Go Back   Exetools > General > General Discussion


Thread Tools Display Modes
Prev Previous Post   Next Post Next
Old 06-03-2021, 23:05
TempoMat TempoMat is offline
Join Date: Jan 2006
Posts: 74
Rept. Given: 10
Rept. Rcvd 6 Times in 6 Posts
Thanks Given: 4
Thanks Rcvd at 20 Times in 15 Posts
TempoMat Reputation: 6
Any current Crypto Scanners or tools like KANAL in use?


Is there or are there any current, scriptable (for signature updates) programs for the detection of cryptographic algorithms in executable files like KANAL for PEiD in use by some members here in this forum?

I have been searching on the web for some time now without success.

I have some old programs, most of which were downloaded as far back as 2001 that I have found now to contain compiled cryptographic algorithms that are not at all or falsely detected by the likes of KANAL, SND_RT Crypto Scanner or several crypto plug-ins for IDA.

Typical examples are some compiled crypto functions in some KingConvert software, with a Golden Ratio like initialization table typical with TEAN, the RCs and so on, but it uses some constants of the DES-S-Box. The decryption routine seems symmetric and has similarities to DES, AES, Rijndael, but yet is not any of these, and at least the comon ones I know of.

Also it would great to have the possibility to update the signatures for the detection of protections like OnGuard, TRegware, Matrix Encryption which I have found in old and current software I have managed to keygen.

In this short intro of the article from 2019 the authors Han Seong Lee and Hyung-Woo Lee write:
Executable binary files can be developed using cryptographic modules using open libraries such as OpenSSL and Crypto++ in Windows environments. To determine the embedded encryption algorithms and detect cryptographic modules used in binary files, a high degree of knowledge on internal structure is required in de-assembling and analyzing. And the reverse engineering process on executable binary file is very difficult. Therefore, we developed an automatic detection tool that can automatically detect the cryptographic algorithm to efficiently analyze cryptographic algorithms as a form of IDA plug-in module. This tool can be used to detect and track cryptographic algorithms used in arbitrary executables on Windows OS system
Unfortunately there was no mention of the name of the plug-in so that it can be sought for.

Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

All times are GMT +8. The time now is 11:30.

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX
( 1998 - 2021 )