ZenHAX

Free Game Research Forum | Official QuickBMS support | twitter @zenhax | SSL HTTPS://zenhax.com
It is currently Mon Dec 10, 2018 6:31 pm

All times are UTC




Post new topic  Reply to topic  [ 2 posts ] 
Author Message
PostPosted: Fri Feb 09, 2018 6:07 pm 

Joined: Wed Jul 01, 2015 8:15 pm
Posts: 12
I tried to write it myself, but still don't understand QuickBMS scripting.
I want to somewhat automate process of finding Cryengine RSA keys inside memory dumps. I wanted to make quickbms script which scans dump for specific hex code (30 81 89 02 81 81 00) and then write to file 140 bytes in hex from all positions at which this pattern starts in format like this:
Code:
0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xBF, 0xD6, 0x12, 0xF2, 0x5E, 0x95, 0x48, 0x4C, 0xCB,
0xB5, 0xCE, 0x2B, 0xAB, 0x39, 0xFB, 0x3C, 0xEF, 0xE0, 0x8B, 0xC3, 0x1B, 0xB9, 0x3E, 0x59, 0x85,
0xB9, 0x22, 0x8C, 0x90, 0x87, 0xA3, 0xE0, 0xCF, 0x7F, 0x80, 0x6B, 0xAD, 0x52, 0xEB, 0x11, 0x81,
0xC8, 0x58, 0x46, 0xB4, 0xD1, 0xF2, 0x7E, 0xC2, 0x63, 0xC5, 0xEE, 0x1B, 0x06, 0xE8, 0x7F, 0xDE,
0x2B, 0xD9, 0x53, 0x5F, 0x96, 0x91, 0x5C, 0x39, 0x9E, 0xBC, 0xF7, 0xFA, 0xEF, 0x65, 0xFC, 0x94,
0x7F, 0xB0, 0x37, 0xCA, 0xF6, 0xE3, 0xCE, 0xF9, 0xDC, 0xDD, 0xD5, 0x5F, 0x23, 0x6D, 0x2B, 0x29,
0xEC, 0x90, 0x72, 0x0C, 0xCC, 0xBE, 0xC6, 0x65, 0x25, 0xE9, 0x64, 0xF8, 0x31, 0x14, 0x0B, 0xC0,
0xCC, 0xFB, 0x9F, 0xA4, 0x97, 0x32, 0x71, 0xA3, 0x86, 0xA1, 0x46, 0x97, 0x5F, 0x4A, 0x86, 0xB6,
0x24, 0x8D, 0x45, 0x89, 0xEE, 0xF3, 0xD7, 0x02, 0x03, 0x01, 0x00, 0x01

Any help will be useful.


Top
   
PostPosted: Fri Feb 09, 2018 8:54 pm 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 9431
Code:
for
    findloc OFFSET binary "\x30\x81\x89\x02\x81\x81\x00"
    goto OFFSET
    log "" OFFSET 140
    getdstring KEY 140  # useless, advances and can be used to show the key instead of dumping it
next


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 2 posts ] 

All times are UTC


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Powered by phpBB® Forum Software © phpBB Limited