Class: Rex::Encoding::Xor::Generic

Inherits:
Object
  • Object
show all
Defined in:
lib/rex/encoding/xor/generic.rb

Direct Known Subclasses

Byte, Dword, DwordAdditive, Qword, Word

Defined Under Namespace

Classes: UnitTest

Class Method Summary collapse

Class Method Details

._check(data, key, badchars) ⇒ Object

hook stylies! return index of offending byte or nil



26
27
28
# File 'lib/rex/encoding/xor/generic.rb', line 26

def Generic._check(data, key, badchars)
  return _check_key(key, badchars) || _check_encode(data, key, badchars)
end

._check_encode(data, key, badchars) ⇒ Object



32
33
34
# File 'lib/rex/encoding/xor/generic.rb', line 32

def Generic._check_encode(data, key, badchars)
  return Rex::Text.badchar_index(encode(data, key), badchars)
end

._check_key(key, badchars) ⇒ Object



29
30
31
# File 'lib/rex/encoding/xor/generic.rb', line 29

def Generic._check_key(key, badchars)
  return Rex::Text.badchar_index(key, badchars)
end

._encode_mutate_key(buf, key, pos, len) ⇒ Object

kind of ghetto, but very convenient for mutating keys by default, do no key mutations



135
136
137
# File 'lib/rex/encoding/xor/generic.rb', line 135

def Generic._encode_mutate_key(buf, key, pos, len)
  return key
end

._find_bad_keys(data, badchars) ⇒ Object

Find a list of bytes that can’t be valid xor keys, from the data and badchars. This returns a Array of hashes, length keysize



46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
# File 'lib/rex/encoding/xor/generic.rb', line 46

def Generic._find_bad_keys(data, badchars)

  ksize = keysize

  # array of hashes for the bad characters based
  # on their position in the data
  badkeys = [ ]
  ksize.times { badkeys << { } }

  badchars.each_byte { |badchar|
    pos = 0
    data.each_byte { |char|
      badkeys[pos % ksize][char ^ badchar] = true
      pos += 1
    }
  }

  return badkeys
end

._find_good_key(data, badkeys, badchars) ⇒ Object

(Hopefully) find a good key, from badkeys and badchars



69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
# File 'lib/rex/encoding/xor/generic.rb', line 69

def Generic._find_good_key(data, badkeys, badchars)

  ksize = keysize
  strip = 0
  key   = ""

  while strip < keysize

    kbyte = rand(256)

    catch(:found_kbyte) do
      256.times {

        if !badkeys[strip][kbyte] && !badchars[kbyte.chr]
          throw :found_kbyte
        end
        
        kbyte = (kbyte + 1) & 0xff
      }

      raise KeySearchError, "Exhausted byte space for strip #{strip}!", caller
    end

    key << kbyte
    strip += 1
  end

  # ok, we should have a good key now, lets double check...
  if _check(data, key, badchars)
    raise KeySearchError, "Key found, but bad character check failed!", caller
  end

  return key
end

.encode(buf, key) ⇒ Object



104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
# File 'lib/rex/encoding/xor/generic.rb', line 104

def Generic.encode(buf, key)

  if !key.kind_of?(String)
    raise ::ArgumentError, "Key must be a string!", caller
  end

  len = key.length

  if len == 0
    raise ::ArgumentError, "Zero key length!", caller
  end

  if keysize != 0 && keysize != len
    raise ::ArgumentError, "Key length #{len}, expected #{keysize}", caller
  end

  encoded = ""
  pos     = 0

  while pos < buf.length
    encoded += (buf[pos,1].unpack("C*")[0] ^ key[pos % len, 1].unpack("C*")[0]).chr
    key = _encode_mutate_key(buf, key, pos, len)
    pos += 1
  end

  return [ encoded, key ]

end

.find_key(data, badchars) ⇒ Object



36
37
38
# File 'lib/rex/encoding/xor/generic.rb', line 36

def Generic.find_key(data, badchars)
  return _find_good_key(data, _find_bad_keys(data, badchars), badchars)
end

.find_key_and_encode(data, badchars) ⇒ Object

maybe a bit a smaller of method name?



140
141
142
143
144
# File 'lib/rex/encoding/xor/generic.rb', line 140

def Generic.find_key_and_encode(data, badchars)
  key        = find_key(data, badchars)
  enc, fkey  = encode(data, key)
  return [ enc, key, fkey ]
end

.keysizeObject



13
14
15
16
17
18
# File 'lib/rex/encoding/xor/generic.rb', line 13

def Generic.keysize
  # special case:
  # 0 means we encode based on the length of the key
  # we don't enforce any perticular key length
  return 0
end