?

Log in

Finding AES keys - A Geek Raised by Wolves [entries|archive|friends|userinfo]
jessekornblum

[ website | My Website ]
[ userinfo | livejournal userinfo ]
[ archive | journal archive ]

Links
[Links:| Browse by Tag LiveJournal Portal Update Journal Logout ]

Finding AES keys [Jan. 18th, 2011|08:26 am]
jessekornblum
[Tags|, , ]

Today I'm publishing a little utility to search for AES keys. It was originally intended for searching memory images, but you can use it to search anything really. The program works by eliminating anything which is not a valid AES key schedule. I got the idea from the Cold Boot attack team, who also published a little program to do this. The AES code was adapted from code published by Sam Trenholme and released to the public domain. As such my program is also public domain. You can download a Windows executable or source code.

Usage:

findaes [FILES]

Example:

C:\> findaes dfrws2005-physical-memory2.dmp
Searching C:\dfrws2005-physical-memory2.dmp
Found AES-256 key schedule at offset 0x4e64048:
6f bb c2 09 04 f1 20 7e c9 a5 64 2f 3d 51 0d 49 8e 42 2a 65 ea a0 d3 93 fa 30 83 37 d0 cf 64 07
Found AES-256 key schedule at offset 0x533c4d8:
6f bb c2 09 04 f1 20 7e c9 a5 64 2f 3d 51 0d 49 8e 42 2a 65 ea a0 d3 93 fa 30 83 37 d0 cf 64 07



See Also:
LinkReply