Finally a great IDA Plugin for Cryptography. Often we'd like to know what kind of cryptographic algorithm has been used in the binary we are analyzing: FindCrypt comes to help us ! The idea behind this Plugin is pretty simple: since almost all cryptographic algorithms use magic constants placed inside the binary, FindCrypt just looks for these constants in the program body.
"This approach will fail if the S-boxes have been altered but in most cases they are untouched (can you admit that you understand all consequences of modifying an S-box, say, in AES?)"
The plugin supports the following crypto algorithms:
- Blowfish
- Camellia
- CAST
- CAST256
- CRC32
- DES
- GOST
- HAVAL
- MARS
- MD2
- MD4
- MD5
- PKCS_MD2 (byte sequence used in PKCS envelope)
- PKCS_MD5 (byte sequence used in PKCS envelope)
- PKCS_RIPEMD160 (byte sequence used in PKCS envelope)
- PKCS_SHA256 (byte sequence used in PKCS envelope)
- PKCS_SHA384 (byte sequence used in PKCS envelope)
- PKCS_SHA512 (byte sequence used in PKCS envelope)
- PKCS_Tiger (byte sequence used in PKCS envelope)
- RawDES
- RC2
- RC5
- RC6
- Rijndael
- SAFER
- SHA-1
- SHA-256
- SHA-512
- SHARK
- SKIPJACK
- Square
- Tiger
- Twofish
- WAKE
- Whirlpool
- zlib
It will also rename the constant arrays and it will put them in the marked location list. I definitely suggest this great Plugin to everybody who's working in reversing engineering. Good joob Guilfanov ! Download it directly from here.
