Free Game Research Forum | Official QuickBMS support | twitter @zenhax | SSL HTTPS://zenhax.com
It is currently Thu Mar 22, 2018 12:30 am

All times are UTC

Post new topic  Reply to topic  [ 2 posts ] 
Author Message
PostPosted: Fri Feb 09, 2018 6:07 pm 

Joined: Wed Jul 01, 2015 8:15 pm
Posts: 12
I tried to write it myself, but still don't understand QuickBMS scripting.
I want to somewhat automate process of finding Cryengine RSA keys inside memory dumps. I wanted to make quickbms script which scans dump for specific hex code (30 81 89 02 81 81 00) and then write to file 140 bytes in hex from all positions at which this pattern starts in format like this:
0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xBF, 0xD6, 0x12, 0xF2, 0x5E, 0x95, 0x48, 0x4C, 0xCB,
0xB5, 0xCE, 0x2B, 0xAB, 0x39, 0xFB, 0x3C, 0xEF, 0xE0, 0x8B, 0xC3, 0x1B, 0xB9, 0x3E, 0x59, 0x85,
0xB9, 0x22, 0x8C, 0x90, 0x87, 0xA3, 0xE0, 0xCF, 0x7F, 0x80, 0x6B, 0xAD, 0x52, 0xEB, 0x11, 0x81,
0xC8, 0x58, 0x46, 0xB4, 0xD1, 0xF2, 0x7E, 0xC2, 0x63, 0xC5, 0xEE, 0x1B, 0x06, 0xE8, 0x7F, 0xDE,
0x2B, 0xD9, 0x53, 0x5F, 0x96, 0x91, 0x5C, 0x39, 0x9E, 0xBC, 0xF7, 0xFA, 0xEF, 0x65, 0xFC, 0x94,
0x7F, 0xB0, 0x37, 0xCA, 0xF6, 0xE3, 0xCE, 0xF9, 0xDC, 0xDD, 0xD5, 0x5F, 0x23, 0x6D, 0x2B, 0x29,
0xEC, 0x90, 0x72, 0x0C, 0xCC, 0xBE, 0xC6, 0x65, 0x25, 0xE9, 0x64, 0xF8, 0x31, 0x14, 0x0B, 0xC0,
0xCC, 0xFB, 0x9F, 0xA4, 0x97, 0x32, 0x71, 0xA3, 0x86, 0xA1, 0x46, 0x97, 0x5F, 0x4A, 0x86, 0xB6,
0x24, 0x8D, 0x45, 0x89, 0xEE, 0xF3, 0xD7, 0x02, 0x03, 0x01, 0x00, 0x01

Any help will be useful.

PostPosted: Fri Feb 09, 2018 8:54 pm 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 7794
    findloc OFFSET binary "\x30\x81\x89\x02\x81\x81\x00"
    goto OFFSET
    log "" OFFSET 140
    getdstring KEY 140  # useless, advances and can be used to show the key instead of dumping it

Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 2 posts ] 

All times are UTC

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Powered by phpBB® Forum Software © phpBB Limited