WIKI

12.5 密钥硬编码风险检测

(1)影响范围

所有

(2)风险等级

提示

(3)影响范围

所有

(4)检测方法

检测类型:人工

检测使用以下加密算法的路径

AES/CBC/NoPadding

AES/CBC/PKCS7Padding

AES/CTR/NoPadding

AES/ECB/NoPadding

AES/ECB/PKCS7Padding

AES/GCM/NoPadding

RSA/ECB/NoPadding

RSA/ECB/PKCS1Padding

RSA/ECB/OAEPWithSHA-1AndMGF1Padding

RSA/ECB/OAEPWithSHA-224AndMGF1Padding

RSA/ECB/OAEPWithSHA-256AndMGF1Padding

RSA/ECB/OAEPWithSHA-384AndMGF1Padding

RSA/ECB/OAEPWithSHA-512AndMGF1Padding

RSA/ECB/OAEPPadding

(5)样例分析

http://www.wooyun.org/bugs/wooyun-2010-0105766

http://www.wooyun.org/bugs/wooyun-2015-0162907

http://www.wooyun.org/bugs/wooyun-2010-0187287

(6)参考资料

http://drops.wooyun.org/tips/15870

https://developer.android.com/training/articles/keystore.html