Thread: Is this RSA algorithm?
View Single Post
  #25  
Old 08-09-2014, 14:07
bridgeic bridgeic is offline
Friend
  
Join Date: Jun 2012
Posts: 91
Rept. Given: 7
Rept. Rcvd 3 Times in 3 Posts
Thanks Given: 1
Thanks Rcvd at 7 Times in 6 Posts
bridgeic Reputation: 3
Quote:
Originally Posted by Storm Shadow View Post
if you do a yara scan
you will quickly see if the scanner is set proberly.

you will see the yara rules load after push button peform yara scan
RL]
I'm sorry I didn't notice there is a push button, yes, I see the yara rules loaded when push the button, thank you so much.

Quote:
Originally Posted by Storm Shadow View Post
he adds the RSA headers to the scanner

Code:
rules = yara.compile(sources = {  
  'x509' : 'rule x509 {strings: $a = {30 82 ?? ?? 30 82 ?? ??} condition: $a}',
  'pkcs' : 'rule pkcs {strings: $a = {30 82 ?? ?? 02 01 00} condition: $a}',
  })
Which file I should put this rule into? I try name a new rule file as rsa.yar, but seems failed to load.
Reply With Quote