1. Cybersecurity >
  2. Cybersecurity Nachrichten >
  3. AES Finder - Utility To Find AES Keys In Running Processes

ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

AES Finder - Utility To Find AES Keys In Running Processes


IT Security Nachrichten vom | Direktlink: feedproxy.google.com Nachrichten Bewertung


Utility to find AES keys in running process memory. Works for 128, 192 and 256-bit keys.


Usage

Open aes-finder.sln solution in Visual Studio 2013 to compile source. Alternatively use gcc/clang:

g++ -O3 -march=native -fomit-frame-pointer aes-finder.cpp -o aes-finder

To search for keys in process with id = 123, execute following:

aes-finder.exe -123 

To search for keys in any process with name chrome.exe, execute following:

aes-finder.exe chrome.exe

Now you can see what kind of AES keys are used in your favorite application!


Putty
C:\>aes-finder.exe putty.exe
Searching PID 2180 ...
[0016C904] Found AES-256 encryption key: 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
[0016C9F4] Found AES-256 decryption key: 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
[00AA4540] Found AES-256 encryption key: e2855dae921dba978ffd713e89540101144de13f468fd5da8623608255387dbc
[00AA4720] Found AES-256 decryption key: e2855dae921dba978ffd713e89540101144de13f468fd5da8623608255387dbc
[00AA5458] Found AES-256 encryption key: 892372c26c5601a28e5dd20a64976faa219907c6c9a33a9d1ff3376609bd53f7
[00AA5638] Found AES-256 decryption key: 892372c26c5601a28e5dd20a64976faa219907c6c9a33a9d1ff3376609bd53f7
Done!

Dropbox
C:\>aes-finder.exe dropbox.exe
Searching PID 2204 ...
[00F5DDE8] Found AES-128 encryption key: e73c856f10e56d8ded0510e964e71b33
... many identical keys
[0363A708] Found AES-128 encryption key: e73c856f10e56d8ded0510e964e71b33
[03710A24] Found AES-128 encryption key: 0e7484bb0230b137eb582bae6ea17e09
[03710C40] Found AES-128 encryption key: 0e7484bb0230b137eb582bae6ea17e09
[03716388] Found AES-128 encryption key: e73c856f10e56d8ded0510e964e71b33
... many identical keys
[03747888] Found AES-128 encryption key: e73c856f10e56d8ded0510e964e71b33
[038721A8] Found AES-256 encryption key: 90e804d380d6c279de1d0373a24010ffcbccb8a177f4fffaaa007fa2b07bbe35
[03872318] Found AES-256 decryption key: 69d292fb3bc5edb2008e2687b40321f01ce1077c0570819ef666f5079b233064
[0388480C] Found AES-128 encryption key: 0e7484bb0230b137eb582bae6ea17e09
[03884A28] Found AES-128 encryption key: 0e7484bb0230b137eb582bae6ea17e09
[03892330] Found AES-2 56 encryption key: 8843f5b83b0bc88ffefcdc4a6fb1dbec2a2216001d23ef714e3fcad2b106fa4a
[038E6F88] Found AES-256 decryption key: 845e5cd8a07200ed53df003b4524872e5a1b8faa931c285602ef4b091c80a8f6
[038FD6E0] Found AES-128 encryption key: 6108ca5991b2d070ba9109ca92895f5d
[03918310] Found AES-256 encryption key: 55a832a0756807b89d26bfeb2fd0c20affec0444ccc5f8826f1e4c0097bc4961
[0391DD68] Found AES-256 encryption key: 0495d0bc9b05b893ada8eb36c5fbbfefab3cccd4566accbf18c1a078faae970d
[0391DF00] Found AES-256 decryption key: fd4c481f479f9a66677adc42060689d1bb95529b217265fec7664e0fd0e990b2
[0393AB48] Found AES-256 decryption key: 471c720862d7d1329d0a1320a5eaea4ce7a8693ac75e9c732a0c4392aeb3d21e
[039480A0] Found AES-128 encryption key: 6108ca5991b2d070ba9109ca92895f5d
[0394B508] Found AES-128 encryption key: 6108ca5991b2d070ba9109ca92895f5d
[03950418] Found AES-256 encryption key: bbc3ede28857b90389452846e4b80ca5e262ef57ce918ce17c89b6598993faa4
[039E1A24] Foun d AES-128 encryption key: afde7f5a3184111f877f0e8b61f85ad8
[039E1C40] Found AES-128 encryption key: afde7f5a3184111f877f0e8b61f85ad8
[039F5668] Found AES-256 encryption key: b48ac86c598e3051e1e00f17cb47256c0e6735a694ab3c1282ee9086d38d2647
[039F5870] Found AES-256 decryption key: 9e12c27da800ada221a60112171ac32b7b2c4781a7d45407fc6aaff2800b67d9
[03A0BD18] Found AES-128 encryption key: 6108ca5991b2d070ba9109ca92895f5d
[03A0EA7C] Found AES-256 encryption key: 28ad3cba4b91556825a3f301358901416eb16253b0bc7e43be0303caa53a001e
[03A0EB6C] Found AES-256 decryption key: 28ad3cba4b91556825a3f301358901416eb16253b0bc7e43be0303caa53a001e
[071868B0] Found AES-256 decryption key: 7a1d726b3b7c81a65887e12296d3102ead96a3a71a100fd4c48ccbc421f3d570
Done!

