Merge branch 'patch-1'

Close pull request #3

.github/workflows/main.yml

@@ -0,0 +1,41 @@
+# vim: expandtab tabstop=2 shiftwidth=2
+name: CI
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+  release:
+    types:
+      - created
+
+jobs:
+  build:
+    name: 'Build Ghidra FindCrypt extension'
+    strategy:
+      matrix:
+        ghidra:
+          - version: "9.2.2"
+          - version: "9.2.1"
+          - version: "9.2"
+          - version: "9.1.2"
+    runs-on: "ubuntu-latest"
+    container: registry.gitlab.com/torgo/ghidra-container/ghidra-plugin-builder:${{ matrix.ghidra.version }}
+    steps:
+      - name: "Clone FindCrypt"
+        uses: actions/checkout@v2
+      - name: "Compile FindCrypt - ${{ matrix.ghidra.version }}"
+        run: |
+          cd FindCrypt
+          gradle
+          ls -lah dist/
+      - name: "Upload FindCrypt - ${{ matrix.ghidra.version }}"
+        uses: actions/upload-artifact@v2
+        with:
+          name: ghidra_${{ matrix.ghidra.version }}_FindCrypt
+          path: |
+            README.md
+            FindCrypt/dist/*.zip
+      
+

README.md

@@ -1,7 +1,8 @@
 # Ghidra FindCrypt
 ![Bug eyed Ghidra looks at complex algorithms](docs/findcrypt_logo.png)
 
-[![pipeline status](https://gitlab.com/Torgo/ghidra_findcrypt/badges/master/pipeline.svg)](https://gitlab.com/Torgo/ghidra_findcrypt/pipelines/master/latest)
+[![Github status](https://github.com/TorgoTorgo/ghidra-findcrypt/actions/workflows/main.yml/badge.svg)](https://github.com/TorgoTorgo/ghidra-findcrypt/actions/workflows/main.yml)
+[![Gitlab status](https://gitlab.com/Torgo/ghidra_findcrypt/badges/master/pipeline.svg)](https://gitlab.com/Torgo/ghidra_findcrypt/pipelines/master/latest)
 
 This is a re-write of another [Ghidra FindCrypt](https://github.com/d3v1l401/FindCrypt-Ghidra/) script
 as an auto analysis module. It also takes better advantage of the Ghidra
@@ -25,7 +26,7 @@ This will output a zip in the `FindCrypt/dist/` directory.
 ## Installing
 
 You can either build it yourself (see above) or download
-a zip from the [GitLab releases](https://gitlab.com/Torgo/ghidra_findcrypt/-/releases)
+a zip from the [Github releases](https://github.com/TorgoTorgo/ghidra-findcrypt/releases) or [GitLab releases](https://gitlab.com/Torgo/ghidra_findcrypt/-/releases)
 
 The extension can be installed into Ghidra like so:
 - From the Project window hit `File` -> `Install extensions...`

convert_db.py

@@ -1,3 +1,5 @@
+#!/usr/bin/env python3
+
 # Take a database of crypt constants and output a database
 # that is compatable with the FindCrypt plugin.
 #
@@ -11,7 +13,7 @@
 #@author Torgo
 
 from struct import unpack, pack
-from StringIO import StringIO
+from io import StringIO
 from gzip import GzipFile
 
 class CryptSignature(object):
@@ -43,6 +45,7 @@ def deserialize(self):
                 name_size = unpack('>I', f.read(4))[0]
                 name = unpack('{}s'.format(name_size), f.read(name_size))[0]
                 compressed = unpack('>b', f.read(1))[0] == b'\x01'
+                unknown_val = unpack('>I', f.read(4))[0]
                 buff_size = unpack('>I', f.read(4))[0]
                 buff = unpack('{}s'.format(buff_size), f.read(buff_size))[0]
                 if compressed:

update.sh

@@ -8,6 +8,6 @@ wget https://github.com/d3v1l401/FindCrypt-Ghidra/raw/master/findcrypt_ghidra/da
 
 echo "[+] Converting database and adding to the plugin"
 rm -f FindCrypt/data/database.d3v
-python convert_db.py database.d3v FindCrypt/data/database.d3v
+python3 convert_db.py database.d3v FindCrypt/data/database.d3v
 
 echo "[+] Done! Now you can git add the changes!"