28 lines
No EOL
1.5 KiB
Markdown
28 lines
No EOL
1.5 KiB
Markdown
# Reverse Assembling Program Engineering(RAPE) Toolkit
|
|
|
|
This repository contains a subset of my private tools for Reverse Engineering, a new project(codename: Symphonic) will
|
|
make an appearance soon. As such, all required dependencies are made public ahead of time.
|
|
|
|
Also on the past 6 months I received questions on: How do you find this? How do you get AES keys? How do you fix the
|
|
dump? So I hope this helps people wanting to learn to
|
|
|
|
## Quick tool summary
|
|
|
|
- AES Key Finder
|
|
- Should be self-explanatory but, basically after parsing a PE file you can pass image base, sections, and
|
|
data(raw binary) and the filter(this tool includes Restricted and Relax filters, but you can add more)
|
|
- To get the 3 first params, please refer to PE Utils down below
|
|
- Cursor
|
|
- An implementation for a cursor Read + Write. Rust already has one, but I needed something like string and
|
|
wide string parsing, so I created my own
|
|
- Offset Finder
|
|
- This library allows to find patterns in executables
|
|
- Allows to find either exact or partial matches by leveraging wildcards(??)
|
|
- Also has options for silent reporting(skip_print_offset) or allow multiple matches
|
|
- Leveraging PE Utils it returns both in file and RVA of the pattern found
|
|
- PE Utils
|
|
- Subset of functions to work with PE files. Not very valuable alone, but it allows to omit repetitive code for the
|
|
rest of projects
|
|
- Restorer
|
|
- Allows to go from a memory dump(Frida, and others(Including private dumpers)) to a file that has section table
|
|
fixed for more analysis with other tools |