Skip to content

DIVA Android: Hardcoding Issues

Views: 103

The following post will demonstrate how to view the source code in an APK file using JADX GUI to solve the Hardcoding issues in DIVA.

First, we pull the APK file into the local directory.

Then, open up JADX GUI and select the base.apk

The APK will be decompiled and you will be able to see the source code. Now to solve the problem, you will need to find the hard-coded value in the code.

Now, for Part 2, it’s not so straightforward. If you read the code carefully, you can see that the developer is trying to compare the user input and a key from the R file. In this case, the developer is trying to store sensitive access code in the R file (which is a bad practice). Once you navigate to the R file, you should look for ‘hc2Key’ for the access code.

Published inAndroid AppSecWalkthrough

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *