| View unanswered posts | View active topics |
It is currently May 21st, '13, 20:40 |
|
All times are UTC - 8 hours |
|
Page 1 of 1 |
[ 1 post ] |
| Print view | Previous topic | Next topic |
IDA Signsrch
| Author | Message |
|---|---|
|
Site Moderator  Joined: Aug 18th, '09, 03:32 Posts: 1201 
|
 IDA SignsrchIDA Signsrch
========================================================= IDA Pro plug-in conversion of Luigi Auriemma's signsrch signature matching tool. Version 1.03, January 2013 By Sirmabus ----- [Description] ----------------------------------------------------------- From Luigi's original signsrch description: "Tool for searching signatures inside files, extremely useful as help in reversing jobs like figuring or having an initial idea of what encryption/- compression algorithm is used for a proprietary protocol or file. It can recognize tons of compression, multimedia and encryption algorithms and many other things like known strings and anti-debugging code which can be also manually added since it's all based on a text signature file read at runtime and easy to modify." I've used his tool in the past to help find various bits of crypto sections and what not. For example the log-in sections of some online game clients. To use the tool in IDA I would have to run signsrch output piped to a text file, like this: "signsrch -b Target.exe >Temp.txt". And then tediously take these address of each match offset and look them up manually. Plus facilitated by a plug-in I added an automatic label commenting feature. Not be confused with IDA FLIRT "sig" technology, these signatures are direct binary patterns. Currently there are about 1400 of these signatures from the source text database "signsrch.sig". ------------------------------------------------------------------------------- Grazie molte! Luigi Auriemma's signsrch IDA_Signsrch.plw - MD5: 33E6D1B527CA92AD7D3F2F33A2E41E44 >>> Download << Dialog: The "Arco della Pace" (Arch of Peace) in Milan, Italy.  Example output showing 96 found matches:  Example placed comment with the <$ignsrch> tag:  History: 1.03: 1) Fixed bad standard/CRT mixed with custom allocator method bug. 2) Updated and fixed custom UI elements. 1.02: 1. Minor clean up of GUI customizations. 2. Full sources now included. IDA_Signsrch.plw - MD5: 33E6D1B527CA92AD7D3F2F33A2E41E44 >>> Download << |
| Jul 12th, '12, 22:17 |
|
|
|
|
|
Page 1 of 1 |
[ 1 post ] |
|
All times are UTC - 8 hours |
Who is online |
Users browsing this forum: No registered users and 1 guest |
| You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot post attachments in this forum |