You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've tried to test it on one of the binaries which contains XTEA crypto and was surprised to get no results. I've reversed the database and noticed that the constant for TEA_DELTA is 0x9E3779B9. But this challenge was using an alternative value which is 0x61C88647 and instead of adding it, subtracts.
Tried to find if there's any tool to extend the DB sot that I could send a PR. Is the FCExporter I should use to generate the new DB? Is so I'll try to compile and send a PR if it's ok to add this additional constant for XTEA.
FYI the challenge was MugatuWare from Flare-On 2019 (it was in the dll, not initial exe).
The text was updated successfully, but these errors were encountered:
Your pull request has been approved.
The tool will not detect the algorithm itself as it may, as you also noticed, be modified.
We target the constants being used, reason why I accepted your pull request and I noticed that you figured out by yourself how to integrate new signatures in the database :)
Thx for this great extension.
I've tried to test it on one of the binaries which contains XTEA crypto and was surprised to get no results. I've reversed the database and noticed that the constant for TEA_DELTA is
0x9E3779B9
. But this challenge was using an alternative value which is0x61C88647
and instead of adding it, subtracts.More about this here: https://crypto.stackexchange.com/a/12570/41535
It would be nice to detect that too.
Tried to find if there's any tool to extend the DB sot that I could send a PR. Is the FCExporter I should use to generate the new DB? Is so I'll try to compile and send a PR if it's ok to add this additional constant for XTEA.
FYI the challenge was MugatuWare from Flare-On 2019 (it was in the dll, not initial exe).
The text was updated successfully, but these errors were encountered: