AES S-Boxes not detected

Create issue
Issue #17 resolved
Tilman Bender created an issue

I just used IDAScope to analyze the "Bundestrojaner".

What to do to reproduce the bug: Analyze the mfc42ul.dll (1DBB3486F409A8A9C31DB297DA7C5739) using PEiD (0.95, Nov 3 2008) and KANAL Plugin. Find the AES-SBOXes.

Analyze the dll again using IDAScope (currenty git checkout) crypto-detection functionality.

Expected result: IDAScope finds the same S-Boxes. Actual result: IDAScope does not find anything relating to AES.

I have attached the dll and the idc output from the KANAL plugin. Password: mw

Comments (3)

  1. Daniel Plohmann repo owner

    Heh, well, if something can be fixed in a matter of minutes, that's the most likely thing to happen here. :) In consequence, I'll probably split up the buttons for the different methods soon (Issue #18), as scanning with dword padded signatures takes much longer... by then, I'll also add word padded signatures. Thanks for the bug report! If you have any other recommendations for improvement, always feel free to post here or mail me.

  2. Log in to comment