This from the ap8.db from the Android download. I didn't want to install this piece of shit on a real phone, the source does update and get a newer version.
They change depending on the auth type (WEP vs WPA vs WPA2-PSK vs WPA2-Enterprise). It'll be a day or two before someone manages to decrypt the DB. I'd have a crack at it if I had more time.
Anyways, it is 128 bit CBC. I incorrectly assumed 256 bit because I forgot the hex representation of a char is twice the length. Since they don't have a padding block, the shortest possible output is one block. Thus 16 bytes or a hex string of 32 characters in length.
Jesus Christ that's incompetent. I see what you mean, it's 32 hex chars, not binary chars. Since we have the IV and key, we can just decrypt all the passwords.
sqlite> .tables pwd sqlite> .schema pwd CREATE TABLE "pwd" ("password" TEXT NOT NULL ); sqlite> SELECT * FROM pwd; a30e502c125899a41cb562a7a36b4bd0 c58675db0ba9266fb5307982e4368ab0 5631e619f6e280c0740704a25a8298f6 ...
i don't know how they are using this pwd, but seems like a good starting point.