rule mbedtls_iot {
	meta:
		description = "finds iot binaries using mbedtls"
		author = "Chris Hall @LaceworkLabs"
		date = "2021-07-11"
	strings:
		$s1 = "id-at-postalAddress" ascii fullword
		$s2 = "Usage does not match the keyUsage extension" ascii fullword
		$s3 = "id-at-postalCode" ascii fullword
		$s4 = "%s%-18s: %d bits" ascii fullword
		$s5 = "id-ce-keyUsage" ascii fullword
		$s6 = "npxXoudifFeEgGaACScs" ascii fullword
	condition:
		uint16(0) == 0x457f and all of them
}