Is this RSA algorithm?
 

****************
File for static debug:
****************
https://app.box.com/s/npyh7dgjsvr3cdwm9b0a

Some clue indicate SNPSle_f7c94ba85f016ab01b4ebe56a4a7d20652744f697ac58fac call may use RSA algorithm, but can't find the public key after long time debug, anyone can give help?

SNPSle_dcd7600bcfd6e0ca05f8cd0732bfb7ca => call SNPSle_f7c94ba85f016ab01b4ebe56a4a7d20652744f697ac58fac => call rsa_eay.c


**********************
IDA F5 => Pseudo code
**********************
if ( SNPSle_dcd7600bcfd6e0ca05f8cd0732bfb7ca(v14, v17, v18, v13, 1) == -1 )
{
v15 = 0;
dword_282C990 = SNPSle_0b7605938c156c1e7171bec194fc1df0();
snpsFreeFunc(v18);
snpsFreeFunc(v17);
}
else
{
v15 = SNPSle_e70385d734271e1f();
SNPSle_a319640d45ef7860(v15, v18);
snpsFreeFunc(v18);
snpsFreeFunc(v17);
}
return v15;

*************************************************
Function SNPSle_dcd7600bcfd6e0ca05f8cd0732bfb7ca
*************************************************
.text:0129A65C mov edx, [esp+24h]
.text:0129A660 mov dword ptr [esp+10h], 1
.text:0129A668 mov [esp+0Ch], esi
.text:0129A66C mov [esp+8], edx
.text:0129A670 mov edx, [esp+20h]
.text:0129A674 mov [esp], eax
.text:0129A677 mov [esp+4], edx
.text:0129A67B call SNPSle_dcd7600bcfd6e0ca05f8cd0732bfb7ca

.text:012FF9C0 SNPSle_dcd7600bcfd6e0ca05f8cd0732bfb7ca proc near
.text:012FF9C0 ; CODE XREF: SNPSle_8c043950c9569b2b28b737acdf3db27f+16Bp
.text:012FF9C0 ; SNPSle_5b20c9bca9f2e8472400b8222d99bf873af76a24be776844+6Fp ...
.text:012FF9C0
.text:012FF9C0 var_1C = dword ptr -1Ch
.text:012FF9C0 var_18 = dword ptr -18h
.text:012FF9C0 var_14 = dword ptr -14h
.text:012FF9C0 var_10 = dword ptr -10h
.text:012FF9C0 var_C = dword ptr -0Ch
.text:012FF9C0 arg_0 = dword ptr 4
.text:012FF9C0 arg_4 = dword ptr 8
.text:012FF9C0 arg_8 = dword ptr 0Ch
.text:012FF9C0 arg_C = dword ptr 10h
.text:012FF9C0 arg_10 = dword ptr 14h
.text:012FF9C0
.text:012FF9C0 sub esp, 1Ch
.text:012FF9C3 mov edx, [esp+1Ch+arg_C]
.text:012FF9C7 mov eax, [esp+1Ch+arg_10]
.text:012FF9CB mov ecx, [edx+8]
.text:012FF9CE mov [esp+1Ch+var_C], eax
.text:012FF9D2 mov eax, [esp+1Ch+arg_8]
.text:012FF9D6 mov [esp+1Ch+var_10], edx
.text:012FF9DA mov [esp+1Ch+var_14], eax
.text:012FF9DE mov eax, [esp+1Ch+arg_4]
.text:012FF9E2 mov [esp+1Ch+var_18], eax
.text:012FF9E6 mov eax, [esp+1Ch+arg_0]
.text:012FF9EA mov [esp+1Ch+var_1C], eax
.text:012FF9ED call dword ptr [ecx+8] => call 013BA9F0 SNPSle_f7c94ba85f016ab01b4ebe56a4a7d20652744f697ac58fac
.text:012FF9F0 add esp, 1Ch
.text:012FF9F3 retn
.text:012FF9F3 SNPSle_dcd7600bcfd6e0ca05f8cd0732bfb7ca endp

*****************************************************************
Function SNPSle_f7c94ba85f016ab01b4ebe56a4a7d20652744f697ac58fac
*****************************************************************
.text:013BA9F0 SNPSle_f7c94ba85f016ab01b4ebe56a4a7d20652744f697ac58fac proc near
.text:013BA9F0 ; DATA XREF: .data:02796748o
......
.text:013BAA9F lea eax, (aRsa_eay_c - 26FB44Ch)[ebx] ; "rsa_eay.c"
......
.text:013BAE7D SNPSle_f7c94ba85f016ab01b4ebe56a4a7d20652744f697ac58fac endp

Have you tried applying some of the well know crypto lib sigs in IDA ?.

Git

The code you posted just moves some arguments around and does nothing which would help to identify anything.

"rsa_eay.c" is part of the OpenSSL package. If OpenSSL is linked to your code, it naturally contains RSA, but also dozens of other crypto algorithms. It doesn't mean the algorithms are actually used for anything.

The calling convention looks strange, it seems to be some exotic compiler (maybe Cygwin?). So you might have to recompile OpenSSL yourself to create IDA signature files.

