Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page Is this RSA algorithm?
Register Forum Rules FAQ Calendar

Notices

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #27  
Old 08-09-2014, 17:36
Storm Shadow's Avatar
Storm Shadow Storm Shadow is offline
Family
  
Join Date: Jun 2014
Posts: 283
Rept. Given: 186
Rept. Rcvd 192 Times in 79 Posts
Thanks Given: 144
Thanks Rcvd at 254 Times in 98 Posts
Storm Shadow Reputation: 100-199 Storm Shadow Reputation: 100-199
make a file called Rsa.yar
remember to add it to the index file


Code:
rule Rsa
{
	strings:
		$a = {30 82 ?? ?? 30 82 ?? ??} // x509 OpenSSL 1024 Cert public key
		$b = {30 82 ?? ?? 02 01 00} // pkcs OpenSSL 1024 bit RSA Private Key

	condition:
		$a or $b
}
it is fully possible to find rsa signatures from memory http://www.trapkit.de/research/sslke...0_20060205.pdf

Bridge found the public rsa key that way in post 16
http://forum.exetools.com/showpost.p...7&postcount=16

but offcause it could be ofuscated and embedded in other files these days, and very hard to find

https://b161268c3bf5a87bc67309e7c870...ARA-Manual.pdf

Yara is almost a own script langueg by itself.
Last edited by Storm Shadow; 08-09-2014 at 17:42.
Reply With Quote
 

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Find the Algorithm mcr4ck General Discussion 3 05-26-2020 18:19
Find the Algorithm mcr4ck General Discussion 18 02-06-2020 15:43


All times are GMT +8. The time now is 00:41.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )