Skip to content
master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Build Status Go Report Card

unXOR

This tool will search through an XOR-encoded file (binary, text-file, whatever) and use known-plaintext attacks to deduce the original keystream. Works on keys half as long as the known-plaintext, in linear complexity.

Here's a demo of the Golang binary decrypting a plaintext file XORed with 0xABCDEF (3 bytes) and where our known-plaintext is leggings.

demo

Usage (Golang)

This should work:

$ go get github.com/tomchop/unxor
$ $GOBIN/unxor -h
Usage of /Users/tomchop/code/go/bin/unxor:
-f string
        Filename to decrypt
-g string
        Known plaintext (string)
-gh string
        Known plaintext (hex encoded)

Usage (Docker)

You need to map $PWD (or the directory where your file is) to the /data volume in Docker so that the container knows where to find your files. The decrypted file will be written in the same directory.

$ docker pull tomchop/unxor
$ docker run --rm -v $PWD:/data tomchop/unxor -h
Usage of /go/bin/unxor:
-f string
        Filename to decrypt
-g string
        Known plaintext (string)
-gh string
        Known plaintext (hex encoded)

Usage (Python)

Python sources are contained in the pyunxor directory.

$ cd pyunxor
$ python unxor.py
usage: unxor.py [-h] (-g GUESS | -k KEY) [-m {iterative,selective}] [-x]
                [-v {0,1,2}]
                [infile] [outfile]
unxor.py: error: one of the arguments -g/--guess -k/--key is required

Related Work

unXOR is included in Lenny Zeltser's REMnux, along with other great tools such as:

About

unXOR will search a XORed file and try to guess the key using known-plaintext attacks.

Resources

License

Releases

No releases published

Packages

No packages published