27C3 - Version 1.6.3
27th Chaos Communication Congress
We come in peace
| Referenten | |
|---|---|
|
Felix Gröbert |
| Programm | |
|---|---|
| Tag | Day 1 - 2010-12-27 |
| Raum | Saal 3 |
| Beginn | 16:00 |
| Dauer | 01:00 |
| Info | |
| ID | 4160 |
| Veranstaltungstyp | Vortrag |
| Track | Hacking |
| Sprache der Veranstaltung | englisch |
| Feedback | |
|---|---|
|
Haben Sie diese Veranstaltung besucht? Feedback abgeben |
Automatic Identification of Cryptographic Primitives in Software
In this talk I demonstrate our research and the implementation of methods to detect cryptographic algorithms and their parameters in software. Based on our observations on cryptographic code, I will point out several inherent characteristics to design signature-based and generic identification methods.
Using dynamic binary instrumentation, we record instructions of a program during runtime and create a fine-grained trace. We implement a trace analysis tool, which also provides methods to reconstruct high-level information from a trace, for example control flow graphs or loops, to detect cryptographic algorithms and their parameters.
With the results of this work, encrypted data, sent by a malicious program for example, may be decrypted and used by an analyst to gain further insight on the behavior of the analyzed binary executable. Applications include de-DRM'ing, security auditing, and malware C&C analysis. After the talk we will demonstrate the functionality with a ransomware which uses cryptographic primitives and release the implementation to the public.