Beispiel #1
0
def test_findbytes():
    payload = b" " * 0x1000 + pad.null(
        b"\xffoo\x00bar thisis0test\n hAAAA\xc3\xc0\xc2\xc4\n\n\x10\x2f\x1f\x1a\x1b\x1f\x1d\xbb\xcc\xdd\xff",
        0x10000)
    buf = procmem(payload, base=0x400000)
    assert list(buf.findbytesv("c? c? c? 0A")) == [0x40101B]
    assert list(buf.findbytesv(b"1f ?? ?b")) == [0x401022, 0x401025]
    assert list(buf.findbytesv("?f ?? ?? 00")) == [0x401000, 0x40102A]
    assert not list(buf.findbytesv(enhex(b"test hAAAA")))
    assert list(buf.findbytesv(enhex(b"test\n hAAAA")))

    payload = b"".join([
        b"a" * 0x1000,
        b"b" * 0x1000,
        b"c" * 0x1000,
        b"d" * 0x1000
    ])
    regions = [
        Region(0x400000, 0x1000, 0, 0, 0, 0),
        Region(0x401000, 0x1000, 0, 0, 0, 0x1000),
        Region(0x402000, 0x1000, 0, 0, 0, 0x2000),
        Region(0x410000, 0x1000, 0, 0, 0, 0x3000),
    ]

    p = procmem(payload, regions=regions)
    assert next(p.findbytesv(enhex(b"dddd"))) == 0x410000
Beispiel #2
0
 def cit_aes_xor(self, p, addr):
     log.info('[+] Found aes_xor key @ %X' % addr)
     r = []
     for c in disasm(p.readv(addr, 40), addr):
         if len(r) == 4:
             break
         if c.mnem == 'xor':
             r.append(c.op2.value)
     return {'aes_xor': malduck.enhex(b''.join(map(p32, r)))}
Beispiel #3
0
def test_hash():
    assert crc32(b"hello") == 0x3610a686
    assert enhex(md5(b"hello")) == b"5d41402abc4b2a76b9719d911017c592"
    assert enhex(
        sha1(b"hello")) == (b"aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d")
    assert enhex(sha224(b"hello")) == (
        b"ea09ae9cc6768c50fcee903ed054556e5bfc8347907f12598aa24193")
    assert enhex(sha256(b"hello")) == (
        b"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824")
    assert enhex(sha384(b"hello")) == (
        b"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f"
    )
    assert enhex(sha512(b"hello")) == (
        b"9b71d224bd62f3785d96d46ad3ea3d73319bfbc2890caadae2dff72519673ca72"
        b"323c3d99ba5c11d7c7acc6e14b8c5da0c4663475c2e5c3adef46f73bcdec043")
Beispiel #4
0
def test_hex():
    assert enhex(b"hello") == b"68656c6c6f"
    assert unhex("68656c6c6f") == b"hello"