|
|
#1
06-27-2025, 18:44
|
|||
|
|||
|
[ida plugin] WhiteBoxAesCrack by SHangwendada
WhiteBox AES fault injection plug-in for IDA Pro
Project Address:https://github.com/SHangwenDada/WhiteBoxAesCrack This plug-in can directly perform fault injection and key recovery analysis on the Whitebox AES implementation in IDA Pro, supporting two modes: Direct Mode: Load existing TBox and TYiBox tables and inject faults at specified byte positions. Table Generation Mode (GenTYI Mode): Derive the TYiBox table from the 3D TBox base and then inject faults. Functional characteristics Automatically generated and injected fault traces of AES encryption. There are two ways to support: direct input of the table and immediate generation of the TYiBox. Prerequisites IDA Pro:Tested on IDA Pro 7.7 and above. Installation Copy the plug-in file WhiteBoxAesCrack.py to the plug-ins directory of IDA, e.g.: Copy code Hide code cp WhiteBoxAesCrack.py ~/.idapro/plugins/ cp -r WBModule ~/.idapro/plugins/ Restart IDA Pro Confirm in the IDA output window that the plug-in has been initialized: https://github.com/SHangwenDada/WhiteBoxAesCrack/raw/master/README/image-20250625100645697.png How to use Open the binary file containing the Whitebox AES implementation in IDA. Press Ctrl+Shift+W shortcut key, or call the plug-in through the menu Edit → Plugins → WhiteBoxAesCrack. Fill in the form that pops up: TBox Base: 16×256 bytes Base address of the TBox table (only in direct mode). TYiBox Base: 9×16×256×4 bytes Base address of the TYiBox table (only in direct mode). 3D TBox Base: 10×16×256 bytes Base address of the 3D TBox table (only in table generation mode). https://github.com/SHangwen bada/WhiteBoxAesCrack/raw/master/README/image-20250624180244715.png If the table generation mode is used, only fill in 3D TBox Base and leave TYiBox Base blank; if the direct mode is used, fill in both TBox Base and TYiBox Base at the same time. Click OK: The plug-in will read the table data from the specified address. Generate a fault-free trace as well as 16 traces injected with faults at the byte level. Print the hexadecimal string of each trace in the IDA output window. Call DFA analysis, restore the last round key and print the results. Call to restore the first round key, which is the initial key, with AESKeySchedule Example output Copy code Hide code FaultData: 33e1a6... ... # Last round key found: XXXXX Find AES First Key: XXXXX https://github.com/SHangwenDada/WhiteBoxAesCrack/raw/master/README/image-20250624175629972.png Troubleshooting Table read failed:if Failed to read TBox at 0x...occurs, please check if the address is correct and the module is loaded. Module import error:Ensure that WBModule is in the same directory as the plugin, and sys.path the path is included. 
|
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| (Android)ADB plugin for Ida Pro | Storm Shadow | Community Tools | 4 | 01-18-2015 06:48 |
| OllyMigrate Plugin | Elijah | Community Tools | 1 | 12-20-2014 03:26 |
| IDA VB Plugin | taos | General Discussion | 1 | 08-24-2013 00:13 |
| IDA or a plugin for ? | LOUZEW | General Discussion | 10 | 01-08-2008 04:52 |
Threaded Mode