.getDefault());
                    try {
                        register.ibl_locationtracking.MainActivity.access$302(p30.getLatitude());
                        register.ibl_locationtracking.MainActivity.access$402(p30.getLongitude());
                        this.this$0.addresses = this.this$0.geocoder.getFromLocation(register.ibl_locationtracking.MainActivity.access$300(), register.ibl_locationtracking.MainActivity.access$400(), 1);
                    } catch (java.io.IOException v25) {
                        v25.printStackTrace();
                        this.this$0.IsOnline = Integer.valueOf(1);
                        android.location.Location v27_0 = new android.location.Location;
                        v27_0("locationA");
                        v27_0.setLatitude(register.ibl_locationtracking.IBL_Location_Tracker.dblbeforestoplat);
                        v27_0.setLongitude(register.ibl_locationtracking.IBL_Location_Tracker.dblbeforestoplan);
                        this.this$0.objCallSoap.WriteLog(new StringBuilder().append("Existing on stop : lat ").append(register.ibl_locationtracking.IBL_Location_Tracker.dblbeforestoplat).append(" long : ").append(register.ibl_locationtracking.IBL_Location_Tracker.dblbeforestoplan).toString());
                        android.location.Location v26_0 = new android.location.Location;
                        v26_0("locationA");
                        v26_0.setLatitude(register.ibl_locationtracking.MainActivity.access$300());
                        v26_0.setLongitude(register.ibl_locationtracking.MainActivity.access$400());
                        this.this$0.objCallSoap.WriteLog(new StringBuilder().append("Current on stop : lat ").append(register.ibl_locationtracking.MainActivity.access$300()).append(" long : ").append(register.ibl_locationtracking.MainActivity.access$400()).toString());
                        double v22_0 = ((double) v27_0.distanceTo(v26_0));
                        this.this$0.objCallSoap.WriteLog(new StringBuilder().append("Distance on stop : ").append(v22_0).toString());
                        register.ibl_locationtracking.CallSoap v2_37 = new register.ibl_locationtracking.LocationWebService(this.this$0.getApplicationContext());
                        String v3_42 = new String[5];
                        v3_42[0] = String.valueOf(register.ibl_locationtracking.MainActivity.access$300());
                        v3_42[1] = String.valueOf(register.ibl_locationtracking.MainActivity.access$400());
                        v3_42[2] = this.this$0.address;
                        v3_42[3] = String.valueOf(v22_0);
                        v3_42[4] = String.valueOf(this.this$0.IsOnline);
                        v2_37.execute(v3_42);
                        this.this$0.objCallSoap.WriteLog("Stopped Online Location Updation Ended.");
                    }
                    if (!android.location.Geocoder.isPresent()) {
                        this.this$0.address = "";
                    } else {
                        this.this$0.address = ((android.location.Address) this.this$0.addresses.get(0)).getAddressLine(0);
                    }
                } catch (Exception v24_1) {
                    v24_1.printStackTrace();
                    this.this$0.objCallSoap.WriteLog(new StringBuilder().append("Stopped LocationListener Online catch Error: ").append(v24_1.getMessage().toString()).toString());
                }
            }
            if (register.ibl_locationtracking.MainActivity.access$500(this.this$0) != null) {
                register.ibl_locationtracking.MainActivity.access$500(this.this$0).removeUpdates(register.ibl_locationtracking.MainActivity.access$600(this.this$0));
            }
        }
        return;
    }

