Potentially Use non-random initialization vector (IV)

Description

Use of a non-random initialization vector makes the application vulnerable to dictionary attacks.

The following example demonstrates improper settings of hardcoded static IV:

public class InsecureExample {
    @Override
    public void run() throws Exception{
        byte[] IV = "0123456789abcdef".getBytes();
        String clearText = "Jan van Eyck was here 1434";
        String key = "ThisIs128bitSize";
        SecretKeySpec skeySpec = new SecretKeySpec(key.getBytes(), "AES");
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        cipher.init(Cipher.ENCRYPT_MODE, skeySpec, new IvParameterSpec(IV));
        byte[] encryptedMessage = cipher.doFinal(clearText.getBytes());
        Log.i(TAG, String.format("Message: %s", Base64.encodeToString(encryptedMessage, Base64.DEFAULT)));
    }
}

Recommendation

Properly initialize the IV with a secure random value

Technical details
[TAINT] String '8119745113154120' ==>>> Sink '['Ljavax/crypto/spec/IvParameterSpec;', '<init>', '([B)V', '0', 'CRYPTO_SINK']' [[('Lcom/mobatia/dev/encryptpro/AES256Cipher;', 'decrypt', '(Ljava/lang/String;)Ljava/lang/String;'), ('Ljavax/crypto/spec/IvParameterSpec;', '<init>', '([B)V')]]

The application uses a hardcoded initialization vector (IV) to encrypt the data

Method com.mobatia.dev.encryptpro.AES256Cipher.decrypt():


    public static String decrypt(String p4)
    {
        byte[] v4_1 = android.util.Base64.decode(p4, 0);
        String v0_4 = new javax.crypto.spec.SecretKeySpec(com.mobatia.dev.encryptpro.AES256Cipher.getRaw("sampleText", "exampleSalt"), "AES");
        String v1_1 = javax.crypto.Cipher.getInstance("AES/CBC/PKCS5Padding");
        v1_1.init(2, v0_4, new javax.crypto.spec.IvParameterSpec("8119745113154120".getBytes()));
        return new String(v1_1.doFinal(v4_1), "UTF-8");
    }

Method javax.crypto.spec.IvParameterSpec.<init>() not found.

[TAINT] String '8119745113154120' ==>>> Sink '['Ljavax/crypto/spec/IvParameterSpec;', '<init>', '([B)V', '0', 'CRYPTO_SINK']' [[('Lcom/mobatia/dev/encryptpro/AES256Cipher;', 'encrypt', '(Ljava/lang/String;)Ljava/lang/String;'), ('Ljavax/crypto/spec/IvParameterSpec;', '<init>', '([B)V')]]

The application uses a hardcoded initialization vector (IV) to encrypt the data

Method com.mobatia.dev.encryptpro.AES256Cipher.encrypt():


    public static String encrypt(String p4)
    {
        int v0_2 = new javax.crypto.spec.SecretKeySpec(com.mobatia.dev.encryptpro.AES256Cipher.getRaw("sampleText", "exampleSalt"), "AES");
        javax.crypto.Cipher v1_3 = javax.crypto.Cipher.getInstance("AES/CBC/PKCS5Padding");
        v1_3.init(1, v0_2, new javax.crypto.spec.IvParameterSpec("8119745113154120".getBytes()));
        return android.util.Base64.encodeToString(v1_3.doFinal(p4.getBytes()), 0);
    }

Method javax.crypto.spec.IvParameterSpec.<init>() not found.

[TAINT] String 'UTF-8' ==>>> Sink '['Ljavax/crypto/spec/IvParameterSpec;', '<init>', '([B)V', '0', 'CRYPTO_SINK']' [[('Lcom/mobatia/dev/encryptpro/Encryptor;', 'decrypt', '(Ljava/lang/String; Ljava/lang/String; Ljava/lang/String;)Ljava/lang/String;'), ('Ljavax/crypto/spec/IvParameterSpec;', '<init>', '([B)V')]]

The application uses a hardcoded initialization vector (IV) to encrypt the data

Method com.mobatia.dev.encryptpro.Encryptor.decrypt():


    public static String decrypt(String p2, String p3, String p4)
    {
        try {
            javax.crypto.spec.IvParameterSpec v0_1 = new javax.crypto.spec.IvParameterSpec(p3.getBytes("UTF-8"));
            String v3_1 = new javax.crypto.spec.SecretKeySpec(p2.getBytes("UTF-8"), "AES");
            int v2_2 = javax.crypto.Cipher.getInstance("AES/CBC/PKCS5PADDING");
            v2_2.init(2, v3_1, v0_1);
            return new String(v2_2.doFinal(java.util.Base64.getDecoder().decode(p4)));
        } catch (int v2_4) {
            v2_4.printStackTrace();
            return 0;
        }
    }

Method javax.crypto.spec.IvParameterSpec.<init>() not found.