Chrome
C:\>aes-finder.exe chrome.exe
Searching PID 1792 ...
[08D8302C] Found AES-256 decryption key: c73159441a23df68b292a666a082418048a844813dfe8636126e875204813291
[08D8326C] Found AES-256 encryption key: a85f43b1515c848bcb99a94f8b3ff815bcab2ff37b67954d21231c9744651f80
[08D834AC] Found AES-256 decryption key: 22715913a08a86472a85c711fe7674180c07cc19cc0683e95dd9f0c7526387c6
[08D8446C] Found AES-256 decryption key: 2c7d5043ae8d2800cef6b5fe82776eaaa13a1911f97f15d34172aaf4e0cf1d74
... lot of random keys
[0907326C] Found AES-256 decryption key: 28e941c0801544a85c1832510e935d44a3ae096397bbdeb5eb8608d2b1fcc18f
[090734AC] Found AES-256 encryption key: 4ffc20368848fdc739bb3420cbd5d8333ab6f478ba601309e2bab7db0427047b
[0907392C] Found AES-256 encryption key: f857325597da770d3a4589b5a585671d33221c108aab002c30a181b79c3c99ed
[09073B6C] Found AES-128 decryption key: d5f782a86d7f1e3c403cbe349c2844c1
[09073DAC] Found AES-128 encryption key: cdfb40a 1b13d7cfd0f7fd2687848d3de
[09073FEC] Found AES-128 decryption key: ce3be55b440620be4aa73e33c325456f
[0907422C] Found AES-128 encryption key: 1954a522cf12287a245d66786d78bba5
[0907446C] Found AES-128 decryption key: 7972ca8c29805c44bacc6a70691a606d
[090746AC] Found AES-128 encryption key: 266ffef00c92cd372d8dce1436a124d7
[090748EC] Found AES-128 decryption key: 1afa9ef367fe19278cdd7d060b397813
[09074B2C] Found AES-128 encryption key: b7fcd6a9915be8d562f376f8e30b34a3
[09074D6C] Found AES-128 decryption key: 4e150e928eb9f4366c93d7d664b53587
[090F702C] Found AES-128 encryption key: 6f3701e7a085102e9b69ffa1c5a7d52d
[090F726C] Found AES-128 decryption key: 71a46909719d714ebe29e1fb13ba3bc1
[090F74AC] Found AES-128 encryption key: 526d886eaa03c0a7e36918eb741ba4a9
Searching PID 2744 ...
Searching PID 3592 ...
Done!

Python + PyCrypto
C:\>start python -c "from Crypto.Cipher import AES; a=AES.new('\x42'*24, AES.MODE_ECB); input()"

C:\>aes-finder.exe python.exe
Searching PID 264 ...
[00B84074] Found AES-192 encryption key: 424242424242424242424242424242424242424242424242
[00B84164] Found AES-192 decryption key: 424242424242424242424242424242424242424242424242
Done!

sshd on Linux
$ sudo ./aes-finder sshd
Searching PID 3307 ...
Searching PID 10428 ...
Searching PID 10430 ...
[0x7fc39b3132d0] Found AES-128 encryption key: df435cfcd8830df858203c0ad2db51ca
[0x7fc39b313450] Found AES-128 encryption key: 0ad922797aba3078841bc298104bb39a
Done!

iTunes on Mac OS X
$ sudo ./aes-finder iTunes
Searching PID 40912 ...
[0x7fe073e7dd3c] Found AES-128 encryption key: 743554fb48b78d29ad73fbd231373982
[0x7fe073e7de00] Found AES-128 encryption key: 743554fb48b78d29ad73fbd231373982
[0x7fe0758aaa88] Found AES-128 encryption key: dc4b5af0c373c4b3cf1158fe0a42022f
[0x7fe0758aab78] Found AES-128 decryption key: dc4b5af0c373c4b3cf1158fe0a42022f
[0x7fe0758aac6c] Found AES-128 encryption key: 000102030405060708090a0b0c0d0e0f
[0x7fe0758aad5c] Found AES-128 decryption key: 000102030405060708090a0b0c0d0e0f
Done!

