# Pentest Bug Report ## 1) Report Metadata - **Project / Application Name:** `NDAKey SDK v1.2.0` - **Environment:** `Dev API (https://api-dev.ndakey.vn/sdk/) + Android demo app (self-built debug APK)` - **Assessment Type:** `Gray-box Mobile + API Pentest` - **Client / Owner:** `xxx` - **Tester(s):** `Vo Tran Minh` - **Report Date:** `2026-04-13` - **Test Window:** `2026-04-06 to 2026-04-10` --- ## 2) Executive Summary ### 2.1 Scope (What object was tested) - SDK artifacts: `ndakey-1.2.0.aar`, `ndakey-1.2.0-sources.jar`, decompiled sources in `aar_content/jadx_out/` and `jar_content/main/`. - Runtime validation target: `demo-ndakey/` Android application. - Security PoCs under: `pocs/`. - API target: passkey endpoints under `/sdk/api/v1/*`. ### 2.2 Who - **Requested by:** `xxx` - **Tested by:** `Vo Tran Minh` ### 2.3 When - **Testing period:** `2026-04-06 to 2026-04-10 (ICT, UTC+7)` - **Retest date (if any):** `Pending` ### 2.4 High-Level Risk Summary - **Critical:** `4` - **High:** `4` - **Medium:** `0` - **Low:** `0` --- ## 3) Bug Index | ID | Bug Title | Affected Object | Severity | Status | |---|---|---|---|---| | NDA-CRYPTO-001 | AES-GCM fixed IV | KeyStore encryption flow | Critical | Confirmed | | NDA-CRYPTO-002 | Hardcoded AES-CBC key/IV | Network crypto constants/util | Critical | Confirmed | | NDA-CRYPTO-003 | AES-ECB pattern leakage | Pre-M crypto mode | High | Confirmed | | NDA-CRYPTO-004 | Embedded RSA private key in client | RSA utility | Critical | Confirmed | | NDA-CRYPTO-005 | DIDComm/JWE `tag` leaks key bytes | DIDComm encryptor | Critical | Confirmed | | NDA-APP-006 | Decrypted plaintext logged | SDK client runtime logging | High | Confirmed | | NDA-API-007 | Passkey begin endpoints without auth | `/api/v1/passkey/registration-begin`, `/api/v1/passkey/login-begin` | High | Confirmed | | NDA-API-008 | Over-permissive CORS on passkey begin | Passkey begin endpoints | High | Confirmed | > Exploit evidence (PoC/image/vulnerable code) is documented in each **Detailed Bug Entry** section. --- ## 4) Detailed Bug Entries ### NDA-CRYPTO-001 — AES-GCM fixed IV (nonce reuse) - **Overview:** SDK reuses a fixed IV in AES-GCM, which breaks nonce uniqueness. - **Code (path:line):** `aar_content/jadx_out/sources/com/ndakey/sdk/core/utils/KeyStoreUtils.java:100,314` ```java private static final byte[] FIXED_IV = {80, -90, 78, 98, 17, 106, 7, 69, -58, 50, -46, -14}; cipher.init(1, getSecretKeyAPIMorGreater(), new GCMParameterSpec(128, FIXED_IV)); ``` - **Exploit evidence:** `python3 pocs/poc_fixed_iv_gcm.py`. ![crypt01](https://hackmd.io/_uploads/S1JTf4qnZe.png) ### NDA-CRYPTO-002 — Hardcoded AES-CBC key/IV - **Overview:** AES key and IV are hardcoded in client code, allowing offline decrypt/forge. - **Code (path:line):** `.../network/Constants.java:15`, `.../SecurityUtil.java:97-129` ```java public static final String secretKey = "f5d68e3f5b25d673d81a6d7c6a2c912e"; public static final String iv = "5b16f7d6d19e5a9c"; ``` - **Exploit evidence:** `python3 pocs/poc_hardcoded_aes_cbc.py`. ![crypt02](https://hackmd.io/_uploads/B1cpzVcnbe.png) ### NDA-CRYPTO-003 — AES-ECB pattern leakage - **Overview:** SDK uses ECB mode (pre-M), which leaks block patterns. - **Code (path:line):** `aar_content/jadx_out/sources/com/ndakey/sdk/core/utils/KeyStoreUtils.java:63` ```java private static final String AES_MODE_LESS_THAN_M = "AES/ECB/PKCS7Padding"; ``` - **Exploit evidence:** `python3 pocs/poc_ecb_pattern_leak.py`. ![crypt03](https://hackmd.io/_uploads/SkKDXNq2be.png) ### NDA-CRYPTO-004 — Embedded RSA private key in client - **Overview:** Private RSA key is embedded in app code and can be extracted. - **Code (path:line):** `aar_content/jadx_out/sources/com/ndakey/sdk/core/utils/RSACryptData.java:33` ```java private static final String PRIVATE_KEY_STRING = "MIICdgIBADANBgkq..."; ``` - **Exploit evidence:** `python3 pocs/poc_embedded_rsa_private_key.py`. ![crypt04](https://hackmd.io/_uploads/Bk9bX4qnbg.png) ### NDA-CRYPTO-005 — DIDComm/JWE `tag` leaks key bytes - **Overview:** `tag` is derived from key material instead of proper AEAD auth tag. - **Code (path:line):** `aar_content/jadx_out/sources/com/ndakey/sdk/core/didcommcrypto/AesGcmEncryptor.java:71` ```java jSONObject.put("tag", strEncodeToString); ``` - **Exploit evidence:** `python3 pocs/poc_didcomm_fake_tag_leak.py`. ![crypt05](https://hackmd.io/_uploads/Sk9kmV93-e.png) ### NDA-APP-006 — Decrypted plaintext logged - **Overview:** SDK logs decrypted sensitive plaintext to logcat. - **Code (path:line):** `jar_content/main/com/ndakey/sdk/core/NdaKeyClient.kt:71` ```kotlin Log.d("dataDecrypt", dataDecrypt) ``` - **Exploit evidence:** runtime demo + `adb logcat -d | grep dataDecrypt`. ![app06](https://hackmd.io/_uploads/rJGmmEc3We.png) ### NDA-API-007 — Passkey begin endpoints without auth - **Overview:** Begin endpoints can be called without Authorization/API key. - **Code (path:line):** `jar_content/main/com/ndakey/sdk/core/network/APIs.kt:56,66` ```kotlin @POST("api/v1/passkey/registration-begin") @POST("api/v1/passkey/login-begin") ``` - **Exploit evidence:** unauthenticated curl/python probing returned `HTTP 200`. ![api07](https://hackmd.io/_uploads/rksXQVqhZl.png) ### NDA-API-008 — Over-permissive CORS on passkey begin - **Overview:** CORS policy reflects origin and allows wildcard methods/headers. - **Code (path:line):** `jar_content/main/com/ndakey/sdk/core/network/APIs.kt:56,66` (affected endpoints) ```kotlin @POST("api/v1/passkey/registration-begin") @POST("api/v1/passkey/login-begin") ``` - **Exploit evidence:** OPTIONS preflight showed reflected `access-control-allow-origin`, wildcard allow-headers/methods. ![api08](https://hackmd.io/_uploads/B18Hm492Wl.png)