Class: Rex::Encoding::Xor::DwordAdditive

Inherits:
Generic
  • Object
show all
Defined in:
lib/rex/encoding/xor/dword_additive.rb

Class Method Summary collapse

Methods inherited from Generic

_check, _check_encode, _check_key, _find_bad_keys, encode, find_key, find_key_and_encode

Class Method Details

._encode_mutate_key(buf, key, pos, len) ⇒ Object

hook in the key mutation routine of encode for the additive feedback


34
35
36
37
38
39
40
41
42
43
44
45
# File 'lib/rex/encoding/xor/dword_additive.rb', line 34

def DwordAdditive._encode_mutate_key(buf, key, pos, len)
  if (pos + 1) % len == 0
    # add the last len bytes (in this case 4) with the key,
    # dropping off any overflow
    key = pack_key(
      unpack_key(key) + unpack_key(buf[pos - (len - 1), len]) &
        (1 << (len << 3)) - 1
    )
  end

  return key
end

._find_good_key(data, badkeys, badchars) ⇒ Object

I realize this algorithm is broken. We invalidate some keys in _find_bad_keys that could actually be perfectly fine. However, it seems to work ok for now, and this is all just a lame adhoc method. Maybe someday we can revisit this and make it a bit less ghetto…


54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
# File 'lib/rex/encoding/xor/dword_additive.rb', line 54

def DwordAdditive._find_good_key(data, badkeys, badchars)

  ksize  = keysize
  kstart = ""
  ksize.times { kstart << rand(256) } # random key starting place

  key = kstart.dup

  #
  # now for the ghettoness of an algorithm:
  #  try the random key we picked
  #  if the key failed, figure out which key byte corresponds
  #  increment that key byte
  #  if we wrapped a byte all the way around, fail :(
  #

  loop do
    # ok, try to encode it, any bad chars present?
    pos = _check(data, key, badchars)

    # yay, no problems, we found a key!
    break if !pos

    strip = pos % ksize

    # increment the offending key byte
    key[strip] = key[strip] + 1 & 0xff

    # We wrapped around!
    if key[strip] == kstart[strip]
      raise KeySearchError, "Key space exhausted on strip #{strip}!", caller
    end
  end

  return key
end

._packspecObject


22
23
24
# File 'lib/rex/encoding/xor/dword_additive.rb', line 22

def DwordAdditive._packspec
  'V'
end

.keysizeObject


18
19
20
# File 'lib/rex/encoding/xor/dword_additive.rb', line 18

def DwordAdditive.keysize
  4
end

.pack_key(key) ⇒ Object


26
27
28
# File 'lib/rex/encoding/xor/dword_additive.rb', line 26

def DwordAdditive.pack_key(key)
  return [ key ].pack(_packspec)
end

.unpack_key(key) ⇒ Object


29
30
31
# File 'lib/rex/encoding/xor/dword_additive.rb', line 29

def DwordAdditive.unpack_key(key)
  return key.unpack(_packspec)[0]
end