Method register.ibl_locationtracking.DBHandler.Insert_LocationTracking():


    public void Insert_LocationTracking(register.ibl_locationtracking.Trackingdetails p7)
    {
        this.dbhelper = register.ibl_locationtracking.DBHandler.getInstance(register.ibl_locationtracking.DBHandler.myContext);
        try {
            this.objMaraiyeettiyal = new register.ibl_locationtracking.Maraiyeettiyal();
            this.objCallSoap = new register.ibl_locationtracking.CallSoap();
            this.objCallSoap.WriteLog("DBHandler OffLine Insert_LocationTracking...");
            this.GetMobileinformation();
        } catch (android.database.SQLException v1) {
            this.objCallSoap = new register.ibl_locationtracking.CallSoap();
            this.objCallSoap.WriteLog(new StringBuilder().append("DBHandler Insert_LocationTracking Catch Error: ").append(v1.getMessage().toString()).toString());
            throw v1;
        } catch (register.ibl_locationtracking.DBHandler v3_26) {
            this.db.endTransaction();
            if (this.db != null) {
                if (this.db.isOpen()) {
                    this.db.close();
                }
            }
            if (this.dbhelper != null) {
                this.dbhelper.close();
            }
            throw v3_26;
        }
        if (!register.ibl_locationtracking.MainActivity.isServiceStopped) {
            this.DeviceModelName = new StringBuilder().append(this.StrDevicemodel).append(" | Service Started").toString();
        } else {
            this.DeviceModelName = new StringBuilder().append(this.StrDevicemodel).append(" | Service Stopped").toString();
        }
        try {
            this.db = this.dbhelper.getWritableDatabase();
            this.db.beginTransaction();
            android.content.ContentValues v2_1 = new android.content.ContentValues();
            v2_1.put("LTD_Date", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(p7.getLTD_Date()).toString());
            v2_1.put("LTD_Latitude", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(p7.getLTD_Latitude()).toString());
            v2_1.put("LTD_Longitude", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(p7.getLTD_Longitude()).toString());
            v2_1.put("LTD_LocationName", "");
            v2_1.put("LTD_DistancefromLastLocation", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(p7.getLTD_DistancefromLastLocation()).toString());
            v2_1.put("LTD_MobileNumber1", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.StrMobNo1).toString());
            v2_1.put("LTD_MobileNumber2", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.StrMobNo2).toString());
            v2_1.put("LTD_DeviceName", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.DeviceModelName).toString());
            v2_1.put("LTD_IsOnline", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(p7.getLTD_IsOnline()).toString());
            v2_1.put("LTD_IMEI1", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.StrIMEI1).toString());
            v2_1.put("LTD_IMEI2", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.StrIMEI2).toString());
            v2_1.put("LTD_MACAddress", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.StrMACAddress));
            v2_1.put("LTD_IPAddress", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.StrIPAddress));
            v2_1.put("LTD_IsSynced", Boolean.valueOf(p7.getLTD_IsSynced()));
            v2_1.put("LTD_Synceddate", p7.getLTD_Synceddate());
            v2_1.put("LTD_Createdon", p7.getLTD_Createdon());
            v2_1.put("LTD_Modifiedon", p7.getLTD_Modifiedon());
            v2_1.put("LTD_IsActive", Boolean.valueOf(p7.getLTD_IsActive()));
            this.db.insert("LocationtrackingDetails", 0, v2_1);
            this.db.setTransactionSuccessful();
        } catch (Exception v0) {
            v0.printStackTrace();
            this.objCallSoap = new register.ibl_locationtracking.CallSoap();
            this.objCallSoap.WriteLog(new StringBuilder().append("DBHandler Insert_LocationTracking Catch Error: ").append(v0.getMessage().toString()).toString());
        }
        this.db.endTransaction();
        if ((this.db != null) && (this.db.isOpen())) {
            this.db.close();
        }
        if (this.dbhelper != null) {
            this.dbhelper.close();
        }
        return;
    }

Method register.ibl_locationtracking.Maraiyeettiyal.MaraikuriyakkuAngikaramString():


