In this talk I demonstrate our research and the implementation of methods to detect cryptographic algorithms and their parameters in software. Based on our observations on cryptographic code, I will point out several inherent characteristics to design signature-based and generic identification methods. Using dynamic binary instrumentation, we record instructions of a program during runtime and create a fine-grained trace. We implement a trace analysis tool, which also provides methods to reconstruct high-level information from a trace, for example control flow graphs or loops, to detect cryptographic algorithms and their parameters. With the results of this work, encrypted data, sent by a malicious program for example, may be decrypted and used by an analyst to gain further insight on the behavior of the analyzed binary executable. Applications include de-DRM'ing, security auditing, and malware C&C analysis. After the talk we will demonstrate the functionality with a ransomware which uses cryptographic primitives and release the implementation to the public.
Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.
Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.