Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 02-15-2020, 06:50
nathan nathan is offline
Friend
 
Join Date: Jul 2009
Posts: 33
Rept. Given: 4
Rept. Rcvd 5 Times in 4 Posts
Thanks Given: 15
Thanks Rcvd at 23 Times in 17 Posts
nathan Reputation: 5
HASH/CRC signature in binary files ?

Is the any specific tool that could help in finding HASH/CRC signatures in binary files ? IDA or Ghidra scripts or standalone ?

Thanks,

nathan
Reply With Quote
  #2  
Old 02-15-2020, 07:32
h4sh3m h4sh3m is offline
Friend
 
Join Date: Aug 2016
Posts: 26
Rept. Given: 0
Rept. Rcvd 4 Times in 2 Posts
Thanks Given: 33
Thanks Rcvd at 55 Times in 24 Posts
h4sh3m Reputation: 4
Hi

You can try Keygener Assistant, not found direct link for latest version, following link contains version 2.0.2:
Quote:
https://webscene.ir/tools/show/Keygener-Assistant-2.0.2

BR,
h4sh3m
Reply With Quote
  #3  
Old 02-15-2020, 12:27
Stingered Stingered is offline
Friend
 
Join Date: Dec 2017
Posts: 122
Rept. Given: 0
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 149
Thanks Rcvd at 76 Times in 41 Posts
Stingered Reputation: 2
Quote:
Originally Posted by nathan View Post
Is the any specific tool that could help in finding HASH/CRC signatures in binary files ? IDA or Ghidra scripts or standalone ?

Thanks,

nathan
Signsrch

IDA signsrch

SND Reverser tool v1.4
Reply With Quote
The Following User Says Thank You to Stingered For This Useful Post:
nathan (02-16-2020)
  #4  
Old 02-15-2020, 14:44
FoxB FoxB is offline
VIP
 
Join Date: Jan 2002
Location: Earth...
Posts: 712
Rept. Given: 13
Rept. Rcvd 103 Times in 69 Posts
Thanks Given: 8
Thanks Rcvd at 428 Times in 182 Posts
FoxB Reputation: 100-199 FoxB Reputation: 100-199
Quote:
Originally Posted by Stingered View Post
The SND link gave error
Reply With Quote
  #5  
Old 02-15-2020, 16:41
sendersu sendersu is offline
VIP
 
Join Date: Oct 2010
Posts: 837
Rept. Given: 324
Rept. Rcvd 216 Times in 110 Posts
Thanks Given: 168
Thanks Rcvd at 349 Times in 196 Posts
sendersu Reputation: 200-299 sendersu Reputation: 200-299 sendersu Reputation: 200-299
Quote:
Originally Posted by FoxB View Post
The SND link gave error
have this http://prntscr.com/r2n22k

and this http://prntscr.com/r2n2em
ping in case u need it
Reply With Quote
  #6  
Old 02-15-2020, 17:57
FoxB FoxB is offline
VIP
 
Join Date: Jan 2002
Location: Earth...
Posts: 712
Rept. Given: 13
Rept. Rcvd 103 Times in 69 Posts
Thanks Given: 8
Thanks Rcvd at 428 Times in 182 Posts
FoxB Reputation: 100-199 FoxB Reputation: 100-199
Quote:
Originally Posted by sendersu View Post
ping in case u need it

well, upload last one
Reply With Quote
  #7  
Old 02-15-2020, 18:41
niculaita's Avatar
niculaita niculaita is offline
Family
 
Join Date: Jun 2011
Location: here
Posts: 1,131
Rept. Given: 857
Rept. Rcvd 85 Times in 57 Posts
Thanks Given: 2,655
Thanks Rcvd at 427 Times in 305 Posts
niculaita Reputation: 85
https://www.connect-trojan.com/details.php?id=6668
__________________
Decode and Conquer
Reply With Quote
The Following User Says Thank You to niculaita For This Useful Post:
nathan (02-18-2020)
  #8  
Old 02-15-2020, 20:37
sendersu sendersu is offline
VIP
 
Join Date: Oct 2010
Posts: 837
Rept. Given: 324
Rept. Rcvd 216 Times in 110 Posts
Thanks Given: 168
Thanks Rcvd at 349 Times in 196 Posts
sendersu Reputation: 200-299 sendersu Reputation: 200-299 sendersu Reputation: 200-299
Quote:
Originally Posted by FoxB View Post
well, upload last one

https://www.sendspace.com/file/ezq9it

the license of this material is a real fun to read!
check it out!
Reply With Quote
The Following 2 Users Say Thank You to sendersu For This Useful Post:
nathan (02-18-2020), niculaita (02-15-2020)
  #9  
Old 02-16-2020, 02:10
Stingered Stingered is offline
Friend
 
Join Date: Dec 2017
Posts: 122
Rept. Given: 0
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 149
Thanks Rcvd at 76 Times in 41 Posts
Stingered Reputation: 2
Quote:
Originally Posted by FoxB View Post
The SND link gave error
Link is good. I can U/L elsewhere if needed.