[TAINT] String 'UTF-8' ==>>> Sink '['Ljavax/crypto/spec/IvParameterSpec;', '<init>', '([B)V', '0', 'CRYPTO_SINK']' [[('Lcom/mobatia/dev/encryptpro/Encryptor;', 'encrypt', '(Ljava/lang/String; Ljava/lang/String; Ljava/lang/String;)Ljava/lang/String;'), ('Ljavax/crypto/spec/IvParameterSpec;', '<init>', '([B)V')]]

The application uses a hardcoded initialization vector (IV) to encrypt the data

Method com.mobatia.dev.encryptpro.Encryptor.encrypt():


    public static String encrypt(String p2, String p3, String p4)
    {
        try {
            String v0_4 = new javax.crypto.spec.IvParameterSpec(p3.getBytes("UTF-8"));
            java.util.Base64$Encoder v3_1 = new javax.crypto.spec.SecretKeySpec(p2.getBytes("UTF-8"), "AES");
            int v2_2 = javax.crypto.Cipher.getInstance("AES/CBC/PKCS5PADDING");
            v2_2.init(1, v3_1, v0_4);
            int v2_3 = v2_2.doFinal(p4.getBytes());
            String v4_2 = new StringBuilder();
            v4_2.append("encrypted string: ");
            v4_2.append(java.util.Base64.getEncoder().encodeToString(v2_3));
            System.out.println(v4_2.toString());
            return java.util.Base64.getEncoder().encodeToString(v2_3);
        } catch (int v2_5) {
            v2_5.printStackTrace();
            return 0;
        }
    }

Method javax.crypto.spec.IvParameterSpec.<init>() not found.

[TAINT] String '8119745113154120' ==>>> Sink '['Ljavax/crypto/spec/IvParameterSpec;', '<init>', '([B)V', '0', 'CRYPTO_SINK']' [[('Lcom/mobatia/dev/encryptpro/MainActivity$1;', 'onClick', '(Landroid/view/View;)V'), ('Lcom/mobatia/dev/encryptpro/AES256Cipher;', 'encrypt', '(Ljava/lang/String;)Ljava/lang/String;'), ('Ljavax/crypto/spec/IvParameterSpec;', '<init>', '([B)V')]]

The application uses a hardcoded initialization vector (IV) to encrypt the data

Method com.mobatia.dev.encryptpro.MainActivity$1.onClick():


    public void onClick(android.view.View p3)
    {
        try {
            this.this$0.crypted = com.mobatia.dev.encryptpro.AES256Cipher.encrypt(this.this$0.actualTxt.getText().toString().trim());
            this.this$0.encryptTxt.setText(this.this$0.crypted);
        } catch (String v3_3) {
            v3_3.printStackTrace();
        }
        String v0_6 = new StringBuilder();
        v0_6.append("crypted: ");
        v0_6.append(this.this$0.crypted);
        android.util.Log.d("CRYPTO-TEST", v0_6.toString());
        return;
    }

Method com.mobatia.dev.encryptpro.AES256Cipher.encrypt():


    public static String encrypt(String p4)
    {
        int v0_2 = new javax.crypto.spec.SecretKeySpec(com.mobatia.dev.encryptpro.AES256Cipher.getRaw("sampleText", "exampleSalt"), "AES");
        javax.crypto.Cipher v1_3 = javax.crypto.Cipher.getInstance("AES/CBC/PKCS5Padding");
        v1_3.init(1, v0_2, new javax.crypto.spec.IvParameterSpec("8119745113154120".getBytes()));
        return android.util.Base64.encodeToString(v1_3.doFinal(p4.getBytes()), 0);
    }

Method javax.crypto.spec.IvParameterSpec.<init>() not found.

[TAINT] String '8119745113154120' ==>>> Sink '['Ljavax/crypto/spec/IvParameterSpec;', '<init>', '([B)V', '0', 'CRYPTO_SINK']' [[('Lcom/mobatia/dev/encryptpro/MainActivity$2;', 'onClick', '(Landroid/view/View;)V'), ('Lcom/mobatia/dev/encryptpro/AES256Cipher;', 'decrypt', '(Ljava/lang/String;)Ljava/lang/String;'), ('Ljavax/crypto/spec/IvParameterSpec;', '<init>', '([B)V')]]

The application uses a hardcoded initialization vector (IV) to encrypt the data

Method com.mobatia.dev.encryptpro.MainActivity$2.onClick():


    public void onClick(android.view.View p3)
    {
        try {
            this.this$0.decrypted = com.mobatia.dev.encryptpro.AES256Cipher.decrypt(this.this$0.crypted);
        } catch (String v3_4) {
            v3_4.printStackTrace();
        }
        this.this$0.decryptTxt.setText(this.this$0.decrypted);
        String v0_4 = new StringBuilder();
        v0_4.append("decrypted: ");
        v0_4.append(this.this$0.decrypted);
        android.util.Log.d("CRYPTO-TEST", v0_4.toString());
        return;
    }

Method com.mobatia.dev.encryptpro.AES256Cipher.decrypt():


    public static String decrypt(String p4)
    {
        byte[] v4_1 = android.util.Base64.decode(p4, 0);
        String v0_4 = new javax.crypto.spec.SecretKeySpec(com.mobatia.dev.encryptpro.AES256Cipher.getRaw("sampleText", "exampleSalt"), "AES");
        String v1_1 = javax.crypto.Cipher.getInstance("AES/CBC/PKCS5Padding");
        v1_1.init(2, v0_4, new javax.crypto.spec.IvParameterSpec("8119745113154120".getBytes()));
        return new String(v1_1.doFinal(v4_1), "UTF-8");
    }

Method javax.crypto.spec.IvParameterSpec.<init>() not found.