Hacker News new | past | comments | ask | show | jobs | submit login

My money's on AES256 ECB mode.



    aload 0    // this
    LDC "AES/CBC/NoPadding"
    invokestatic javax/crypto/Cipher.getInstance(java/lang/String) : javax/crypto/Cipher
    putfield com/snda/wifilocating/support/c.c : javax/crypto/Cipher
Nope.


CBC sizes would go 32, 48, 64


[deleted]


I'm obviously talking about 128, since I can't see 32 bytes happening with AES256 CBC.


    LDC AES/CBC/NoPadding
#nopadding

The fact that they had #nopadding in there makes it obvious that they copy pasted this code and has literally no idea what they are doing.


What does padding have to do with the IV?


You think they randomly generate a IV for every single password? Did you think they were competent or something? :)

https://i.imgur.com/b6kfN7y.png

Anyways, it is 128 bit CBC. I incorrectly assumed 256 bit because I forgot the hex representation of a char is twice the length. Since they don't have a padding block, the shortest possible output is one block. Thus 16 bytes or a hex string of 32 characters in length.


Jesus Christ that's incompetent. I see what you mean, it's 32 hex chars, not binary chars. Since we have the IV and key, we can just decrypt all the passwords.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: