hellman / xortool Goto Github PK

I have this example:

flag{ ⊕ fe9xw = 0x0009581F0C

When I try to brute force with a known key length - can't find the solution:

$ cat xor2.hex 
0009581F0C

$ xortool -b -l 5 -x xor2.hex 
256 possible key(s) of length 5:
\x00\tX\x1f\x0c
\x01\x08Y\x1e\r
\x02\x0bZ\x1d\x0e
\x03\n[\x1c\x0f
\x04\r\\\x1b\x08
...
Found 100 plaintexts with 95%+ valid characters
See files filename-key.csv, filename-char_used-perc_valid.csv

grep flag xortool_out/* -r
$

$ xortool -o -l 5 -x xor2.hex 
100 possible key(s) of length 5:
09h/<
18i.=
2;j->
3:k,?
4=l+8
...
Found 100 plaintexts with 95%+ valid characters
See files filename-key.csv, filename-char_used-perc_valid.csv

grep flag xortool_out/* -r
$

What am I doing wrong?

root@kali:~/xortool# python xortool.py -x input.txt
The most probable key lengths:
Traceback (most recent call last):
  File "xortool.py", line 360, in <module>
    main()
  File "xortool.py", line 40, in main
    update_key_length(ciphertext)
  File "xortool.py", line 95, in update_key_length
    PARAMETERS["known_key_length"] = guess_key_length(text)
  File "xortool.py", line 105, in guess_key_length
    print_fitnesses(fitnesses)
  File "xortool.py", line 140, in print_fitnesses
    best_fitness = top10[0][1]
IndexError: list index out of range

input.txt:

C3601C8A477E

Not working properly on Python 3.7
even with this patch #16

eg:
art3mk@akmac:xortool$ xortool encryptedtext -l 24 -c 20
2 possible key(s) of length 24:
\n\x0c\x1a\x1e\x11\x10\x11\x06\x12\x16\x05\x1a\r\x0c\x16\x0c\r\x16\x18\x17\x0b\x08\x1e\x06
\n\x0c\x1a\x1e\x11\x10\x11\x06\x12\x16\x05\x1a\r\x0c\x16\x0c\r\x16\x18\x17\x0b2\x1e\x06
Traceback (most recent call last):
File "/usr/local/bin/xortool", line 381, in
main()
File "/usr/local/bin/xortool", line 71, in main
produce_plaintexts(ciphertext, probable_keys, key_char_used)
File "/usr/local/bin/xortool", line 349, in produce_plaintexts
key_repr = alphanum(key)
File "/usr/local/lib/python3.7/site-packages/xortool/routine.py", line 95, in alphanum
if char in (string.letters + string.digits):
AttributeError: module 'string' has no attribute 'letters'

after changing "letters" to "ascii_letters"

art3mk@akmac:xortool$ xortool encryptedtext -l 24 -c 20
2 possible key(s) of length 24:
\n\x0c\x1a\x1e\x11\x10\x11\x06\x12\x16\x05\x1a\r\x0c\x16\x0c\r\x16\x18\x17\x0b\x08\x1e\x06
\n\x0c\x1a\x1e\x11\x10\x11\x06\x12\x16\x05\x1a\r\x0c\x16\x0c\r\x16\x18\x17\x0b2\x1e\x06
Traceback (most recent call last):
File "/usr/local/bin/xortool", line 381, in
main()
File "/usr/local/bin/xortool", line 71, in main
produce_plaintexts(ciphertext, probable_keys, key_char_used)
File "/usr/local/bin/xortool", line 349, in produce_plaintexts
key_repr = alphanum(key)
File "/usr/local/lib/python3.7/site-packages/xortool/routine.py", line 97, in alphanum
lst[index] = char.encode("hex")
LookupError: 'hex' is not a text encoding; use codecs.encode() to handle arbitrary codecs

xortool_out folder files are empty (just headers in there)

Here chars_count[char] expected to be greater or equal to max_count, when max_count contains maximum of all values in chars_count meaning it cannot be greater than max_count . What is an expected behavior here?

I get an error importing the name COLORS from xortool.colors, it appears that COLORS is not defined in the file

Traceback (most recent call last):
File "xortool", line 55, in
from xortool.colors import (
ImportError: cannot import name 'COLORS' from 'xortool.colors' (C:\Users\jmccl\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.8_qbz5n2kfra8p0\LocalCache\local-packages\Python38\site-packages\xortool\colors.py)

Traceback (most recent call last):
  File "/python/bin/xortool-xor", line 117, in <module>
    main()
  File "/python/bin/xortool-xor", line 51, in main
    sys.stdout.write(xor(datas, nocycle=nocycle))
  File "/python/bin/xortool-xor", line 66, in xor
    for i in xrange(maxlen):
NameError: name 'xrange' is not defined

xrange was replaced by range in Python 3

When I try to use the -c or -b or -o parameter I am getting a Type Error saying:

➜ xortool encrypted -l 9 -o
Traceback (most recent call last):
  File "/bin/xortool", line 381, in <module>
    main()
  File "/bin/xortool", line 68, in main
    key_char_used) = guess_probable_keys_for_chars(ciphertext, try_chars)
  File "/bin/xortool", line 252, in guess_probable_keys_for_chars
    keys = guess_keys(text, c)
  File "/bin/xortool", line 274, in guess_keys
    key_possible_bytes[offset].append(chr(ord(char) ^ most_char))
TypeError: ord() expected string of length 1, but int found

I have tried to use it like xortool encrypted -l 9 -c 00.
Also tried xortool encrypted -l 9 -c 20 but it all results in the Type error

I did a simple "pip3 install xortool" and then tried to execute it:

$ xortool --help
Traceback (most recent call last):
  File "/usr/local/bin/xortool", line 5, in <module>
    from xortool.tool_main import main
  File "/usr/local/lib/python3.8/dist-packages/xortool/__init__.py", line 1, in <module>
    from importlib_metadata import version
ModuleNotFoundError: No module named 'importlib_metadata'

After manually installing importlib-metadata it works.

So it seems the dependency is missing, and pip3 does not automatically install that.

after using xortool-xor the xored generated file is one byte longer and "tail -c 1 xored| xxd -p" shows "0a".

Assumptions:

• constant key
• but: the scrambled data is not aligned to scrambling key. I mean that xor block size can be for example integer count of bytes, but plaintext symbol may occupy 6 bits, 7 bits, 13 bits, etc.
• the underlying data is integers, so there may be lot of zero-bits in the plaintext.
• endianness is known

I tried installing this on windows with easy_install xortool which succeeded but the xortool command is not recognised. If I try to run it from c:\Python27\Scripts, Windows tries to open the file in a text editor.

Python is version 2.7. Running on Windows 10 in a Virtualbox VM using Powershell.

My command under latest Kali is:
xortool -x -c ' ' xor.hex

The error i get is:
Traceback (most recent call last):
File "/usr/local/bin/xortool", line 396, in
main()
File "/usr/local/bin/xortool", line 65, in main
ciphertext = get_ciphertext()
File "/usr/local/bin/xortool", line 108, in get_ciphertext
ciphertext = decode_from_hex(ciphertext)
File "/usr/local/lib/python2.7/dist-packages/xortool/routine.py", line 56, in decode_from_hex
return bytes.fromhex(only_hex_digits)
AttributeError: type object 'str' has no attribute 'fromhex'

Running xortool in the command prompt only returns 'xortool' is not recognized as an internal or external command, operable program or batch file.
I have python 3.8 and the latest version of pip.

Hi,
You should add in the install pre-requisite that docopt is necessary to use xortool.
Otherwise you get:

Traceback (most recent call last):
File "/usr/local/bin/xortool", line 39, in
from xortool.args import parse_parameters, ArgError
File "/usr/local/lib/python2.7/dist-packages/xortool/args.py", line 4, in
from docopt import docopt
ImportError: No module named docopt

Simply installing docopt solves the issue:

pip install docopt


Hi there, i have a problem - can't decrypt/find key. Example:
xor string in 1.txt is 090a160a177e0b0f7c60 (clear text is PASSWORD99 encrypted with key YKEY@1)
But when i'm trying to find key, i'm getting nothing.

xortool -l 6 -c 20 1.txt
36 possible key(s) of length 6:
\x10\x19\x10A\x17\x16
\x10\x19\x10A\x17E
\x10\x19\x10A\x17C
\x10\x19\x10\x17\x17\x16
\x10\x19\x10\x17\x17E
...
Found 36 plaintexts with 95%+ valid characters
See files filename-key.csv, filename-char_used-perc_valid.csv

filename-key.csv data:

file_name;key_repr
xortool_out/00.out;b'\x10\x19\x10A\x17\x16'
xortool_out/01.out;b'\x10\x19\x10A\x17E'
xortool_out/02.out;b'\x10\x19\x10A\x17C'
xortool_out/03.out;b'\x10\x19\x10\x17\x17\x16'
xortool_out/04.out;b'\x10\x19\x10\x17\x17E'
xortool_out/05.out;b'\x10\x19\x10\x17\x17C'
xortool_out/06.out;b'\x10\x19\x10F\x17\x16'
xortool_out/07.out;b'\x10\x19\x10F\x17E'
xortool_out/08.out;b'\x10\x19\x10F\x17C'
xortool_out/09.out;b'\x10A\x10A\x17\x16'
xortool_out/10.out;b'\x10A\x10A\x17E'
xortool_out/11.out;b'\x10A\x10A\x17C'
xortool_out/12.out;b'\x10A\x10\x17\x17\x16'
xortool_out/13.out;b'\x10A\x10\x17\x17E'
xortool_out/14.out;b'\x10A\x10\x17\x17C'
xortool_out/15.out;b'\x10A\x10F\x17\x16'
xortool_out/16.out;b'\x10A\x10F\x17E'
xortool_out/17.out;b'\x10A\x10F\x17C'
xortool_out/18.out;b'\x10B\x10A\x17\x16'
xortool_out/19.out;b'\x10B\x10A\x17E'
xortool_out/20.out;b'\x10B\x10A\x17C'
xortool_out/21.out;b'\x10B\x10\x17\x17\x16'
xortool_out/22.out;b'\x10B\x10\x17\x17E'
xortool_out/23.out;b'\x10B\x10\x17\x17C'
xortool_out/24.out;b'\x10B\x10F\x17\x16'
xortool_out/25.out;b'\x10B\x10F\x17E'
xortool_out/26.out;b'\x10B\x10F\x17C'
xortool_out/27.out;b'\x10\x10\x10A\x17\x16'
xortool_out/28.out;b'\x10\x10\x10A\x17E'
xortool_out/29.out;b'\x10\x10\x10A\x17C'
xortool_out/30.out;b'\x10\x10\x10\x17\x17\x16'
xortool_out/31.out;b'\x10\x10\x10\x17\x17E'
xortool_out/32.out;b'\x10\x10\x10\x17\x17C'
xortool_out/33.out;b'\x10\x10\x10F\x17\x16'
xortool_out/34.out;b'\x10\x10\x10F\x17E'
xortool_out/35.out;b'\x10\x10\x10F\x17C'

As you see, there is no key YKEY@1 and no plain text PASSWORD99
What i'm doing wrong?

Please don't put newline chars at EOF, I would like to xor a binary file. Thanks.

