Add files via upload

daedalus · web-flow · commit ad47185bd948 · 2026-03-02T11:45:49.000-03:00
diff --git a/crypto/findaes.py b/crypto/findaes.py
@@ -0,0 +1,336 @@
+#!/usr/bin/env python3
+"""
+FindAES - Python rewrite of FindAES v1.2 by Jesse Kornblum
+Original C code: http://jessekornblum.com/tools/findaes/
+This code is public domain.
+
+Searches binary files for AES-128, AES-192, and AES-256 key schedules.
+"""
+
+import sys
+import struct
+
+# Key sizes in bytes
+AES128_KEY_SIZE = 16
+AES192_KEY_SIZE = 24
+AES256_KEY_SIZE = 32
+
+# Key schedule sizes in bytes
+AES128_KEY_SCHEDULE_SIZE = 176
+AES192_KEY_SCHEDULE_SIZE = 208
+AES256_KEY_SCHEDULE_SIZE = 240
+
+BUFFER_SIZE = 10 * 1024 * 1024  # 10 MB
+WINDOW_SIZE = AES256_KEY_SCHEDULE_SIZE
+
+# ---------------------------------------------------------------------------
+# AES math helpers
+# ---------------------------------------------------------------------------
+
+def _gmul(a: int, b: int) -> int:
+    """Galois field GF(2^8) multiplication."""
+    p = 0
+    for _ in range(8):
+        if b & 1:
+            p ^= a
+        hi = a & 0x80
+        a = (a << 1) & 0xFF
+        if hi:
+            a ^= 0x1B
+        b >>= 1
+    return p
+
+
+def _rcon(n: int) -> int:
+    """AES round constant."""
+    if n == 0:
+        return 0
+    c = 1
+    for _ in range(n - 1):
+        c = _gmul(c, 2)
+    return c
+
+
+# Log / anti-log tables (generator 0xe5 = 229)
+_LTABLE = bytes([
+    0x00, 0xff, 0xc8, 0x08, 0x91, 0x10, 0xd0, 0x36,
+    0x5a, 0x3e, 0xd8, 0x43, 0x99, 0x77, 0xfe, 0x18,
+    0x23, 0x20, 0x07, 0x70, 0xa1, 0x6c, 0x0c, 0x7f,
+    0x62, 0x8b, 0x40, 0x46, 0xc7, 0x4b, 0xe0, 0x0e,
+    0xeb, 0x16, 0xe8, 0xad, 0xcf, 0xcd, 0x39, 0x53,
+    0x6a, 0x27, 0x35, 0x93, 0xd4, 0x4e, 0x48, 0xc3,
+    0x2b, 0x79, 0x54, 0x28, 0x09, 0x78, 0x0f, 0x21,
+    0x90, 0x87, 0x14, 0x2a, 0xa9, 0x9c, 0xd6, 0x74,
+    0xb4, 0x7c, 0xde, 0xed, 0xb1, 0x86, 0x76, 0xa4,
+    0x98, 0xe2, 0x96, 0x8f, 0x02, 0x32, 0x1c, 0xc1,
+    0x33, 0xee, 0xef, 0x81, 0xfd, 0x30, 0x5c, 0x13,
+    0x9d, 0x29, 0x17, 0xc4, 0x11, 0x44, 0x8c, 0x80,
+    0xf3, 0x73, 0x42, 0x1e, 0x1d, 0xb5, 0xf0, 0x12,
+    0xd1, 0x5b, 0x41, 0xa2, 0xd7, 0x2c, 0xe9, 0xd5,
+    0x59, 0xcb, 0x50, 0xa8, 0xdc, 0xfc, 0xf2, 0x56,
+    0x72, 0xa6, 0x65, 0x2f, 0x9f, 0x9b, 0x3d, 0xba,
+    0x7d, 0xc2, 0x45, 0x82, 0xa7, 0x57, 0xb6, 0xa3,
+    0x7a, 0x75, 0x4f, 0xae, 0x3f, 0x37, 0x6d, 0x47,
+    0x61, 0xbe, 0xab, 0xd3, 0x5f, 0xb0, 0x58, 0xaf,
+    0xca, 0x5e, 0xfa, 0x85, 0xe4, 0x4d, 0x8a, 0x05,
+    0xfb, 0x60, 0xb7, 0x7b, 0xb8, 0x26, 0x4a, 0x67,
+    0xc6, 0x1a, 0xf8, 0x69, 0x25, 0xb3, 0xdb, 0xbd,
+    0x66, 0xdd, 0xf1, 0xd2, 0xdf, 0x03, 0x8d, 0x34,
+    0xd9, 0x92, 0x0d, 0x63, 0x55, 0xaa, 0x49, 0xec,
+    0xbc, 0x95, 0x3c, 0x84, 0x0b, 0xf5, 0xe6, 0xe7,
+    0xe5, 0xac, 0x7e, 0x6e, 0xb9, 0xf9, 0xda, 0x8e,
+    0x9a, 0xc9, 0x24, 0xe1, 0x0a, 0x15, 0x6b, 0x3a,
+    0xa0, 0x51, 0xf4, 0xea, 0xb2, 0x97, 0x9e, 0x5d,
+    0x22, 0x88, 0x94, 0xce, 0x19, 0x01, 0x71, 0x4c,
+    0xa5, 0xe3, 0xc5, 0x31, 0xbb, 0xcc, 0x1f, 0x2d,
+    0x3b, 0x52, 0x6f, 0xf6, 0x2e, 0x89, 0xf7, 0xc0,
+    0x68, 0x1b, 0x64, 0x04, 0x06, 0xbf, 0x83, 0x38,
+])
+
+_ATABLE = bytes([
+    0x01, 0xe5, 0x4c, 0xb5, 0xfb, 0x9f, 0xfc, 0x12,
+    0x03, 0x34, 0xd4, 0xc4, 0x16, 0xba, 0x1f, 0x36,
+    0x05, 0x5c, 0x67, 0x57, 0x3a, 0xd5, 0x21, 0x5a,
+    0x0f, 0xe4, 0xa9, 0xf9, 0x4e, 0x64, 0x63, 0xee,
+    0x11, 0x37, 0xe0, 0x10, 0xd2, 0xac, 0xa5, 0x29,
+    0x33, 0x59, 0x3b, 0x30, 0x6d, 0xef, 0xf4, 0x7b,
+    0x55, 0xeb, 0x4d, 0x50, 0xb7, 0x2a, 0x07, 0x8d,
+    0xff, 0x26, 0xd7, 0xf0, 0xc2, 0x7e, 0x09, 0x8c,
+    0x1a, 0x6a, 0x62, 0x0b, 0x5d, 0x82, 0x1b, 0x8f,
+    0x2e, 0xbe, 0xa6, 0x1d, 0xe7, 0x9d, 0x2d, 0x8a,
+    0x72, 0xd9, 0xf1, 0x27, 0x32, 0xbc, 0x77, 0x85,
+    0x96, 0x70, 0x08, 0x69, 0x56, 0xdf, 0x99, 0x94,
+    0xa1, 0x90, 0x18, 0xbb, 0xfa, 0x7a, 0xb0, 0xa7,
+    0xf8, 0xab, 0x28, 0xd6, 0x15, 0x8e, 0xcb, 0xf2,
+    0x13, 0xe6, 0x78, 0x61, 0x3f, 0x89, 0x46, 0x0d,
+    0x35, 0x31, 0x88, 0xa3, 0x41, 0x80, 0xca, 0x17,
+    0x5f, 0x53, 0x83, 0xfe, 0xc3, 0x9b, 0x45, 0x39,
+    0xe1, 0xf5, 0x9e, 0x19, 0x5e, 0xb6, 0xcf, 0x4b,
+    0x38, 0x04, 0xb9, 0x2b, 0xe2, 0xc1, 0x4a, 0xdd,
+    0x48, 0x0c, 0xd0, 0x7d, 0x3d, 0x58, 0xde, 0x7c,
+    0xd8, 0x14, 0x6b, 0x87, 0x47, 0xe8, 0x79, 0x84,
+    0x73, 0x3c, 0xbd, 0x92, 0xc9, 0x23, 0x8b, 0x97,
+    0x95, 0x44, 0xdc, 0xad, 0x40, 0x65, 0x86, 0xa2,
+    0xa4, 0xcc, 0x7f, 0xec, 0xc0, 0xaf, 0x91, 0xfd,
+    0xf7, 0x4f, 0x81, 0x2f, 0x5b, 0xea, 0xa8, 0x1c,
+    0x02, 0xd1, 0x98, 0x71, 0xed, 0x25, 0xe3, 0x24,
+    0x06, 0x68, 0xb3, 0x93, 0x2c, 0x6f, 0x3e, 0x6c,
+    0x0a, 0xb8, 0xce, 0xae, 0x74, 0xb1, 0x42, 0xb4,
+    0x1e, 0xd3, 0x49, 0xe9, 0x9c, 0xc8, 0xc6, 0xc7,
+    0x22, 0x6e, 0xdb, 0x20, 0xbf, 0x43, 0x51, 0x52,
+    0x66, 0xb2, 0x76, 0x60, 0xda, 0xc5, 0xf3, 0xf6,
+    0xaa, 0xcd, 0x9a, 0xa0, 0x75, 0x54, 0x0e, 0x01,
+])
+
+
+def _gmul_inverse(v: int) -> int:
+    if v == 0:
+        return 0
+    return _ATABLE[255 - _LTABLE[v]]
+
+
+def _sbox(v: int) -> int:
+    s = x = _gmul_inverse(v)
+    for _ in range(4):
+        s = ((s << 1) | (s >> 7)) & 0xFF
+        x ^= s
+    return x ^ 0x63
+
+
+# Pre-compute the full S-box for speed
+_SBOX = bytes(_sbox(i) for i in range(256))
+
+
+def _schedule_core(word: bytearray, i: int) -> bytearray:
+    """Rotate left by 1 byte, apply S-box, XOR first byte with rcon(i)."""
+    word = bytearray([word[1], word[2], word[3], word[0]])
+    word = bytearray(_SBOX[b] for b in word)
+    word[0] ^= _rcon(i)
+    return word
+
+
+# ---------------------------------------------------------------------------
+# Key schedule validators
+# ---------------------------------------------------------------------------
+
+def valid_aes128_schedule(data: bytes | bytearray) -> bool:
+    """Return True if data[0:176] is a valid AES-128 key schedule."""
+    if len(data) < AES128_KEY_SCHEDULE_SIZE:
+        return False
+    computed = bytearray(data[:AES128_KEY_SIZE])
+    pos = AES128_KEY_SIZE
+    i = 1
+    while pos < AES128_KEY_SCHEDULE_SIZE:
+        t = bytearray(computed[pos - 4:pos])
+        if pos % AES128_KEY_SIZE == 0:
+            t = _schedule_core(t, i)
+            i += 1
+        for a in range(4):
+            val = computed[pos - AES128_KEY_SIZE] ^ t[a]
+            if val != data[pos]:
+                return False
+            computed.append(val)
+            pos += 1
+    return True
+
+
+def valid_aes192_schedule(data: bytes | bytearray) -> bool:
+    """Return True if data[0:208] is a valid AES-192 key schedule."""
+    if len(data) < AES192_KEY_SCHEDULE_SIZE:
+        return False
+    computed = bytearray(data[:AES192_KEY_SIZE])
+    pos = AES192_KEY_SIZE
+    i = 0
+    while pos < AES192_KEY_SCHEDULE_SIZE:
+        t = bytearray(computed[pos - 4:pos])
+        if pos % AES192_KEY_SIZE == 0:
+            t = _schedule_core(t, i)
+            i += 1
+        for a in range(4):
+            val = computed[pos - AES192_KEY_SIZE] ^ t[a]
+            if val != data[pos]:
+                return False
+            computed.append(val)
+            pos += 1
+    return True
+
+
+def valid_aes256_schedule(data: bytes | bytearray) -> bool:
+    """Return True if data[0:240] is a valid AES-256 key schedule."""
