Aeskeyfind

From aldeid
Jump to navigation Jump to search

Description

Locates 128-bit and 256-bit AES keys in a captured memory image.

Installation

$ wget https://github.com/TeamCTF-PRIME/auto_vol/raw/master/aeskeyfind

Usage

Syntax

aeskeyfind [OPTION]... MEMORY-IMAGE

Options

-v
verbose output -- prints the extended keys and the constraints on the rows of the key schedule
-q
don't display a progress bar
-t THRESHOLD
sets the maximum number of bit errors allowed in a candidate key schedule (default = 10)
-h
displays this help message

Example

$ ./aeskeyfind memory.raw
8d3f527****************58dbc0ed1
$ echo "8d3f527****************58dbc0ed1" | xxd -r -p > key.bin