The most probable key lengths:
2: 13.3%
4: 15.2%
6: 11.4%
8: 13.8%
10: 7.3%
12: 9.4%
14: 7.7%
16: 11.7%
24: 5.0%
32: 5.3%
Key-length can be 4*n
256 possible key(s) of length 4:
2104
3015
0326
1237
6540
...
Traceback (most recent call last):
File "/home/vrea/.local/bin/xortool", line 8, in
sys.exit(main())
File "/home/vrea/.local/lib/python3.8/site-packages/xortool/tool_main.py", line 105, in main
produce_plaintexts(ciphertext, probable_keys, key_char_used)
File "/home/vrea/.local/lib/python3.8/site-packages/xortool/tool_main.py", line 397, in produce_plaintexts
print(fmt.format(count_valid, round(threshold_valid), **COLORS))
ValueError: expected '}' before end of string

root@Mamont:/usr/src/hackaton# xortool -b -l 18 fragment.txt.enc
Traceback (most recent call last): File "/usr/local/bin/xortool", line 399, in main() File "/usr/local/bin/xortool", line 81, in main key_char_used) = guess_probable_keys_for_chars(ciphertext, try_chars) File "/usr/local/bin/xortool", line 265, in guess_probable_keys_for_chars keys = guess_keys(text, c) File "/usr/local/bin/xortool", line 287, in guess_keys key_possible_bytes[offset].append(chr(ord(char) ^ most_char)) TypeError: ord() expected string of length 1, but int found root@Mamont:/usr/src/hackaton#

without -b or -c it works fine.

I already type this on the terminal
python3 -m pip install xortool
then i want to use it, but it says xortool: command not found
Would you help me? Thx
(I'm using python 3.8 and linux)

Hi,

This project is really great, but personnaly I would love to have the xor script that you talk about (you don't give it, if I don't missed anything)

Thanks!

Hi,

I'm sorry, but my pull request #15 was incomplete. What makes -c work with Python 3.5 is the following patch:

diff --git a/xortool/routine.py b/xortool/routine.py
index 98f353a..9e760f1 100644
--- a/xortool/routine.py
+++ b/xortool/routine.py
@@ -76,7 +76,7 @@ def dexor(text, key):
     ret = list(text)
     mod = len(key)
     for index, char in enumerate(ret):
-        ret[index] = chr(ord(char) ^ ord(key[index % mod]))
+        ret[index] = chr(char ^ ord(key[index % mod]))
     return "".join(ret)
 
 
diff --git a/xortool/xortool b/xortool/xortool
index c9fd0aa..2fcbc97 100755
--- a/xortool/xortool
+++ b/xortool/xortool
@@ -271,7 +271,7 @@ def guess_keys(text, most_char):
         max_count = max(chars_count.values())
         for char in chars_count:
             if chars_count[char] >= max_count:
-                key_possible_bytes[offset].append(chr(ord(char) ^ most_char))
+                key_possible_bytes[offset].append(chr(char ^ most_char))
 
     return all_keys(key_possible_bytes)
 
@@ -358,7 +358,7 @@ def produce_plaintexts(ciphertext, keys, key_char_used):
                                                repr(key_char_used[key]),
                                                perc))
         f = open(file_name, "wb")
-        f.write(dexored)
+        f.write(dexored.encode())
         f.close()
     key_mapping.close()
     perc_mapping.close()

Unfortunately (at least) the first two hunks break Python 2 compatibility and so far I haven't figured out how to make it work with both Python generations.

And I'm not 100% sure if appending that .encode() is the correct fix, but at least I get the same results on the same input data plus command-line parameters.

$ xortool ~/file -l 4 -c 00
Most possible char is needed to guess the key!
$ xortool ~/file -l 4 -c '\x00'
Most possible char is needed to guess the key!

Looking at parameters:

{'filename': '/Users/captchaflag/file', 'brute_chars': False, 'most_frequent_char': 0, 'frequency_spread': 0, 'max_key_length': 65, 'known_key_length': 4, 'input_is_hex': False, 'brute_printable': False}

Looking at code:

        if PARAMETERS["brute_chars"]:
            try_chars = range(256)
        elif PARAMETERS["brute_printable"]:
            try_chars = map(ord, string.printable)
        elif PARAMETERS["most_frequent_char"]:
            try_chars = [PARAMETERS["most_frequent_char"]]
        else:
            die(C_WARN +
                "Most possible char is needed to guess the key!" +
                C_RESET)

value of 0 is evaluating to False