Bug 23546 - Security.Unify Is Broken (Xamarin In App Purchase Component)
Summary: Security.Unify Is Broken (Xamarin In App Purchase Component)
Status: RESOLVED UPSTREAM
Alias: None
Product: Android
Classification: Xamarin
Component: General ()
Version: 4.18.0
Hardware: PC Windows
: Normal normal
Target Milestone: ---
Assignee: Jonathan Pryor
URL:
Depends on:
Blocks:
 
Reported: 2014-10-02 04:56 UTC by Logie Urquhart
Modified: 2017-06-28 16:32 UTC (History)
3 users (show)

Tags:
Is this bug a regression?: ---
Last known good build:

Notice (2018-05-24): bugzilla.xamarin.com is now in read-only mode.

Please join us on Visual Studio Developer Community and in the Xamarin and Mono organizations on GitHub to continue tracking issues. Bugzilla will remain available for reference in read-only mode. We will continue to work on open Bugzilla bugs, copy them to the new locations as needed for follow-up, and add the new items under Related Links.

Our sincere thanks to everyone who has contributed on this bug tracker over the years. Thanks also for your understanding as we make these adjustments and improvements for the future.


Please create a new report on Developer Community or GitHub with your current version information, steps to reproduce, and relevant error messages or log files if you are hitting an issue that looks similar to this resolved bug and you do not yet see a matching new report.

Related Links:
Status:
RESOLVED UPSTREAM

Description Logie Urquhart 2014-10-02 04:56:41 UTC
According to the docs:

the first parameter is an array of strings containing your private key broken into two or more parts in a random order. The second parameter is an array of integers listing of order that the private key parts should be assembled in.

Thus:

Security.Unify(
new string[]
{
"rjp8zp6tD2", "CJlI/erEF5", "rFCIU8Gj7n", "8AMIIBCgKC", "wccUuknUCu"
},
new int[]
{
1, 4, 2, 3 ,0 
}
);

Should produce "wccUuknUCurjp8zp6tD2rFCIU8Gj7n8AMIIBCgKCCJlI/erEF5", but it produces "CJlI/erEF5wccUuknUCurFCIU8Gj7n8AMIIBCgKCrjp8zp6tD2"

The reason for this is that allthough the index array is used to correctly get the desired segment, the function uses string.concat to place the segments in the wrong order in the output string.

(decompiled function)

public static string Unify(string[] element, int[] segment)
{
    string empty = string.Empty;
    int[] numArray = segment;
    foreach (int num in numArray)
    {
        empty = string.Concat(empty, element[num]);
    }
    return empty;
}

It's clear that this function has not been tested with anything other than the order "0,1,2,3" (from the sample code).
Comment 1 Rajneesh Kumar 2014-10-03 11:01:30 UTC
I have checked this issue and “I can reproduce the reported behavior "Security.Unify Is Broken (Xamarin In App Purchase Component)". I’ll need confirmation from the developer if this is a bug. Leaving as NEW for now.”

Steps I have followed:

1. Create an android application
2. Create a class named "Security", and add following code:
   public static string Unify(string[] element, int[] segment)
{
    string empty = string.Empty;
    int[] numArray = segment;
    foreach (int num in numArray)
    {
        empty = string.Concat(empty, element[num]);
    }
    return empty;
}
3.To Call Unify on Button click event, write following code:
string SecurityKey = Security.Unify(new string[]{
  "rjp8zp6tD2", "CJlI/erEF5", "rFCIU8Gj7n", "8AMIIBCgKC", "wccUuknUCu"},
                new int[] {1, 4, 2, 3 ,0});
                Console.WriteLine(SecurityKey);

4.Observe the key generated in the application output window.

"CJlI/erEF5wccUuknUCurFCIU8Gj7n8AMIIBCgKCrjp8zp6tD2"

Screencast: http://www.screencast.com/t/qXQFVyII

Additional Information: I also checked this issue with XS and VS in console application getting the same behavior.

Environment Info:

Microsoft Visual Studio Professional 2012
Version 11.0.50727.1 RTMREL
Microsoft .NET Framework
Version 4.5.50938

Installed Version: Professional

LightSwitch for Visual Studio 2012   04938-004-0033001-02367
Microsoft LightSwitch for Visual Studio 2012

Office Developer Tools   04938-004-0033001-02367
Microsoft Office Developer Tools

Team Explorer for Visual Studio 2012   04938-004-0033001-02367
Microsoft Team Explorer for Visual Studio 2012

Visual Basic 2012   04938-004-0033001-02367
Microsoft Visual Basic 2012

Visual C# 2012   04938-004-0033001-02367
Microsoft Visual C# 2012

Visual C++ 2012   04938-004-0033001-02367
Microsoft Visual C++ 2012

Visual F# 2012   04938-004-0033001-02367
Microsoft Visual F# 2012

Visual Studio 2012 Code Analysis Spell Checker   04938-004-0033001-02367
Microsoft® Visual Studio® 2012 Code Analysis Spell Checker

Portions of International CorrectSpell™ spelling correction system © 1993 by Lernout & Hauspie Speech Products N.V. All rights reserved.

The American Heritage® Dictionary of the English Language, Third Edition Copyright © 1992 Houghton Mifflin Company. Electronic version licensed from Lernout & Hauspie Speech Products N.V. All rights reserved.

Visual Studio 2012 SharePoint Developer Tools   04938-004-0033001-02367
Microsoft Visual Studio 2012 SharePoint Developer Tools

Microsoft Advertising SDK for Windows Phone   
Microsoft Advertising SDK for Windows Phone
Build 

NuGet Package Manager   2.0.30625.9003
NuGet Package Manager in Visual Studio. For more information about NuGet, visit http://docs.nuget.org/.

PreEmptive Analytics Visualizer   1.0
Microsoft Visual Studio extension to visualize aggregated summaries from the PreEmptive Analytics product.

SQL Server Data Tools   11.1.20627.00
Microsoft SQL Server Data Tools

Web Developer Tools   1.0.30710.0
Microsoft Web Developer Tools contains the following components:
Page Inspector: Tool that offers an efficient way to decompose Web Applications and diagnose front-end issues.
Web Publishing: Extensions required for Web Publishing for both hosted servers as well as on premises.
Web Form Templates: Includes the default templates for Web Form Applications.
Editor Extensions: Includes HTML, CSS, and JS editor extensions that greatly enhance the development experience.

Workflow Manager Tools 1.0   1.0
This package contains the necessary Visual Studio integration components for Workflow Manager.

Xamarin   3.6.262.0 (21b7dba8736246dfd10e3f19a92ed68f1b30abfd)
Visual Studio extension to enable development for Xamarin.iOS and Xamarin.Android.

Xamarin.Android   4.16.0.17 (2a7b68212b17c903160fbd8e0106babb299d1be3)
Visual Studio plugin to enable development for Xamarin.Android.

Xamarin.iOS   8.0.66.0 (3e201c8aa14879773f966f483329bcda49fd3a41)
Visual Studio extension to enable development for Xamarin.iOS.
Comment 2 Jon Douglas [MSFT] 2017-06-28 16:32:03 UTC
Is this still an issue with this component? If so, please link to the proper component/nuget and attach a reproduction project that includes that component/nuget to the bugzilla report. I believe you meant Xamarin In App Billing rather than the iOS equivalent.

Just so you know, there's an open source pull request to have this added:

https://github.com/xamarin/XamarinComponents/pull/66

https://github.com/bholmes/XamarinComponents/blob/edd68281843dffe16a06f36d13bb0f197b98d387/Android/Xamarin.InAppBilling/source/Xamarin.InAppBilling/Utilities/Security.cs#L27-L59

If this is still an issue, please open an issue on the XamarinComponents repo https://github.com/xamarin/XamarinComponents/issues or on the pull request I posted above.