Installation

$ pip3 install xortool

poetry buildpip install dist/xortool*.whl

Usage

xortool  A tool to do some xor analysis:  - guess the key length (based on count of equal chars)  - guess the key (base on knowledge of most frequent char)Usage:  xortool [-x] [-m MAX-LEN] [-f] [-t CHARSET] [FILE]  xortool [-x] [-l LEN] [-c CHAR | -b | -o] [-f] [-t CHARSET] [-p PLAIN] [FILE]  xortool [-x] [-m MAX-LEN| -l LEN] [-c CHAR | -b | -o] [-f] [-t CHARSET] [-p PLAIN] [FILE]  xortool [-h | --help]  xortool --versionOptions:  -x --hex                          input is hex-encoded str  -l LEN, --key-length=LEN          length of the key  -m MAX-LEN, --max-keylen=MAX-LEN  maximum key length to probe [default: 65]  -c CHAR, --char=CHAR              most frequent char (one char or hex code)  -b --brute-chars                  brute force all possible most frequent chars  -o --brute-printable              same as -b but will only check printable chars  -f --filter-output                filter outputs based on the charset  -t CHARSET --text-charset=CHARSET target text character set [default: printable]  -p PLAIN --known-plaintext=PLAIN  use known plaintext for decoding  -h --help                         show this helpNotes:  Text character set:    * Pre-defined sets: printable, base32, base64    * Custom sets:      - a: lowercase chars      - A: uppercase chars      - 1: digits      - !: special chars      - *: printable charsExamples:  xortool file.bin  xortool -l 11 -c 20 file.bin  xortool -x -c ' ' file.hex  xortool -b -f -l 23 -t base64 message.enc  xortool -b -p "xctf{" message.enc

Example 1

# xor is xortool/xortool-xortests $ xor -f /bin/ls -s"secret_key"> binary_xoredtests $ xortool binary_xoredThe most probable key lengths:   2:   5.0%   5:   8.7%   8:   4.9%  10:   15.4%  12:   4.8%  15:   8.5%  18:   4.8%  20:   15.1%  25:   8.4%  30:   14.9%Key-length can be 5*nMost possible char is needed to guess the key!# 00 is the most frequent byte in binariestests $ xortool binary_xored -l 10 -c 00...1 possible key(s) of length 10:secret_key# decrypted ciphertexts are placed in ./xortool_out/Number_<key repr># ( have no better idea )tests $ md5sum xortool_out/0_secret_key /bin/ls29942e290876703169e1b614d0b4340a  xortool_out/0_secret_key29942e290876703169e1b614d0b4340a  /bin/ls

tests $ xortool tool_xored -c 20The most probable key lengths:   2:   5.6%   5:   7.8%   8:   6.0%  10:   11.7%  12:   5.6%  15:   7.6%  20:   19.8%  25:   7.8%  28:   5.7%  30:   11.4%Key-length can be 5*n1 possible key(s) of length 20:an0ther s3cret\xdd key

tests $ xortool ls_xored -c 00 -m 64The most probable key lengths:   3:   3.3%   6:   3.3%   9:   3.3%  11:   7.0%  22:   6.9%  24:   3.3%  27:   3.2%  33:   18.4%  44:   6.8%  55:   6.7%Key-length can be 3*n1 possible key(s) of length 33:really long s3cr3t k3y... PADDING

Example 2

# xortool message.encThe most probable key lengths:   2:   12.3%   4:   13.8%   6:   10.5%   8:   11.5%  10:   8.6%  12:   9.4%  14:   7.1%  16:   7.8%  23:   10.4%  46:   8.7%Key-length can be 4*nMost possible char is needed to guess the key!

$ xortool message.enc -b -f -l 23 -t base64256 possible key(s) of length 23:\x01=\x121#"0\x17\x13\t\x7f ,&/\x12s\x114u\x170#\x00<\x130"#1\x16\x12\x08~!-\'.\x13r\x105t\x161"\x03?\x103! 2\x15\x11\x0b}".$-\x10q\x136w\x152!\x02>\x112 !3\x14\x10\n|#/%,\x11p\x127v\x143\x059\x165\'&4\x13\x17\r{$("+\x16w\x150q\x134\'...Found 1 plaintexts with 95.0%+ valid charactersSee files filename-key.csv, filename-char_used-perc_valid.csv

Information