Tool and SRC are HERE
Reply With Quote
The Following User Says Thank You to Stingered For This Useful Post:
nathan (02-18-2020)
  #10  
Old 02-16-2020, 14:54
SegWolf SegWolf is offline
Friend
 
Join Date: Oct 2018
Posts: 8
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 3
Thanks Rcvd at 18 Times in 4 Posts
SegWolf Reputation: 0
Quote:
Originally Posted by sendersu View Post

http://prntscr.com/r2n2em
ping in case u need it
Can you please share this v1.5b1? Thanks!
Reply With Quote
  #11  
Old 02-17-2020, 00:16
Stingered Stingered is offline
Friend
 
Join Date: Dec 2017
Posts: 122
Rept. Given: 0
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 149
Thanks Rcvd at 76 Times in 41 Posts
Stingered Reputation: 2
Quote:
Originally Posted by SegWolf View Post
Can you please share this v1.5b1? Thanks!
Grab from HERE
Reply With Quote
The Following User Says Thank You to Stingered For This Useful Post:
nathan (02-18-2020)
  #12  
Old 02-17-2020, 09:23
chants chants is offline
Family
 
Join Date: Jul 2016
Posts: 476
Rept. Given: 2
Rept. Rcvd 33 Times in 19 Posts
Thanks Given: 404
Thanks Rcvd at 751 Times in 345 Posts
chants Reputation: 33
I am not sure the strategy used but are any of these tools capable of finding hashes by looking for entropy? Unlike machine code and normal data, only things like hashes and maybe GUIDs would seem to be random streams of bytes. Of course things like packed or encrypted files would likely throw such a detection method off but AFAIK it would throw all methods off.
Reply With Quote
  #13  
Old 02-18-2020, 06:09
Jupiter's Avatar
Jupiter Jupiter is offline
Lo*eXeTools*rd
 
Join Date: Jan 2005
Location: Moscow, Russia
Posts: 178
Rept. Given: 24
Rept. Rcvd 54 Times in 31 Posts
Thanks Given: 5
Thanks Rcvd at 81 Times in 20 Posts
Jupiter Reputation: 54
Lightbulb GUID

Quote:
Originally Posted by chants View Post
... and maybe GUIDs would seem to be random streams of bytes
Usually GUID / UUID is not random, it may contain specific values at specific byte locations.
__________________
EnJoy!
Reply With Quote
The Following User Says Thank You to Jupiter For This Useful Post:
chants (02-18-2020)
  #14  
Old 02-18-2020, 16:41
Roy25 Roy25 is offline
Friend
 
Join Date: Sep 2018
Posts: 14
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 10
Thanks Rcvd at 20 Times in 13 Posts
Roy25 Reputation: 0
Though not directly related, but you could try this as well to find crypted strings and values:

https://blog.didierstevens.com/programs/xorsearch/

Forgot to mention, the blog has many other useful utilities for geeks, check them as well.

Last edited by Roy25; 02-18-2020 at 16:45. Reason: Adding value to post
Reply With Quote
The Following User Says Thank You to Roy25 For This Useful Post:
XorRanger (02-18-2020)
  #15  
Old 02-18-2020, 17:24
XorRanger XorRanger is offline
Family
 
Join Date: May 2013
Location: Nigeria
Posts: 83
Rept. Given: 140
Rept. Rcvd 86 Times in 27 Posts
Thanks Given: 21
Thanks Rcvd at 25 Times in 11 Posts
XorRanger Reputation: 86
Quote:
Originally Posted by Roy25 View Post
Though not directly related, but you could try this as well to find crypted strings and values:

https://blog.didierstevens.com/programs/xorsearch/

Forgot to mention, the blog has many other useful utilities for geeks, check them as well.
strangely, I can't seem to access the URL without VPN.
__________________
We are on a quest to understand the inexplicable,break the unbreakable.
This is our path,our eternal journey.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 03:50.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX
( 1998 - 2020 )