    public String MaraikuriyakkuAngikaramString(String p12)
    {
        try {
            if (javax.crypto.Cipher.getMaxAllowedKeyLength(register.ibl_locationtracking.DeviceDetails.MarayakaKuriyeedu.replace("mk", "")) >= Integer.valueOf(register.ibl_locationtracking.DeviceDetails.SaaviNeelam.replace("sn", "")).intValue()) {
                javax.crypto.Cipher v1 = javax.crypto.Cipher.getInstance(register.ibl_locationtracking.DeviceDetails.MarayakaKuriyeedu.replace("mk", ""));
                v1.init(1, new javax.crypto.spec.SecretKeySpec(register.ibl_locationtracking.LocationJSON.ThiravuKol.replace("tk", "").getBytes(register.ibl_locationtracking.LocationJSON.EighT), register.ibl_locationtracking.LocationJSON.MarayakaValimurai.replace("mv", "")), new javax.crypto.spec.IvParameterSpec(register.ibl_locationtracking.PayanpaatuKattamaipu.KadavuSoll.replace("ks", "").getBytes(register.ibl_locationtracking.LocationJSON.EighT)));
                int v6_13 = new String(android.util.Base64.encode(v1.doFinal(p12.getBytes()), 2), register.ibl_locationtracking.LocationJSON.EighT);
            } else {
                throw new IllegalStateException("Unlimited crypto files not present in this JRE");
            }
        } catch (java.security.GeneralSecurityException v2) {
            v6_13 = 0;
        } catch (java.security.GeneralSecurityException v2) {
            throw new IllegalStateException("Algorithms or unlimited crypto files not available", v2);
        }
        return v6_13;
    }

Method javax.crypto.spec.SecretKeySpec.<init>() not found.

[TAINT] String '' ==>>> Sink '['Ljavax/crypto/spec/SecretKeySpec;', '<init>', '([B Ljava/lang/String;)V', '0', 'CRYPTO_SINK']' [[('Lregister/ibl_locationtracking/DBHandler;', 'Insert_LocationTracking', '(Lregister/ibl_locationtracking/Trackingdetails;)V'), ('Lregister/ibl_locationtracking/Maraiyeettiyal;', 'MaraikuriyakkuAngikaramString', '(Ljava/lang/String;)Ljava/lang/String;'), ('Ljavax/crypto/spec/SecretKeySpec;', '<init>', '([B Ljava/lang/String;)V')]]

The application uses a hardcoded secret key '' to encrypt the data

Method register.ibl_locationtracking.DBHandler.Insert_LocationTracking():


    public void Insert_LocationTracking(register.ibl_locationtracking.Trackingdetails p7)
    {
        this.dbhelper = register.ibl_locationtracking.DBHandler.getInstance(register.ibl_locationtracking.DBHandler.myContext);
        try {
            this.objMaraiyeettiyal = new register.ibl_locationtracking.Maraiyeettiyal();
            this.objCallSoap = new register.ibl_locationtracking.CallSoap();
            this.objCallSoap.WriteLog("DBHandler OffLine Insert_LocationTracking...");
            this.GetMobileinformation();
        } catch (android.database.SQLException v1) {
            this.objCallSoap = new register.ibl_locationtracking.CallSoap();
            this.objCallSoap.WriteLog(new StringBuilder().append("DBHandler Insert_LocationTracking Catch Error: ").append(v1.getMessage().toString()).toString());
            throw v1;
        } catch (register.ibl_locationtracking.DBHandler v3_26) {
            this.db.endTransaction();
            if (this.db != null) {
                if (this.db.isOpen()) {
                    this.db.close();
                }
            }
            if (this.dbhelper != null) {
                this.dbhelper.close();
            }
            throw v3_26;
        }
        if (!register.ibl_locationtracking.MainActivity.isServiceStopped) {
            this.DeviceModelName = new StringBuilder().append(this.StrDevicemodel).append(" | Service Started").toString();
        } else {
            this.DeviceModelName = new StringBuilder().append(this.StrDevicemodel).append(" | Service Stopped").toString();
        }
        try {
            this.db = this.dbhelper.getWritableDatabase();
            this.db.beginTransaction();
            android.content.ContentValues v2_1 = new android.content.ContentValues();
            v2_1.put("LTD_Date", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(p7.getLTD_Date()).toString());
            v2_1.put("LTD_Latitude", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(p7.getLTD_Latitude()).toString());
            v2_1.put("LTD_Longitude", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(p7.getLTD_Longitude()).toString());
            v2_1.put("LTD_LocationName", "");
            v2_1.put("LTD_DistancefromLastLocation", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(p7.getLTD_DistancefromLastLocation()).toString());
            v2_1.put("LTD_MobileNumber1", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.StrMobNo1).toString());
            v2_1.put("LTD_MobileNumber2", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.StrMobNo2).toString());
            v2_1.put("LTD_DeviceName", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.DeviceModelName).toString());
            v2_1.put("LTD_IsOnline", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(p7.getLTD_IsOnline()).toString());
            v2_1.put("LTD_IMEI1", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.StrIMEI1).toString());
            v2_1.put("LTD_IMEI2", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.StrIMEI2).toString());
            v2_1.put("LTD_MACAddress", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.StrMACAddress));
            v2_1.put("LTD_IPAddress", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.StrIPAddress));
            v2_1.put("LTD_IsSynced", Boolean.valueOf(p7.getLTD_IsSynced()));
            v2_1.put("LTD_Synceddate", p7.getLTD_Synceddate());
            v2_1.put("LTD_Createdon", p7.getLTD_Createdon());
            v2_1.put("LTD_Modifiedon", p7.getLTD_Modifiedon());
            v2_1.put("LTD_IsActive", Boolean.valueOf(p7.getLTD_IsActive()));
            this.db.insert("LocationtrackingDetails", 0, v2_1);
            this.db.setTransactionSuccessful();
        } catch (Exception v0) {
            v0.printStackTrace();
            this.objCallSoap = new register.ibl_locationtracking.CallSoap();
            this.objCallSoap.WriteLog(new StringBuilder().append("DBHandler Insert_LocationTracking Catch Error: ").append(v0.getMessage().toString()).toString());
        }
        this.db.endTransaction();
        if ((this.db != null) && (this.db.isOpen())) {
            this.db.close();
        }
        if (this.dbhelper != null) {
            this.dbhelper.close();
        }
        return;
    }

