Jump to content
Tuts 4 You

AES Finder


Recommended Posts





Edited by whoknows
  • Like 1
Link to comment
Share on other sites

ARTeam or some other group use to have a tool that just found static lib code that you could BP the call stack for and get keys..

Link to comment
Share on other sites

It seems this only works because of the way AES key scheduling works.  In other words a 128 bit key for example will always generate 11 round keys.  So it works by taking every 128 bits of a memory dump, and checking if the following data matches what would be the generated 11 round keys in the 128 bit case.  This will only work if the memory to hold the AES key and its key scheduler data is contiguous and is not reused/freed after use.  Which is probably most often the case, but not always...

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...