吾爱破解 - 52pojie.cn

 找回密码
 注册[Register]

QQ登录

只需一步,快速开始

查看: 5887|回复: 2
收起左侧

[IDA Plugin] RSA Keyfinder 0.1

[复制链接]
Hmily 发表于 2011-1-16 12:41
#---------------------------------------------------------------------
#    Simple IDA script to extract RSA private keys and certificates.
#    kyprizel, 2010
#
#    Based on original idea and PoC by Tobias Klein
#    http://www.trapkit.de/research/sslkeyfinder/
#---------------------------------------------------------------------
import os
import idaapi
from idautils import *

#OUTFOLDER = 'c:\\temp\\'
OUTFOLDER = os.path.dirname(GetInputFilePath())

patterns = (
    dict(name='X.509 Public Key Infrastructure Certificates',
        sig='30 82 ? ? 30 82 ? ?',
        outfile='%s.crt'
    ),
    dict(name='PKCS #8: Private-Key Information Syntax Standard',
        sig='30 82 ? ? 02 01 00',
        outfile='%s.key'
    ),)

def find_sig(next_seg, pat, dump_cb):
    """
    Scan binary image for pattern and run dump callback function.

    @param next_seg:   Start address
    @param pat:        Dict with config
    @param dump_cb:    Certificate dump callback
    """
    ea = SegStart(next_seg)
    seg_end = SegEnd(next_seg)
    Message('Searching for %s\n' % pat['name'])
#    Message('Current Seg %s\n' % SegName(next_seg))
    while next_seg != BADADDR:
        ea = idaapi.find_binary(ea, seg_end, pat['sig'], 16, 1)
        if ea != BADADDR:
            ea = dump_cb(ea, pat)
        else:
            next_seg = ea = NextSeg(seg_end)
            seg_end = SegEnd(next_seg)


def dump_func(ea, pat):
    """
    Dumps certificate/key from target address to file.

    @param ea:   Target address
    @param pat:  Dict with config

    @return: address to continue search
    """
    size = (Byte(ea+2) << 8 & 0xffff) + Byte(ea+3)
    outfile = os.path.join(OUTFOLDER, pat['outfile'] % str(ea))
    Message('found at %s, size: %d, saved: %s\n' % (atoa(ea), size, outfile))
    SaveFile(outfile, 0, ea, size+4)
    return ea+size+4

for pat in patterns:
    find_sig(FirstSeg(), pat, dump_func)

Message('Key scan complete.\n')

getkeys.rar

996 Bytes, 下载次数: 29, 下载积分: 吾爱币 -1 CB

发帖前要善用论坛搜索功能,那里可能会有你要找的答案或者已经有人发布过相同内容了,请勿重复发帖。

basaiyv 发表于 2011-6-9 17:00
这个要用IDA配合用吧?
ntzwq 发表于 2014-4-22 13:37
您需要登录后才可以回帖 登录 | 注册[Register]

本版积分规则

返回列表

RSS订阅|小黑屋|处罚记录|联系我们|吾爱破解 - LCG - LSG ( 京ICP备16042023号 | 京公网安备 11010502030087号 )

GMT+8, 2024-12-26 00:41

Powered by Discuz!

Copyright © 2001-2020, Tencent Cloud.

快速回复 返回顶部 返回列表