Shinrays Games Goods Triple App Exposed Hard-Coded Cryptographic Key Vulnerability

Vulnerability

A vulnerability exists in Shinrays Games Goods Triple App, specifically in the Cats Goods Sort component, version 1.200. The issue arises from an unknown function in the file jRwTX.java, where a hard-coded AES key and initialization vector (IV) are embedded. This vulnerability allows attackers to extract these static values through reverse engineering, potentially enabling them to decrypt sensitive server responses, such as AppsFlyer attribution data. The vulnerability requires local exploitation and is considered complex, although a public exploit is available.

Impact

The hard-coded cryptographic key and IV can be extracted and used to decrypt sensitive information, potentially leading to unauthorized access to confidential data.

Added: Apr 2, 2026, 9:12 PM

Updated: Apr 2, 2026, 9:12 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.6

remediation

0.0

relevance

5.2

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.6

remediation

0.0

relevance

5.2

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Shinrays Games Goods Triple App Exposed Hard-Coded Cryptographic Key Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating