d0nutptr

#!/bin/bash
# Renames files outputed by `apktool d <apk>` to <source>.smali where <source> is the value in the .source entry of the smali file
# This isn't meant to be 100% correct but it works in 99% of cases
# ./apktool_name_corrector.sh ~/Documents/my_smali_output_folder

shopt -s globstar
start_dir=$1

for e in "${start_dir}"/**; do
    if [ -f "${e}" ] ; then

d0nutptr

fn main() {
    println!("Hello, world!");
}

d0nutptr

# This is an example of hash length extension attacks (and why you don't roll your own crypto!!!)
# In this case, an attacker, Malice, intercepts a message ("to=12345&amt=103.53&note=Thanks!")
# that has been "authenticated" using a poorly constructed MAC (message authentication code).
# This MAC has been created using the following method: md5(secret | message).
# Ideally, since the attacker, Malice, doesn't have the secret, he should be unable to craft a new
# message that is also authenticated. However, because of how the mac was created, we can use 
# Hash Length Extensions. We'll be using the pymd5 library as found on upenn's website via google cache:
# https://webcache.googleusercontent.com/search?q=cache:yyvXXyVKuYYJ:https://www.cis.upenn.edu/~cis331/project1/pymd5.py+&cd=3&hl=en&ct=clnk&gl=us

import urllib

d0nutptr

extern crate rand;
extern crate num;

use kangaroo::rand::Rng;
use num::ToPrimitive;
use num::{Integer, Zero, One};
use std::collections::HashMap;
use std::sync::Mutex;

#[derive(Debug)]

d0nutptr

#include <stdio.h>
#include <string.h>

int authenticateUser();
void userMenu();
void adminMenu();

int main() {
    int id = authenticateUser();

d0nutptr

public class CertificateGenerator {
    public X509Certificate CreateCertificate(string domain) {
        //read the root ca 
        X509Certificate rootCert = getRootCA();
        
        //generate our public/private keys for this certificate
        RsaKeyPairGenerator keyPairGenerator = new RsaKeyPairGenerator();
        keyPairGenerator.Init(new KeyGenerationParameters(new SecureRandom(), 2048));
        AsymmetricCipherKeyPair keyPair = keyPairGenerator.GenerateKeyPair();
        

d0nutptr

//transforms into PBKDF2-HMAC-SHA-256.
AndroidConceal.get().nativeLibrary.ensureCryptoLoaded();

PBKDF2Hybrid encryptionKeyGenerator = new PBKDF2Hybrid();
encryptionKeyGenerator.setIterations(KEY_DERIVATION_ROUNDS);
encryptionKeyGenerator.setSalt(encryptionSalt, 0, encryptionSalt.length);
encryptionKeyGenerator.setKeyLengthInBytes(ENC_KEY_SIZE);
encryptionKeyGenerator.setPassword(passwordBytes, 0, passwordBytes.length);

encryptionKeySecret = encryptionKeyGenerator.generate();

d0nutptr

public class KeyDerivationWithBC {
    public SecretKey generateSecretKey(String password, byte[] salt) {
        byte[] passwordBytes = PBEParametersGenerator.PKCS5PasswordToUTF8Bytes(password.toCharArray());
        
        PKCS5S2ParametersGenerator keyGenerator = new PKCS5S2ParametersGenerator(new SHA256Digest());
        keyGenerator.init(passwordBytes, salt, 4096);
        
        byte[] keySecret = ((KeyParameter) keyGenerator.generateDerivedParameters(32)).getKey();
        
        return new SecretKeySpec(keySecret, 0, keySecret.length, "AES");

d0nutptr

public class KeyGenerationExample {
    public generateSecretKey(String password, byte[] salt) {
        //get the PBKDF2 HMAC SHA1 secret key factory
        SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
        
        //similar to WPA2 key generation
        KeySpec keySpec = new PBEKeySpec(password.toCharArray(), salt, 4096, 32);
        
        //generate the key
        return secretKeyFactory.generateSecret(keySpec);

d0nutptr

Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
cipher.init(Cipher.ENCRYPT_MODE, key);
byte[] cipherText = cipher.doFinal(plainText);
byte[] nonce = cipher.getIV();