Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement XOR with variable-length key #22

Merged
merged 7 commits into from Jul 22, 2019

Conversation

@wvu-r7
Copy link
Contributor

commented Jul 18, 2019

This removes support for integer strings, which don't work well with variable-length key strings.

[1] pry(#<Msf::Framework>)> Rex::Text.xor(0x0f, 'hello world')
=> "gjcc`/x`}ck"
[2] pry(#<Msf::Framework>)> Rex::Text.to_hex(Rex::Text.xor('0x0f', 'hello world'), '')
=> "581d5c0a5f584709421454"
[3] pry(#<Msf::Framework>)> Rex::Text.xor("\x00\x00\x00\x00\x00\x0c", 'hello world')
=> "hello,world"
[4] pry(#<Msf::Framework>)>
wvu@kharak:~$ xortool-xor -h 0f -s "hello world"
gjcc`/x`}ck
wvu@kharak:~$ xortool-xor -r 0x0f -s "hello world" | tr -d "\n" | xxd -p
581d5c5f584709421454
wvu@kharak:~$ xortool-xor -s "\x00\x00\x00\x00\x00\x0c" -s "hello world"
hello,world
wvu@kharak:~$
wvu-r7 added 2 commits Jul 18, 2019
Like the Billy Idol song?
@wvu-r7 wvu-r7 force-pushed the feature/xor branch from 1e7f96b to 77a442a Jul 18, 2019
@wvu-r7 wvu-r7 requested a review from busterb Jul 18, 2019
@wvu-r7 wvu-r7 closed this Jul 19, 2019
@wvu-r7 wvu-r7 removed the request for review from busterb Jul 19, 2019
@wvu-r7 wvu-r7 reopened this Jul 19, 2019
@asoto-r7

This comment has been minimized.

Copy link
Contributor

commented Jul 19, 2019

Testing steps:

  • git clone git@github.com:rapid7/rex-text.git
  • git checkout feature/xor
  • Edit ~/git/metasploit-framework/Gemfile to add this line to the :development group:
    gem 'rex-text', :path => '/PATH_TO_GIT/rex-text'
  • bundle install
  • msfconsole -qx pry
  • require 'rex/text' => false`
  • Kick the tires:
    • Rex::Text::xor(0,'0') => "0"
    • Rex::Text::xor(0,'1') => "1"
    • Rex::Text::xor(1,'0') => "1"
    • Rex::Text::xor(1,'1') => "0"
    • Rex::Text::xor('','') => ArgumentError: XOR key must not be empty
    • Rex::Text::xor(0,nil) => ArgumentError: XOR key and value must be supplied
    • Rex::Text::xor(256,"dope_xor") => ArgumentError: XOR key must be between 0x00 and 0xff
    • Rex::Text::xor("\xff\xfe","DOPE!") => "\xBB\xB1\xAF\xBB\xDE"
    • Rex::Text::xor("\xff\xfe","\xBB\xB1\xAF\xBB\xDE") => "DOPE!"
    • Rex::Text::xor(0xff,":partycorgi:") => "\xC5\x8F\x9E\x8D\x8B\x86\x9C\x90\x8D\x98\x96\xC5"
    • Rex::Text::xor(0xff","\xC5\x8F\x9E\x8D\x8B\x86\x9C\x90\x8D\x98\x96\xC5") => ":partycorgi:"
  • Look through Framework for previous uses of xor

Lookin' good! 👍

@wvu-r7

This comment has been minimized.

Copy link
Contributor Author

commented Jul 19, 2019

Here's @wchen-r7's use case from rapid7/metasploit-framework#9869:

wvu@kharak:/rapid7/metasploit-framework:master$ ./msfvenom -p generic/custom --encrypt xor --encrypt-key $'\x0f' PAYLOADSTR="hello world"
[-] No platform was selected, choosing Msf::Module::Platform from the payload
[-] No arch selected, selecting arch: x86 from the payload
No encoder or badchars specified, outputting raw payload
Payload size: 11 bytes
gjcc`/x`}ck
wvu@kharak:/rapid7/metasploit-framework:master$
No one uses it, and it's bad form anyway. Also allowing empty values.
@wvu-r7 wvu-r7 force-pushed the feature/xor branch from 4418c1f to 9c0c32b Jul 19, 2019
@wvu-r7

This comment has been minimized.

Copy link
Contributor Author

commented Jul 19, 2019

I've updated msfvenom to take escaped hex in rapid7/metasploit-framework#12108. Please land that with this if possible to prevent needing the $'\x0f' workaround.

@wvu-r7 wvu-r7 changed the title Implement XOR with variable-length key Implement XOR with variable-length key (stream cipher precursor) Jul 20, 2019
@wvu-r7 wvu-r7 changed the title Implement XOR with variable-length key (stream cipher precursor) Implement XOR with variable-length key (stream cipher requirement) Jul 20, 2019
@wvu-r7 wvu-r7 changed the title Implement XOR with variable-length key (stream cipher requirement) Implement XOR with variable-length key Jul 22, 2019
@asoto-r7

This comment has been minimized.

Copy link
Contributor

commented Jul 22, 2019

Looking good. Just giving the sister PR (rapid7/metasploit-framework#12108) a review before landing them together.

@asoto-r7 asoto-r7 merged commit 9d24a18 into master Jul 22, 2019
2 checks passed
2 checks passed
continuous-integration/travis-ci/pr The Travis CI build passed
Details
continuous-integration/travis-ci/push The Travis CI build passed
Details
asoto-r7 added a commit that referenced this pull request Jul 22, 2019
@wvu-r7 wvu-r7 deleted the feature/xor branch Jul 22, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.