Created
January 7, 2021 18:11
-
-
Save myrtus0x0/c9b8cc4bf52a17778967f4f1282b55e7 to your computer and use it in GitHub Desktop.
CRC32 brute force for dridex network requests
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package main | |
import ( | |
"fmt" | |
"hash/crc32" | |
) | |
const ( | |
MAXCHARLEN = 6 | |
) | |
var ( | |
crcTable *crc32.Table = crc32.MakeTable(crc32.IEEE) | |
seenCommands map[uint32]bool = map[uint32]bool{ | |
0x011f0411: true, // bot | |
0x44c8f818: true, // list | |
0xee7cbe69: true, // dmod6 | |
0x7775efd3: true, // dmod5 | |
0xf81ddc32: true, // dmod11 | |
} | |
) | |
func generateCombinations(alphabet string, length int) <-chan string { | |
c := make(chan string) | |
go func(c chan string) { | |
defer close(c) | |
addLetter(c, "", alphabet, length) // start with empty string | |
}(c) | |
return c // return chan | |
} | |
func addLetter(c chan string, combo string, alphabet string, length int) { | |
if length <= 0 { | |
return | |
} | |
var newCombo string | |
for _, ch := range alphabet { | |
newCombo = combo + string(ch) | |
c <- newCombo | |
addLetter(c, newCombo, alphabet, length-1) | |
} | |
} | |
func hashFuncCrc32(val []byte) uint32 { | |
return crc32.Checksum(val, crcTable) | |
} | |
func main() { | |
for combination := range generateCombinations("abcdefghijklmnopqrstuvwxyz0123456789", MAXCHARLEN) { | |
crc := hashFuncCrc32([]byte(combination)) | |
if seenCommands[crc] { | |
fmt.Printf("found matching hash: %s = 0x%x\n", combination, crc) | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment