Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 02-15-2020, 06:50
nathan nathan is offline
Friend
 
Join Date: Jul 2009
Posts: 37
Rept. Given: 4
Rept. Rcvd 5 Times in 4 Posts
Thanks Given: 17
Thanks Rcvd at 26 Times in 17 Posts
nathan Reputation: 5
HASH/CRC signature in binary files ?

Is the any specific tool that could help in finding HASH/CRC signatures in binary files ? IDA or Ghidra scripts or standalone ?

Thanks,

nathan
Reply With Quote
  #2  
Old 02-15-2020, 07:32
h4sh3m h4sh3m is offline
Friend
 
Join Date: Aug 2016
Location: RCE
Posts: 56
Rept. Given: 1
Rept. Rcvd 4 Times in 2 Posts
Thanks Given: 49
Thanks Rcvd at 81 Times in 35 Posts
h4sh3m Reputation: 4
Hi

You can try Keygener Assistant, not found direct link for latest version, following link contains version 2.0.2:
Quote:
https://webscene.ir/tools/show/Keygener-Assistant-2.0.2

BR,
h4sh3m
Reply With Quote
  #3  
Old 02-15-2020, 12:27
Stingered Stingered is offline
Friend
 
Join Date: Dec 2017
Posts: 256
Rept. Given: 0
Rept. Rcvd 2 Times in 2 Posts
Thanks Given: 296
Thanks Rcvd at 179 Times in 89 Posts
Stingered Reputation: 2
Quote:
Originally Posted by nathan View Post
Is the any specific tool that could help in finding HASH/CRC signatures in binary files ? IDA or Ghidra scripts or standalone ?

Thanks,

nathan
Signsrch

IDA signsrch

SND Reverser tool v1.4
Reply With Quote
The Following User Says Thank You to Stingered For This Useful Post:
nathan (02-16-2020)
  #4  
Old 02-15-2020, 14:44
FoxB FoxB is offline
VIP
 
Join Date: Jan 2002
Location: Earth...
Posts: 934
Rept. Given: 15
Rept. Rcvd 125 Times in 83 Posts
Thanks Given: 20
Thanks Rcvd at 675 Times in 278 Posts
FoxB Reputation: 100-199 FoxB Reputation: 100-199
Quote:
Originally Posted by Stingered View Post
The SND link gave error
Reply With Quote
  #5  
Old 02-15-2020, 16:41
sendersu sendersu is offline
VIP
 
Join Date: Oct 2010
Posts: 1,066
Rept. Given: 332
Rept. Rcvd 223 Times in 115 Posts
Thanks Given: 234
Thanks Rcvd at 512 Times in 288 Posts
sendersu Reputation: 200-299 sendersu Reputation: 200-299 sendersu Reputation: 200-299
Quote:
Originally Posted by FoxB View Post
The SND link gave error
have this http://prntscr.com/r2n22k

and this http://prntscr.com/r2n2em
ping in case u need it
Reply With Quote
  #6  
Old 02-15-2020, 17:57
FoxB FoxB is offline
VIP
 
Join Date: Jan 2002
Location: Earth...
Posts: 934
Rept. Given: 15
Rept. Rcvd 125 Times in 83 Posts
Thanks Given: 20
Thanks Rcvd at 675 Times in 278 Posts
FoxB Reputation: 100-199 FoxB Reputation: 100-199
Quote:
Originally Posted by sendersu View Post
ping in case u need it

well, upload last one
Reply With Quote
  #7  
Old 02-15-2020, 18:41
niculaita's Avatar
niculaita niculaita is offline
Family
 
Join Date: Jun 2011
Location: here
Posts: 1,342
Rept. Given: 947
Rept. Rcvd 89 Times in 61 Posts
Thanks Given: 4,282
Thanks Rcvd at 479 Times in 338 Posts
niculaita Reputation: 89
https://www.connect-trojan.com/details.php?id=6668
__________________
Decode and Conquer
Reply With Quote
The Following User Says Thank You to niculaita For This Useful Post:
nathan (02-18-2020)
  #8  
Old 02-15-2020, 20:37
sendersu sendersu is offline
VIP
 
Join Date: Oct 2010
Posts: 1,066
Rept. Given: 332
Rept. Rcvd 223 Times in 115 Posts
Thanks Given: 234
Thanks Rcvd at 512 Times in 288 Posts
sendersu Reputation: 200-299 sendersu Reputation: 200-299 sendersu Reputation: 200-299
Quote:
Originally Posted by FoxB View Post
well, upload last one

https://www.sendspace.com/file/ezq9it

the license of this material is a real fun to read!
check it out!
Reply With Quote
The Following 2 Users Say Thank You to sendersu For This Useful Post:
nathan (02-18-2020), niculaita (02-15-2020)
  #9  
Old 02-16-2020, 02:10
Stingered Stingered is offline
Friend
 
Join Date: Dec 2017
Posts: 256
Rept. Given: 0
Rept. Rcvd 2 Times in 2 Posts
Thanks Given: 296
Thanks Rcvd at 179 Times in 89 Posts
Stingered Reputation: 2
Quote:
Originally Posted by FoxB View Post
The SND link gave error
Link is good. I can U/L elsewhere if needed.

