View Full Version : find encryption algorithm used in malware,binary or its config file

November 30th, 2012, 10:03
When we are reversing a malware, a binary file or a config file many experienced quickly say what its encrypted with , for example usually its 'RC4' encryption algorithm. Is this something which comes with experience or is it based on the pattern of the op code/bytes or is there a tool find the algorithm. How can we tell the encryption algorithm ? I know that certain standard encryption algorithms like blowfish, aes etc leave markers and typical signs , the one i'm usually wondering about is 'RC4' , how to find them. Can anyone share their knowledge about this ?



December 1st, 2012, 02:06
I think people often use the included KANAL Krypto plugin for PEiD. The home of PEiD is now


You could also look at the IDA FindCrypt plugin:


I believe there is also an OllyDbg port of FindCrypt around.

December 1st, 2012, 13:51
Thanks Kayaker