hellman / xortool Goto Github PK
View Code? Open in Web Editor NEWA tool to analyze multi-byte xor cipher
A tool to analyze multi-byte xor cipher
I have this example:
flag{
⊕ fe9xw
= 0x0009581F0C
When I try to brute force with a known key length - can't find the solution:
$ cat xor2.hex
0009581F0C
$ xortool -b -l 5 -x xor2.hex
256 possible key(s) of length 5:
\x00\tX\x1f\x0c
\x01\x08Y\x1e\r
\x02\x0bZ\x1d\x0e
\x03\n[\x1c\x0f
\x04\r\\\x1b\x08
...
Found 100 plaintexts with 95%+ valid characters
See files filename-key.csv, filename-char_used-perc_valid.csv
grep flag xortool_out/* -r
$
$ xortool -o -l 5 -x xor2.hex
100 possible key(s) of length 5:
09h/<
18i.=
2;j->
3:k,?
4=l+8
...
Found 100 plaintexts with 95%+ valid characters
See files filename-key.csv, filename-char_used-perc_valid.csv
grep flag xortool_out/* -r
$
What am I doing wrong?
root@kali:~/xortool# python xortool.py -x input.txt
The most probable key lengths:
Traceback (most recent call last):
File "xortool.py", line 360, in <module>
main()
File "xortool.py", line 40, in main
update_key_length(ciphertext)
File "xortool.py", line 95, in update_key_length
PARAMETERS["known_key_length"] = guess_key_length(text)
File "xortool.py", line 105, in guess_key_length
print_fitnesses(fitnesses)
File "xortool.py", line 140, in print_fitnesses
best_fitness = top10[0][1]
IndexError: list index out of range
input.txt:
C3601C8A477E
Not working properly on Python 3.7
even with this patch #16
eg:
art3mk@akmac:xortool$ xortool encryptedtext -l 24 -c 20
2 possible key(s) of length 24:
\n\x0c\x1a\x1e\x11\x10\x11\x06\x12\x16\x05\x1a\r\x0c\x16\x0c\r\x16\x18\x17\x0b\x08\x1e\x06
\n\x0c\x1a\x1e\x11\x10\x11\x06\x12\x16\x05\x1a\r\x0c\x16\x0c\r\x16\x18\x17\x0b2\x1e\x06
Traceback (most recent call last):
File "/usr/local/bin/xortool", line 381, in
main()
File "/usr/local/bin/xortool", line 71, in main
produce_plaintexts(ciphertext, probable_keys, key_char_used)
File "/usr/local/bin/xortool", line 349, in produce_plaintexts
key_repr = alphanum(key)
File "/usr/local/lib/python3.7/site-packages/xortool/routine.py", line 95, in alphanum
if char in (string.letters + string.digits):
AttributeError: module 'string' has no attribute 'letters'
after changing "letters" to "ascii_letters"
art3mk@akmac:xortool$ xortool encryptedtext -l 24 -c 20
2 possible key(s) of length 24:
\n\x0c\x1a\x1e\x11\x10\x11\x06\x12\x16\x05\x1a\r\x0c\x16\x0c\r\x16\x18\x17\x0b\x08\x1e\x06
\n\x0c\x1a\x1e\x11\x10\x11\x06\x12\x16\x05\x1a\r\x0c\x16\x0c\r\x16\x18\x17\x0b2\x1e\x06
Traceback (most recent call last):
File "/usr/local/bin/xortool", line 381, in
main()
File "/usr/local/bin/xortool", line 71, in main
produce_plaintexts(ciphertext, probable_keys, key_char_used)
File "/usr/local/bin/xortool", line 349, in produce_plaintexts
key_repr = alphanum(key)
File "/usr/local/lib/python3.7/site-packages/xortool/routine.py", line 97, in alphanum
lst[index] = char.encode("hex")
LookupError: 'hex' is not a text encoding; use codecs.encode() to handle arbitrary codecs
xortool_out folder files are empty (just headers in there)
Here chars_count[char]
expected to be greater or equal to max_count
, when max_count
contains maximum of all values in chars_count
meaning it cannot be greater than max_count
. What is an expected behavior here?