Dear Git,

I use findcrypt.plw, would you help recommend some other crypto lib sigs that maybe helpful? I have few experience on this kind of lib sigs, you guide will be very appreciated, thanks.

Yes, I confirm the code call "rsa_eay.c", but I don't know how to deal with it, would you please give a little more details on how to complile OpenSSL and create IDA signature? Is there any post can be referenced? Thanks.

the ida scope plugin does a very nice jobb checking crypto.I did a fix for ida 6.1 here http://techbliss.org/threads/idascope-v1-1-yara-scanning-fixed-for-ida-6-1-python-2-7.484/#post-1509
and there is also the RSA key finder script. http://kyprizel.net/work/ida_rsakeyfinder.html /(python needed)

the RSA finder script had the wrong link
http://kyprizel.net/work/ida_rsakeyfinder.html

I try this RSA finder script, but seems find nothing, even for a simple RSA demo case as attached, it find nothing, I'm not sure whether my usage issue. The check output in IDA list as below.

Searching for X.509 Public Key Infrastructure Certificates
Searching for PKCS #8: Private-Key Information Syntax Standard
Key scan complete.

public key for attached demo case:
n=80C07AFC9D25404D6555B9ACF3567CF1, e=10001

This is a ELF format under RHEL OS, would you let me know which library file of openssl (such as libeay32.lib under windows) I should use to generate IDA signature? thanks.

@bridgeic: Use a compiler there to compile OpenSLL in that specific format. Then use the IDA SDK tools (available everywhere) to generate FLIRT signatures. Nobody can really do that for you, just look up a guide on 'compiling openssl in linux' or something.

RHEL is RedHat Enterprise?

Greetings

Yes, I have experience on using FLAIR, and I also compile openssl under RHEL5 succesfully. I just don't know which library files in openssl should be used as the input for pelf to generate openssl IDA signature file. Would you give some help on this? Thanks.

Yes, it is.

So far still no progress, I can upload all files needed on dynamic debug if anyone can give some help or direction kindly(the total files are some big, about 500M), thanks in advance.

@bridgeic: Just create a list of all files included, I really have no clue, probably you need .a or .elf files...

Greetings

As Kerlingen suggests you need the correct sig file for the compiler used. If it is an unusual compiler you will have to compile it yourself. One you have the .lib used to link in the openssl functions, use IDA's Flirt tools to convert .lib to .sig. Put the .sig in the sig directory and proceed to apply that sig to your disassembly. Many openssl functions should now be identified with the correct names.

Git

the script searches for the public rsa key header in certicates as shown here.

http://etherhack.co.uk/asymmetric/docs/rsa_key_breakdown.html

it wouldent find anything in the demo case( source for your file here) http://read.pudn.com/downloads149/sourcecode/crypt/645649/KeyGen/src/RSAKeyGen.c__.htm
it cant find random public keys :)

Dear Storm,

I'm inspired with the document your gave "OpenSSL 1024 bit RSA Private Key Breakdown". I see the public key before when do dynamic debug with edb(as the attached picture shows), but I don't understand it, after read the document, I fully understand it.

I still don't know how to make the rsa signature files, but with your help I have found and understand the public key, and have verify my understanding is right with BigCal. Here I should say many thanks to you for your warm help and guide.

I may still have some questions related, hope you can still give help, thanks again.

Have you read the instructions in your IDA/Flair/readme.txt ?

Git

Hi Git,

I mean I don't know which files of OpenSSL should be used as input of Flair/pelf, I have ever used flair on flexlm lib signature generation before, so know the basic usage.

2048bit RSA, any suggestion to crack to get private key? Or have to give up?

If the key is properly generated then it is close to impossible. To create the correct .lib you must compile OpenSSL with the same compiler used to create the exe you are reversing, and for the same target (linux, win32, etc)

Git

Yes would almost be inpossible to Brutecrack 2048bit RSA, if not impossible.
Youre only hope is to bypass(patch) the intire check for the RSA part.

However
There was some scientist that i read about last year that broke Rsa with sound gear, and cracked a 4096-bit RSA key

Read about it here http://www.tau.ac.il/~tromer/acoustic/

Dear Storm,

Why when using IDAscope, I have no this part that highlight with red colour below? Would you help have a look? (Attachment is my view when using IDAscope)

[/] setting up widgets...
[|] loading FunctionInspectionWidget
[|] loading WinApiWidget
[|] loading CryptoIdentificationWidget
[|] loading YaraScannerWidget
[\] this took 0.20 seconds.

