Proccessed 0.00MB, speed = 0.00 MB/s
Frosty704 opened this issue · 8 comments
Running the aes finder on Fortnite and it says "Proccessed 0.00MB, speed = 0.00 MB/s". Although, I try running it on another program like Chrome and it finds the encryption keys.
See discussion in #10 why this happens with Fortnite process.
Technically aesfinder can find keys in Fortnite, but you'll need to write some extra code to prevent anti-debug features in Fortnite.
See discussion in #10 why this happens with Fortnite process.
Technically aesfinder can find keys in Fortnite, but you'll need to write some extra code to prevent anti-debug features in Fortnite.
Where would I write this code and what would it be?
That depends on actual anti-debug/tamper protections Fortnite uses. I don't know that as I have not analyzed it.
Here are a few popular examples, but in no way these are a comprehensive reference:
http://pferrie.host22.com/papers/antidebug.pdf
https://www.secnews.pl/wp-content/uploads/2011/05/whitepaper_antidebugging.pdf
There are many different ways how these protections could be implemented. You'll need to use disassembler/debugger (IDA/OllyDbg/x64dbg) to analyze what Fortnite uses and how to work around it. After that you'll be able to run run aes-finder on it.
Thanks, i got it to work
It's just that it threatens to ban me if I don't close the anti anti debugger and aes finder
Could you post the steps you did to get it working? So if somebody else has similar issue and founds this topic they can read the solution.
- Downloaded ScyllaHide
https://github.com/x64dbg/ScyllaHide/releases - Put InjectorCLIx64.exe into Release>NtApiTool>x64
- Ran PDBReaderx64.exe
- Opened Fortnite(or whatever you're needing to do this for)
- Injected ScyllaHide via InjectorCLIx64.exe
- Used aes-finder as normal
How do I get the dll path InjectorCLIx64.exe requires?