xortool v1.0 released: A tool to analyze multi-byte xor cipher

by do son · Published April 12, 2019 · Updated October 2, 2020

xortool.py

A tool to do some xor analysis:

guess the key length (based on the count of equal chars)
guess the key (base on knowledge of most frequent char)

Changelog v1.0

switch to poetry build system, set new version 1.0.0

Download

python3 -m pip install –user xortool

Usage

Example

# xor is xortool/xortool-xor

tests $ xor -f /bin/ls -s "secret_key" > binary_xored



tests $ xortool binary_xored

The most probable key lengths:

   2:   5.0%

   5:   8.7%

   8:   4.9%

  10:   15.4%

  12:   4.8%

  15:   8.5%

  18:   4.8%

  20:   15.1%

  25:   8.4%

  30:   14.9%

Key-length can be 5*n

Most possible char is needed to guess the key!



# 00 is the most frequent byte in binaries

tests $ xortool binary_xored -l 10 -c 00

...

1 possible key(s) of length 10:

secret_key



# decrypted ciphertexts are placed in ./xortool_out/Number_<key repr>

# ( have no better idea )

tests $ md5sum xortool_out/0_secret_key /bin/ls

29942e290876703169e1b614d0b4340a  xortool_out/0_secret_key

29942e290876703169e1b614d0b4340a  /bin/ls

The most common use is to pass just the encrypted file and the most frequent character (usually 00 for binaries and 20 for text files) – length will be automatically chosen:

Here, the key is longer than default 32 limit:

So, if automated decryption fails, you can calibrate: