Rizin
unix-like reverse engineering framework and cli tools
Macros | Functions
aes-find.c File Reference
#include <rz_search.h>
#include <rz_crypto/rz_aes.h>

Go to the source code of this file.

Macros

#define AES128_SEARCH_LENGTH   24
 
#define AES192_SEARCH_LENGTH   32
 
#define AES256_SEARCH_LENGTH   40
 
#define AES128_KEY_LENGTH   16
 
#define AES192_KEY_LENGTH   24
 
#define AES256_KEY_LENGTH   32
 

Functions

static bool aes256_key_test (const unsigned char *buf)
 
static bool aes192_key_test (const unsigned char *buf)
 
static bool aes128_key_test (const unsigned char *buf)
 
RZ_API int rz_search_aes_update (RzSearch *s, ut64 from, const ut8 *buf, int len)
 

Macro Definition Documentation

◆ AES128_KEY_LENGTH

#define AES128_KEY_LENGTH   16

Definition at line 21 of file aes-find.c.

◆ AES128_SEARCH_LENGTH

#define AES128_SEARCH_LENGTH   24

Definition at line 18 of file aes-find.c.

◆ AES192_KEY_LENGTH

#define AES192_KEY_LENGTH   24

Definition at line 22 of file aes-find.c.

◆ AES192_SEARCH_LENGTH

#define AES192_SEARCH_LENGTH   32

Definition at line 19 of file aes-find.c.

◆ AES256_KEY_LENGTH

#define AES256_KEY_LENGTH   32

Definition at line 23 of file aes-find.c.

◆ AES256_SEARCH_LENGTH

#define AES256_SEARCH_LENGTH   40

Definition at line 20 of file aes-find.c.

Function Documentation

◆ aes128_key_test()

static bool aes128_key_test ( const unsigned char *  buf)
static

Definition at line 37 of file aes-find.c.

37  {
38  bool word1 = buf[16] == (buf[0] ^ Sbox[buf[13]] ^ 1) && buf[17] == (buf[1] ^ Sbox[buf[14]]) && buf[18] == (buf[2] ^ Sbox[buf[15]]) && buf[19] == (buf[3] ^ Sbox[buf[12]]);
39  bool word2 = buf[20] == (buf[4] ^ buf[16]) && buf[21] == (buf[5] ^ buf[17]) && buf[22] == (buf[6] ^ buf[18]) && buf[23] == (buf[7] ^ buf[19]);
40  return word1 && word2;
41 }
buf
voidpf void * buf
Definition: ioapi.h:138
Sbox
static const ut8 Sbox[256]
Definition: rz_aes.h:10

References Sbox.

Referenced by rz_search_aes_update().

◆ aes192_key_test()

static bool aes192_key_test ( const unsigned char *  buf)
static

Definition at line 31 of file aes-find.c.

31  {
32  bool word1 = buf[24] == (buf[0] ^ Sbox[buf[21]] ^ 1) && buf[25] == (buf[1] ^ Sbox[buf[22]]) && buf[26] == (buf[2] ^ Sbox[buf[23]]) && buf[27] == (buf[3] ^ Sbox[buf[20]]);
33  bool word2 = buf[28] == (buf[4] ^ buf[24]) && buf[29] == (buf[5] ^ buf[25]) && buf[30] == (buf[6] ^ buf[26]) && buf[31] == (buf[7] ^ buf[27]);
34  return word1 && word2;
35 }

References Sbox.

Referenced by rz_search_aes_update().

◆ aes256_key_test()

static bool aes256_key_test ( const unsigned char *  buf)
static

Definition at line 25 of file aes-find.c.

25  {
26  bool word1 = buf[32] == (buf[0] ^ Sbox[buf[29]] ^ 1) && buf[33] == (buf[1] ^ Sbox[buf[30]]) && buf[34] == (buf[2] ^ Sbox[buf[31]]) && buf[35] == (buf[3] ^ Sbox[buf[28]]);
27  bool word2 = (buf[36] == (buf[4] ^ buf[32]) && buf[37] == (buf[5] ^ buf[33]) && buf[38] == (buf[6] ^ buf[34]) && buf[39] == (buf[7] ^ buf[35]));
28  return word1 && word2;
29 }

References Sbox.

Referenced by rz_search_aes_update().

◆ rz_search_aes_update()

RZ_API int rz_search_aes_update ( RzSearch s,
ut64  from,
const ut8 buf,
int  len 
)

Definition at line 43 of file aes-find.c.

43  {
44  int i, t, last = len - AES128_SEARCH_LENGTH;
45  RzListIter *iter;
46  RzSearchKeyword *kw;
47  const int old_nhits = s->nhits;
48 
49  rz_list_foreach (s->kws, iter, kw) {
50  if (last >= 0) {
51  for (i = 0; i < last; i++) {
52  if (aes128_key_test(buf + i)) {
53  kw->keyword_length = AES128_KEY_LENGTH;
54  t = rz_search_hit_new(s, kw, from + i);
55  if (!t) {
56  return -1;
57  }
58  if (t > 1) {
59  return s->nhits - old_nhits;
60  }
61  i += AES128_SEARCH_LENGTH;
62  }
63  if (len - i - AES192_SEARCH_LENGTH >= 0 && aes192_key_test(buf + i)) {
64  kw->keyword_length = AES192_KEY_LENGTH;
65  t = rz_search_hit_new(s, kw, from + i);
66  if (!t) {
67  return -1;
68  }
69  if (t > 1) {
70  return s->nhits - old_nhits;
71  }
72  i = i + AES192_SEARCH_LENGTH;
73  }
74  if (len - i - AES256_SEARCH_LENGTH >= 0 && aes256_key_test(buf + i)) {
75  kw->keyword_length = AES256_KEY_LENGTH;
76  t = rz_search_hit_new(s, kw, from + i);
77  if (!t) {
78  return -1;
79  }
80  if (t > 1) {
81  return s->nhits - old_nhits;
82  }
83  i = i + AES256_SEARCH_LENGTH;
84  }
85  }
86  }
87  }
88  return -1;
89 }
len
size_t len
Definition: 6502dis.c:15
AES128_SEARCH_LENGTH
#define AES128_SEARCH_LENGTH
Definition: aes-find.c:18
AES256_SEARCH_LENGTH
#define AES256_SEARCH_LENGTH
Definition: aes-find.c:20
AES128_KEY_LENGTH
#define AES128_KEY_LENGTH
Definition: aes-find.c:21
aes256_key_test
static bool aes256_key_test(const unsigned char *buf)
Definition: aes-find.c:25
AES192_KEY_LENGTH
#define AES192_KEY_LENGTH
Definition: aes-find.c:22
aes128_key_test
static bool aes128_key_test(const unsigned char *buf)
Definition: aes-find.c:37
AES192_SEARCH_LENGTH
#define AES192_SEARCH_LENGTH
Definition: aes-find.c:19
aes192_key_test
static bool aes192_key_test(const unsigned char *buf)
Definition: aes-find.c:31
AES256_KEY_LENGTH
#define AES256_KEY_LENGTH
Definition: aes-find.c:23
i
lzma_index ** i
Definition: index.h:629
s
static RzSocket * s
Definition: rtr.c:28
rz_search_hit_new
RZ_API int rz_search_hit_new(RzSearch *s, RzSearchKeyword *kw, ut64 addr)
Definition: search.c:107
from
static struct sockaddr static addrlen static backlog const void static flags void struct sockaddr from
Definition: sfsocketcall.h:123
rz_list_iter_t
Definition: rz_list.h:13
rz_search_keyword_t
Definition: rz_search.h:34
rz_search_keyword_t::keyword_length
ut32 keyword_length
Definition: rz_search.h:37

References AES128_KEY_LENGTH, aes128_key_test(), AES128_SEARCH_LENGTH, AES192_KEY_LENGTH, aes192_key_test(), AES192_SEARCH_LENGTH, AES256_KEY_LENGTH, aes256_key_test(), AES256_SEARCH_LENGTH, from, i, rz_search_keyword_t::keyword_length, len, rz_search_hit_new(), and s.

Referenced by rz_search_set_mode().