aeskeyfind
tool for locating AES keys in a captured memory image
Install
- All systems
-
curl cmd.cat/aeskeyfind.sh
- Debian
-
apt-get install aeskeyfind
- Ubuntu
-
apt-get install aeskeyfind
- Kali Linux
-
apt-get install aeskeyfind
- Windows (WSL2)
-
sudo apt-get update
sudo apt-get install aeskeyfind
- Raspbian
-
apt-get install aeskeyfind
- Dockerfile
- dockerfile.run/aeskeyfind
aeskeyfind
tool for locating AES keys in a captured memory image
This program illustrates automatic techniques for locating 128-bit and 256-bit AES keys in a captured memory image. The program uses various algorithms and also performs a simple entropy test to filter out blocks that are not keys. It counts the number of repeated bytes and skips blocks that have too many repeats. This method works even if several bits of the key schedule have been corrupted due to memory decay. This package is useful to several activities, as forensics investigations.