No results FindCrypt on MacOS

d3v1l401 / FindCrypt-Ghidra

IDA Pro's FindCrypt ported to Ghidra, with an updated and customizable signature database

https://d3vsite.org/

GNU General Public License v3.0

520 stars 51 forks source link

No results FindCrypt on MacOS #3

Closed duraki closed 5 years ago

duraki commented 5 years ago

When running FindCrypt on MacOS Mojave (latest update), it basically doesn't print any result, meaning it doesn't show popup box.

Installation (as per MacOS):

$ ll ~/ghidra_scripts
total 96
-rw-r--r--  1 x  staff    45K Apr 22 03:21 FindCrypt.java

$ md5 ~/findcrypt_ghidra/database.d3v
MD5 (/Users/x/findcrypt_ghidra/database.d3v) = e2e8b69d6f2d51a643f9b8ec430a7839

Result:

FindCrypt.java> Running...
FindCrypt.java> Finished!

d3v1l401 commented 5 years ago

Hello, are you using the newest version of the script and database?

The latest script update introduced the decompression of the database's entries, the older version is not capable of dealing with compressed buffer and skips the deserialization, not adding the entry to the target crypto patterns to scan.

d3v1l401 commented 5 years ago

I'm going to close the issue since author didn't show up anymore, open another one if you still have this problem.