Notes
  • does not work on whitebox AES keys
  • 32-bit binary can search only in 32-bit processes, 64-bit binary can search in both - 32 and 64-bit ones
  • "encryption key" means that this key can be used for encryption or decryption
  • "decryption key" means that this key most likely is used only for decryption
  • on Linux requires at least v3.2 kernel (process_vm_readv syscall)


...
http://feedproxy.google.com/~r/PentestTools/~3/GypI0kZbP-g/aes-finder-utility-to-find-aes-keys-in.html

Externe Quelle mit kompletten Inhalt anzeigen


Zur Startseite von Team IT Security

➤ Weitere Beiträge von Team Security | IT Sicherheit

AES Finder - Utility To Find AES Keys In Running Processes

vom 1030.61 Punkte ic_school_black_18dp
Utility to find AES keys in running process memory. Works for 128, 192 and 256-bit keys. Usage Open aes-finder.sln solution in Visual Studio 2013 to compile source. Alternatively use gcc/clang: g++ -O3 -march=native -fomit-frame-pointer aes-find

Strelka - Scanning Files At Scale With Python And ZeroMQ

vom 237.36 Punkte ic_school_black_18dp
Strelka is a real-time file scanning system used for threat hunting, threat detection, and incident response. Based on the design established by Lockheed Martin's Laika BOSS and similar projects (see: related projects), Strelka's purpose is to perfor

Web Hacker's Weapons - A Collection Of Cool Tools Used By Web Hackers

vom 225.65 Punkte ic_school_black_18dp
A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting.WeaponsType Name DescriptionArmy-Knife/ALL BurpSuite the BurpSuite project Army-Knife/SCAN jaeles The Swiss Army knife for automated Web Application Testing Army

Preview: Server-side encryption with customer-managed keys for Azure Managed Disks

vom 220.33 Punkte ic_school_black_18dp
Today we’re introducing the preview for server-side encryption (SSE) with customer-managed keys (CMK) for Azure Managed Disks. Azure customers already benefit from server-side encryption with platform managed keys (PMK) for Azure Managed Disks enabled by

AES-Killer v3.0 - Burp Plugin To Decrypt AES Encrypted Traffic Of Mobile Apps On The Fly

vom 201.67 Punkte ic_school_black_18dp
Burpsuite Plugin to decrypt AES Encrypted traffic on the fly.Requirements Burpsuite Java Tested on Burpsuite 1.7.36 Windows 10 xubuntu 18.04 Kali Linux 2018 What it does The IProxyListener decrypt requests and encrypt responses, and an IHttpListener than

Why nice levels are a placebo and have been for a very long time, and no one seems to have noticed

vom 199.49 Punkte ic_school_black_18dp
Linux has a feature called 'autogrouping', which is enabled by default on most systems, for scheduling processes (see manual page excerpt below). Essentially it causes the scheduler to act primarily on the nice level set for process groups rather tha

Introducing Adiantum: Encryption for the Next Billion Users

vom 192.51 Punkte ic_school_black_18dp
Posted by Paul Crowley and Eric Biggers, Android Security & Privacy Team Storage encryption protects your data if your phone falls into someone else's hands. Adiantum is an innovation in cryptography designed to make storage encryption more efficient for devices without cryptographic accelera

Announcing server-side encryption with customer-managed keys for Azure Managed Disks

vom 183.32 Punkte ic_school_black_18dp
Today, we're announcing the general availability for server-side encryption (SSE) with customer-managed keys (CMK) for Azure Managed Disks. Azure customers already benefit from SSE with platform-managed keys for Managed Disks enabled by default. SSE with CMK im

Nishang - Offensive PowerShell For Red Team, Penetration Testing And Offensive Security

vom 160.6 Punkte ic_school_black_18dp
Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security, penetration testing and red teaming. Nishang is useful during all phases of penetration testing.By nikhil_mittUsageImport all the scrip

AES-Killer - Burp Plugin To Decrypt AES Encrypted Traffic Of Mobile Apps

vom 155.84 Punkte ic_school_black_18dp
Burpsuite Plugin to decrypt AES Encrypted mobile app traffic.Requirements Burpsuite Java Tested on Burpsuite 1.7.36 Windows 10 xubuntu 18.04 Kali Linux 2018 What it does Decrypt AES Encrypted traffic on proxy tab Decrypt AES Encrypted traffic on proxy, sc

Cryptr - A Simple Shell Utility For Encrypting And Decrypting Files Using OpenSSL

vom 151.99 Punkte ic_school_black_18dp
A simple shell utility for encrypting and decrypting files using OpenSSL.Installationgit clone https://github.com/nodesocket/cryptr.gitln -s "$PWD"/cryptr/cryptr.bash /usr/local/bin/cryptr Bash tab completionAdd tools/cryptr-bash-completion.bash to you

P4wnP1 A.L.O.A. - Framework Which Turns A Rapsberry Pi Zero W Into A Flexible, Low-Cost Platform For Pentesting, Red Teaming And Physical Engagements

vom 149.32 Punkte ic_school_black_18dp
P4wnP1 A.L.O.A. by MaMe82 is a framework which turns a Rapsberry Pi Zero W into a flexible, low-cost platform for pentesting, red teaming and physical engagements ... or into "A Little Offensive Appliance".0. How to installThe latest image could be fo

Team Security Diskussion über AES Finder - Utility To Find AES Keys In Running Processes