Tool and SRC are HERE
Reply With Quote
The Following User Says Thank You to Stingered For This Useful Post:
nathan (02-18-2020)
  #10  
Old 02-16-2020, 14:54
SegWolf SegWolf is offline
Friend
 
Join Date: Oct 2018
Posts: 17
Rept. Given: 0
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 3
Thanks Rcvd at 26 Times in 7 Posts
SegWolf Reputation: 1
Quote:
Originally Posted by sendersu View Post

http://prntscr.com/r2n2em
ping in case u need it
Can you please share this v1.5b1? Thanks!
Reply With Quote
  #11  
Old 02-17-2020, 00:16
Stingered Stingered is offline
Friend
 
Join Date: Dec 2017
Posts: 256
Rept. Given: 0
Rept. Rcvd 2 Times in 2 Posts
Thanks Given: 296
Thanks Rcvd at 179 Times in 89 Posts
Stingered Reputation: 2
Quote:
Originally Posted by SegWolf View Post
Can you please share this v1.5b1? Thanks!
Grab from HERE
Reply With Quote
The Following 2 Users Say Thank You to Stingered For This Useful Post:
LordGarfio (04-02-2020), nathan (02-18-2020)
  #12  
Old 02-17-2020, 09:23
chants chants is offline
VIP
 
Join Date: Jul 2016
Posts: 725
Rept. Given: 35
Rept. Rcvd 48 Times in 30 Posts
Thanks Given: 666
Thanks Rcvd at 1,050 Times in 475 Posts
chants Reputation: 48
I am not sure the strategy used but are any of these tools capable of finding hashes by looking for entropy? Unlike machine code and normal data, only things like hashes and maybe GUIDs would seem to be random streams of bytes. Of course things like packed or encrypted files would likely throw such a detection method off but AFAIK it would throw all methods off.
Reply With Quote
  #13  
Old 02-18-2020, 06:09
Jupiter's Avatar
Jupiter Jupiter is offline
Lo*eXeTools*rd
 
Join Date: Jan 2005
Location: Moscow, Russia
Posts: 214
Rept. Given: 36
Rept. Rcvd 61 Times in 36 Posts
Thanks Given: 20
Thanks Rcvd at 149 Times in 42 Posts
Jupiter Reputation: 61
Lightbulb GUID

Quote:
Originally Posted by chants View Post
... and maybe GUIDs would seem to be random streams of bytes
Usually GUID / UUID is not random, it may contain specific values at specific byte locations.
__________________
EnJoy!
Reply With Quote
The Following User Says Thank You to Jupiter For This Useful Post:
chants (02-18-2020)
  #14  
Old 02-18-2020, 16:41
Roy25 Roy25 is offline
Friend
 
Join Date: Sep 2018
Posts: 21
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 17
Thanks Rcvd at 23 Times in 13 Posts
Roy25 Reputation: 0
Though not directly related, but you could try this as well to find crypted strings and values:

https://blog.didierstevens.com/programs/xorsearch/

Forgot to mention, the blog has many other useful utilities for geeks, check them as well.

Last edited by Roy25; 02-18-2020 at 16:45. Reason: Adding value to post
Reply With Quote
The Following User Says Thank You to Roy25 For This Useful Post:
XorRanger (02-18-2020)
  #15  
Old 02-18-2020, 17:24
XorRanger XorRanger is offline
Family
 
Join Date: May 2013
Location: Nigeria
Posts: 82
Rept. Given: 139
Rept. Rcvd 86 Times in 27 Posts
Thanks Given: 23
Thanks Rcvd at 25 Times in 11 Posts
XorRanger Reputation: 86
Quote:
Originally Posted by Roy25 View Post
Though not directly related, but you could try this as well to find crypted strings and values:

https://blog.didierstevens.com/programs/xorsearch/

Forgot to mention, the blog has many other useful utilities for geeks, check them as well.
strangely, I can't seem to access the URL without VPN.
__________________
We are on a quest to understand the inexplicable,break the unbreakable.
This is our path,our eternal journey.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Flexlm 11.14 x86 signature, .til files Vladimir General Discussion 1 10-01-2020 01:43


All times are GMT +8. The time now is 07:45.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )