Class: Rex::Encoding::Xor::DwordAdditive

Inherits:

Generic

• Object
• Generic
• Rex::Encoding::Xor::DwordAdditive

Defined in:

lib/rex/encoding/xor/dword_additive.rb

Defined Under Namespace

Classes: UnitTest

Class Method Summary

• ._encode_mutate_key(buf, key, pos, len) ⇒ Object

  hook in the key mutation routine of encode for the additive feedback.

• ._find_good_key(data, badkeys, badchars) ⇒ Object

  I realize this algorithm is broken.

• ._packspec ⇒ Object
• .keysize ⇒ Object
• .pack_key(key) ⇒ Object
• .unpack_key(key) ⇒ Object

Methods inherited from Generic

_check, _check_encode, _check_key, _find_bad_keys, encode, find_key, find_key_and_encode

Class Method Details

._encode_mutate_key(buf, key, pos, len) ⇒ Object

hook in the key mutation routine of encode for the additive feedback

# File 'lib/rex/encoding/xor/dword_additive.rb', line 35

def DwordAdditive._encode_mutate_key(buf, key, pos, len)
	if (pos + 1) % len == 0
		# add the last len bytes (in this case 4) with the key,
		# dropping off any overflow
		key = pack_key(
		  unpack_key(key) + unpack_key(buf[pos - (len - 1), len]) &
		    (1 << (len << 3)) - 1
		)
	end

	return key
end

._find_good_key(data, badkeys, badchars) ⇒ Object

I realize this algorithm is broken. We invalidate some keys in _find_bad_keys that could actually be perfectly fine. However, it seems to work ok for now, and this is all just a lame adhoc method. Maybe someday we can revisit this and make it a bit less ghetto…

# File 'lib/rex/encoding/xor/dword_additive.rb', line 55

def DwordAdditive._find_good_key(data, badkeys, badchars)

	ksize  = keysize
	kstart = ""
	ksize.times { kstart << rand(256) } # random key starting place

	key = kstart.dup

	#
	# now for the ghettoness of an algorithm:
	#  try the random key we picked
	#  if the key failed, figure out which key byte corresponds
	#  increment that key byte
	#  if we wrapped a byte all the way around, fail :(
	#

	loop do
		# ok, try to encode it, any bad chars present?
		pos = _check(data, key, badchars)

		# yay, no problems, we found a key!
		break if !pos

		strip = pos % ksize

		# increment the offending key byte
		key[strip] = key[strip] + 1 & 0xff

		# We wrapped around!
		if key[strip] == kstart[strip]
			raise KeySearchError, "Key space exhausted on strip #{strip}!", caller
		end
	end

	return key
end

._packspec ⇒ Object

# File 'lib/rex/encoding/xor/dword_additive.rb', line 23

def DwordAdditive._packspec
	'V'
end

.keysize ⇒ Object

# File 'lib/rex/encoding/xor/dword_additive.rb', line 19

def DwordAdditive.keysize
	4
end

.pack_key(key) ⇒ Object

# File 'lib/rex/encoding/xor/dword_additive.rb', line 27

def DwordAdditive.pack_key(key)
	return [ key ].pack(_packspec)
end

.unpack_key(key) ⇒ Object

# File 'lib/rex/encoding/xor/dword_additive.rb', line 30

def DwordAdditive.unpack_key(key)
	return key.unpack(_packspec)[0]
end