Last active
November 28, 2019 00:59
-
-
Save itsbriany/eefc13644f61c1c9ce95429cb2d3f990 to your computer and use it in GitHub Desktop.
Find secrets
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ find flarebear_source -type f -name "*.java" | xargs egrep -i "(secret|password|flag)" | |
... CONTENT SNIPPED ... | |
./com/fireeye/flarebear/FlareBearActivity.java: public final void danceWithFlag() { | |
./com/fireeye/flarebear/FlareBearActivity.java: final String password = this.getPassword(); | |
./com/fireeye/flarebear/FlareBearActivity.java: final byte[] decrypt = this.decrypt(password, bytes); | |
./com/fireeye/flarebear/FlareBearActivity.java: final byte[] decrypt2 = this.decrypt(password, bytes2); | |
./com/fireeye/flarebear/FlareBearActivity.java: public final byte[] decrypt(@NotNull final String password, @NotNull final byte[] input) { | |
./com/fireeye/flarebear/FlareBearActivity.java: Intrinsics.checkParameterIsNotNull(password, "password"); | |
./com/fireeye/flarebear/FlareBearActivity.java: final char[] charArray = password.toCharArray(); | |
./com/fireeye/flarebear/FlareBearActivity.java: final SecretKey generateSecret = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1").generateSecret(new PBEKeySpec(charArray, bytes2, 1234, 256)); | |
./com/fireeye/flarebear/FlareBearActivity.java: Intrinsics.checkExpressionValueIsNotNull(generateSecret, "secretKeyFactory.generateSecret(pbKeySpec)"); | |
./com/fireeye/flarebear/FlareBearActivity.java: final SecretKeySpec secretKeySpec = new SecretKeySpec(generateSecret.getEncoded(), "AES"); | |
./com/fireeye/flarebear/FlareBearActivity.java: instance.init(2, secretKeySpec, ivParameterSpec); | |
./com/fireeye/flarebear/FlareBearActivity.java: public final String getPassword() { | |
./com/fireeye/flarebear/FlareBearActivity.java: this.danceWithFlag(); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment