I want to somewhat automate process of finding Cryengine RSA keys inside memory dumps. I wanted to make quickbms script which scans dump for specific hex code (30 81 89 02 81 81 00) and then write to file 140 bytes in hex from all positions at which this pattern starts in format like this:
Code: Select all
0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xBF, 0xD6, 0x12, 0xF2, 0x5E, 0x95, 0x48, 0x4C, 0xCB,
0xB5, 0xCE, 0x2B, 0xAB, 0x39, 0xFB, 0x3C, 0xEF, 0xE0, 0x8B, 0xC3, 0x1B, 0xB9, 0x3E, 0x59, 0x85,
0xB9, 0x22, 0x8C, 0x90, 0x87, 0xA3, 0xE0, 0xCF, 0x7F, 0x80, 0x6B, 0xAD, 0x52, 0xEB, 0x11, 0x81,
0xC8, 0x58, 0x46, 0xB4, 0xD1, 0xF2, 0x7E, 0xC2, 0x63, 0xC5, 0xEE, 0x1B, 0x06, 0xE8, 0x7F, 0xDE,
0x2B, 0xD9, 0x53, 0x5F, 0x96, 0x91, 0x5C, 0x39, 0x9E, 0xBC, 0xF7, 0xFA, 0xEF, 0x65, 0xFC, 0x94,
0x7F, 0xB0, 0x37, 0xCA, 0xF6, 0xE3, 0xCE, 0xF9, 0xDC, 0xDD, 0xD5, 0x5F, 0x23, 0x6D, 0x2B, 0x29,
0xEC, 0x90, 0x72, 0x0C, 0xCC, 0xBE, 0xC6, 0x65, 0x25, 0xE9, 0x64, 0xF8, 0x31, 0x14, 0x0B, 0xC0,
0xCC, 0xFB, 0x9F, 0xA4, 0x97, 0x32, 0x71, 0xA3, 0x86, 0xA1, 0x46, 0x97, 0x5F, 0x4A, 0x86, 0xB6,
0x24, 0x8D, 0x45, 0x89, 0xEE, 0xF3, 0xD7, 0x02, 0x03, 0x01, 0x00, 0x01Any help will be useful.