1

When I submit login credentials in an Android Application it POSTs an encrypted string to an API endpoint.

For example, if I enter the following email & pass :

"[email protected]:abc"

it POSTs the following Encrypted Data:

uuid=81d036bfca2258ea_nofq2ipit&model=SM-G977N&platform=Android&version=5.1.1&complie=android&token=%7B%22ct%22%3A%22ryYURhKTo02TMPyxP2vPG93FFw%2FkQ%2FP%2B129znAYCKC4%3D%22%2C%22iv%22%3A%221b99dad6887136408d84fbce42ea31f1%22%2C%22s%22%3A%22033a413ac951a2d0%22%7D&key=0.8615443813135553

How do I find the encryption algorithm in the source code of the APK?

In which file can I find about this encryption?

Dex2Zip: https://www.mediafire.com/file/gzn73270ujnyvmc/Dex.zip/file

APK: https://www.mediafire.com/file/118lcjhxohcczt0/BJ.apk/file

Improve this question
1
  • I would start using Jadx and open the APK file. Then use Jadx search feature try to find out where the URL and especially the URL encoded part token is generated and how. If it is really a digest and the app uses digest provided by Android search for Digest.getInstance(
    – Robert
    Commented Oct 15, 2022 at 17:26

0

Reset to default

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.