reverseame
diff --git a/‎CMakeLists.txt‎
Lines changed: 3 additions & 14 deletions b/‎CMakeLists.txt‎
Lines changed: 3 additions & 14 deletions
diff --git a/‎include/interrogate/aes.h‎
Lines changed: 5 additions & 51 deletions b/‎include/interrogate/aes.h‎
Lines changed: 5 additions & 51 deletions
diff --git a/‎src/custom-ransomware/basic-ransomware.cc‎
Lines changed: 2 additions & 2 deletions b/‎src/custom-ransomware/basic-ransomware.cc‎
Lines changed: 2 additions & 2 deletions
@@ -1,7 +1,7 @@
 cmake_minimum_required(VERSION 3.15)
 
 set(CMAKE_SYSTEM_NAME Windows)
-project(KeyReaper VERSION 1.5.0)
+project(KeyReaper VERSION 1.6.0)
 set(PROGRAM_NAME "KeyReaper")
 
 set(MSVC True)
@@ -27,24 +27,13 @@ endif()
 
 ## Ease for includes
 add_library(common_includes INTERFACE)
+add_library(interrogate_include INTERFACE)
 target_include_directories(common_includes INTERFACE ${PROJECT_SOURCE_DIR}/include/keyreaper)
 target_include_directories(interrogate_include INTERFACE ${PROJECT_SOURCE_DIR}/include/interrogate)
 
 # 3rd parties
 include(FetchContent)
 
-# Interrogate
-FetchContent_Declare(
-    interrogate
-    URL https://sourceforge.net/projects/interrogate/files/interrogate/0.0.4/interrogate-0.0.4-source.tar.gz/download
-    DOWNLOAD_EXTRACT_TIMESTAMP TRUE
-)
-FetchContent_MakeAvailable(interrogate)
-set(FILE_PATH "${interrogate_SOURCE_DIR}/aes.c")
-file(READ ${FILE_PATH} FILE_CONTENT)
-string(REPLACE "interrogate.h" "aes.h" FILE_CONTENT "${FILE_CONTENT}")
-file(WRITE ${FILE_PATH} "${FILE_CONTENT}")
-
 # JSON library
 FetchContent_Declare(
   json
@@ -96,7 +85,7 @@ add_executable(${EXECUTABLE_NAME}
     ${SOURCE_BASE_DIR}/config.cc
     ${SOURCE_BASE_DIR}/program_result.cc
     ${SOURCE_BASE_DIR}/key.cc
-    ${interrogate_SOURCE_DIR}/aes.c
+    ${SOURCE_BASE_DIR}/interrogate/aes.cc
     ${SOURCE_BASE_DIR}/scanners.cc
     ${SOURCE_BASE_DIR}/key_scanner.cc
     ${SOURCE_BASE_DIR}/injection/custom_ipc.cc
 
@@ -1,6 +1,10 @@
 #ifndef AES_INTERROGATE_H
 #define AES_INTERROGATE_H
 
+#include <windows.h>
+#include <vector>
+#include <algorithm>
+
 namespace interrogate {
 
 typedef struct {
@@ -34,57 +38,7 @@ void expand_key(unsigned char *in);
 void expand_key_192(unsigned char *in);
 void expand_key_256(unsigned char *in);
 
-
-void print_hex_array(unsigned char *buffer, int length, int columns) {
-  int i;
-  for (i = 0; i < length; i++) {
-    if ((i % columns) == 0)
-      printf("\n");
-    printf("%02x ", buffer[i]);
-  }
-  printf("\n\n");
-}
-
-std::vector<std::vector<BYTE>> aes_search(interrogate_context* ctx, unsigned char* buffer) {
-  auto found_keys = vector<BYTE>();
-	unsigned int i;
-
-	/* Set key schedule sizes */
-	unsigned int kssize = 176;
-	if (ctx->keysize == 192) {
-		kssize = 208;
-	} else if (ctx->keysize == 256) {
-		kssize = 240;
-	}
-
-	unsigned char* ks = (unsigned char*) malloc(kssize * sizeof(unsigned char));
-
-	for (i = ctx->from; i < ctx->filelen - kssize; i++) {
-		/* Copy a chunk of data from buffer, expand it using AES key
-		 * schedule routines */
-		ks = (unsigned char*) memcpy(ks, &buffer[i], kssize);
-		if ((ctx->keysize == 128))
-			expand_key(ks);
-		else if ((ctx->keysize == 192))
-			expand_key_192(ks);
-		else
-			expand_key_256(ks);
-		/* Compare expanded key schedule to the data proceeding the chunk */
-		if (memcmp(ks, &buffer[i], kssize) == 0) {
-			ctx->count++;
-			printf("Found (probable) AES key at offset %.8x:\n", i);
-			print_hex_array(ks, ctx->keysize / 8, 16);
-			printf("Expanded key:\n");
-			print_hex_array(ks, kssize, 16);
-      auto key = vector<BYTE>(ctx->keysize, 0);
-      memcpy(key.data(), ks, min(key.size(), kssize));
-      found_keys.push_back(move(key));
-		}
-	}
-  if (ctx->count == 0) printf("Did not found any keys\n");
-
-  return found_keys;
-}
+std::vector<std::vector<BYTE>> aes_search(interrogate_context* ctx, unsigned char* buffer);
 
 } // namespace interrogate
 
 
@@ -277,7 +277,6 @@ void GenerateKeyChunck(HCRYPTPROV provider, ALG_ID alg, DWORD number_of_keys) {
             if (alg == CALG_RSA_KEYX || alg == CALG_RSA_SIGN) {
                 printf(" [i] Asymmetric algorithm detected\n");
                 data_len = 2048;
-                getchar();
 
                 result = CryptExportKey(key, NULL, PRIVATEKEYBLOB, 0, buffer2, &data_len);
                 if (result == 0) printf(" [x] Could not export the private pair\n");
@@ -450,7 +449,8 @@ int main(int argc, char* argv[]) {
 
     // CheckAllBlockSizes(phProv);
     // GenerateKeyWithIV(phProv);
-    GenerateKeyChunck(phProv, CALG_RSA_KEYX, 1);
+    GenerateKeyChunck(phProv, CALG_AES_128, 1);
+    getchar();
 
     // create a hash object from the CSP (cryptographic service provider)
     HCRYPTHASH hHash;