RAPE-toolkit/README.md

Reverse Assembling Program Engineering(RAPE) Toolkit

This repository contains a subset of my private tools for Reverse Engineering, a new project(codename: Symphonic) will make an appearance soon. As such, all required dependencies are made public ahead of time.

Also on the past 6 months I received questions on: How do you find this? How do you get AES keys? How do you fix the dump? So I hope this helps people wanting to learn to

Quick tool summary

• AES Key Finder
  • Should be self-explanatory but, basically after parsing a PE file you can pass image base, sections, and data(raw binary) and the filter(this tool includes Restricted and Relax filters, but you can add more)
  • To get the 3 first params, please refer to PE Utils down below
• Cursor
  • An implementation for a cursor Read + Write. Rust already has one, but I needed something like string and wide string parsing, so I created my own
• Offset Finder
  • This library allows to find patterns in executables
  • Allows to find either exact or partial matches by leveraging wildcards(??)
  • Also has options for silent reporting(skip_print_offset) or allow multiple matches
  • Leveraging PE Utils it returns both in file and RVA of the pattern found
• PE Utils
  • Subset of functions to work with PE files. Not very valuable alone, but it allows to omit repetitive code for the rest of projects
• Restorer
  • Allows to go from a memory dump(Frida, and others(Including private dumpers)) to a file that has section table fixed for more analysis with other tools