Hacker Fundamentals: The Basics of XOR-ingIn a current academic in my Metasploit series.

what’s XOR Hacker Fundamentals: The Basics of XOR-ing?

I confirmed you a way to use shikata_ga_nai to change the signature of a payload to stay away from detection via security devices (firewalls, IDS, etc.) and AV software Hacker Fundamentals: The Basics of XOR-ing.

Shikata_ga_nai is an encoding module in Metasploit that XORs the payload thru more than one iterations (the wide variety of iterations is as much as you), thereby converting the payload’s signature. when the payload bypasses the security gadgets and the AV software program, it then reverses the XORing and the payload is completed commonly at the victim’s machine Hacker Fundamentals: The Basics of XOR-ing.
​

From the questions and feedback I received on that manual, it have become obvious that now not all of you are familiar with this concept of XOR. This guide is dedicated to those of you who are not acquainted with this common method in information era, and as refresher for those who are.

XOR stands for extraordinary OR. In common sense and in normal language, an OR can imply that (1) either announcement is true or (2) each statements are authentic. In other phrases, the declaration will compare to authentic if any of the subsequent statements are real. So, if I say, “The sky is cloudy OR the sky is blue,” it will examine to real if both declaration is genuine or if the sky is blue AND cloudy Hacker Fundamentals: The Basics of XOR-ing.

​The specific OR makes a distinction hacker Fundamentals: The Basics of XOR-ing:

between those two and approach simplest the case where one of the two statements is actual, therefore, exclusive OR. it’s far used during computing for numerous purposes, along with the encryption (together with the payload the use of shikata_ga_nai), mistakes checking, setting parity bits on a RAID, among many different matters.

​As , computer systems perform with millions of on/off switches. present day computer systems makes use of transistors to perform these on/off switches, but of course, early computers used vacuum tubes and any on/off transfer would suffice Hacker Fundamentals: The Basics of XOR-ing.

​these on/off switches are represented by a unmarried bit that is frequently represented by way of an o. That bit can be on or off. If it is off, it is represented with a zero (zero) and if it’s far on, it’s far represented with a 1 (one). moreover, the 0 represents fake and the 1 represents actual. it might assist you to do not forget this by using thinking of the question, “Is the switch on?” proper if it’s far “on” (1), and fake if it “off” (zero). desire that facilitates Hacker Fundamentals: The Basics of XOR-ing.

​Boolean Algebra

Boolean algebra is the algebra of statements that evaluate to either authentic or false. that is beneficial in computing due to the fact we are able to represent these two states (genuine or fake) with the aid of a unmarried bit. when the declaration is false, it is represented by using a 0 (off) and when it is proper it’s far represented via a one (on).

​truth table Hacker Fundamentals: The Basics of XOR-ing computing, we frequently use what are referred to as fact tables. those reality tables constitute all of the viable instances and whether or not they could compare to proper or false, consequently the name “truth tables”. in the case of XOR, there are best 4 feasible cases as illustrated below.

observe that whenever the 2 inputs are the same (zero-zero, 1-1) they examine to false. every time the 2 inputs are one-of-a-kind (1-0, zero-1) the XOR evaluates to actual. So, to summarize, equal is 0 and one-of-a-kind is 1.

​XOR Cipher

The XOR cipher is a noticeably easy cipher that encrypts the input through the usage of a key this is then XORed against the enter to create an output. for instance Hacker Fundamentals: The Basics of XOR-ing:

observe that each time the 2 inputs are the same (0-0, 1-1) they examine to false. on every occasion the 2 inputs are different (1-zero, zero-1) the XOR evaluates to authentic. So, to summarize, same is 0 and specific is 1.
​
One of the benefits of the XOR cipher is that it is easy and fast. In addition, it does now not need a separate set of rules to decipher it, as all structures can XOR. that is why it really works so well in Metasploit’s shikata_ga_nai encoding Hacker Fundamentals: The Basics of XOR-ing.
​
XOR in RAIDS
​
XOR is used in RAID stages three–6 for growing parity statistics. RAID 1 is mirroring the difficult force, this means that we need twice as many drives (and price) to create fault tolerance. on the other hand, parity statistics is used to ensure that if one drive fails, the unique statistics may be recovered. in this way, the RAID has fault tolerance or instance, a RAID can assure the recuperation of bytes 10011100 and 01101100 from two (or greater) difficult drives by means of XORing these bytes, ensuing in (11110000) and writing it to any other pressure. In a RAID three association, that is a separate drive. In a RAID five association, as illustrated above, the parity is interspersed a few of the drives Hacker Fundamentals: The Basics of XOR-ing.

​under this method, if any individual of the difficult drives are misplaced, the misplaced byte can be recreated through XORing bytes from the final drives. as an example, if the power containing 01101100 is lost, 10011100 and 11110000 may be XORed to get better the misplaced byte Hacker Fundamentals: The Basics of XOR-ing.

​XOR in mistakes Checking
​
XORing is also applied in CRC, or cyclic redundancy check, a common method in computing to detect whether or not any accidental mistakes have entered the information. CRC is used for errors checking in TCP, difficult drives, cellular phones, and nearly each other sort of facts transmission. despite the fact that the mathematics are past the scope of this academic, suffice to say that as a minimum, in element, CRC uses XOR.

