Class: Rex::Encoding::Xor::Generic

Inherits:

Object

• Object
• Rex::Encoding::Xor::Generic

Defined in:

lib/rex/encoding/xor/generic.rb

Direct Known Subclasses

Byte, Dword, DwordAdditive, Qword, Word

Defined Under Namespace

Classes: UnitTest

Class Method Summary

• ._check(data, key, badchars) ⇒ Object

  hook stylies! return index of offending byte or nil.

• ._check_encode(data, key, badchars) ⇒ Object
• ._check_key(key, badchars) ⇒ Object
• ._encode_mutate_key(buf, key, pos, len) ⇒ Object

  kind of ghetto, but very convenient for mutating keys by default, do no key mutations.

• ._find_bad_keys(data, badchars) ⇒ Object

  Find a list of bytes that can’t be valid xor keys, from the data and badchars.

• ._find_good_key(data, badkeys, badchars) ⇒ Object

  (Hopefully) find a good key, from badkeys and badchars.

• .encode(buf, key) ⇒ Object
• .find_key(data, badchars) ⇒ Object
• .find_key_and_encode(data, badchars) ⇒ Object

  maybe a bit a smaller of method name?.

• .keysize ⇒ Object

Class Method Details

._check(data, key, badchars) ⇒ Object

hook stylies! return index of offending byte or nil

# File 'lib/rex/encoding/xor/generic.rb', line 25

def Generic._check(data, key, badchars)
	return _check_key(key, badchars) || _check_encode(data, key, badchars)
end

._check_encode(data, key, badchars) ⇒ Object

# File 'lib/rex/encoding/xor/generic.rb', line 31

def Generic._check_encode(data, key, badchars)
	return Rex::Text.badchar_index(encode(data, key), badchars)
end

._check_key(key, badchars) ⇒ Object

# File 'lib/rex/encoding/xor/generic.rb', line 28

def Generic._check_key(key, badchars)
	return Rex::Text.badchar_index(key, badchars)
end

._encode_mutate_key(buf, key, pos, len) ⇒ Object

kind of ghetto, but very convenient for mutating keys by default, do no key mutations

# File 'lib/rex/encoding/xor/generic.rb', line 134

def Generic._encode_mutate_key(buf, key, pos, len)
	return key
end

._find_bad_keys(data, badchars) ⇒ Object

Find a list of bytes that can’t be valid xor keys, from the data and badchars. This returns a Array of hashes, length keysize

# File 'lib/rex/encoding/xor/generic.rb', line 45

def Generic._find_bad_keys(data, badchars)

	ksize = keysize

	# array of hashes for the bad characters based
	# on their position in the data
	badkeys = [ ]
	ksize.times { badkeys << { } }

	badchars.each_byte { |badchar|
		pos = 0
		data.each_byte { |char|
			badkeys[pos % ksize][char ^ badchar] = true
			pos += 1
		}
	}

	return badkeys
end

._find_good_key(data, badkeys, badchars) ⇒ Object

(Hopefully) find a good key, from badkeys and badchars

# File 'lib/rex/encoding/xor/generic.rb', line 68

def Generic._find_good_key(data, badkeys, badchars)

	ksize = keysize
	strip = 0
	key   = ""

	while strip < keysize

		kbyte = rand(256)

		catch(:found_kbyte) do
			256.times {

				if !badkeys[strip][kbyte] && !badchars[kbyte.chr]
					throw :found_kbyte
				end
				
				kbyte = (kbyte + 1) & 0xff
			}

			raise KeySearchError, "Exhausted byte space for strip #{strip}!", caller
		end

		key << kbyte
		strip += 1
	end

	# ok, we should have a good key now, lets double check...
	if _check(data, key, badchars)
		raise KeySearchError, "Key found, but bad character check failed!", caller
	end

	return key
end

.encode(buf, key) ⇒ Object

# File 'lib/rex/encoding/xor/generic.rb', line 103

def Generic.encode(buf, key)

	if !key.kind_of?(String)
		raise ::ArgumentError, "Key must be a string!", caller
	end

	len = key.length

	if len == 0
		raise ::ArgumentError, "Zero key length!", caller
	end

	if keysize != 0 && keysize != len
		raise ::ArgumentError, "Key length #{len}, expected #{keysize}", caller
	end

	encoded = ""
	pos     = 0

	while pos < buf.length
		encoded += (buf[pos,1].unpack("C*")[0] ^ key[pos % len, 1].unpack("C*")[0]).chr
		key = _encode_mutate_key(buf, key, pos, len)
		pos += 1
	end

	return [ encoded, key ]

end

.find_key(data, badchars) ⇒ Object

# File 'lib/rex/encoding/xor/generic.rb', line 35

def Generic.find_key(data, badchars)
	return _find_good_key(data, _find_bad_keys(data, badchars), badchars)
end

.find_key_and_encode(data, badchars) ⇒ Object

maybe a bit a smaller of method name?

# File 'lib/rex/encoding/xor/generic.rb', line 139

def Generic.find_key_and_encode(data, badchars)
	key        = find_key(data, badchars)
	enc, fkey  = encode(data, key)
	return [ enc, key, fkey ]
end

.keysize ⇒ Object

# File 'lib/rex/encoding/xor/generic.rb', line 12

def Generic.keysize
	# special case:
	# 0 means we encode based on the length of the key
	# we don't enforce any perticular key length
	return 0
end