The application passes a NULL initialization vector (IV) to the Common Crypto library for an
encryption operation. When the Common Crypto library receives a NULL initialization vector, it
uses a default constant initialization vector consisting of all zeroes.
A valid initialization vector is a unique, random value of length equal to the block size of a block
cipher. Initialization vectors are used to vary the output of an encryption function so that, assuming
the encryption key remains the same, encrypting the same plaintext multiple times never
produces the same ciphertext. A new initialization vector must be generated each time an
encryption operation is performed. Using a constant initialization vector eliminates its
effectiveness, since the encrypted form of a piece of plaintext will be the same when the same
key and initialization vector are used.
Steps to Reproduce:
- Decompile the application source code.
- Search for the string “CCCrypt”.
- Note that the application source contains code that passes a null initialization
vector to CCCrypt function.
I have not used any cryptography lib in react native app.
I have decompiled IPA binary file.please see image for evidence of decompiled code.
HOW CAN I Find where this is initialised or used this lib?
