I once unpacked the Clash Royale APK to see its contents. Noteworthy was a file called "Fingerprint.JSON", which contains paths to sound files and an associated hash value. My question is, why the hash value can be found in this file. I can imagine that before starting the app a hash value of an audio file is created and compared with the hash value in the file "Fingerprint.JSON". But that would not make sense, because I could also exchange the hash value itself to implement my own sounds.
Maybe someone can explain why these hash values can be stored publicly without causing security risks?
I am looking to decrypt a string using AES, I tried multiple solution from SO but none of them helped and I was unable to get the solution. The android developer used Cipher to do it below is the code for that:-
private static final byte[] initVector = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; private static Cipher getAES_Cipher(int opmode) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException { IvParameterSpec iv = new IvParameterSpec(initVector); SecretKeySpec skeySpec = new SecretKeySpec(Arrays.copyOfRange(getSHA(key), 0, 32), "AES"); Cipher cipher = Cipher.getInstance("AES/CFB/PKCS5PADDING"); cipher.init(opmode, skeySpec, iv); return cipher;}
Similarly I tried using CryptoSwift to do it and below is the code I used to do it:-
extension String {func aesEncrypt(key: String, iv: String) throws -> String { let data: Array<UInt8> = (self.data(using: .utf8)?.bytes)! var key: Array<UInt8> = (key.data(using: .utf8)?.bytes)! let iv: Array<UInt8> = (iv.data(using: .utf8)?.bytes)! do { let encrypted = try AES(key: key, blockMode: CFB(iv: iv), padding: .pkcs5).encrypt(data) let encryptedData = Data(encrypted) let decrypted = try AES(key: key, blockMode: CFB(iv: iv), padding: .pkcs5).decrypt(encrypted) let decryptedData = Data(decrypted) let str = String.init(data: decryptedData, encoding: .utf8) print(str ?? String()) return encryptedData.base64EncodedString() } catch { print(error) return "error" }}func aesDecrypt(key: String, iv: String) throws -> String { let data: Array<UInt8> = (Data(base64Encoded: self)?.bytes)! let key: Array<UInt8> = (key.data(using: .utf8)?.bytes)! let iv: Array<UInt8> = (iv.data(using: .utf8)?.bytes)! do { let decrypted = try AES(key: key.sha256(), blockMode: CFB(iv: iv), padding: .pkcs5).decrypt(data) let decryptedData = Data(decrypted) guard let value = String.init(data: decryptedData, encoding: .utf8) else { return "error" } return value } catch { print(error) return "error" }}
}
and In ViewDidLoad() I called it like this:-
let message = "My Encrypted String From The Server" let test = try! message.aesDecrypt(key: "dfksjghlskjdfhglksjdfhglkjsdhfglkjhsfopweiurtypoweirutopiewrutgopiruegoijnsdeghsedrghesrerthigoererhehewthgewrhywertyweyweyewrtewrtyewihgoie", iv: "0000000000000000") print(test)
One more thing I want to highlight when I pass the same iv as android which is "{ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }" I am getting the error from the CryptoSwift library as invalidInitializationVector but when I pass iv: "0000000000000000" I am getting an error -->
guard let value = String.init(data: decryptedData, encoding: .utf8) else { return "error" }
I believe it is something related to the iv that I am passing there.
Guys any help would be greatly appreciated!!
Thank You
This question already has an answer here:
I have to write method like this:
boolean isHash(String str){ ...}
Method should return true if input string is md5
hash or sha1
hash or sha256
hash.
Is it possible to implement such method ?
I have found out that calculating sha256 in java is slow. For example, it is slower than python. I wrote two simple benchmarks that calculate sha256 of 1GB of zeroes. In both cases the result is the same and correct, but the python time is 5653ms and the java time is 8623ms(53% slower). The result is similar every time and this is an important difference for me.
How to make the calculation in java faster?
Benchmarks:
Java:
import java.security.MessageDigest;import java.security.NoSuchAlgorithmException;public class BenchmarkSha256 { public static void main(String... args) throws NoSuchAlgorithmException { int size = 1024 * 1024; byte[] bytes = new byte[size]; MessageDigest md = MessageDigest.getInstance("SHA-256"); long startTime = System.nanoTime(); for (int i = 0; i < 1024; i++) md.update(bytes, 0, size); long endTime = System.nanoTime(); System.out.println(String.format("%1$064x", new java.math.BigInteger(1, md.digest()))); System.out.println(String.format("%d ms", (endTime - startTime) / 1000000)); }}
Python:
#!/usr/bin/env pythonimport hashlibimport timesize = 1024 * 1024bytes = bytearray(size)md = hashlib.sha256()startTime = time.time()for i in range(0, 1024): md.update(bytes)endTime = time.time()print "%s\n%d ms" % (md.hexdigest(), (endTime - startTime) * 1000)
results:
~> java BenchmarkSha25649bc20df15e412a64472421e13fe86ff1c5165e18b2afccf160d4dc19fe68a148623 ms~> python BenchmarkSha256.py 49bc20df15e412a64472421e13fe86ff1c5165e18b2afccf160d4dc19fe68a145653 ms
versions of java and python:
~> java -versionjava version "1.6.0_26"Java(TM) SE Runtime Environment (build 1.6.0_26-b03)Java HotSpot(TM) 64-Bit Server VM (build 20.1-b02, mixed mode)~> python --versionPython 2.7
There question is slightly related to these two questions, but with these two differences: 1) I want to know how to hook specific Intel instructions from the JVM (hopefully via existing libary) 2) I don't care about one large file, but millions of short (< 50 characters) String and Number objects.
I noticed that Intel provides native extensions (https://software.intel.com/en-us/articles/intel-sha-extensions) for creating SHA256 hashes. Is there any existing library in Java that can hook these native extensions? Is there a JVM implementation that natively hooks these extensions?
Is there a different implementation I should choose for millions of small String and Number values over a single giant file?
As a test, I tried 5 different hashing algorithms: Java built-in, Groovy built-in, Apache Commons, Guava, and Bouncy Castle. Only Apache and Guava seemed to push beyond 1 million hashes/sec on my Intel i5 hardware.
>groovy hash_comp.groovyHashing 1000000 iterations of SHA-256time java: 2968 336927.2237196765 hashes/sectime groovy: 2451 407996.7360261118 hashes/sectime apache: 1025 975609.7560975610 hashes/sectime guava: 901 1109877.9134295228 hashes/sectime guava: 1969 507872.0162519045 hashes/sec>groovy hash_comp.groovyHashing 1000000 iterations of SHA-256time java: 2688 372023.8095238095 hashes/sectime groovy: 1948 513347.0225872690 hashes/sectime apache: 867 1153402.5374855825 hashes/sectime guava: 953 1049317.9433368311 hashes/sectime bouncy: 1890 529100.5291005291 hashes/sec
When I ran 10 times in a row, Apache Commons hashing was the consistent winner when hashing 1 million strings (it won 9/10 times). My test code is available here.
The question remains, is there a way to tap into the Intel SHA hashing extensions from the JVM?
منزل - خريطة الموقع - خصوصية - وصلات - حقوق التأليف والنشر © 2019 اللحاء تكنولوجيا المعلومات المحدودة : اتصال : admin @ cortexit.co.uk
Please note that by viewing our site you agree to our use of cookies (see خصوصية for details). You will only see this message once.