Skip to content
unXOR will search a XORed file and try to guess the key using known-plaintext attacks.
Python Go Dockerfile
Branch: master
Clone or download
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
pyunxor Move Python scripts to subdir Aug 10, 2019
unxorlib Fix unnecessary assignment Aug 10, 2019
.gitignore Port to golang Jun 10, 2019
.travis.yml Update travis to run the lib tests Aug 10, 2019
Dockerfile Add dockerfile and README Aug 10, 2019
LICENSE Create LICENSE Jul 18, 2019
README.md Flexing the Go Report Card Aug 10, 2019
demo.gif Add demo gif Aug 10, 2019
unxor.go Println instead of Printf Aug 10, 2019

README.md

Build Status Go Report Card

unXOR

This tool will search through an XOR-encoded file (binary, text-file, whatever) and use known-plaintext attacks to deduce the original keystream. Works on keys half as long as the known-plaintext, in linear complexity.

Here's a demo of the Golang binary decrypting a plaintext file XORed with 0xABCDEF (3 bytes) and where our known-plaintext is leggings.

demo

Usage (Golang)

This should work:

$ go get github.com/tomchop/unxor
$ $GOBIN/unxor -h
Usage of /Users/tomchop/code/go/bin/unxor:
-f string
        Filename to decrypt
-g string
        Known plaintext (string)
-gh string
        Known plaintext (hex encoded)

Usage (Docker)

You need to map $PWD (or the directory where your file is) to the /data volume in Docker so that the container knows where to find your files. The decrypted file will be written in the same directory.

$ docker pull tomchop/unxor
$ docker run --rm -v $PWD:/data tomchop/unxor -h
Usage of /go/bin/unxor:
-f string
        Filename to decrypt
-g string
        Known plaintext (string)
-gh string
        Known plaintext (hex encoded)

Usage (Python)

Python sources are contained in the pyunxor directory.

$ cd pyunxor
$ python unxor.py
usage: unxor.py [-h] (-g GUESS | -k KEY) [-m {iterative,selective}] [-x]
                [-v {0,1,2}]
                [infile] [outfile]
unxor.py: error: one of the arguments -g/--guess -k/--key is required

Related Work

unXOR is included in Lenny Zeltser's REMnux, along with other great tools such as:

You can’t perform that action at this time.