Thread: Is this RSA algorithm?
View Single Post
  #1  
Old 08-09-2014, 10:08
bridgeic bridgeic is offline
Friend
  
Join Date: Jun 2012
Posts: 91
Rept. Given: 7
Rept. Rcvd 3 Times in 3 Posts
Thanks Given: 1
Thanks Rcvd at 7 Times in 6 Posts
bridgeic Reputation: 3
Quote:
Originally Posted by Storm Shadow View Post
you need to DL the yara sigs https://github.com/zerklabs/yarasigs
unpack all to lets say c:\yara . Then edit the
C:\Users\yourfolder\Downloads\ida\ida\plugins\IDAscope\idascope\config.py

line
Code:
 "inspection": {
        "default_semantics": "win-ring3"
        },
    "yara": {
        "yara_sigs": ["C:\\yara"]
        }
}
Below is my setting as reference yours.
configuration = {
"config_path_sep": "\\",
"plugin_only": False,
"paths": {
# "idascope_root_dir": "E:\\Program Files\\ida61\\plugins",
"idascope_root_dir": "",
"semantics_file": "idascope\\data\\semantics.json",
"semantics_folder": "idascope\\data\\semantics",
"winapi_keywords_file": "idascope\\data\\winapi_keywords.json",
"winapi_rootdir": "C:\\WinAPI\\"
},
"winapi": {
"search_hotkey": "ctrl+y",
"load_keyword_database": True,
"online_enabled": True
},
"inspection": {
"default_semantics": "win-ring3"
},
"yara": {
"yara_sigs": ["C:\\yara"]
}
}

And I have put yara sigs under c:\yara.



Quote:
Originally Posted by Storm Shadow View Post
but Yara are for Malware sigs.
Below message will be shown in IDA automatically after "file->script file->IDAScope.py", or I should do something else?
Reply With Quote