Skip to content
unXOR will search a XORed file and try to guess the key using known-plaintext attacks.
Python Go Dockerfile
Branch: master
Clone or download

Latest commit

Fetching latest commit…
Cannot retrieve the latest commit at this time.

Files

Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
pyunxor
unxorlib
.gitignore
.travis.yml
Dockerfile
LICENSE
README.md
demo.gif
unxor.go

README.md

Build Status Go Report Card

unXOR

This tool will search through an XOR-encoded file (binary, text-file, whatever) and use known-plaintext attacks to deduce the original keystream. Works on keys half as long as the known-plaintext, in linear complexity.

Here's a demo of the Golang binary decrypting a plaintext file XORed with 0xABCDEF (3 bytes) and where our known-plaintext is leggings.

demo

Usage (Golang)

This should work:

$ go get github.com/tomchop/unxor
$ $GOBIN/unxor -h
Usage of /Users/tomchop/code/go/bin/unxor:
-f string
        Filename to decrypt
-g string
        Known plaintext (string)
-gh string
        Known plaintext (hex encoded)

Usage (Docker)

You need to map $PWD (or the directory where your file is) to the /data volume in Docker so that the container knows where to find your files. The decrypted file will be written in the same directory.

$ docker pull tomchop/unxor
$ docker run --rm -v $PWD:/data tomchop/unxor -h
Usage of /go/bin/unxor:
-f string
        Filename to decrypt
-g string
        Known plaintext (string)
-gh string
        Known plaintext (hex encoded)

Usage (Python)

Python sources are contained in the pyunxor directory.

$ cd pyunxor
$ python unxor.py
usage: unxor.py [-h] (-g GUESS | -k KEY) [-m {iterative,selective}] [-x]
                [-v {0,1,2}]
                [infile] [outfile]
unxor.py: error: one of the arguments -g/--guess -k/--key is required

Related Work

unXOR is included in Lenny Zeltser's REMnux, along with other great tools such as:

You can’t perform that action at this time.