Cryfind: Using Static Analysis to Identify Cryptographic Algorithms in Binary Executables

Abstract

In this paper, we present an automatic static tool CryFind to identify cryptographic algorithms in a binary executable. Our main strategy is using string match to search for cryptographic constants and API names. To expand our search range and improve our hit rate, our tool matches strings under different encodings and XOR'ed with different keys, as well as incorporates techniques to extract strings on stack. As a result, we have a more effective and efficient detection tool compared with a wide range of state-of-the-art static analysis tools.