It is a function identification technology that IDA comes with to address such requirements. In fact, for this purpose, FLIRT is a better choice. The findcrypt plug-in can do the job, but not competently enough.
What you want to know is the encryption algorithm and hash algorithm used by this ELF file. Function Identification/Symbol Porting 1 FLIRT 1.1 What Is FLIRTĪssume that you want to analyze a stripped ELF file without debugging information and symbol information, which was statically linked to OpenSSL’s libcrypto.a. The rest of this document explains the usage of some other IDA plug-ins. Typical function identification technologies include the Fast Library Identification and Recognition Technology (FLIRT) in IDA and the rizzo method developed by Craig Heffner, whose rationale and engineering practices are detailed here. This document dwells upon function identification and symbol porting in reverse engineering of Internet of things (IoT) devices without using BinDiff and PatchDiff2, which are “too good” for the purposes here and are inapplicable in certain scenarios.
0 kommentar(er)
