This project inject a DLL in a running process (Using PID or process name) to hook and intercept call to CryptGenKey. If possible, a null key is imported instead of an unknown random key. The hook is really simple and might not work for every case.
This backdoor can be useful when doing network analysis encrypted with session key from CryptGenKey on a machine controlled by the analyst.
To load the CryptBackdoor in the process and generate a null key, use:
After running this command, running CryptTest.exe processes should now generate the same key on each message.
Small utility that generate a key in loop and encrypt a given plaintext. Used to test the CryptBackdoor loader and DLL.
+ HookLoaderUtility to load a DLL in a process from its name or PID.
DLL that hook to CryptGenKey and generate a weak known key instead of a random key.