Class: Rex::Encoding::Xor::DwordAdditive

Inherits:

Generic

• Object
• Generic
• Rex::Encoding::Xor::DwordAdditive

Defined in:

lib/rex/encoding/xor/dword_additive.rb

Class Method Summary

• ._encode_mutate_key(buf, key, pos, len) ⇒ Object

  hook in the key mutation routine of encode for the additive feedback.

• ._find_good_key(data, badkeys, badchars) ⇒ Object

  I realize this algorithm is broken.

• ._packspec ⇒ Object
• .keysize ⇒ Object
• .pack_key(key) ⇒ Object
• .unpack_key(key) ⇒ Object

Methods inherited from Generic

_check, _check_encode, _check_key, _find_bad_keys, encode, find_key, find_key_and_encode

Class Method Details

._encode_mutate_key(buf, key, pos, len) ⇒ Object

hook in the key mutation routine of encode for the additive feedback

# File 'lib/rex/encoding/xor/dword_additive.rb', line 34

def DwordAdditive._encode_mutate_key(buf, key, pos, len)
  if (pos + 1) % len == 0
    # add the last len bytes (in this case 4) with the key,
    # dropping off any overflow
    key = pack_key(
      unpack_key(key) + unpack_key(buf[pos - (len - 1), len]) &
        (1 << (len << 3)) - 1
    )
  end

  return key
end

._find_good_key(data, badkeys, badchars) ⇒ Object

I realize this algorithm is broken. We invalidate some keys in _find_bad_keys that could actually be perfectly fine. However, it seems to work ok for now, and this is all just a lame adhoc method. Maybe someday we can revisit this and make it a bit less ghetto…

# File 'lib/rex/encoding/xor/dword_additive.rb', line 54

def DwordAdditive._find_good_key(data, badkeys, badchars)

  ksize  = keysize
  kstart = ""
  ksize.times { kstart << rand(256) } # random key starting place

  key = kstart.dup

  #
  # now for the ghettoness of an algorithm:
  #  try the random key we picked
  #  if the key failed, figure out which key byte corresponds
  #  increment that key byte
  #  if we wrapped a byte all the way around, fail :(
  #

  loop do
    # ok, try to encode it, any bad chars present?
    pos = _check(data, key, badchars)

    # yay, no problems, we found a key!
    break if !pos

    strip = pos % ksize

    # increment the offending key byte
    key[strip] = key[strip] + 1 & 0xff

    # We wrapped around!
    if key[strip] == kstart[strip]
      raise KeySearchError, "Key space exhausted on strip #{strip}!", caller
    end
  end

  return key
end

._packspec ⇒ Object

# File 'lib/rex/encoding/xor/dword_additive.rb', line 22

def DwordAdditive._packspec
  'V'
end

.keysize ⇒ Object

# File 'lib/rex/encoding/xor/dword_additive.rb', line 18

def DwordAdditive.keysize
  4
end

.pack_key(key) ⇒ Object

# File 'lib/rex/encoding/xor/dword_additive.rb', line 26

def DwordAdditive.pack_key(key)
  return [ key ].pack(_packspec)
end

.unpack_key(key) ⇒ Object

# File 'lib/rex/encoding/xor/dword_additive.rb', line 29

def DwordAdditive.unpack_key(key)
  return key.unpack(_packspec)[0]
end