FindCrypt Olly Plugin

While analyzing a program quite often we want to know if it uses any crypto algorithm. Knowing the algorithm name would be useful too. Here is the plugin which can help us answer these questions.

The idea behind it pretty simple: since almost all crypto algorithms use magic constants, we will just look for these constants in the program body.

The plugin supports virtually all crypto algorithms and hash functions. Here is the full list:

* Blowfish
* Camellia
* CAST256
* CRC32
* MD2
* MD4
* MD5
* PKCS_MD2 (byte sequence used in PKCS envelope)
* PKCS_MD5 (byte sequence used in PKCS envelope)
* PKCS_RIPEMD160 (byte sequence used in PKCS envelope)
* PKCS_SHA256 (byte sequence used in PKCS envelope)
* PKCS_SHA384 (byte sequence used in PKCS envelope)
* PKCS_SHA512 (byte sequence used in PKCS envelope)
* PKCS_Tiger (byte sequence used in PKCS envelope)
* RawDES
* RC2
* RC5
* RC6
* Rijndael
* SHA-1
* SHA-256
* SHA-512
* Square
* Tiger
* Twofish
* Whirlpool
* zlib

Please note that the list does not contain the IDEA algorithm because it usually builds its tables on the fly. Other algorithms can be added if needed.


OllyDbg is a debugger that emphasizes binary code analysis, which is useful when source code is not available. It traces registers, recognizes procedures, API calls, switches, tables, constants and strings, as well as locates routines from object files and libraries. According to the program's help file, version 1.10 is the final 1.x release. Version 2.0 is in development and is being written from the ground up. The software is free of cost, but the shareware license requires users to register with the author. OllyDbg is only available in 32-bit binaries.

Special highlights are:


WinHex is a hexadecimal editor, particularly helpful in the realm of computer forensics, data recovery, low-level data processing, and IT security. Also a advanced tool for everyday and emergency use.

Syndicate content