- changed status to resolved
AES S-Boxes not detected
Issue #17
resolved
I just used IDAScope to analyze the "Bundestrojaner".
What to do to reproduce the bug: Analyze the mfc42ul.dll (1DBB3486F409A8A9C31DB297DA7C5739) using PEiD (0.95, Nov 3 2008) and KANAL Plugin. Find the AES-SBOXes.
Analyze the dll again using IDAScope (currenty git checkout) crypto-detection functionality.
Expected result: IDAScope finds the same S-Boxes. Actual result: IDAScope does not find anything relating to AES.
I have attached the dll and the idc output from the KANAL plugin. Password: mw
Comments (3)
-
repo owner
-
reporter
Hey, that was quick. Thanks!
-
repo owner
Heh, well, if something can be fixed in a matter of minutes, that's the most likely thing to happen here. :) In consequence, I'll probably split up the buttons for the different methods soon (Issue
#18), as scanning with dword padded signatures takes much longer... by then, I'll also add word padded signatures. Thanks for the bug report! If you have any other recommendations for improvement, always feel free to post here or mail me. - Log in to comment
fixed Issue
#17by including scanning for dword padded signatures→ <<cset 35a84435f33d>>