Reverse engineering write-up of the Amber Security SDK (com.amber.lib.security) — the crypto wrapper used by PicPat (locket.live) and 16 sibling Android apps from the same vendor. Covers the SIGN_V2 signing algorithm, REQUEST_V2/RESPONSE_V2 authenticated encryption (AES-256-CBC + HMAC-SHA256), and the design issues found along the way.
android cryptography reverse-engineering mobile-security frida writeup ghidra amber-security-sdk picpat
-
Updated
May 17, 2026 - Python