ASkyeye/ECCCurveParser.ps1

## ECCCurveParser.ps1
# Hex string taken from the "para" field of Audit-CVE event ID 1 event in the Application log
$EventParaString = '3081E0020101302C06072A8648CE3D0101022100A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377304404207D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9042026DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B60441048BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997022100A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7020101'

# Convert the hex string to a byte array
[Byte[]] $EventParaBytes = $EventParaString -split '([0-9A-F]{2})' | Where-Object { $_ } | ForEach-Object { [Byte] "0x$_" }

# Save the byte array to disk
[IO.File]::WriteAllBytes("$PWD\ECCCurveParams.bin", $EventParaBytes)

# Use certutil to parse the ASN.1-encoded ECC curve parameters
certutil.exe -asn "$PWD\ECCCurveParams.bin"
	# Hex string taken from the "para" field of Audit-CVE event ID 1 event in the Application log
	$EventParaString = '3081E0020101302C06072A8648CE3D0101022100A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377304404207D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9042026DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B60441048BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997022100A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7020101'

	# Convert the hex string to a byte array
	[Byte[]] $EventParaBytes = $EventParaString -split '([0-9A-F]{2})' \| Where-Object { $_ } \| ForEach-Object { [Byte] "0x$_" }

	# Save the byte array to disk
	[IO.File]::WriteAllBytes("$PWD\ECCCurveParams.bin", $EventParaBytes)

	# Use certutil to parse the ASN.1-encoded ECC curve parameters
	certutil.exe -asn "$PWD\ECCCurveParams.bin"