1/27/24

Hashdb-Ida - HashDB API Hash Lookup Plugin For IDA Pro


HashDB IDA Plugin

Malware string hash lookup plugin for IDA Pro. This plugin connects to the OALABS HashDB Lookup Service.


Adding New Hash Algorithms

The hash algorithm database is open source and new algorithms can be added on GitHub here. Pull requests are mostly automated and as long as our automated tests pass the new algorithm will be usable on HashDB within minutes.


Using HashDB

HashDB can be used to look up strings that have been hashed in malware by right-clicking on the hash constant in the IDA disassembly view and launching the HashDB Lookup client.


Settings

Before the plugin can be used to look up hashes the HashDB settings must be configured. The settings window can be launched from the plugins menu Edit->Plugins->HashDB.


 

Hash Algorithms

Click Refresh Algorithms to pull a list of supported hash algorithms from the HashDB API, then select the algorithm used in the malware you are analyzing.


Optional XOR

There is also an option to enable XOR with each hash value as this is a common technique used by malware authors to further obfuscate hashes.


API URL

The default API URL for the HashDB Lookup Service is https://hashdb.openanalysis.net/. If you are using your own internal server this URL can be changed to point to your server.


Enum Name

When a new hash is identified by HashDB the hash and its associated string are added to an enum in IDA. This enum can then be used to convert hash constants in IDA to their corresponding enum name. The enum name is configurable from the settings in the event that there is a conflict with an existing enum.


Hash Lookup

Once the plugin settings have been configured you can right-click on any constant in the IDA disassembly window and look up the constant as a hash. The right-click also provides a quick way to set the XOR value if needed.



Bulk Import

If a hash is part of a module a prompt will ask if you want to import all the hashes from that module. This is a quick way to pull hashes in bulk. For example, if one of the hashes identified is Sleep from the kernel32 module, HashDB can then pull all the hashed exports from kernel32.


 

Algorithm Search

HashDB also includes a basic algorithm search that will attempt to identify the hash algorithm based on a hash value. The search will return all algorithms that contain the hash value, it is up to the analyst to decide which (if any) algorithm is correct. To use this functionality right-click on the hash constant and select HashDB Hunt Algorithm.


 

All algorithms that contain this hash will be displayed in a chooser box. The chooser box can be used to directly select the algorithm for HashDB to use. If Cancel is selected no algorithm will be selected.



Dynamic Import Address Table Hash Scanning

Instead of resolving API hashes individually (inline in code) some malware developers will create a block of import hashes in memory. These hashes are then all resolved within a single function creating a dynamic import address table which is later referenced in the code. In these scenarios the HashDB Scan IAT function can be used.


 

Simply select the import hash block, right-click and choose HashDB Scan IAT. HashDB will attempt to resolve each individual integer type (DWORD/QWORD) in the selected range.


Installing HashDB

Before using the plugin you must install the python requests module in your IDA environment. The simplest way to do this is to use pip from a shell outside of IDA.
pip install requests

Once you have the requests module installed simply copy the latest release of hashdb.py into your IDA plugins directory and you are ready to start looking up hashes!


Compatibility Issues

The HashDB plugin has been developed for use with the IDA 7+ and Python 3 it is not backwards compatible.