+    if len(data) < AES256_KEY_SCHEDULE_SIZE:
+        return False
+    computed = bytearray(data[:AES256_KEY_SIZE])
+    pos = AES256_KEY_SIZE
+    i = 1
+    while pos < AES256_KEY_SCHEDULE_SIZE:
+        t = bytearray(computed[pos - 4:pos])
+        if pos % AES256_KEY_SIZE == 0:
+            t = _schedule_core(t, i)
+            i += 1
+        elif pos % AES256_KEY_SIZE == 16:
+            t = bytearray(_SBOX[b] for b in t)
+        for a in range(4):
+            val = computed[pos - AES256_KEY_SIZE] ^ t[a]
+            if val != data[pos]:
+                return False
+            computed.append(val)
+            pos += 1
+    return True
+
+
+# ---------------------------------------------------------------------------
+# Entropy / frequency filter
+# ---------------------------------------------------------------------------
+
+class EntropyChecker:
+    """
+    Sliding-window entropy check.  Returns True (high entropy / skip) when
+    any single byte value appears more than 8 times in the window.
+    This mirrors the C implementation's logic exactly.
+    """
+
+    def __init__(self):
+        self._count = [0] * 256
+        self._initialized = False
+
+    def check(self, buf: bytes | bytearray, pos: int, window: int, first: bool) -> bool:
+        """
+        Check the window buf[pos : pos+window].
+        `first` signals that this is the very first call (resets state).
+        Returns True if entropy is too low (any byte repeats > 8 times).
+        """
+        if first:
+            self._initialized = False
+
+        if not self._initialized:
+            self._initialized = True
+            self._count = [0] * 256
+            for b in buf[pos:pos + window]:
+                self._count[b] += 1
+        
+        result = any(c > 8 for c in self._count)
+
+        # Slide the window: remove buf[pos], add buf[pos+window]
+        self._count[buf[pos]] -= 1
+        if pos + window < len(buf):
+            self._count[buf[pos + window]] += 1
+
+        return result
+
+
+# ---------------------------------------------------------------------------
+# Buffer / file scanning
+# ---------------------------------------------------------------------------
+
+def display_key(key: bytes | bytearray, size: int) -> str:
+    return " ".join(f"{b:02x}" for b in key[:size])
+
+
+def scan_buffer(buf: bytes | bytearray, size: int, offset: int) -> None:
+    checker = EntropyChecker()
+    for pos in range(size):
+        first = (offset + pos) == 0
+        if checker.check(buf, pos, AES128_KEY_SCHEDULE_SIZE, first):
+            continue
+        window = buf[pos:]
+        if valid_aes128_schedule(window):
+            print(f"Found AES-128 key schedule at offset 0x{offset + pos:x}:")
+            print(display_key(window, AES128_KEY_SIZE))
+        if valid_aes192_schedule(window):
+            print(f"Found AES-192 key schedule at offset 0x{offset + pos:x}:")
+            print(display_key(window, AES192_KEY_SIZE))
+        if valid_aes256_schedule(window):
+            print(f"Found AES-256 key schedule at offset 0x{offset + pos:x}:")
+            print(display_key(window, AES256_KEY_SIZE))
+
+
+def scan_file(path: str) -> bool:
+    """Scan a file for AES key schedules using a sliding-window approach."""
+    try:
+        handle = open(path, "rb")
+    except OSError as e:
+        print(e, file=sys.stderr)
+        return True
+
+    print(f"Searching {path}")
+    offset = 0
+    carry = bytearray(WINDOW_SIZE)  # overlap from previous chunk
+
+    with handle:
+        while True:
+            raw = handle.read(BUFFER_SIZE)
+            if not raw:
+                break
+            buf = bytes(carry) + raw
+            bytes_read = len(raw)
+
+            if offset == 0:
+                size = bytes_read if bytes_read < BUFFER_SIZE else bytes_read - WINDOW_SIZE
+                scan_buffer(buf[WINDOW_SIZE:], size, 0)
+            else:
+                scan_buffer(buf, bytes_read, offset - WINDOW_SIZE)
+
+            offset += bytes_read
+            carry = bytearray(buf[-WINDOW_SIZE:])
+
+    return False
+
+
+# ---------------------------------------------------------------------------
+# Entry point
+# ---------------------------------------------------------------------------
+
+def main() -> int:
+    if len(sys.argv) < 2:
+        print("FindAES (Python) - Searches for AES-128, AES-192, and AES-256 keys\n")
+        print("Usage: findaes.py [FILES]")
+        return 1
+
+    for path in sys.argv[1:]:
+        scan_file(path)
+
+    return 0
+
+
+if __name__ == "__main__":
+    sys.exit(main())