​I desire this quick academic on XOR is helpful and enlightening to my beginner hackers, as XOR is used for the duration of IT and hacking. it’s far mainly crucial in make the most and payload obfuscation to avoid detection by means of safety devices and AV software program.

during the last several months, i’ve been doing seize the Flags demanding situations on Cryptohack. Cryptohack is a platform for learning sensible cryptography with sport-like demanding situations. i like the platform as it does not require you to leetcode the answer with the nice massive-O time complexity. as a substitute, you simply need to get the flag any way viable Hacker Fundamentals: The Basics of XOR-ing.

XOR is one of those bit operators that escape the mainstream spotlight. it is not a flowery framework or language making its way thru the industry, but XOR is a essential a part of what makes the net and our software secure. earlier than we dive into code examples, we ought to cover what XOR is and the way it is utilized in cryptography.

The basics

XOR, which means exceptional or, is a bitwise operator. meaning, it manipulates facts on the bit level. when XOR’ing bits, a set bit (value of 1) will be again whilst the bits compared are specific. while the bits are the identical, an unset bit (fee of 0) is lower back Hacker Fundamentals: The Basics of XOR-ing.

here is an example on multiple nibbles:

Nibble 1 Nibble 2 result
1 1 0
1 zero 1
zero 1 1
1 1 zero
Decryption using XOR appears exactly like encryption, but reversed:

Encryption: secret XOR message = ciphertext

Decryption: mystery XOR ciphertext = message

this is cool and all. but why is it so useful?

Many asymmetric and symmetric cryptography algorithms use XOR as a issue. this is because of the fact that given a mystery key XOR’d in opposition to a few plaintext message, the output of the operation, known as the ciphertext, is indistinguishable from a random set of bits. An attacker that has get admission to to the encrypted message can’t inform the difference between a correct and wrong decryption result without both the important thing or the unique message. whilst an encrypted set of bits has a fixed bit, you can’t inform whether the key or the message had a set or unset bit ensuing in a 1 from the XOR operation Hacker Fundamentals: The Basics of XOR-ing.

due to this, the one-time pad, or XOR cipher, is a virtually unbreakable encryption set of rules in case you simplest use a mystery key once (key reuse with an XOR cipher is a massive no-no). it is now not very practical, because the key could need to be so long as the message so that the XOR has sufficient bits to operate on. this is why we have Steam Ciphers… that’s an entire one-of-a-kind rabbit hole although Hacker Fundamentals: The Basics of XOR-ing.

Cryptohack challenges

With the fundamentals out of the manner, permit’s have a look at a number of these “standard” XOR problems on Cryptohack.

XOR Starter
Given the string “label”, XOR every individual with the integer 13. Convert those integers returned to a string and publish the flag as crypto{new_string}.

#! /usr/bin/python3
test = “label”
result = “”
for c in take a look at Hacker Fundamentals: The Basics of XOR-ing:
end result = end result + chr(ord(c) ^ thirteen)

print(result)
XOR properties
underneath is a chain of outputs wherein 3 random keys were XOR’d together and with the flag. Use the above homes to undo the encryption inside the final line to attain the flag.

i found this assignment especially exciting. It does a fantastic process of highlighting XOR residences and how key reuse can be risky even along side different keys. It isn’t always a actual-international instance, however it proves several concepts Hacker Fundamentals: The Basics of XOR-ing.

#! /usr/bin/python3

# Commutative: A ⊕ B = B ⊕ A
# Associative: A ⊕ (B ⊕ C) = (A ⊕ B) ⊕ C
# identification: A ⊕ zero = A
# Self-Inverse: A ⊕ A = zero

from pwn import xor

key1 = bytes.fromhex(“a6c8b6733c9b22de7bc0253266a3867df55acde8635e19c73313”)
result1 = bytes.fromhex(“37dcb292030faa90d07eec17e3b1c6d8daf94c35d4c9191a5e1e”)
result2 = bytes.fromhex(“c1545756687e7573db23aa1c3452a098b71a7fbf0fddddde5fc1”)
result3 = bytes.fromhex(“04ee9855208a2cd59091d04767ae47963170d1660df7f56f5faf”)

key2 = xor(key1, result1)
key3 = xor(key2, result2)
flag = xor(result3, key1, key2, key3)

print(flag)
preferred Byte
i have hidden my data the usage of XOR with a unmarried byte. don’t forget to decode from hex first.

This challenge shows a brute force technique of decrypting. though as you can see, it’s best useful in case you know at least part of the original undeniable textual content Hacker Fundamentals: The Basics of XOR-ing.

from pwn import xor

check = bytes.fromhex(
“73626960647f6b206821204f21254f7d694f7624662065622127234f726927756d”
)
for i in range(zero, 256):
result = xor(test, i).decode(“utf-eight”)
if “crypto” in end result:
print(end result)
You both realize, XOR you do not
i have encrypted the flag with my secret key, you may by no means be capable of wager it.

finally, this one took me for a chunk of a loop. I went around in circles for a chunk. i was thrown off by means of the reality that the encrypted messaged was goodbye, sure we most effective knew eight of the values of the decrypted message Hacker Fundamentals: The Basics of XOR-ing.

After a few notion, I determined to simply XOR the primary 7 characters of the message with the portion of the flag. This bring about a part of the key: myXORke. It was then a no brainer what the actual key turned into. I wanted to move the more step and spot if XOR’ing the last character of the flag format with the closing individual of the message might provide me what I knew become the final key. It worked Hacker Fundamentals: The Basics of XOR-ing!

Sources