A high-performance Rust utility for scanning Unreal Engine executables to locate AES keys through pattern matching and entropy analysis.
Features • Quick Start • Usage • How It Works • Building
- ✨ Advanced signature scanning with wildcard support (
C7/?? byte patterns) - 🔑 Intelligent extraction of 32-byte hex keys from matched patterns
- 📊 Shannon entropy analysis for candidate ranking
- 🎨 Rich console output with color-coded results
- 🛡️ Built-in false positive filtering
- 🪢 Unreal Engine 4.17-5.4 Supported
- Rust (stable channel)
- MSVC toolchain (via Visual Studio Build Tools or Visual Studio)
- Install Rust from rustup.rs
- Clone the repository:
git clone https://github.com/yuhkix/aesdumpster-rs cd aesdumpster-rs - Build the project:
cargo build --release
# Single file analysis
.\target\release\aesdumpster.exe C:\path\to\Game-Win64-Shipping.exe
# Multiple file analysis
.\target\release\aesdumpster.exe C:\path\to\First.exe C:\path\to\Second.exeEach analyzed file produces color-coded results based on entropy scoring:
| Entropy Range | Color | Likelihood |
|---|---|---|
| ≥3.7 | Bright Green | Highest |
| 3.5-3.7 | Bright Yellow | High |
| 3.4-3.5 | Dark Yellow | Medium |
| 3.3-3.4 | Bright Red | Low |
Example output:
Key: 0x0123ABCD... | Key Entropy: 3.72
-
Signature Scanner
- Pattern matching engine with wildcard support
- Optimized for Unreal Engine code patterns
-
Key Assembly
- Concatenates 8 DWORDs into 32-byte keys
- Intelligent offset handling
-
Entropy Analysis
- Shannon entropy calculation
- Adaptive threshold system
The tool employs Shannon's entropy formula to evaluate the randomness of potential keys. For a sequence of bytes, the entropy H is calculated as:
H = -∑(pᵢ × log₂(pᵢ))
Where:
- H is the Shannon entropy in bits
- pᵢ is the probability of byte i occurring in the sequence
- ∑ represents the sum over all possible byte values (0-255)
For a 32-byte key sequence:
- Calculate frequency distribution f(x) for each byte value
- Compute probability p(x) = f(x)/32 for each byte
- Apply the entropy formula
- Normalize result to range [0,4]
High-quality AES keys typically exhibit entropy values ≥3.7, indicating strong randomness.
aesdumpster-rs/
├── src/
│ ├── main.rs # Core execution logic
│ ├── other_tools.rs # File & console utilities
│ └── key_dumpster.rs # Scanner & analysis engine
windows- Windows API bindings for console manipulation
# Debug build
cargo build
# Release build
cargo build --release- Original AESDumpster by GHFear @ IllusorySoftware
- Rust implementation focusing on memory safety and performance
This tool is intended for legitimate research, debugging, and forensics purposes. Users must ensure they have appropriate rights to analyze target binaries. The authors and contributors accept no responsibility for misuse.