Results 1 to 3 of 3

Thread: find encryption algorithm used in malware,binary or its config file

  1. #1

    find encryption algorithm used in malware,binary or its config file

    When we are reversing a malware, a binary file or a config file many experienced quickly say what its encrypted with , for example usually its 'RC4' encryption algorithm. Is this something which comes with experience or is it based on the pattern of the op code/bytes or is there a tool find the algorithm. How can we tell the encryption algorithm ? I know that certain standard encryption algorithms like blowfish, aes etc leave markers and typical signs , the one i'm usually wondering about is 'RC4' , how to find them. Can anyone share their knowledge about this ?

    Thanks

    Charlie

  2. #2
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,079
    Blog Entries
    5
    I think people often use the included KANAL Krypto plugin for PEiD. The home of PEiD is now

    http://www.woodmann.com/BobSoft/

    You could also look at the IDA FindCrypt plugin:

    http://www.hexblog.com/?p=27

    I believe there is also an OllyDbg port of FindCrypt around.

  3. #3
    Thanks Kayaker

Similar Threads

  1. Can't Dump a w32 binary (malware)?
    By digdugg in forum Malware Analysis and Unpacking Forum
    Replies: 5
    Last Post: January 17th, 2011, 15:14
  2. Unable to find binary known ASCII string in dump
    By 5aLIVE in forum OllyDbg Support Forums
    Replies: 5
    Last Post: November 11th, 2005, 04:33
  3. How to find difference between two binary files.
    By mcensamuel in forum The Newbie Forum
    Replies: 12
    Last Post: August 17th, 2004, 14:25
  4. How to find entry point for SPARC ELF binary?
    By SuperCali in forum Malware Analysis and Unpacking Forum
    Replies: 1
    Last Post: May 12th, 2002, 08:14
  5. Winice.dat file config
    By Evil Byte in forum Tools of Our Trade (TOT) Messageboard
    Replies: 2
    Last Post: January 29th, 2002, 22:42

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •