Cyber Security Expo
 
The Basics and use of XOR by Kasp3r on 01/03/03

Basics of XOR

XOR ... also know as 'exclusive or' is an operator used in Bit calculations. I am assuming that you know about the 1's and 0's being the core of a computer and other mathematical number systems yadda yadda Xor compares two bits and outputs a bit depending on what was 'xored' together

end value = first bit ^ second bit;

_First Bit___|Second Bit_|_End Value
______0___|_____0____|____0
______0___|_____1____|____1
______1___|_____0____|____1
______1___|_____1____|____0


Using this example:
    
  0x47 = 01000111
  0x53 = 01010011
------------------------
=   0x14  00010100

This can be used forward and back to provide an extremely simple bit encryption algorithm. To demonstrate and make use of this I wrote a small command - line application in C.

Although the XOR encryption is too simple to be of any real use for protecting sensitive data (of course Windows does use it for encrypting the screen saver password), because of its simplicity virus writers have found it attractive in making their Polymorphic Viruses (such as the Leprosy-B) go unnoticed by AV programs that check for viral signatures in programs. By encrypting the viruses that it copies itself to, the virus is now a new strain that will go undetected.

However this little tut is not about viruses, so I will get into my little Krpyto program. The program accepts 3 line arguments such as:

C:\>krypto -rmytext.txt -kmykey.key -wencrypted.txt You will have to put the -x's right beside the filenames because i'm too lazy to code a line parser :wink:

-r: is the file to read from(does not have to be .txt)
-k: the key file(does not have to be .key)
-w: file to encrypt/decrypt to(does not have to be .txt)

Creating a batch file speeds things up if you are going to use this more than once. Just open Notepad write your command-line and save it as a .bat

The key can be anything. I just opened notepad and just typed random letters,numbers, and punctuation.

Once you have run the program and have an ecrypted file if you open it you will see something like: L UG0$& and so on... This is not the real encrypted value. This is the ASCII version of it. To see the real symbols and their values in binary type

C:\> EDIT /60 encrypted.txt
/*60 is the number of columns you want*/

This will display symbols such as cards,smiley faces, and musical symbols. Click on a symbol and it will display the value of each symbol on the bottom of the screen :wink:


The XOR proof-of-concept application

/*Krypto program with XOR encryption*/
#include  /*duh....*/

                    /*Note I use a descending orders of variable
                    declarations so I can comment immediatly after them*/FILE *i_fil;
FILE *o_fil; /*FILE pointer(defined in stdio.h) to file to encrypt/decrypt to*/
FILE *k_fil; /*FILE pointer to key*/
int read_size;/*Makes sure we read the correct # of bytes*/
int buff;    /*Read the bytes into this var*/
int write_size; /*Necessary in other apps, but not in mine*/
int fin_val;    /*Finished int to write to file*/
char *read_file; /*Pointer to the filename to read from*/
char *out_file;  /*Pointer to the filename to write to*/
char *key_file; /*Pointer to the filename where the key is*/

/*****************START MAIN**************************************/
int main(int argc, char *argv[]) /*argc = # of cmd options*/
/**argv[] = the cmd line options*/
{
   printf('\nKrypto ver. 2.0 using XOR Encryption');
   printf('\n(copy-yah-right) FakeKoders Inc. 2002 12/13\nKod3d Kompl3t3ly by 
Kasp3r(HTTB knows me as Ghett0smurf)'); printf('\n\nThis program can also be used for decryption. Simply have it read from
an Krypto encrypted file and use the key it was encrypted with!');
/*Credits and a little info*/ if (argc == 0)/*If nothing was entered*/ { printf('\nUsage: -r -k -w');/*Show user how to work it*/ return(0); } while ((argc > 1) && (argv[1][0] == '-')) { /*This loop reads and processes the cmd line args*/ switch (argv[1][1]) { /* [1][0] = '-' * [1][1] = 'r' * [1][2] = first char of filename */ case 'r': /*wut file to read from*/ read_file = &argv[1][2]; break; case 'w': /*What file to encrypt/decrypt to*/ out_file = &argv[1][2]; break; case 'k': /*What the name of the key is*/ key_file = &argv[1][2]; break; default: /*The default means something wrong was entered*/ printf('\nBad option %s\nUsage: -r -k -w', argv[1][2]); return(0);/*exit*/ } ++argv;/*These moves the loop onto the next argv and subtracts the amount of unprocessed args*/ --argc; } i_fil = fopen(read_file, 'rb');/*Lets open the file*/ if (i_fil == NULL) /*If there is an error*/ { /*Note: we are opening all these files in binary*/ printf('\n\aCould not open file %s for reading', read_file); return(0); } k_fil = fopen(key_file, 'rb'); if (k_fil == NULL) /*same*/ { printf('\n\aCould not open key %s for reading', key_file); return(0); } o_fil = fopen(out_file, 'wb'); if (o_fil == NULL) /*ditto*/ { printf('\n\aCould not file %s for writing', out_file); return(0); } while (1) /*A never-ending loop unless we break it*/ { read_size = fread((char *)&buff, 1, 3, i_fil);/*read 3 bytes*/ if (read_size != 3) /*if we are at the end of the file*/ break; /*We are done*/ fin_val = encrypt(buff);/*Call the encrypt function*/ write_size = fwrite((char *)&fin_val, 1, 3, o_fil);/*write the encrypted value to the file*/ fflush(o_fil); /*Clean out the buffer so we dont overload*/ } printf('\n\n\aKrypto program finished Finished\nOui!'); printf('\nPlease note that this encryption sux, so dont depend on it'); return(1); /*yay we are done :P*/ } /**********************END MAIN***************************************/ /********************START ENCRYPT***********************************/ int encrypt(int buff)/*buff is the value read*/ { int temp;/*storage for functions*/ int ikey; read_size = fread((char *)&ikey, 1, 3, k_fil); if (read_size != 3) /*this is a little sketchy...*/ { fclose(k_fil);/*we close and open the file to read from the top again*/ k_fil = fopen(key_file, 'rb'); encrypt(buff); } temp = buff ^ ikey;/*wow...that right there is our XOR encryption algorithm..... :P*/ return(temp); } /**************************END ENCRYPT**********************************/ /*>>>>>>>>>>>>>>>>>>>>>>>>>>EOF<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<*/
Rate this article

All images, content & text (unless other ownership applies) are © copyrighted 2000 -  , Infosecwriters.com. All rights reserved. Comments are property of the respective posters.