I get an error importing the name COLORS from xortool.colors, it appears that COLORS is not defined in the file
Traceback (most recent call last):
File "xortool", line 55, in
from xortool.colors import (
ImportError: cannot import name 'COLORS' from 'xortool.colors' (C:\Users\jmccl\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.8_qbz5n2kfra8p0\LocalCache\local-packages\Python38\site-packages\xortool\colors.py)
Traceback (most recent call last):
File "/python/bin/xortool-xor", line 117, in <module>
main()
File "/python/bin/xortool-xor", line 51, in main
sys.stdout.write(xor(datas, nocycle=nocycle))
File "/python/bin/xortool-xor", line 66, in xor
for i in xrange(maxlen):
NameError: name 'xrange' is not defined
xrange
was replaced by range
in Python 3
When I try to use the -c
or -b
or -o
parameter I am getting a Type Error saying:
➜ xortool encrypted -l 9 -o
Traceback (most recent call last):
File "/bin/xortool", line 381, in <module>
main()
File "/bin/xortool", line 68, in main
key_char_used) = guess_probable_keys_for_chars(ciphertext, try_chars)
File "/bin/xortool", line 252, in guess_probable_keys_for_chars
keys = guess_keys(text, c)
File "/bin/xortool", line 274, in guess_keys
key_possible_bytes[offset].append(chr(ord(char) ^ most_char))
TypeError: ord() expected string of length 1, but int found
I have tried to use it like xortool encrypted -l 9 -c 00
.
Also tried xortool encrypted -l 9 -c 20
but it all results in the Type error
I did a simple "pip3 install xortool" and then tried to execute it:
$ xortool --help
Traceback (most recent call last):
File "/usr/local/bin/xortool", line 5, in <module>
from xortool.tool_main import main
File "/usr/local/lib/python3.8/dist-packages/xortool/__init__.py", line 1, in <module>
from importlib_metadata import version
ModuleNotFoundError: No module named 'importlib_metadata'
After manually installing importlib-metadata
it works.
So it seems the dependency is missing, and pip3 does not automatically install that.
after using xortool-xor the xored generated file is one byte longer and "tail -c 1 xored| xxd -p" shows "0a".
Assumptions:
I tried installing this on windows with easy_install xortool
which succeeded but the xortool command is not recognised. If I try to run it from c:\Python27\Scripts, Windows tries to open the file in a text editor.
Python is version 2.7. Running on Windows 10 in a Virtualbox VM using Powershell.
My command under latest Kali is:
xortool -x -c ' ' xor.hex
The error i get is:
Traceback (most recent call last):
File "/usr/local/bin/xortool", line 396, in
main()
File "/usr/local/bin/xortool", line 65, in main
ciphertext = get_ciphertext()
File "/usr/local/bin/xortool", line 108, in get_ciphertext
ciphertext = decode_from_hex(ciphertext)
File "/usr/local/lib/python2.7/dist-packages/xortool/routine.py", line 56, in decode_from_hex
return bytes.fromhex(only_hex_digits)
AttributeError: type object 'str' has no attribute 'fromhex'
Running xortool
in the command prompt only returns 'xortool' is not recognized as an internal or external command, operable program or batch file.
I have python 3.8 and the latest version of pip.
Hi,
You should add in the install pre-requisite that docopt is necessary to use xortool.
