hellman / Xortool
Licence: mit
A tool to analyze multi-byte xor cipher
Stars: ✭ 993
Programming Languages
python
139335 projects - #7 most used programming language
Labels
Projects that are alternatives of or similar to Xortool
Sephia Five
A secure and PGP enabled webmail module for Phosphorus Five
Stars: ✭ 21 (-97.89%)
Mutual labels: cryptography
Libpki
Easy-to-use high-level library for PKI-enabled applications
Stars: ✭ 36 (-96.37%)
Mutual labels: cryptography
Powersoftau
An independent implementation of the Powers of Tau MPC ceremony.
Stars: ✭ 32 (-96.78%)
Mutual labels: cryptography
Guardedbox
Online client-side manager for secure storage and secrets sharing.
Stars: ✭ 34 (-96.58%)
Mutual labels: cryptography
Curl Collisions
An implementation of Heilman et al.'s differential attack on IOTA's Curl hashing function.
Stars: ✭ 20 (-97.99%)
Mutual labels: cryptography
Cl Tls
An implementation of TLS and related specifications in Common Lisp
Stars: ✭ 32 (-96.78%)
Mutual labels: cryptography
Cryptoanalysis
CogniCrypt_SAST: CrySL-to-Static Analysis Compiler
Stars: ✭ 36 (-96.37%)
Mutual labels: cryptography
Indurative
Easily create authenticated data structures
Stars: ✭ 30 (-96.98%)
Mutual labels: cryptography
Datasafe
Datasafe - flexible and secure data storage and document sharing using cryptographic message syntax for data encryption
Stars: ✭ 32 (-96.78%)
Mutual labels: cryptography
Cryptography
Cryptography Android application code samples / cipher collection for app users
Stars: ✭ 35 (-96.48%)
Mutual labels: cryptography
Supergirloncrypt
CryptoTrojan in Python (For educational purpose ONLY)
Stars: ✭ 28 (-97.18%)
Mutual labels: cryptography
X25519
Public key cryptography library for Ruby providing the X25519 Diffie-Hellman function
Stars: ✭ 37 (-96.27%)
Mutual labels: cryptography
Rbnacl
Ruby FFI binding to the Networking and Cryptography (NaCl) library (a.k.a. libsodium)
Stars: ✭ 910 (-8.36%)
Mutual labels: cryptography
Awesome Crypto Papers
A curated list of cryptography papers, articles, tutorials and howtos.
Stars: ✭ 985 (-0.81%)
Mutual labels: cryptography
Ksuid
Java implementation of K-Sortable Globally Unique IDs
Stars: ✭ 35 (-96.48%)
Mutual labels: cryptography
xortool.py
A tool to do some xor analysis:
- guess the key length (based on count of equal chars)
- guess the key (base on knowledge of most frequent char)
Notice: xortool is now only running on Python 3. The old Python 2 version is accessible at the py2 branch. The pip package has been updated.
Installation
$ pip3 install xortool
For development or building this repository, poetry is needed.
Usage
xortool
A tool to do some xor analysis:
- guess the key length (based on count of equal chars)
- guess the key (base on knowledge of most frequent char)
Usage:
xortool [-x] [-m MAX-LEN] [-f] [-t CHARSET] [FILE]
xortool [-x] [-l LEN] [-c CHAR | -b | -o] [-f] [-t CHARSET] [-p PLAIN] [FILE]
xortool [-x] [-m MAX-LEN| -l LEN] [-c CHAR | -b | -o] [-f] [-t CHARSET] [-p PLAIN] [FILE]
xortool [-h | --help]
xortool --version
Options:
-x --hex input is hex-encoded str
-l LEN, --key-length=LEN length of the key
-m MAX-LEN, --max-keylen=MAX-LEN maximum key length to probe [default: 65]
-c CHAR, --char=CHAR most frequent char (one char or hex code)
-b --brute-chars brute force all possible most frequent chars
-o --brute-printable same as -b but will only check printable chars
-f --filter-output filter outputs based on the charset
-t CHARSET --text-charset=CHARSET target text character set [default: printable]
-p PLAIN --known-plaintext=PLAIN use known plaintext for decoding
-h --help show this help
Notes:
Text character set:
* Pre-defined sets: printable, base32, base64
* Custom sets:
- a: lowercase chars
- A: uppercase chars
- 1: digits
- !: special chars
- *: printable chars
Examples:
xortool file.bin
xortool -l 11 -c 20 file.bin
xortool -x -c ' ' file.hex
xortool -b -f -l 23 -t base64 message.enc
xortool -b -p "xctf{" message.enc
Example 1
# xor is xortool/xortool-xor
tests $ xor -f /bin/ls -s "secret_key" > binary_xored
tests $ xortool binary_xored
The most probable key lengths:
2: 5.0%
5: 8.7%
8: 4.9%
10: 15.4%
12: 4.8%
15: 8.5%
18: 4.8%
20: 15.1%
25: 8.4%
30: 14.9%
Key-length can be 5*n
Most possible char is needed to guess the key!
