Category:Encryption/AES-Advanced-Encryption-Standard

From aldeid
Jump to: navigation, search
You are here
AES

Description

The Advanced Encryption Standard (AES), also referenced as Rijndael (its original name), is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001.

Recognizing AES in assembly

PEiD KANAL plugin provides us with the following information:

Peid-kanal-aes.png
  1. AES Encryption function
  2. AES Decryption function

In IDA-Pro, search for calls to XOR instructions in the code and group them into functions. Analyze the addresses of the parent calling functions and identify the encrypt/decrypt functions based on the addresses identified with PEiD.

AES-IDA-Pro-001.png

Decrypt AES

from Crypto.Cipher import AES
from Crypto import Random
import binascii

raw = "37 f3 1f 04 51 20 e0 b5 86 ac b6 0f 65 20 89 92" + \
" 6c 80 28 d5 42 30 28 20 65 06 cd f7 57 b9 88 54" + \
" 38 cb 28 f0 f5 45 68 ae 59 00 c7 a1 8c 37 d0 68" + \
" 06 68 2e 44 a2 f7 d8 c4 25 10 05 b4 47 38 c0 3a" + \
" 31 af 22 8a 53 27 8c 61 c5 1d 13 b0 dc 4a bd 91" + \
" db 65 4b 16 05 77 ee 9e 24 5c a3 fa 06 88 4e cf" + \
" 64 f3 58 35 f5 66 b9 e0 78 59 d9 c7 7b a5 fb 25" + \
" f4 28 88 3b ac 66 e4 0e c5 a6 36 ae 63 f8 74 8d"

ciphertext = binascii.unhexlify(raw.replace(' ', ''))
iv = Random.new().read(AES.block_size)
obj = AES.new('ijklmnopqrstuvwx', AES.MODE_CBC, iv)
print obj.decrypt(ciphertext)

Subcategories

This category has only the following subcategory.

I