Related articles

  1. Hacking Tools For Mac
  2. Tools 4 Hack
  3. Pentest Automation Tools
  4. Hacker Tools Free
  5. Pentest Reporting Tools
  6. Hack Tools For Mac
  7. Pentest Tools Kali Linux
  8. Hacking Tools Windows 10
  9. Beginner Hacker Tools
  10. Hacking Apps
  11. Game Hacking
  12. Hacker Tools Linux
  13. Hack App
  14. Hack Tool Apk
  15. New Hacker Tools
  16. Pentest Tools Apk
  17. Hack Website Online Tool
  18. Pentest Tools Kali Linux
  19. Blackhat Hacker Tools
  20. Hacking Tools 2020
  21. Hacker Tools Apk Download
  22. Hack Apps
  23. Hackers Toolbox
  24. Pentest Tools List
  25. Tools For Hacker
  26. Github Hacking Tools
  27. Hacking Tools And Software
  28. Hacking Tools For Mac
  29. Computer Hacker
  30. Free Pentest Tools For Windows
  31. Hacking Tools For Kali Linux
  32. Hacker Hardware Tools
  33. Pentest Tools Android
  34. Hack Tools
  35. Hack Tools For Ubuntu
  36. Hack Tools
  37. Pentest Tools Subdomain
  38. Pentest Tools
  39. Pentest Tools Subdomain
  40. Pentest Tools Review
  41. Tools 4 Hack
  42. Nsa Hack Tools
  43. Best Hacking Tools 2019
  44. Wifi Hacker Tools For Windows
  45. Pentest Reporting Tools
  46. Hack Tools For Ubuntu
  47. What Is Hacking Tools
  48. Hacking Tools Usb
  49. Hacker Tools Hardware
  50. Pentest Tools For Mac
  51. Hack Tools
  52. Hacks And Tools
  53. Hack Tools Online
  54. Hacker Tools Free Download
  55. Kik Hack Tools
  56. New Hack Tools
  57. Pentest Tools Apk
  58. Hack Tools Download
  59. Underground Hacker Sites
  60. Hacker Tools Linux
  61. Pentest Tools Android
  62. Pentest Reporting Tools
  63. Usb Pentest Tools
  64. Hacker Tools Github
  65. Hack Tools Pc
  66. Hacking Tools Free Download
  67. Hacker Tools For Ios
  68. Hacking Tools Software
  69. Physical Pentest Tools
  70. Hacker Tool Kit
  71. Hacking Tools Hardware
  72. Hacker Tools For Pc
  73. Hacker Tools Apk Download
  74. Hacker Tools For Mac
  75. Usb Pentest Tools
  76. Hacker Tools Mac
  77. Game Hacking
  78. Nsa Hacker Tools
  79. Hacker Tools Software
  80. Pentest Tools Online
  81. Pentest Tools Free
  82. Pentest Tools Tcp Port Scanner
  83. Github Hacking Tools
  84. Hack Tools For Windows
  85. Pentest Tools Url Fuzzer
  86. Hacking Tools Hardware
  87. Hack Tools Github
  88. How To Hack
  89. Computer Hacker
  90. Pentest Tools Url Fuzzer
  91. Hacker Techniques Tools And Incident Handling
  92. Pentest Tools List
  93. Hacking Tools For Games
  94. Pentest Tools Linux
  95. Hacking Tools Windows
  96. Hack Tools For Windows
  97. Pentest Tools Website Vulnerability
  98. Best Hacking Tools 2019
  99. Pentest Tools Online
  100. Hacking Tools For Windows Free Download
  101. Pentest Tools Linux
  102. Hacking Tools Github
  103. Computer Hacker
  104. Hackrf Tools
  105. Nsa Hacker Tools
  106. Hacking Tools
  107. Hacker Tools Apk
  108. Hack Tools For Windows
  109. Hacker Tools For Mac
  110. Pentest Tools Bluekeep
  111. Hak5 Tools
  112. Hack Apps
  113. Pentest Tools Android
  114. Hacking Tools 2019
  115. Nsa Hack Tools Download
  116. Hacker Tools Hardware
  117. Pentest Tools Github
  118. Hacker Tools For Pc
  119. Hacks And Tools
  120. Tools For Hacker
  121. Pentest Tools Online
  122. Hacker Tools Apk
  123. How To Hack
  124. Install Pentest Tools Ubuntu
  125. Hacking Tools Kit
  126. Nsa Hack Tools Download
  127. Hacking Tools Kit
  128. Hacking Tools Windows
  129. Hack Tools 2019
  130. Hacker Tools Hardware
  131. Hack Tool Apk No Root
  132. Hacking Tools For Games
  133. Hacking Tools Kit
  134. Hacker Tools Free Download
  135. Hacker Tools List
  136. Easy Hack Tools
  137. Hacking Tools
  138. Underground Hacker Sites
  139. Hacking Tools Pc
  140. Pentest Tools Website Vulnerability
  141. Hak5 Tools
Posted by

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)