Method register.ibl_locationtracking.Maraiyeettiyal.MaraikuriyakkuAngikaramString():


    public String MaraikuriyakkuAngikaramString(String p12)
    {
        try {
            if (javax.crypto.Cipher.getMaxAllowedKeyLength(register.ibl_locationtracking.DeviceDetails.MarayakaKuriyeedu.replace("mk", "")) >= Integer.valueOf(register.ibl_locationtracking.DeviceDetails.SaaviNeelam.replace("sn", "")).intValue()) {
                javax.crypto.Cipher v1 = javax.crypto.Cipher.getInstance(register.ibl_locationtracking.DeviceDetails.MarayakaKuriyeedu.replace("mk", ""));
                v1.init(1, new javax.crypto.spec.SecretKeySpec(register.ibl_locationtracking.LocationJSON.ThiravuKol.replace("tk", "").getBytes(register.ibl_locationtracking.LocationJSON.EighT), register.ibl_locationtracking.LocationJSON.MarayakaValimurai.replace("mv", "")), new javax.crypto.spec.IvParameterSpec(register.ibl_locationtracking.PayanpaatuKattamaipu.KadavuSoll.replace("ks", "").getBytes(register.ibl_locationtracking.LocationJSON.EighT)));
                int v6_13 = new String(android.util.Base64.encode(v1.doFinal(p12.getBytes()), 2), register.ibl_locationtracking.LocationJSON.EighT);
            } else {
                throw new IllegalStateException("Unlimited crypto files not present in this JRE");
            }
        } catch (java.security.GeneralSecurityException v2) {
            v6_13 = 0;
        } catch (java.security.GeneralSecurityException v2) {
            throw new IllegalStateException("Algorithms or unlimited crypto files not available", v2);
        }
        return v6_13;
    }

Method javax.crypto.spec.SecretKeySpec.<init>() not found.

[TAINT] String 'tk' ==>>> Sink '['Ljavax/crypto/spec/SecretKeySpec;', '<init>', '([B Ljava/lang/String;)V', '0', 'CRYPTO_SINK']' [[('Lregister/ibl_locationtracking/DBHandler;', 'Insert_LocationTracking', '(Lregister/ibl_locationtracking/Trackingdetails;)V'), ('Lregister/ibl_locationtracking/Maraiyeettiyal;', 'MaraikuriyakkuAngikaramString', '(Ljava/lang/String;)Ljava/lang/String;'), ('Ljavax/crypto/spec/SecretKeySpec;', '<init>', '([B Ljava/lang/String;)V')]]

The application uses a hardcoded secret key 'tk' to encrypt the data

Method register.ibl_locationtracking.DBHandler.Insert_LocationTracking():


    public void Insert_LocationTracking(register.ibl_locationtracking.Trackingdetails p7)
    {
        this.dbhelper = register.ibl_locationtracking.DBHandler.getInstance(register.ibl_locationtracking.DBHandler.myContext);
        try {
            this.objMaraiyeettiyal = new register.ibl_locationtracking.Maraiyeettiyal();
            this.objCallSoap = new register.ibl_locationtracking.CallSoap();
            this.objCallSoap.WriteLog("DBHandler OffLine Insert_LocationTracking...");
            this.GetMobileinformation();
        } catch (android.database.SQLException v1) {
            this.objCallSoap = new register.ibl_locationtracking.CallSoap();
            this.objCallSoap.WriteLog(new StringBuilder().append("DBHandler Insert_LocationTracking Catch Error: ").append(v1.getMessage().toString()).toString());
            throw v1;
        } catch (register.ibl_locationtracking.DBHandler v3_26) {
            this.db.endTransaction();
            if (this.db != null) {
                if (this.db.isOpen()) {
                    this.db.close();
                }
            }
            if (this.dbhelper != null) {
                this.dbhelper.close();
            }
            throw v3_26;
        }
        if (!register.ibl_locationtracking.MainActivity.isServiceStopped) {
            this.DeviceModelName = new StringBuilder().append(this.StrDevicemodel).append(" | Service Started").toString();
        } else {
            this.DeviceModelName = new StringBuilder().append(this.StrDevicemodel).append(" | Service Stopped").toString();
        }
        try {
            this.db = this.dbhelper.getWritableDatabase();
            this.db.beginTransaction();
            android.content.ContentValues v2_1 = new android.content.ContentValues();
            v2_1.put("LTD_Date", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(p7.getLTD_Date()).toString());
            v2_1.put("LTD_Latitude", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(p7.getLTD_Latitude()).toString());
            v2_1.put("LTD_Longitude", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(p7.getLTD_Longitude()).toString());
            v2_1.put("LTD_LocationName", "");
            v2_1.put("LTD_DistancefromLastLocation", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(p7.getLTD_DistancefromLastLocation()).toString());
            v2_1.put("LTD_MobileNumber1", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.StrMobNo1).toString());
            v2_1.put("LTD_MobileNumber2", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.StrMobNo2).toString());
            v2_1.put("LTD_DeviceName", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.DeviceModelName).toString());
            v2_1.put("LTD_IsOnline", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(p7.getLTD_IsOnline()).toString());
            v2_1.put("LTD_IMEI1", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.StrIMEI1).toString());
            v2_1.put("LTD_IMEI2", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.StrIMEI2).toString());
            v2_1.put("LTD_MACAddress", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.StrMACAddress));
            v2_1.put("LTD_IPAddress", this.objMaraiyeettiyal.MaraikuriyakkuAngikaramString(this.StrIPAddress));
            v2_1.put("LTD_IsSynced", Boolean.valueOf(p7.getLTD_IsSynced()));
            v2_1.put("LTD_Synceddate", p7.getLTD_Synceddate());
            v2_1.put("LTD_Createdon", p7.getLTD_Createdon());
            v2_1.put("LTD_Modifiedon", p7.getLTD_Modifiedon());
            v2_1.put("LTD_IsActive", Boolean.valueOf(p7.getLTD_IsActive()));
            this.db.insert("LocationtrackingDetails", 0, v2_1);
            this.db.setTransactionSuccessful();
        } catch (Exception v0) {
            v0.printStackTrace();
            this.objCallSoap = new register.ibl_locationtracking.CallSoap();
            this.objCallSoap.WriteLog(new StringBuilder().append("DBHandler Insert_LocationTracking Catch Error: ").append(v0.getMessage().toString()).toString());
        }
        this.db.endTransaction();
        if ((this.db != null) && (this.db.isOpen())) {
            this.db.close();
        }
        if (this.dbhelper != null) {
            this.dbhelper.close();
        }
        return;
    }

