mirror of
https://github.com/radareorg/radare2.git
synced 2024-11-24 05:40:10 +00:00
Display correct lengths for cryptography search commands (#16262) ##search
This commit is contained in:
Sylvain Pelissier
GitHub
parent
823ab26095
commit
ef6e146326
@ -2318,11 +2318,6 @@ static void do_string_search(RCore *core, RInterval search_itv, struct search_pa
|
||||
core->search->maxhits = 1;
|
||||
}
|
||||
if (core->search->n_kws > 0 || param->crypto_search) {
|
||||
RSearchKeyword aeskw;
|
||||
if (param->crypto_search) {
|
||||
memset (&aeskw, 0, sizeof (aeskw));
|
||||
aeskw.keyword_length = 31;
|
||||
}
|
||||
/* set callback */
|
||||
/* TODO: handle last block of data */
|
||||
/* TODO: handle ^C */
|
||||
@ -2391,17 +2386,14 @@ static void do_string_search(RCore *core, RInterval search_itv, struct search_pa
|
||||
}
|
||||
if (param->crypto_search) {
|
||||
// TODO support backward search
|
||||
int delta = 0;
|
||||
int t = 0;
|
||||
if (param->aes_search) {
|
||||
delta = r_search_aes_update (core->search, at, buf, len);
|
||||
t = r_search_aes_update (core->search, at, buf, len);
|
||||
} else if (param->privkey_search) {
|
||||
delta = r_search_privkey_update (core->search, at, buf, len);
|
||||
t = r_search_privkey_update (core->search, at, buf, len);
|
||||
}
|
||||
if (delta != -1) {
|
||||
int t = r_search_hit_new (core->search, &aeskw, at + delta);
|
||||
if (!t || t > 1) {
|
||||
break;
|
||||
}
|
||||
if (!t || t > 1) {
|
||||
break;
|
||||
}
|
||||
} else {
|
||||
(void)r_search_update (core->search, at, buf, len);
|
||||
@ -3304,7 +3296,7 @@ reread:
|
||||
goto beach;
|
||||
}
|
||||
break;
|
||||
case 'd': // "Cd"
|
||||
case 'd': // "cd"
|
||||
{
|
||||
param.crypto_search = false;
|
||||
RSearchKeyword *kw;
|
||||
@ -3319,12 +3311,24 @@ reread:
|
||||
}
|
||||
}
|
||||
break;
|
||||
case 'a':
|
||||
param.aes_search = true;
|
||||
break;
|
||||
case 'r':
|
||||
param.privkey_search = true;
|
||||
break;
|
||||
case 'a': // "ca"
|
||||
{
|
||||
RSearchKeyword *kw;
|
||||
kw = r_search_keyword_new_hexmask ("00", NULL);
|
||||
r_search_kw_add (search, kw);
|
||||
r_search_begin (core->search);
|
||||
param.aes_search = true;
|
||||
break;
|
||||
}
|
||||
case 'r': // "cr"
|
||||
{
|
||||
RSearchKeyword *kw;
|
||||
kw = r_search_keyword_new_hexmask ("00", NULL);
|
||||
r_search_kw_add (search, kw);
|
||||
r_search_begin (core->search);
|
||||
param.privkey_search = true;
|
||||
break;
|
||||
}
|
||||
default: {
|
||||
dosearch = false;
|
||||
param.crypto_search = false;
|
||||
@ -3741,7 +3745,7 @@ reread:
|
||||
char **args = r_str_argv (input + param_offset, &n_args);
|
||||
ut8 *buf = NULL;
|
||||
ut64 offset = 0;
|
||||
size_t size;
|
||||
int size;
|
||||
buf = (ut8 *)r_file_slurp (args[0], &size);
|
||||
if (!buf) {
|
||||
eprintf ("Cannot open '%s'\n", args[0]);
|
||||
|
||||
@ -53,22 +53,30 @@ static bool aes128_key_test(const unsigned char *buf) {
|
||||
|
||||
R_API int r_search_aes_update(RSearch *s, ut64 from, const ut8 *buf, int len) {
|
||||
int i, last = len - 20;
|
||||
if (last > 0) {
|
||||
for (i = 0; i < last; i++) {
|
||||
if (aes128_key_test (buf + i)) {
|
||||
return i;
|
||||
}
|
||||
if (len - i - 28 > 0) {
|
||||
if (aes192_key_test (buf + i)) {
|
||||
return i;
|
||||
RListIter *iter;
|
||||
RSearchKeyword *kw;
|
||||
|
||||
r_list_foreach (s->kws, iter, kw) {
|
||||
if (last > 0) {
|
||||
for (i = 0; i < last; i++) {
|
||||
if (aes128_key_test (buf + i)) {
|
||||
kw->keyword_length = 16;
|
||||
return r_search_hit_new (s, kw, from + i);
|
||||
}
|
||||
}
|
||||
if (len - i - 36 > 0) {
|
||||
if (aes256_key_test (buf + i)) {
|
||||
return i;
|
||||
if (len - i - 28 > 0) {
|
||||
if (aes192_key_test (buf + i)) {
|
||||
kw->keyword_length = 24;
|
||||
return r_search_hit_new (s, kw, from + i);
|
||||
}
|
||||
}
|
||||
if (len - i - 36 > 0) {
|
||||
if (aes256_key_test (buf + i)) {
|
||||
kw->keyword_length = 32;
|
||||
return r_search_hit_new (s, kw, from + i);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
return -1;
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -61,6 +61,8 @@ static int check_fields(const ut8 *start) {
|
||||
// elliptic curves and as defined in 7 of RFC 8410 for SafeCurves
|
||||
R_API int r_search_privkey_update(RSearch *s, ut64 from, const ut8 *buf, int len) {
|
||||
int i, k, max, index;
|
||||
RListIter *iter;
|
||||
RSearchKeyword *kw;
|
||||
const ut8 rsa_versionmarker[] = { 0x02, 0x01, 0x00, 0x02 };
|
||||
const ut8 ecc_versionmarker[] = { 0x02, 0x01, 0x01, 0x04 };
|
||||
const ut8 safecurves_versionmarker[] = { 0x02, 0x01, 0x00, 0x30 };
|
||||
@ -68,35 +70,37 @@ R_API int r_search_privkey_update(RSearch *s, ut64 from, const ut8 *buf, int len
|
||||
if (len < sizeof (rsa_versionmarker)) {
|
||||
return -1;
|
||||
}
|
||||
r_list_foreach (s->kws, iter, kw) {
|
||||
for (i = 2; i < len - sizeof (rsa_versionmarker); i++) {
|
||||
if (memcmp (&buf[i], rsa_versionmarker, sizeof (rsa_versionmarker)) &&
|
||||
memcmp (&buf[i], ecc_versionmarker, sizeof (ecc_versionmarker)) &&
|
||||
memcmp (&buf[i], safecurves_versionmarker, sizeof (safecurves_versionmarker))) {
|
||||
continue;
|
||||
}
|
||||
|
||||
for (i = 2; i < len - sizeof (rsa_versionmarker); i++) {
|
||||
if (memcmp (&buf[i], rsa_versionmarker, sizeof (rsa_versionmarker)) &&
|
||||
memcmp (&buf[i], ecc_versionmarker, sizeof (ecc_versionmarker)) &&
|
||||
memcmp (&buf[i], safecurves_versionmarker, sizeof (safecurves_versionmarker))) {
|
||||
continue;
|
||||
}
|
||||
index = -1;
|
||||
// Going backward maximum up to 5 characters.
|
||||
if (i < 5) {
|
||||
max = i;
|
||||
} else {
|
||||
max = 5;
|
||||
}
|
||||
for (k = i - 2; k >= i - max; k--) {
|
||||
if (buf[k] == 0x30) { // The sequence identifier is 0x30
|
||||
index = k;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
index = -1;
|
||||
// Going backward maximum up to 5 characters.
|
||||
if (i < 5) {
|
||||
max = i;
|
||||
} else {
|
||||
max = 5;
|
||||
}
|
||||
for (k = i - 2; k >= i - max; k--) {
|
||||
if (buf[k] == 0x30) { // The sequence identifier is 0x30
|
||||
index = k;
|
||||
break;
|
||||
if (index == -1) {
|
||||
continue;
|
||||
}
|
||||
|
||||
if (check_fields (buf + index)) {
|
||||
parse_next_field(buf + index, &kw->keyword_length);
|
||||
return r_search_hit_new (s, kw, from + index);
|
||||
}
|
||||
}
|
||||
|
||||
if (index == -1) {
|
||||
continue;
|
||||
}
|
||||
|
||||
if (check_fields (buf + index)) {
|
||||
return index;
|
||||
}
|
||||
}
|
||||
return -1;
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -145,25 +145,31 @@ RUN
|
||||
NAME=cmd.hit for /ca
|
||||
FILE=../bins/other/aes.dump
|
||||
EXPECT=<<EOF
|
||||
0x0000001e hit0_0 00000000000000000000000000000000000000000000000000000000000000
|
||||
0x0000001e hit0_0 0000000000000000000000000000000000000000000000000000000000000000
|
||||
EOF
|
||||
CMDS=<<EOF
|
||||
/ca
|
||||
EOF
|
||||
CMDS=/ca
|
||||
RUN
|
||||
|
||||
NAME=cmd.hit for /cr
|
||||
FILE=../bins/other/rsa-private-4096.key
|
||||
EXPECT=<<EOF
|
||||
0x0000000d hit0_0 308209280201000282020100c079f24b042787e4896db411fa7647e3bb62c8
|
||||
0x0000000d hit0_0 308209280201000282020100c079f24b042787e4896db411fa7647e3bb62c88796fa979f126c575f...
|
||||
EOF
|
||||
CMDS=<<EOF
|
||||
/cr
|
||||
EOF
|
||||
CMDS=/cr
|
||||
RUN
|
||||
|
||||
NAME=cmd.hit for /cr on edd448
|
||||
FILE=../bins/other/ed448-private.key
|
||||
EXPECT=<<EOF
|
||||
0x000000f5 hit0_0 3047020100300506032b6571043b0439176449168ec8fc66d9e67d375d1ea3
|
||||
0x000000f5 hit0_0 3047020100300506032b6571043b0439176449168ec8fc66d9e67d375d1ea310b1427e8c178b2f83...
|
||||
EOF
|
||||
CMDS=<<EOF
|
||||
/cr
|
||||
EOF
|
||||
CMDS=/cr
|
||||
RUN
|
||||
|
||||
NAME=cmd.hit for /cd
|
||||
@ -171,7 +177,9 @@ FILE=../bins/other/certificate.ber
|
||||
EXPECT=<<EOF
|
||||
0x0000002f hit0_0 308203493082
|
||||
EOF
|
||||
CMDS=/cd
|
||||
CMDS=<<EOF
|
||||
/cd
|
||||
EOF
|
||||
RUN
|
||||
|
||||
NAME=cmd.hit for /a
|
||||
|
||||
Loading…
Reference in New Issue
Block a user