Interrogate is a proof-of-concept tool for identification of cryptographic keys in binary material (regardless of target operating system), first and foremost for memory dump analysis and forensic usage. Able to identify AES, Serpent, Twofish and DER-encoded RSA keys as of version 0.0.4.
The tool was written as a part of my Master’s Thesis at NTNU.
- Version: 0.0.4
- License: GPL
- Author: Carsten Maartmann-Moe (firstname.lastname@example.org) AKA ntropy (email@example.com)
- Twitter: @breaknenter
- Source: https://github.com/carmaa/interrogate
- Linux or Mac OS X
Interrogate has no dependencies, installation consists of downloading and compiling:
Download and install
git clone https://github.com/carmaa/interrogate.git cd interrogate make
- Dump memory from the target machine
- Run Interrogate against the memory dump
For a more complete and up-to-date description, please run:
Known bugs / caveats
This is a Proof of Concept tool only. Don't expect too much.
Please see my master's thesis: http://www.carmaa.com/site/Publications.html
- 0.0.1 - First version
- 0.0.2 - Added TwoFish and Serpent key search functionality
- 0.0.3 - The version that was released with my Master's thesis
- 0.0.4 - Small bug fixes in conjunction with DFRWS 2009
Do no evil with this tool. Also, I am a pentester, not a developer. So if you see weird code that bugs your purity senses, drop me a note on howI can improve it. Or even better, fork my code, change it and issue a pull request.