How can I decrypt snapchat files?

If a person can decrypt snapchat files so easily then this is a serious problem in password management. The first problem here is the way they managed his key in their source code. SnapChat states that they send the photos encrypted over the internet, and it is true after all, but they are using a "pre-shared" key to encrypt this data (badly using also AES in ECB mode) so, every user around the planet has the key to decipher each photo. The problem here is, how did the internet get the key? Piece of cake, they just included it in every app, and somebody just searched for it. What is this magic encryption key used by any and all Snapchat apps?

M02cnQ51Ji97vwT4

You can find this (in the Android app) in a constant string located

in com.snapchat.android.util.AESEncrypt; no digging required, it is

quite literally sitting around waiting to be found by anyone.

On a more positive note (perhaps), in the 3.0.4 (18/08/2013) build

of the Android app, there is - oddly enough - a second key!

1234567891123456

It is a very bad practice to hardcode a password in your source (no matter if it is in your headers or in your binaries), the main problem being anyone could find it with a simple "strings" command into your binary (or by looking in someplace you used to share your code with your friends): strings binaryFile Then the malicious user can have a look at each string and check if that is the password he is looking for. So, if you really need to hardcode a password in your code you better hide it, but this will just be "security through obscurity" and the malicious user will end up finding the key (so you better think in a different approach). What can they do to improve their security? Well they could have generated a key for each photo, or they can pre-share a key between the clients that are going to share a picture, public/private keys; there are plenty of options.