IDA Pro's FindCrypt ported to Ghidra, with an updated and customizable signature database
This update brings a new feature developed by Pawlos:
You can now scan for fragmented constants (incomplete but still detectable) as well as being able to scan code referencing such crypto constants (setting them on runtime).
This will increase the scan time, but quality of the results produced should be more important than the time it may require to scan, at least for this project ;)
Additionally, the whole project is now able to run in headless mode.
It is mandatory to update if you download the new database, as its structure changed a little bit; or you can keep the previus version of this script with its previous version of the database (check below this release entry: 1.4).
This update introduced the GZip compression and a couple of post-push oopsies by the author.
The database now supports and actively uses GZip compression for constants bigger than 20 bytes by default. Please download and update your version with this one, the database can be either manually updated or leave the script do it automatically (requires internet connection).
Happy hacking and keep the Issues up to date!
This version enforces the script version internally, allowing users to only update "FindCrypt.java" instead of also having to replace the "findcrypt_ghidra" directory. It also fixes a couple of bugs (database being loaded multiple times is the most important one)
From now, you only need to download and replace the script, in your Ghidra's script directory.
This release marks the extended functioning and stable version (at least for the tests I managed to perform during my jobs, using this script).
The version is tested on Windows (10), using Ghidra 9.0.1 (Latest version at the time of writing).
Please download the whole repository this time, as the script itself is very much different and future updates may also change the structure of the database (that you may want to keep updated).
If you do not wish to follow this update and keep the older version, do not install updates from now; notice, database structure may be changed in the future and older versions of the script may not be able to read from it.
I'm glad you landed on this page :)
Since you're about to download FindCrypt-Ghidra, I'd love to remind you that if you meet any problem or have any suggestion, please, write it into the issues tab.
Please follow the installation steps written in the README, if you're using Linux, I'm not sure but it should work.
The version you're about to use does not contain the database automatic update system, therefore you might want to checkout this repository often if you want better results in the future