Jump to content

XOR encrypter


private_dump
 Share

Recommended Posts

Here is a small encryption program I wrote after hearing a podcast mentioning XOR encryption. Thought it could be fun for others and maybe spark some ideas for your own projects.

 

#include <stdio.h>
#include <unistd.h>
#include <stdbool.h>
#include <string.h>

/**
 * An XOR encryption tool
 *
 * Usage: xor [-k key] [file or stdin]
 */
static void
xor_operate(const char *str, int strLen, const char *key)
{
	static int keyIndex = 0;
	int keyLen = strlen(key);
	for (size_t i = 0; i < strLen; ++i) {
		char ch = str[i] ^ key[keyIndex++];
		printf("%c", ch);
		if (keyIndex >= keyLen)
			keyIndex = 0;
	}
}

int
main(int argc, char* argv[])
{
	int opt;
	const char *key = "defaultkey";

	while ((opt = getopt(argc, argv, "k:")) != -1) {
		switch (opt) {
			case 'k':
				key = optarg;
				break;
			default:
				break;
		}
	}

	fprintf(stderr, "Key: %s\n", key);

	FILE *in = fopen(argv[optind], "r");
	if (in == NULL)
		in = stdin;

	char buffer[1024];
	unsigned int i = 0;
	char ch;
	while ((ch = fgetc(in)) != -1) {
		buffer[i++] = ch;
		if (i >= 1024) {
			xor_operate(buffer, i, key);
			i = 0;
		}
	}

	xor_operate(buffer, i, key);

	return 0;
}

 

  • I Like This! 1
Link to comment
Share on other sites

Thanks. It's a pretty basic encryption. If you use a good key equal in length to the content it can be a very secure encryption. But if you use short keys like I tend to do it's only a minor security and not too difficult to crack according to what I've been reading. I was thinking of using it for minor fuzzing in some of the tools in my pentest toolbox. So not super high security but not human readable at least.

Also I had the idea of making a lib of this. Then I could use it for constant string variables in a c/c++ program to prevent people from extracting "sensitive" data using the 'strings' command on my binaries. They'd only get the key and never the content. Not sure how bulletproof that is though.

Link to comment
Share on other sites

You should! I remember briefly learning in a cryptography class that XOR can be used as a method to obfuscate malware, but I never really looked into it. I just did some searching though and I found some really interesting resources that could be helpful for you. 

This is an article by Malwarebytes which I really enjoyed that looks at it from the perspective of someone trying to de-obfuscate or reverse engineer a piece of malware that has been at least partially XOR'd. 

Addtionally, I haven't read this paper, but from a brief skim it looks like it's fairly comprehensive about methods that can be used to de-obfuscate these transformations as well as analysis in specific situations like when it's relevant to URLs or ZIP files.

Edited by Freak
Link to comment
Share on other sites

Good reads. Thanks. It sort of applies to my thinking. But my use case is in regards to red teaming so I'm not the decryptor so to speak.

Link to comment
Share on other sites

  • 1 year later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...