{ "info": { "author": "hellman", "author_email": "hellman1908@gmail.com", "bugtrack_url": null, "classifiers": [ "Development Status :: 4 - Beta", "Intended Audience :: Information Technology", "Intended Audience :: Science/Research", "License :: OSI Approved :: MIT License", "Natural Language :: English", "Operating System :: OS Independent", "Programming Language :: Python :: 2", "Programming Language :: Python :: 3", "Topic :: Scientific/Engineering :: Mathematics", "Topic :: Security :: Cryptography" ], "description": "xortool.py\n====================\n\nA tool to do some xor analysis:\n\n - guess the key length (based on count of equal chars)\n - guess the key (base on knowledge of most frequent char)\n\nUsage\n---------------------\n\n```\nxortool\n A tool to do some xor analysis:\n - guess the key length (based on count of equal chars)\n - guess the key (base on knowledge of most frequent char)\n\nUsage:\n xortool [-x] [-m MAX-LEN] [-f] [-t CHARSET] [FILE]\n xortool [-x] [-l LEN] [-c CHAR | -b | -o] [-f] [-t CHARSET] [FILE]\n xortool [-x] [-m MAX-LEN| -l LEN] [-c CHAR | -b | -o] [-f] [-t CHARSET] [FILE]\n xortool [-h | --help]\n xortool --version\n\nOptions:\n -x --hex input is hex-encoded str\n -l LEN, --key-length=LEN length of the key\n -m MAX-LEN, --max-keylen=MAX-LEN maximum key length to probe [default: 65]\n -c CHAR, --char=CHAR most frequent char (one char or hex code)\n -b --brute-chars brute force all possible most frequent chars\n -o --brute-printable same as -b but will only check printable chars\n -f --filter-output filter outputs based on the charset\n -t CHARSET --text-charset=CHARSET target text character set [default: printable]\n -h --help show this help\n\nNotes:\n Text character set:\n * Pre-defined sets: printable, base32, base64\n * Custom sets:\n - a: lowercase chars\n - A: uppercase chars\n - 1: digits\n - !: special chars\n - *: printable chars\n\nExamples:\n xortool file.bin\n xortool -l 11 -c 20 file.bin\n xortool -x -c ' ' file.hex\n xortool -b -f -l 23 -t base64 message.enc\n```\n\nExample 1\n---------------------\n\n```bash\n# xor is xortool/xortool-xor\ntests $ xor -f /bin/ls -s \"secret_key\" > binary_xored\n\ntests $ xortool binary_xored\nThe most probable key lengths:\n 2: 5.0%\n 5: 8.7%\n 8: 4.9%\n 10: 15.4%\n 12: 4.8%\n 15: 8.5%\n 18: 4.8%\n 20: 15.1%\n 25: 8.4%\n 30: 14.9%\nKey-length can be 5*n\nMost possible char is needed to guess the key!\n\n# 00 is the most frequent byte in binaries\ntests $ xortool binary_xored -l 10 -c 00\n...\n1 possible key(s) of length 10:\nsecret_key\n\n# decrypted ciphertexts are placed in ./xortool_out/Number_\n# ( have no better idea )\ntests $ md5sum xortool_out/0_secret_key /bin/ls\n29942e290876703169e1b614d0b4340a xortool_out/0_secret_key\n29942e290876703169e1b614d0b4340a /bin/ls\n```\n\nThe most common use is to pass just the encrypted file and the most frequent character (usually 00 for binaries and 20 for text files) - length will be automatically chosen:\n\n```bash\ntests $ xortool tool_xored -c 20\nThe most probable key lengths:\n 2: 5.6%\n 5: 7.8%\n 8: 6.0%\n 10: 11.7%\n 12: 5.6%\n 15: 7.6%\n 20: 19.8%\n 25: 7.8%\n 28: 5.7%\n 30: 11.4%\nKey-length can be 5*n\n1 possible key(s) of length 20:\nan0ther s3cret \\xdd key\n```\n\nHere, the key is longer then default 32 limit:\n\n```bash\ntests $ xortool ls_xored -c 00 -m 64\nThe most probable key lengths:\n 3: 3.3%\n 6: 3.3%\n 9: 3.3%\n 11: 7.0%\n 22: 6.9%\n 24: 3.3%\n 27: 3.2%\n 33: 18.4%\n 44: 6.8%\n 55: 6.7%\nKey-length can be 3*n\n1 possible key(s) of length 33:\nreally long s3cr3t k3y... PADDING\n```\n\nSo, if automated decryption fails, you can calibrate:\n\n- (`-m`) max length to try longer keys\n- (`-l`) selected length to see some interesting keys\n- (`-c`) the most frequent char to produce right plaintext\n\nExample 2\n---------------------\n\nWe are given a message in encoded in Base64 and XORed with an unknown key.\n\n```bash\n# xortool message.enc \nThe most probable key lengths:\n 2: 12.3%\n 4: 13.8%\n 6: 10.5%\n 8: 11.5%\n 10: 8.6%\n 12: 9.4%\n 14: 7.1%\n 16: 7.8%\n 23: 10.4%\n 46: 8.7%\nKey-length can be 4*n\nMost possible char is needed to guess the key!\n```\n\nWe can now test the key lengths while filtering the outputs so that it only keeps the plaintexts holding the character set of Base64. After trying a few lengths, we come to the right one, which gives only 1 plaintext with a percentage of valid characters above the default threshold of 95%.\n\n```bash\n$ xortool message.enc -b -f -l 23 -t base64\n256 possible key(s) of length 23:\n\\x01=\\x121#\"0\\x17\\x13\\t\\x7f ,&/\\x12s\\x114u\\x170#\n\\x00<\\x130\"#1\\x16\\x12\\x08~!-\\'.\\x13r\\x105t\\x161\"\n\\x03?\\x103! 2\\x15\\x11\\x0b}\".$-\\x10q\\x136w\\x152!\n\\x02>\\x112 !3\\x14\\x10\\n|#/%,\\x11p\\x127v\\x143 \n\\x059\\x165\\'&4\\x13\\x17\\r{$(\"+\\x16w\\x150q\\x134\\'\n...\nFound 1 plaintexts with 95.0%+ valid characters\nSee files filename-key.csv, filename-char_used-perc_valid.csv\n```\n\nBy filtering the outputs on the character set of Base64, we directly keep the only solution.\n\nInformation\n---------------------\n\nAuthor: hellman ( hellman1908@gmail.com )\n\nLicense: MIT License (opensource.org/licenses/MIT)", "description_content_type": "", "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/hellman/xortool", "keywords": "xor xortool analysis", "license": "MIT", "maintainer": "", "maintainer_email": "", "name": "xortool", "package_url": "https://pypi.org/project/xortool/", "platform": "", "project_url": "https://pypi.org/project/xortool/", "project_urls": { "Homepage": "https://github.com/hellman/xortool" }, "release_url": "https://pypi.org/project/xortool/0.98/", "requires_dist": null, "requires_python": "", "summary": "Tool for xor cipher analysis", "version": "0.98" }, "last_serial": 5128339, "releases": { "0.95": [ { "comment_text": "", "digests": { "md5": "1a0f585f862b9046bd42f1194f472f9e", "sha256": "c10f5d349bdcdc7e0c61f78226570b1a78f72f7f142ed2145352a70d1093fa0f" }, "downloads": -1, "filename": "xortool-0.95.tar.gz", "has_sig": false, "md5_digest": "1a0f585f862b9046bd42f1194f472f9e", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 6831, "upload_time": "2014-04-22T18:26:56", "url": "https://files.pythonhosted.org/packages/74/bb/b34e2d9d6b98a7c47288ddef4af7ea9d1522df330bc28e9f0fa6d8987d38/xortool-0.95.tar.gz" } ], "0.96": [], "0.98": [ { "comment_text": "", "digests": { "md5": "f210ad275a558f486fc04d33e83fc8bd", "sha256": "97860076f9cd59ac985300bbcb52ec6c1d8bb601f4abc1bfda3b88eb8f7737f7" }, "downloads": -1, "filename": "xortool-0.98.tar.gz", "has_sig": false, "md5_digest": "f210ad275a558f486fc04d33e83fc8bd", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 10002, "upload_time": "2019-04-11T10:50:10", "url": "https://files.pythonhosted.org/packages/a5/a0/520afb61e431318daeb8536b3469ca812aadd51946dd7984894d6e0fb1d2/xortool-0.98.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "f210ad275a558f486fc04d33e83fc8bd", "sha256": "97860076f9cd59ac985300bbcb52ec6c1d8bb601f4abc1bfda3b88eb8f7737f7" }, "downloads": -1, "filename": "xortool-0.98.tar.gz", "has_sig": false, "md5_digest": "f210ad275a558f486fc04d33e83fc8bd", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 10002, "upload_time": "2019-04-11T10:50:10", "url": "https://files.pythonhosted.org/packages/a5/a0/520afb61e431318daeb8536b3469ca812aadd51946dd7984894d6e0fb1d2/xortool-0.98.tar.gz" } ] }