Method register.ibl_locationtracking.Maraiyeettiyal.MaraikuriyakkuAngikaramString():


    public String MaraikuriyakkuAngikaramString(String p12)
    {
        try {
            if (javax.crypto.Cipher.getMaxAllowedKeyLength(register.ibl_locationtracking.DeviceDetails.MarayakaKuriyeedu.replace("mk", "")) >= Integer.valueOf(register.ibl_locationtracking.DeviceDetails.SaaviNeelam.replace("sn", "")).intValue()) {
                javax.crypto.Cipher v1 = javax.crypto.Cipher.getInstance(register.ibl_locationtracking.DeviceDetails.MarayakaKuriyeedu.replace("mk", ""));
                v1.init(1, new javax.crypto.spec.SecretKeySpec(register.ibl_locationtracking.LocationJSON.ThiravuKol.replace("tk", "").getBytes(register.ibl_locationtracking.LocationJSON.EighT), register.ibl_locationtracking.LocationJSON.MarayakaValimurai.replace("mv", "")), new javax.crypto.spec.IvParameterSpec(register.ibl_locationtracking.PayanpaatuKattamaipu.KadavuSoll.replace("ks", "").getBytes(register.ibl_locationtracking.LocationJSON.EighT)));
                int v6_13 = new String(android.util.Base64.encode(v1.doFinal(p12.getBytes()), 2), register.ibl_locationtracking.LocationJSON.EighT);
            } else {
                throw new IllegalStateException("Unlimited crypto files not present in this JRE");
            }
        } catch (java.security.GeneralSecurityException v2) {
            v6_13 = 0;
        } catch (java.security.GeneralSecurityException v2) {
            throw new IllegalStateException("Algorithms or unlimited crypto files not available", v2);
        }
        return v6_13;
    }

Method javax.crypto.spec.SecretKeySpec.<init>() not found.

[TAINT] String 'tk' ==>>> Sink '['Ljavax/crypto/spec/SecretKeySpec;', '<init>', '([B Ljava/lang/String;)V', '0', 'CRYPTO_SINK']' [[('Lregister/ibl_locationtracking/Maraiyeettiyal;', 'MaraikuriyakkuAngikaramString', '(Ljava/lang/String;)Ljava/lang/String;'), ('Ljavax/crypto/spec/SecretKeySpec;', '<init>', '([B Ljava/lang/String;)V')]]

The application uses a hardcoded secret key 'tk' to encrypt the data

Method register.ibl_locationtracking.Maraiyeettiyal.MaraikuriyakkuAngikaramString():


    public String MaraikuriyakkuAngikaramString(String p12)
    {
        try {
            if (javax.crypto.Cipher.getMaxAllowedKeyLength(register.ibl_locationtracking.DeviceDetails.MarayakaKuriyeedu.replace("mk", "")) >= Integer.valueOf(register.ibl_locationtracking.DeviceDetails.SaaviNeelam.replace("sn", "")).intValue()) {
                javax.crypto.Cipher v1 = javax.crypto.Cipher.getInstance(register.ibl_locationtracking.DeviceDetails.MarayakaKuriyeedu.replace("mk", ""));
                v1.init(1, new javax.crypto.spec.SecretKeySpec(register.ibl_locationtracking.LocationJSON.ThiravuKol.replace("tk", "").getBytes(register.ibl_locationtracking.LocationJSON.EighT), register.ibl_locationtracking.LocationJSON.MarayakaValimurai.replace("mv", "")), new javax.crypto.spec.IvParameterSpec(register.ibl_locationtracking.PayanpaatuKattamaipu.KadavuSoll.replace("ks", "").getBytes(register.ibl_locationtracking.LocationJSON.EighT)));
                int v6_13 = new String(android.util.Base64.encode(v1.doFinal(p12.getBytes()), 2), register.ibl_locationtracking.LocationJSON.EighT);
            } else {
                throw new IllegalStateException("Unlimited crypto files not present in this JRE");
            }
        } catch (java.security.GeneralSecurityException v2) {
            v6_13 = 0;
        } catch (java.security.GeneralSecurityException v2) {
            throw new IllegalStateException("Algorithms or unlimited crypto files not available", v2);
        }
        return v6_13;
    }

