Steve Weis sweis
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### Keybase proof | |
| I hereby claim: | |
| * I am sweis on github. | |
| * I am sweis (https://keybase.io/sweis) on keybase. | |
| * I have a public key whose fingerprint is D4D2 0737 35F5 CB0F F6D9 BED1 9EF1 F36D 5B58 2B47 | |
| To claim this, I am signing this object: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //package ly.secret.android.net; | |
| /** | |
| * This is source code derived from the Cryptfs class found in Secret.ly's android app. | |
| * | |
| * Comments and variable names are my own. | |
| * | |
| * Here's how I generated this file: | |
| * 1. Downloaded the Secret.ly APK via this link: | |
| * http://storage.evozi.com/apk/dl/14/05/21/ly.secret.android.apk?vc=1600040 |
sweis
/ SessionKeyEncrypter.java
Last active
May 12, 2023 16:51
A decompiled class from the Twitter 9.88 APK -- Not original source
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package p000; | |
| import java.security.InvalidKeyException; | |
| import java.security.PrivateKey; | |
| import java.security.PublicKey; | |
| import java.security.SecureRandom; | |
| import org.bouncycastle.crypto.InvalidCipherTextException; | |
| import org.bouncycastle.jcajce.provider.asymmetric.p445ec.KeyAgreementSpi; |
sweis
/ Key-Exchange-snippet.java
Last active
May 12, 2023 16:55
A decompiled snippet from the Twitter 9.88 APK release -- Not original source
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| for (ExtractPublicKeysData publicKeysData : extractPublicKeysDataList) { | |
| Object userId = linkedHashMap.get(publicKeysData.registrationToken); | |
| KeyPairGeneratorSpi.EC ec = new KeyPairGeneratorSpi.EC(); | |
| ec.initialize(SessionKeyEncrypter.secp256r1Spec()); | |
| KeyPair ephemeralKeyPair = ec.generateKeyPair(); | |
| PrivateKey ephemeralPrivateKey = ephemeralKeyPair.getPrivate(); | |
| PublicKey recipientPublicKey = publicKeysData.identityKey.publicKey; | |
| byte[] sharedSecret = |
sweis
/ ObtainConversationKey-snippet.java
Created
May 12, 2023 17:11
Decompiled snippet from ObtainConversationKey.invokeSuspend from Twitter 9.88 APK release -- Not original source
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // The IV seems to be the ephemeral public key of the sender and is the header of the encrypted | |
| // conversation key | |
| byte[] ivMaybeEphemeralPublicKey = ArrayUtils.sliceCopy(0, encryptedConversationKey, 65); | |
| int length = encryptedConversationKey.length - 65; | |
| byte[] ciphertext = ArrayUtils.sliceCopy(65, encryptedConversationKey, length); | |
| ECNamedCurveParameterSpec secp256r1Spec = SessionKeyEncrypter.secp256r1Spec(); | |
| ECPublicKeySpec spec = | |
| new ECPublicKeySpec(secp256r1Spec.curve.decodePoint(ivMaybeEphemeralPublicKey), secp256r1Spec); |