Earthnuker Posted April 26, 2013 Posted April 26, 2013 hey everyone, last weekend i started learning assembler for writing shellcode encoders (and shellcode itself) at the moment i'm trying to write an XOR based stream encoder (kinda like RC4 but much simpler) the prototype is written in python and it's supposed to work as follows: encoding: 1. take IV xor with first block of data to encode, store result in array 2. take last block from array xor with next block of data, append result to array 3. repeat step 2 until end of data decoding: 1. take IV xor with first block of encoded data , store result 2. take result xor with next block of data, store result 3. repeat step 2 until end of data http://pastebin.com/X9TKcLMm this is the source code "test" is the IV and "targets" is the data to encode now my problem is that the decoding function is not working as intended, it fails to properly decode the encoded data anyone got an idea where the error might be? Thanks in advance, Earthnuker Quote
Jason Cooper Posted April 29, 2013 Posted April 29, 2013 You logic is a bit messed up with this. You are XORing (^) the next block with the encrypted version of the previous block, but decoding with the decoded version of the previous block. Really you don't want to be doing either, as if you are encrypting with the previous block the attacker already has everything that they need to decode all but the first block Encoded Block A (EBA) = [IV^Block A] Encoded Block B (EBB) = [EBA^Block B] Encoded Block C (EBC) = [EBB^Block C] A the attacker will have EBA, EBB and EBC to get Block A they just xor EBA with EBB and to get Block C they xor EBB with EBC. Now if you use your decryption method's way round Encoded Block A (EBA) = [iV^Block A] Encoded Block B (EBB) = [block A^Block B] Encoded Block C (EBC) = [block B^Block C] Now an attacker has a harder job to recover the plain text, but for a long enough message it can become quite trivial. Also any known plain text will break the cipher from that point onwards (even guessing at probable plain text at points will usually be enough to break this sort of set up). The method usually used with xor encryption is to have a psuedo random number generator (PRNG) that is seeded with your IV or a key and then produces a stream of values that are XORed with the source. With this sort of set up your security relies on your chosen key and the difficulty of calculating/guessing the state of the PRNG. For a quite easy example have a look at RC4. It is good to learn from but is itself considered breakable these days and shouldn't be relied upon. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.