02. Hard Coding Issues — Part 1
The second task in DIVA tries to teach hard coding sensitive data is very dangerous. Because attackers can reverse engineer the applications and get hardly coded data and use them in attack vectors.
At first glance, hard coding task asks for vendor password but there is no way to get the password in a logical way.
If you write anything in the text box, the app will give you an error that says password is incorrect.
So, lets reverse engineer the application with JADX to see what happens in the corresponding class (jakhar.aseem.diva.HardCodeActivity).
You can infer password in code: vendorsecretkey
Lets Test it to see what happens:
How To Secure
There is no technical way to prevent this threat. Developers should prevent from leaking data in the source code.
Final words
We prepared a Step by Step list of Android penetration testing guide based on our own experience here. check for new posts from time to time.
Feel free to add comments to help us improve our posts. by the way, security belongs to everyone.
