rpms/aeskeyfind
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: rpms:rawhide
Branches Tags
rpms:rawhide
rpms:main
rpms:f43
rpms:f42
rpms:epel10
rpms:epel10.0
rpms:epel10.1
rpms:f41
rpms:f40
rpms:epel8
rpms:epel7
rpms:epel9
rpms:f37
rpms:f38
rpms:f39
rpms:epel8-playground
rpms:f36
rpms:f35
rpms:f34
rpms:f33
rpms:f30
rpms:f31
rpms:f32
..
compare: rpms:epel8-playground
Branches Tags
rpms:main
rpms:rawhide
rpms:f43
rpms:f42
rpms:epel10
rpms:epel10.0
rpms:epel10.1
rpms:f41
rpms:f40
rpms:epel8
rpms:epel7
rpms:epel9
rpms:f37
rpms:f38
rpms:f39
rpms:epel8-playground
rpms:f36
rpms:f35
rpms:f34
rpms:f33
rpms:f30
rpms:f31
rpms:f32

1 commit
rawhide ... epel8-play

Author SHA1 Message Date
Troy Dawson
446fbd64ac epel8-playground decommissioned : https://pagure.io/epel/issue/136 2022-01-31 08:57:00 -08:00
11 changed files with 1 additions and 322 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.gitignore vendored
View file

@ -1,2 +0,0 @@
/aeskeyfind-1.0.tar.gz
/aeskeyfind-1.0.tar.gz.asc

16
README.md
View file

@ -1,16 +0,0 @@
# aeskeyfind
The aeskeyfind rpm package.
This program illustrates automatic techniques for locating 128-bit and
256-bit AES keys in a captured memory image.
The program uses various algorithms and also performs a simple entropy
test to filter out blocks that are not keys. It counts the number of
repeated bytes and skips blocks that have too many repeats.
This method works even if several bits of the key schedule have been
corrupted due to memory decay.
This package is useful to several activities, as forensics investigations.

20
aeskeyfind-10_add-GCC-hardening.patch
View file

@ -1,20 +0,0 @@
Description: add GCC hardening.
Author: Joao Eriberto Mota Filho <eriberto@debian.org>
Last-Update: 2015-02-26
Index: aeskeyfind-1.0/Makefile
===================================================================
--- aeskeyfind-1.0.orig/Makefile
+++ aeskeyfind-1.0/Makefile
@@ -1,10 +1,10 @@
-CFLAGS= -Wall -O4 -std=c99
+CFLAGS += -Wall -O4 -std=c99
OBJS= aeskeyfind.o aes.o util.o
all: aeskeyfind
aeskeyfind: $(OBJS)
- $(CC) -o aeskeyfind $(OBJS)
+ $(CC) $(LDFLAGS) -o aeskeyfind $(OBJS)
clean:
@rm -f aeskeyfind *~ \#* $(OBJS)

17
aeskeyfind-20_sbox-size.patch
View file

@ -1,17 +0,0 @@
Description: Fix sbox array size
See #692293 for details.
Author: Samuel Henrique <samueloph@gmail.com>
Last-Update: 2017-01-01
Index: aeskeyfind/aes.h
===================================================================
--- aeskeyfind.orig/aes.h
+++ aeskeyfind/aes.h
@@ -4,7 +4,7 @@
typedef uint32_t aeskey_t[4];
typedef uint32_t keyexp_t[44];
-extern uint8_t sbox[255];
+extern uint8_t sbox[256];
extern uint8_t rcon[255];
// Perform the AES key core operation on a word.

55
aeskeyfind-30_big-files-support.patch
View file

@ -1,55 +0,0 @@
Description: Support for files bigger than 4GB
aeskeyfind has a bug where it fails to process a file larger than 4GB properly.
Instead it will process only filesize & 0xffffffff. Sign confusion in entropy
function can also lead to a crash when processing a large file. Finally, on
32-bit systems size parameter to mmap would get quietly truncated.
PS. Due to the design limitations the application cannot scan very large files
on 32-bit systems. This patch doesn't address that limitation, it however makes
the application fail gracefully if the situation is met.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926786
Author: Harry Sintonen <debianbugs@kyber.fi>
Index: aeskeyfind/aeskeyfind.c
===================================================================
--- aeskeyfind.orig/aeskeyfind.c
+++ aeskeyfind/aeskeyfind.c
@@ -90,7 +90,7 @@ static void print_key(uint32_t* map, int
// more than 8 repeats of any byte. This is a primitive measure of
// entropy, but it works well enough. The function keeps track of a
// sliding window of byte counts.
-static int entropy(const uint8_t* bmap, int i)
+static int entropy(const uint8_t* bmap, size_t i)
{
static int new_call = 1;
static int byte_freq[256] = {0};
@@ -208,7 +208,7 @@ static void find_keys(const uint8_t* bma
// Memory maps filename and return a pointer on success, setting len
// to the length of the file (does not return on error)
-unsigned char *map_file(char *filename, unsigned int *len) {
+unsigned char *map_file(char *filename, size_t *len) {
int fd = open(filename, O_RDONLY);
if (fd < 0)
err(1, "image open failed");
@@ -217,6 +217,11 @@ unsigned char *map_file(char *filename,
if (fstat(fd, &st) != 0)
err(1, "image fstat failed");
+ if (st.st_size > SIZE_MAX) {
+ errno = EINVAL;
+ err(1, "image too large to mmap");
+ }
+
unsigned char *map;
map = (unsigned char*)mmap(0, st.st_size, PROT_READ, MAP_SHARED, fd, 0);
if (map == MAP_FAILED)
@@ -265,7 +270,7 @@ int main(int argc, char * argv[])
exit(1);
}
- unsigned int len;
+ size_t len;
unsigned char *image = map_file(argv[0], &len);
if (len < 240) {
fprintf(stderr, "memory image too small\n");

17
aeskeyfind-40_fix-undefined-left-shift.patch
View file

@ -1,17 +0,0 @@
Description: Fix bug caused by code with undefined behavior (left shift with negative exponent)
Bug-Debian: https://bugs.debian.org/989179
Bug-Ubuntu: https://bugs.launchpad.net/debian/+source/aeskeyfind/+bug/1838334
Author: Adrian Bunk <bunk@debian.org>
Index: aeskeyfind/aes.h
===================================================================
--- aeskeyfind.orig/aes.h
+++ aeskeyfind/aes.h
@@ -12,7 +12,7 @@ extern uint8_t rcon[255];
static inline uint32_t key_core(uint32_t k, int i) {
uint32_t t = 0;
for (int j=0; j<4; j++)
- t = set_byte(t, (j-1)%4, sbox[get_byte(k,j)]);
+ t = set_byte(t, (j-1+4)%4, sbox[get_byte(k,j)]);
return set_byte(t, 0, get_byte(t,0) ^ rcon[i]);
}

36
aeskeyfind.1
View file

@ -1,36 +0,0 @@
.TH "aeskeyfind" "1" "07-23-2011" "User Commands" "User Commands"
.SH "NAME"
aeskeyfind \- Locates 128-bit and 256-bit AES keys in a captured memory image.
.SH SYNOPSIS
.B aeskeyfind
[OPTION] MEMORY-IMAGE
.SH DESCRIPTION
aeskeyfind is a tool that illustrates automatic techniques for locating 128-bit and 256-bit AES keys in a captured memory image.
.SH OPTIONS
.LP
.ne 3
.TP
.BI -v\c
verbose output -- prints the extended keys and the constraints on the rows of the key schedule
.ne 3
.TP
.BI -q\c
don't display a progress bar
.ne 3
.TP
.BI -t\ THRESHOLD\c
sets the maximum number of bit errors allowed in a candidate key schedule
.ne 3
.TP
.BI -h\c
displays usage help
.SH BUGS
Likely.
.SH "SEE ALSO"
\fBbiosmemimage\fR(1),
\fBrsakeyfind\fR(1)
.SH AUTHOR
.TP
aeskeyfind was written by Nadia Heninger and Ariel Feldman.
.TP
This manual page was adapted by Julien Valroff <julien@debian.org> from rsakeyfind.1, originally written by Jacob Appelbaum <jacob@appelbaum.net> for the \fBDebian\fP system (but may be used by others). Permission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License, Version 2 or any later version published by the Free Software Foundation.

157
aeskeyfind.spec
View file

@ -1,157 +0,0 @@
Name: aeskeyfind
Version: 1.0
Release: 23%{?dist}
# 3-clause BSD license
# Automatically converted from old format: BSD - review is highly recommended.
License: LicenseRef-Callaway-BSD
Summary: Locate 128-bit and 256-bit AES keys in a captured memory image
# Original URL: https://citp.princeton.edu/research/memory/
# https://citp.princeton.edu/our-work/memory/
# https://citp.princeton.edu/our-work/memory/code
URL: https://citp.princeton.edu/our-work/memory/
# New mirror on github
# Mirror https://github.com/DonnchaC/coldboot-attacks
# Fork https://github.com/makomk/aeskeyfind
# https://citp.princeton.edu/memory-content/src/aeskeyfind-1.0.tar.gz
# https://web.archive.org/web/20160501132651/https://citp.princeton.edu/memory-content/src/aeskeyfind-1.0.tar.gz
# http://citpsite.s3-website-us-east-1.amazonaws.com/oldsite-htdocs/memory-content/src/%%{name}-%%{version}.tar.gz
Source0: http://citpsite.s3-website-us-east-1.amazonaws.com/memory-content/src/%{name}-%{version}.tar.gz
# https://web.archive.org/web/20160501132651/https://citp.princeton.edu/memory-content/src/aeskeyfind-1.0.tar.gz.asc
# http://citpsite.s3-website-us-east-1.amazonaws.com/oldsite-htdocs/memory-content/src/%%{name}-%%{version}.tar.gz.asc
Source1: http://citpsite.s3-website-us-east-1.amazonaws.com/oldsite-htdocs/memory-content/src/%{name}-%{version}.tar.gz.asc
# The authenticator public key obtained from release 1.0
# gpg2 -vv aeskeyfind-1.0.tar.gz.asc
# Signed by Jacob Appelbaum <jacob () appelbaum net>
# gpg2 --search-key B8841A919D0FACE4
# gpg2 --search-key 12E404FFD3C931F934052D06B8841A919D0FACE4
# gpg2 --list-public-keys 12E404FFD3C931F934052D06B8841A919D0FACE4
# gpg2 --export --export-options export-minimal 12E404FFD3C931F934052D06B8841A919D0FACE4 > gpgkey-12E404FFD3C931F934052D06B8841A919D0FACE4.gpg
Source2: gpgkey-12E404FFD3C931F934052D06B8841A919D0FACE4.gpg
# Manual page from Debian
Source3: aeskeyfind.1
# Original Debian patch to allow build hardening by usage of CFLAGS and LDFLAGS
# Author: Joao Eriberto Mota Filho <eriberto@debian.org>
Patch1: aeskeyfind-10_add-GCC-hardening.patch
# Original Debian patch to fix the size of the sbox
# Author: Samuel Henrique <samueloph@debian.org>
Patch2: aeskeyfind-20_sbox-size.patch
# Original Debian patch to support for files bigger than 4GB
# Author: Harry Sintonen <debianbugs@kyber.fi>
Patch3: aeskeyfind-30_big-files-support.patch
# Original Debian patch to fix silent regression caused by UC
# Author: Adrian Bunk <bunk@debian.org>
Patch4: aeskeyfind-40_fix-undefined-left-shift.patch
Buildrequires: gcc
Buildrequires: make
BuildRequires: gnupg2
%description
This program illustrates automatic techniques for locating 128-bit and
256-bit AES keys in a captured memory image.
The program uses various algorithms and also performs a simple entropy
test to filter out blocks that are not keys. It counts the number of
repeated bytes and skips blocks that have too many repeats.
This method works even if several bits of the key schedule have been
corrupted due to memory decay.
This package is useful to several activities, as forensics investigations.
%prep
#check signature
%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
%autosetup -n %{name}
%build
%set_build_flags
%make_build %{?_smp_mflags}
%install
install -Dp -m755 %{name} %{buildroot}%{_bindir}/%{name}
install -d %{buildroot}%{_mandir}/man1
install -p -m644 %{SOURCE3} %{buildroot}%{_mandir}/man1
%files
%license LICENSE
%doc README
%{_bindir}/%{name}
%{_mandir}/man1/%{name}.1*
%changelog
* Fri Jan 16 2026 Fedora Release Engineering <releng@fedoraproject.org> - 1.0-23
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Wed Jul 23 2025 Fedora Release Engineering <releng@fedoraproject.org> - 1.0-22
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Thu Jan 16 2025 Fedora Release Engineering <releng@fedoraproject.org> - 1.0-21
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Wed Aug 28 2024 Miroslav Suchý <msuchy@redhat.com> - 1.0-20
- convert license to SPDX
* Wed Jul 17 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.0-19
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Mon Jan 22 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.0-18
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.0-17
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Thu Sep 07 2023 Samuel Henrique <samueloph@debian.org> - 1.0-16
- sync with the bugfix patches with Debian
* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.0-15
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Wed Jan 18 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.0-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Wed Jul 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.0-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Wed Jan 19 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.0-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.0-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Mon Jan 25 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.0-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Fri Jul 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.0-9
- Second attempt - Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.0-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon Feb 10 2020 Michal Ambroz <rebus at, seznam.cz> - 1.0-7
- cosmetic changes in the signature verification
* Sun Oct 20 2019 Michal Ambroz <rebus at, seznam.cz> - 1.0-6
- check the signatures, fix man permission, comment patch
* Mon Apr 01 2019 Michal Ambroz <rebus at, seznam.cz> - 1.0-5
- package based on the cert.ord package by Lawrence R. Rogers (lrr@cert.org)

1
dead.package Normal file
View file

@ -0,0 +1 @@
epel8-playground decommissioned : https://pagure.io/epel/issue/136

BIN
gpgkey-12E404FFD3C931F934052D06B8841A919D0FACE4.gpg
View file

Binary file not shown.

2
sources
View file

@ -1,2 +0,0 @@
SHA512 (aeskeyfind-1.0.tar.gz) = a523e0edb47c4f0386fc692c5ba7a858e6bf79e870980c7e7338f41fbdd29ecd9855269801c8581047a039d014d242652632676650c3b859c2d23f47bc231713
SHA512 (aeskeyfind-1.0.tar.gz.asc) = 9623a8fda5545108ca93c0f4b291b9760a2a5a75380585862f47d3c00096f9b2e43c68e14450e8a4c001a2a10db65a626e6eaae7d77f8305113862f2dff4315f