Stop using the d3v database and make it easier to contribute signatures

TorgoTorgo / ghidra-findcrypt

Ghidra analysis plugin to locate cryptographic constants

https://gitlab.com/Torgo/ghidra_findcrypt

GNU General Public License v3.0

248 stars 23 forks source link

Stop using the d3v database and make it easier to contribute signatures #5

Closed TorgoTorgo closed 3 years ago

TorgoTorgo commented 3 years ago

Some ideas...

YARA? Probably too complex
libmagic db format?
yaml with hex strings?

We can continue to pack into d3v's format, but we should unpack the db into a human modifiable format.

clienthax commented 3 years ago

Could use json and hex strings (could also expand the format for multiple data entries per name. Wouldn't need any extra libraries as ghidra bundles gson.

Examples:

current form https://pastebin.ubuntu.com/p/kb2ktZ5sgF/

modified for multiple data sets per entry https://pastebin.ubuntu.com/p/B38th6mZmq/

clienthax commented 3 years ago

WIP here https://github.com/clienthax/ghidra-findcrypt Seems that GSON isn't in Ghidra 9.1.2 but I doubt very many people are using that version.

TorgoTorgo commented 3 years ago

Fixed in #8

Thanks for the contribution @clienthax! This is super!