private_dump Posted August 15, 2019 Share Posted August 15, 2019 Here is a small encryption program I wrote after hearing a podcast mentioning XOR encryption. Thought it could be fun for others and maybe spark some ideas for your own projects. #include <stdio.h> #include <unistd.h> #include <stdbool.h> #include <string.h> /** * An XOR encryption tool * * Usage: xor [-k key] [file or stdin] */ static void xor_operate(const char *str, int strLen, const char *key) { static int keyIndex = 0; int keyLen = strlen(key); for (size_t i = 0; i < strLen; ++i) { char ch = str[i] ^ key[keyIndex++]; printf("%c", ch); if (keyIndex >= keyLen) keyIndex = 0; } } int main(int argc, char* argv[]) { int opt; const char *key = "defaultkey"; while ((opt = getopt(argc, argv, "k:")) != -1) { switch (opt) { case 'k': key = optarg; break; default: break; } } fprintf(stderr, "Key: %s\n", key); FILE *in = fopen(argv[optind], "r"); if (in == NULL) in = stdin; char buffer[1024]; unsigned int i = 0; char ch; while ((ch = fgetc(in)) != -1) { buffer[i++] = ch; if (i >= 1024) { xor_operate(buffer, i, key); i = 0; } } xor_operate(buffer, i, key); return 0; } 1 Link to comment Share on other sites More sharing options...
Freak Posted August 15, 2019 Share Posted August 15, 2019 Nice! It's simple, but it looks very elegantly done. Link to comment Share on other sites More sharing options...
private_dump Posted August 15, 2019 Author Share Posted August 15, 2019 Thanks. It's a pretty basic encryption. If you use a good key equal in length to the content it can be a very secure encryption. But if you use short keys like I tend to do it's only a minor security and not too difficult to crack according to what I've been reading. I was thinking of using it for minor fuzzing in some of the tools in my pentest toolbox. So not super high security but not human readable at least. Also I had the idea of making a lib of this. Then I could use it for constant string variables in a c/c++ program to prevent people from extracting "sensitive" data using the 'strings' command on my binaries. They'd only get the key and never the content. Not sure how bulletproof that is though. Link to comment Share on other sites More sharing options...
Freak Posted August 15, 2019 Share Posted August 15, 2019 (edited) You should! I remember briefly learning in a cryptography class that XOR can be used as a method to obfuscate malware, but I never really looked into it. I just did some searching though and I found some really interesting resources that could be helpful for you. This is an article by Malwarebytes which I really enjoyed that looks at it from the perspective of someone trying to de-obfuscate or reverse engineer a piece of malware that has been at least partially XOR'd. Addtionally, I haven't read this paper, but from a brief skim it looks like it's fairly comprehensive about methods that can be used to de-obfuscate these transformations as well as analysis in specific situations like when it's relevant to URLs or ZIP files. Edited August 15, 2019 by Freak Link to comment Share on other sites More sharing options...
private_dump Posted August 15, 2019 Author Share Posted August 15, 2019 Good reads. Thanks. It sort of applies to my thinking. But my use case is in regards to red teaming so I'm not the decryptor so to speak. Link to comment Share on other sites More sharing options...
Webernuhe Posted September 21, 2020 Share Posted September 21, 2020 It really helped thanks Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now