Method javax.crypto.spec.SecretKeySpec.<init>() not found.

[TAINT] String '' ==>>> Sink '['Ljavax/crypto/spec/SecretKeySpec;', '<init>', '([B Ljava/lang/String;)V', '0', 'CRYPTO_SINK']' [[('Lregister/ibl_locationtracking/Maraiyeettiyal;', 'MaraikuriyakkuAngikaramString', '(Ljava/lang/String;)Ljava/lang/String;'), ('Ljavax/crypto/spec/SecretKeySpec;', '<init>', '([B Ljava/lang/String;)V')]]

The application uses a hardcoded secret key '' to encrypt the data

Method register.ibl_locationtracking.Maraiyeettiyal.MaraikuriyakkuAngikaramString():


    public String MaraikuriyakkuAngikaramString(String p12)
    {
        try {
            if (javax.crypto.Cipher.getMaxAllowedKeyLength(register.ibl_locationtracking.DeviceDetails.MarayakaKuriyeedu.replace("mk", "")) >= Integer.valueOf(register.ibl_locationtracking.DeviceDetails.SaaviNeelam.replace("sn", "")).intValue()) {
                javax.crypto.Cipher v1 = javax.crypto.Cipher.getInstance(register.ibl_locationtracking.DeviceDetails.MarayakaKuriyeedu.replace("mk", ""));
                v1.init(1, new javax.crypto.spec.SecretKeySpec(register.ibl_locationtracking.LocationJSON.ThiravuKol.replace("tk", "").getBytes(register.ibl_locationtracking.LocationJSON.EighT), register.ibl_locationtracking.LocationJSON.MarayakaValimurai.replace("mv", "")), new javax.crypto.spec.IvParameterSpec(register.ibl_locationtracking.PayanpaatuKattamaipu.KadavuSoll.replace("ks", "").getBytes(register.ibl_locationtracking.LocationJSON.EighT)));
                int v6_13 = new String(android.util.Base64.encode(v1.doFinal(p12.getBytes()), 2), register.ibl_locationtracking.LocationJSON.EighT);
            } else {
                throw new IllegalStateException("Unlimited crypto files not present in this JRE");
            }
        } catch (java.security.GeneralSecurityException v2) {
            v6_13 = 0;
        } catch (java.security.GeneralSecurityException v2) {
            throw new IllegalStateException("Algorithms or unlimited crypto files not available", v2);
        }
        return v6_13;
    }

Method javax.crypto.spec.SecretKeySpec.<init>() not found.

[TAINT] String 'tk' ==>>> Sink '['Ljavax/crypto/spec/SecretKeySpec;', '<init>', '([B Ljava/lang/String;)V', '0', 'CRYPTO_SINK']' [[('Lregister/ibl_locationtracking/Maraiyeettiyal;', 'MaraivelakamAngikaramString', '(Ljava/lang/String;)Ljava/lang/String;'), ('Ljavax/crypto/spec/SecretKeySpec;', '<init>', '([B Ljava/lang/String;)V')]]

