You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This tool will search through an XOR-encoded file (binary, text-file, whatever)
and use known-plaintext attacks to deduce the original keystream. Works on keys
half as long as the known-plaintext, in linear complexity.
Here's a demo of the Golang binary decrypting a plaintext file XORed with
0xABCDEF (3 bytes) and where our known-plaintext is leggings.
Usage (Golang)
This should work:
$ go get github.com/tomchop/unxor
$ $GOBIN/unxor -h
Usage of /Users/tomchop/code/go/bin/unxor:
-f string
Filename to decrypt
-g string
Known plaintext (string)
-gh string
Known plaintext (hex encoded)
Usage (Docker)
You need to map $PWD (or the directory where your file is) to the /data
volume in Docker so that the container knows where to find your files. The
decrypted file will be written in the same directory.
$ docker pull tomchop/unxor
$ docker run --rm -v $PWD:/data tomchop/unxor -h
Usage of /go/bin/unxor:
-f string
Filename to decrypt
-g string
Known plaintext (string)
-gh string
Known plaintext (hex encoded)
Usage (Python)
Python sources are contained in the pyunxor directory.
$ cd pyunxor
$ python unxor.py
usage: unxor.py [-h] (-g GUESS | -k KEY) [-m {iterative,selective}] [-x]
[-v {0,1,2}]
[infile] [outfile]
unxor.py: error: one of the arguments -g/--guess -k/--key is required
Related Work
unXOR is included in Lenny Zeltser's REMnux, along with other great tools such as:
