Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

Krypto-like #632

Closed
jvoisin opened this Issue · 9 comments

5 participants

@jvoisin
Collaborator

Something like the KAnal (KrytpoAnalyzer) of PEiD or FindCrypt from IDA would be nice to have in r2.

@condret
Collaborator

I like the idea, but maybe we should try to do it better than IDA. Sometimes there are no constant values, for example the intel SGX-stuff. We should look out for opcodes too, like cpuid. This shows what I mean:
http://runas-racer.com/foo/sgx.png
http://css.csail.mit.edu/6.858/2013/readings/intel-sgx.pdf

@jvoisin
Collaborator

Since we already have /R for searching ROP gadgets, what about /K ?
Searching for crypto constant should be easy to implement.

@radare
Owner
@Maijin
Collaborator

This one is also very interessting https://github.com/sandsmark/signsrch and quite efficient ;)

@jvoisin
Collaborator

I think that we should use yara (a0d3af6) for this.
What about adding a crypo.yara file into the tree ?

@radare
Owner
@Maijin
Collaborator

Some rules for crypto: https://github.com/Phoul/yara_rules

@radare
Owner
@jvoisin
Collaborator

Phoul added a license to its files (GPL).
I added them to r2 :)

@jvoisin jvoisin closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.