Two things:

Thomas Ptacek | January 25th, 2006 | Filed Under: Navel Gazing, Reversing

First: looking for the AES CBC IV your reversing target is using? Open up Ollydbg, attach to the process, hit ‘M’ for the memory map, right click, ‘Search’, and look for “E6 AB AB 4D”. It’s an AES S-Box. No hits? Try some of the others. Remember, these are backwards for LE. Your memory breakpoint will probably hit in the lowest-level AES transform function. Hit ‘K’ for the stack trace and jump up one or two.

Second: I changed the blog template. Hate me later, I’m busy now.