Using FLIRT signature: Microsoft VisualC 2-10/net runtime
loading rules from file: C:\yara\apt.yar (72)
loading rules from file: C:\yara\APT_NGO_wuaclt.yar (1)
loading rules from file: C:\yara\APT_NGO_wuaclt_PDF.yar (1)
loading rules from file: C:\yara\avdetect.yar (1)
[!] Could not load yara rules from file: C:\yara\cve.yar
loading rules from file: C:\yara\dbgdetect.yar (3)
loading rules from file: C:\yara\GeorBotBinary.yara (1)
loading rules from file: C:\yara\GeorBotMemory.yara (1)
loading rules from file: C:\yara\hangover.yar (16)
[!] Could not load yara rules from file: C:\yara\index.yar
loading rules from file: C:\yara\sandboxdetect.yar (1)
loading rules from file: C:\yara\vmdetect.yar (1)
loading rules from file: C:\yara\xplug.yar (2)


[!] Performing YARA scan...

you need to DL the yara sigs https://github.com/zerklabs/yarasigs
unpack all to lets say c:\yara . Then edit the
C:\Users\yourfolder\Downloads\ida\ida\plugins\IDAscope\idascope\config.py

line
but Yara are for Malware sigs , the crypto search engine is in you picture also .

there are two options to perform crypto search.

I use it to search for s-boxes and other , on Powerpc targets so defently work with linux targets also.

Below is my setting as reference yours.
configuration = {
"config_path_sep": "\\",
"plugin_only": False,
"paths": {
# "idascope_root_dir": "E:\\Program Files\\ida61\\plugins",
"idascope_root_dir": "",
"semantics_file": "idascope\\data\\semantics.json",
"semantics_folder": "idascope\\data\\semantics",
"winapi_keywords_file": "idascope\\data\\winapi_keywords.json",
"winapi_rootdir": "C:\\WinAPI\\"
},
"winapi": {
"search_hotkey": "ctrl+y",
"load_keyword_database": True,
"online_enabled": True
},
"inspection": {
"default_semantics": "win-ring3"
},
"yara": {
"yara_sigs": ["C:\\yara"]
}
}

And I have put yara sigs under c:\yara.



Below message will be shown in IDA automatically after "file->script file->IDAScope.py", or I should do something else?

if you do a yara scan
you will quickly see if the scanner is set proberly.

you will see the yara rules load after push button peform yara scan

Also you can add you own sigs to yara
read this post https://hacking.ventures/rsa-keys-in-heartbleed-memory/


he adds the RSA headers to the scanner

I'm sorry I didn't notice there is a push button, yes, I see the yara rules loaded when push the button, thank you so much.

Which file I should put this rule into? I try name a new rule file as rsa.yar, but seems failed to load.

A RSA modulus has no special format and cannot be found by looking for some signature, since there is none. It is just a block of random looking bytes and the only way to know it is a modulus would be either finding a reference to it as an RSA parameter or by trying to factorize it (including all possible memory encodings) and not finding any factors after some minutes.

Did you yet find out if RSA is even used in your software and not just included as part of the library? It's a bit pointless to search for something which is not there, isn't it?

make a file called Rsa.yar
remember to add it to the index file


it is fully possible to find rsa signatures from memory http://www.trapkit.de/research/sslke...0_20060205.pdf

Bridge found the public rsa key that way in post 16
http://forum.exetools.com/showpost.p...7&postcount=16

but offcause it could be ofuscated and embedded in other files these days, and very hard to find

https://b161268c3bf5a87bc67309e7c870...ARA-Manual.pdf

Yara is almost a own script langueg by itself.

No, it is not. It is possible to find SSL signatures from memory, since SSL certificates have a known layout.

If you find a SSL certificate, you know where to look for the RSA modulus. But since SSL certificates are - like the name suggests - used for HTTPS connections over SSL/TLS, you will never use one for keygenning or software protection.

In software protection or keygenning you might use RSA, but then you will only use RSA, never SSL, therefore you will never have any SSL certificates involved, so it's not possible to find them by some signature matching algorithm.

Yes but now i have been talking about SSL Cert all along, and since he found the public signatures i asume he is looking for cetificates.
Bridge must answer for this, not me.Im only trying to help the dude.

as i stated in a previus post it would be impossible to break anyway.

@Kerlingen & Storm
I see the public key similar as below(but for my case, it's 2048bit), so whether means it's SSL Cert? If yes, whether have chance to break? Thanks.

-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHikastc8+I81zCg/qWW8dMr8m
qvXQ3qbPAmu0RjxoZVI47tvskYlFAXOf0sPrhO2nUuooJngnHV0639iTTEYG1vck
NaW2R6U5QTdQ5Rq5u+uV3pMk7w7Vs4n3urQ6jnqt2rTXbC1DNa/PFeAZatbf7ffB
By0IGO0zc128IshYcwIDAQAB
-----END PUBLIC KEY-----

Dear Kelingen,

Sorry, I missed this post. Yes, I found the public key when did dynamic debug(thanks Storm's help).

It's 2048bit RSA, I have verified the public key with manual caculation by bigcal tool for (m^e)mod(n), the public key is right.

If use openssl RSA, not sure whether have chance to get the private key?

From Storm: it is fully possible to find rsa signatures from memory http://www.trapkit.de/research/sslkeyfinder/keyfinder_v1.0_20060205.pdf , maybe have chance.

Dear Storm,

You have helped me a lots, in fact, the breakthrough comes from the article you recommended, thank you so much. :-)

Yes, I guess the public key is just fixed strings with base64 format without other information(I still haven't checked details how the software give the public key, but I guess it should use this way), software owner keep the private key that is not in the software, so we may can't get the private key from public key for it's 2048 bit long.