# 00 is the most frequent byte in binaries
tests $ xortool binary_xored -l 10 -c 00
...
1 possible key(s) of length 10:
secret_key
# decrypted ciphertexts are placed in ./xortool_out/Number_<key repr>
# ( have no better idea )
tests $ md5sum xortool_out/0_secret_key /bin/ls
29942e290876703169e1b614d0b4340a xortool_out/0_secret_key
29942e290876703169e1b614d0b4340a /bin/ls
The most common use is to pass just the encrypted file and the most frequent character (usually 00 for binaries and 20 for text files) - length will be automatically chosen:
tests $ xortool tool_xored -c 20
The most probable key lengths:
2: 5.6%
5: 7.8%
8: 6.0%
10: 11.7%
12: 5.6%
15: 7.6%
20: 19.8%
25: 7.8%
28: 5.7%
30: 11.4%
Key-length can be 5*n
1 possible key(s) of length 20:
an0ther s3cret \xdd key
Here, the key is longer then default 32 limit:
tests $ xortool ls_xored -c 00 -m 64
The most probable key lengths:
3: 3.3%
6: 3.3%
9: 3.3%
11: 7.0%
22: 6.9%
24: 3.3%
27: 3.2%
33: 18.4%
44: 6.8%
55: 6.7%
Key-length can be 3*n
1 possible key(s) of length 33:
really long s3cr3t k3y... PADDING
So, if automated decryption fails, you can calibrate:
- (
-m) max length to try longer keys - (
-l) selected length to see some interesting keys - (
-c) the most frequent char to produce right plaintext
Example 2
We are given a message in encoded in Base64 and XORed with an unknown key.
# xortool message.enc
The most probable key lengths:
2: 12.3%
4: 13.8%
6: 10.5%
8: 11.5%
10: 8.6%
12: 9.4%
14: 7.1%
16: 7.8%
23: 10.4%
46: 8.7%
Key-length can be 4*n
Most possible char is needed to guess the key!
We can now test the key lengths while filtering the outputs so that it only keeps the plaintexts holding the character set of Base64. After trying a few lengths, we come to the right one, which gives only 1 plaintext with a percentage of valid characters above the default threshold of 95%.
$ xortool message.enc -b -f -l 23 -t base64
256 possible key(s) of length 23:
\x01=\x121#"0\x17\x13\t\x7f ,&/\x12s\x114u\x170#
\x00<\x130"#1\x16\x12\x08~!-\'.\x13r\x105t\x161"
\x03?\x103! 2\x15\x11\x0b}".$-\x10q\x136w\x152!
\x02>\x112 !3\x14\x10\n|#/%,\x11p\x127v\x143
\x059\x165\'&4\x13\x17\r{$("+\x16w\x150q\x134\'
...
Found 1 plaintexts with 95.0%+ valid characters
See files filename-key.csv, filename-char_used-perc_valid.csv
By filtering the outputs on the character set of Base64, we directly keep the only solution.
Information
Author: hellman
License: MIT License
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].