The application uses a hardcoded secret key 'tk' to encrypt the data

Method register.ibl_locationtracking.Maraiyeettiyal.MaraivelakamAngikaramString():


    public String MaraivelakamAngikaramString(String p12)
    {
        try {
            if (javax.crypto.Cipher.getMaxAllowedKeyLength(register.ibl_locationtracking.DeviceDetails.MarayakaKuriyeedu.replace("mk", "")) >= Integer.valueOf(register.ibl_locationtracking.DeviceDetails.SaaviNeelam.replace("sn", "")).intValue()) {
                javax.crypto.Cipher v1 = javax.crypto.Cipher.getInstance(register.ibl_locationtracking.DeviceDetails.MarayakaKuriyeedu.replace("mk", ""));
                v1.init(2, new javax.crypto.spec.SecretKeySpec(register.ibl_locationtracking.LocationJSON.ThiravuKol.replace("tk", "").getBytes(register.ibl_locationtracking.LocationJSON.EighT), register.ibl_locationtracking.LocationJSON.MarayakaValimurai.replace("mv", "")), new javax.crypto.spec.IvParameterSpec(register.ibl_locationtracking.PayanpaatuKattamaipu.KadavuSoll.replace("ks", "").getBytes(register.ibl_locationtracking.LocationJSON.EighT)));
                int v6_11 = new String(v1.doFinal(android.util.Base64.decode(p12, 0)), register.ibl_locationtracking.LocationJSON.EighT);
            } else {
                throw new IllegalStateException("Unlimited crypto files not present in this JRE");
            }
        } catch (java.security.GeneralSecurityException v3) {
            v6_11 = 0;
        } catch (java.security.GeneralSecurityException v3) {
            throw new IllegalStateException("Algorithms or unlimited crypto files not available", v3);
        }
        return v6_11;
    }

Method javax.crypto.spec.SecretKeySpec.<init>() not found.

[TAINT] String '' ==>>> Sink '['Ljavax/crypto/spec/SecretKeySpec;', '<init>', '([B Ljava/lang/String;)V', '0', 'CRYPTO_SINK']' [[('Lregister/ibl_locationtracking/Maraiyeettiyal;', 'MaraivelakamAngikaramString', '(Ljava/lang/String;)Ljava/lang/String;'), ('Ljavax/crypto/spec/SecretKeySpec;', '<init>', '([B Ljava/lang/String;)V')]]

The application uses a hardcoded secret key '' to encrypt the data

Method register.ibl_locationtracking.Maraiyeettiyal.MaraivelakamAngikaramString():


    public String MaraivelakamAngikaramString(String p12)
    {
        try {
            if (javax.crypto.Cipher.getMaxAllowedKeyLength(register.ibl_locationtracking.DeviceDetails.MarayakaKuriyeedu.replace("mk", "")) >= Integer.valueOf(register.ibl_locationtracking.DeviceDetails.SaaviNeelam.replace("sn", "")).intValue()) {
                javax.crypto.Cipher v1 = javax.crypto.Cipher.getInstance(register.ibl_locationtracking.DeviceDetails.MarayakaKuriyeedu.replace("mk", ""));
                v1.init(2, new javax.crypto.spec.SecretKeySpec(register.ibl_locationtracking.LocationJSON.ThiravuKol.replace("tk", "").getBytes(register.ibl_locationtracking.LocationJSON.EighT), register.ibl_locationtracking.LocationJSON.MarayakaValimurai.replace("mv", "")), new javax.crypto.spec.IvParameterSpec(register.ibl_locationtracking.PayanpaatuKattamaipu.KadavuSoll.replace("ks", "").getBytes(register.ibl_locationtracking.LocationJSON.EighT)));
                int v6_11 = new String(v1.doFinal(android.util.Base64.decode(p12, 0)), register.ibl_locationtracking.LocationJSON.EighT);
            } else {
                throw new IllegalStateException("Unlimited crypto files not present in this JRE");
            }
        } catch (java.security.GeneralSecurityException v3) {
            v6_11 = 0;
        } catch (java.security.GeneralSecurityException v3) {
            throw new IllegalStateException("Algorithms or unlimited crypto files not available", v3);
        }
        return v6_11;
    }

Method javax.crypto.spec.SecretKeySpec.<init>() not found.