xortool v1.0 released: A tool to analyze multi-byte xor cipher

by do son · Published · Updated

xortool

xortool.py

A tool to do some xor analysis:

  • guess the key length (based on the count of equal chars)
  • guess the key (base on knowledge of most frequent char)

Changelog v1.0

  • switch to poetry build system, set new version 1.0.0

Download

python3 -m pip install –user xortool

Usage

 

xortool

Example

# xor is xortool/xortool-xor

tests $ xor -f /bin/ls -s "secret_key" > binary_xored



tests $ xortool binary_xored

The most probable key lengths:

   2:   5.0%

   5:   8.7%

   8:   4.9%

  10:   15.4%

  12:   4.8%

  15:   8.5%

  18:   4.8%

  20:   15.1%

  25:   8.4%

  30:   14.9%

Key-length can be 5*n

Most possible char is needed to guess the key!



# 00 is the most frequent byte in binaries

tests $ xortool binary_xored -l 10 -c 00

...

1 possible key(s) of length 10:

secret_key



# decrypted ciphertexts are placed in ./xortool_out/Number_<key repr>

# ( have no better idea )

tests $ md5sum xortool_out/0_secret_key /bin/ls

29942e290876703169e1b614d0b4340a  xortool_out/0_secret_key

29942e290876703169e1b614d0b4340a  /bin/ls

 

The most common use is to pass just the encrypted file and the most frequent character (usually 00 for binaries and 20 for text files) – length will be automatically chosen:

Here, the key is longer than default 32 limit:

So, if automated decryption fails, you can calibrate:

  • (-m) max length to try longer keys
  • (-l) selected length to see some interesting keys
  • (-c) the most frequent char to produce right plaintext

Copyright (c) 2014 Hellman ( hellman1908@gmail.com )

Source: https://github.com/hellman/

Tags: xortool