Otherwise you get:
Traceback (most recent call last):
File "/usr/local/bin/xortool", line 39, in
from xortool.args import parse_parameters, ArgError
File "/usr/local/lib/python2.7/dist-packages/xortool/args.py", line 4, in
from docopt import docopt
ImportError: No module named docopt
Simply installing docopt solves the issue:
pip install docopt
Hi there, i have a problem - can't decrypt/find key. Example:
xor string in 1.txt is 090a160a177e0b0f7c60 (clear text is PASSWORD99 encrypted with key YKEY@1)
But when i'm trying to find key, i'm getting nothing.
xortool -l 6 -c 20 1.txt
36 possible key(s) of length 6:
\x10\x19\x10A\x17\x16
\x10\x19\x10A\x17E
\x10\x19\x10A\x17C
\x10\x19\x10\x17\x17\x16
\x10\x19\x10\x17\x17E
...
Found 36 plaintexts with 95%+ valid characters
See files filename-key.csv, filename-char_used-perc_valid.csv
filename-key.csv data:
file_name;key_repr
xortool_out/00.out;b'\x10\x19\x10A\x17\x16'
xortool_out/01.out;b'\x10\x19\x10A\x17E'
xortool_out/02.out;b'\x10\x19\x10A\x17C'
xortool_out/03.out;b'\x10\x19\x10\x17\x17\x16'
xortool_out/04.out;b'\x10\x19\x10\x17\x17E'
xortool_out/05.out;b'\x10\x19\x10\x17\x17C'
xortool_out/06.out;b'\x10\x19\x10F\x17\x16'
xortool_out/07.out;b'\x10\x19\x10F\x17E'
xortool_out/08.out;b'\x10\x19\x10F\x17C'
xortool_out/09.out;b'\x10A\x10A\x17\x16'
xortool_out/10.out;b'\x10A\x10A\x17E'
xortool_out/11.out;b'\x10A\x10A\x17C'
xortool_out/12.out;b'\x10A\x10\x17\x17\x16'
xortool_out/13.out;b'\x10A\x10\x17\x17E'
xortool_out/14.out;b'\x10A\x10\x17\x17C'
xortool_out/15.out;b'\x10A\x10F\x17\x16'
xortool_out/16.out;b'\x10A\x10F\x17E'
xortool_out/17.out;b'\x10A\x10F\x17C'
xortool_out/18.out;b'\x10B\x10A\x17\x16'
xortool_out/19.out;b'\x10B\x10A\x17E'
xortool_out/20.out;b'\x10B\x10A\x17C'
xortool_out/21.out;b'\x10B\x10\x17\x17\x16'
xortool_out/22.out;b'\x10B\x10\x17\x17E'
xortool_out/23.out;b'\x10B\x10\x17\x17C'
xortool_out/24.out;b'\x10B\x10F\x17\x16'
xortool_out/25.out;b'\x10B\x10F\x17E'
xortool_out/26.out;b'\x10B\x10F\x17C'
xortool_out/27.out;b'\x10\x10\x10A\x17\x16'
xortool_out/28.out;b'\x10\x10\x10A\x17E'
xortool_out/29.out;b'\x10\x10\x10A\x17C'
xortool_out/30.out;b'\x10\x10\x10\x17\x17\x16'
xortool_out/31.out;b'\x10\x10\x10\x17\x17E'
xortool_out/32.out;b'\x10\x10\x10\x17\x17C'
xortool_out/33.out;b'\x10\x10\x10F\x17\x16'
xortool_out/34.out;b'\x10\x10\x10F\x17E'
xortool_out/35.out;b'\x10\x10\x10F\x17C'
As you see, there is no key YKEY@1 and no plain text PASSWORD99
What i'm doing wrong?
Please don't put newline chars at EOF, I would like to xor a binary file. Thanks.
The most probable key lengths:
2: 13.3%
4: 15.2%
6: 11.4%
8: 13.8%
10: 7.3%
12: 9.4%
14: 7.7%
16: 11.7%
24: 5.0%
32: 5.3%
Key-length can be 4*n
256 possible key(s) of length 4:
2104
3015
0326
1237
6540
...
Traceback (most recent call last):
File "/home/vrea/.local/bin/xortool", line 8, in
sys.exit(main())
File "/home/vrea/.local/lib/python3.8/site-packages/xortool/tool_main.py", line 105, in main
produce_plaintexts(ciphertext, probable_keys, key_char_used)
File "/home/vrea/.local/lib/python3.8/site-packages/xortool/tool_main.py", line 397, in produce_plaintexts
print(fmt.format(count_valid, round(threshold_valid), **COLORS))
ValueError: expected '}' before end of string
root@Mamont:/usr/src/hackaton# xortool -b -l 18 fragment.txt.enc
Traceback (most recent call last): File "/usr/local/bin/xortool", line 399, in main() File "/usr/local/bin/xortool", line 81, in main key_char_used) = guess_probable_keys_for_chars(ciphertext, try_chars) File "/usr/local/bin/xortool", line 265, in guess_probable_keys_for_chars keys = guess_keys(text, c) File "/usr/local/bin/xortool", line 287, in guess_keys key_possible_bytes[offset].append(chr(ord(char) ^ most_char)) TypeError: ord() expected string of length 1, but int found root@Mamont:/usr/src/hackaton#
without -b or -c it works fine.
I already type this on the terminal
python3 -m pip install xortool
then i want to use it, but it says xortool: command not found
Would you help me? Thx
(I'm using python 3.8 and linux)
Hi,
This project is really great, but personnaly I would love to have the xor script that you talk about (you don't give it, if I don't missed anything)
Thanks!
Hi,
I'm sorry, but my pull request #15 was incomplete. What makes -c
work with Python 3.5 is the following patch:
diff --git a/xortool/routine.py b/xortool/routine.py
index 98f353a..9e760f1 100644
--- a/xortool/routine.py
+++ b/xortool/routine.py
@@ -76,7 +76,7 @@ def dexor(text, key):
ret = list(text)
mod = len(key)
for index, char in enumerate(ret):
- ret[index] = chr(ord(char) ^ ord(key[index % mod]))
+ ret[index] = chr(char ^ ord(key[index % mod]))
return "".join(ret)
diff --git a/xortool/xortool b/xortool/xortool
index c9fd0aa..2fcbc97 100755
--- a/xortool/xortool
+++ b/xortool/xortool
@@ -271,7 +271,7 @@ def guess_keys(text, most_char):
max_count = max(chars_count.values())
for char in chars_count:
if chars_count[char] >= max_count:
- key_possible_bytes[offset].append(chr(ord(char) ^ most_char))
+ key_possible_bytes[offset].append(chr(char ^ most_char))
return all_keys(key_possible_bytes)
@@ -358,7 +358,7 @@ def produce_plaintexts(ciphertext, keys, key_char_used):
repr(key_char_used[key]),
perc))
f = open(file_name, "wb")
- f.write(dexored)
+ f.write(dexored.encode())
f.close()
key_mapping.close()
perc_mapping.close()
Unfortunately (at least) the first two hunks break Python 2 compatibility and so far I haven't figured out how to make it work with both Python generations.
And I'm not 100% sure if appending that .encode()
is the correct fix, but at least I get the same results on the same input data plus command-line parameters.
$ xortool ~/file -l 4 -c 00
Most possible char is needed to guess the key!
$ xortool ~/file -l 4 -c '\x00'
Most possible char is needed to guess the key!
Looking at parameters:
{'filename': '/Users/captchaflag/file', 'brute_chars': False, 'most_frequent_char': 0, 'frequency_spread': 0, 'max_key_length': 65, 'known_key_length': 4, 'input_is_hex': False, 'brute_printable': False}
Looking at code:
if PARAMETERS["brute_chars"]:
try_chars = range(256)
elif PARAMETERS["brute_printable"]:
try_chars = map(ord, string.printable)
elif PARAMETERS["most_frequent_char"]:
try_chars = [PARAMETERS["most_frequent_char"]]
else:
die(C_WARN +
"Most possible char is needed to guess the key!" +
C_RESET)
value of 0 is evaluating to False
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.