whoknows Posted September 6, 2020 Share Posted September 6, 2020 (edited) github.com/MantechUser/aes-finder bonus businessinsider.com/delete-social-media-phone-parasite-mental-health-instagram-twitter-facebook-2020-9 Edited September 6, 2020 by whoknows 1 Link to comment Share on other sites More sharing options...
chickenbutt Posted September 8, 2020 Share Posted September 8, 2020 ARTeam or some other group use to have a tool that just found static lib code that you could BP the call stack for and get keys.. Link to comment Share on other sites More sharing options...
Progman Posted September 8, 2020 Share Posted September 8, 2020 It seems this only works because of the way AES key scheduling works. In other words a 128 bit key for example will always generate 11 round keys. So it works by taking every 128 bits of a memory dump, and checking if the following data matches what would be the generated 11 round keys in the 128 bit case. This will only work if the memory to hold the AES key and its key scheduler data is contiguous and is not reused/freed after use. Which is probably most often the case, but not always... Link to comment Share on other sites More sharing options...
Harry Posted September 9, 2020 Share Posted September 9, 2020 And also it's not working if process protected. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now