Draft Crypto Analyzer
May 7, 2003
This project is obsolete. It is not maintained any longer and is provided here for reference only.
Draft Crypto Analyzer (DRACA) is a tool to perform preliminary detection and analysis of crypto algorithms within executables. It will save your time by giving you a rough idea of what kind of algorithms to look at without actual spending time on decompilation and code analysis. It will let you concentrate on cryptographic issues instead of reverse engineering.
Please note that the results, given by DRACA, means nothing without being carefully interpreted with further analysis. DRACA is not a silver bullet and cannot think instead of a man.
Currently DRACA implemented as a command line utility for 80x86/Win32; however, it can analyze Unix ELF binaries, Java applets as well as 16- and 32-bits DOS, Windows executables.
Download zip archive and unpack it to any directory of your choice. It is better to choose the directory listed in PATH for your convenience. There are two files should be created: draca.exe and draca.ovl. Run draca.exe with the name of a file you would like to analyze specified as a command line parameter. The analysis result will be a list of detected algorithms with percents ratio of recognition. The higher percentage, the better identification.
DRACA will not accurately analyze packed executables because it is not a cracking tool. Please unpack such files somehow else shall you need to examine them.
DRACA will probably never detect RSA or any other asymmetric encryption algorithms as well as a clear XOR confusion. At least no such features on a to-do list soon.
For a moment DRACA can (or cannot) recognize the following algorithms: CRC32, RC5, RC6, RC2, TEA, MD5, Ripemd-160, Tiger, Skipjack, DES, Blowfish, Twofish, Safer, MARS, CAST-256, AES (Rijndael), SHA-1
DRACA is completely free for non-commercial use.
- DRACA Version 0.5.7b (zip, 99 Kb)