Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Decrypting a XOR encrypted file

Tags:

encryption

xor

I'm trying to decrypt a XOR encrypted file, after running the key length test using xortool I got this key: "fallen"..

# python xortool.py -c 00 /cygdrive/c/Users/Me/Desktop/ch3.bmp
The most probable key lengths:
   1:   10.6%
   3:   11.6%
   6:   18.5%
   9:   8.8%
  12:   13.8%
  15:   6.6%
  18:   10.4%
  24:   8.1%
  30:   6.4%
  36:   5.2%
Key-length can be 3*n
1 possible key(s) of length 6:
fallen

Whatever is there a way to decipher the file (a bmp file) and get the original one, using tools like openssl or gpg?? Do they have a XOR operation?

like image 236
Oussama L. Avatar asked Jan 12 '23 13:01

Oussama L.


1 Answers

Neither OpenSSL nor GPG have such XOR functionality that I'm aware of, however writing a program to do it yourself should be trivial.

Given that you know that the file is a .bmp, you should be able to use this fact to decrypt the file quite easily, especially given that .bmp files have a well defined structure. For example, the first two bytes when decrypted should be 0x42, 0x4D (that's ASCII BM), and the following 4 bytes are the (big-endian) size of the entire file in bytes, so you should be able to get at least 6 bytes of the key immediately.

like image 106
Iridium Avatar answered Jan 19 '23 01:01

Iridium