Broken By Design: 15 PoCs proving Alipay's APK signing infrastructure is cryptographically broken. MD5/SHA-1 collisions, RSA-1024 factoring, Janus injection, batch GCD key recovery. IACR ePrint 2026/526.
security cryptography proof-of-concept alipay hash-collision vulnerability-research apk-signing rsa-1024 batch-gcd md5-collision
-
Updated
Mar 22, 2026 - Python