XORSearch - Search for a given string in an XOR, ROL or ROT encoded binary file
||ALT Linux Sisyphus
XORSearch is a program to search for a given string in an XOR, ROL or ROT encoded binary file. An XOR encoded binary file is a file where some (or all) bytes have been XORed with a constant value (the key). A ROL (or ROR) encoded file has its bytes rotated by a certain number of bits (the key). A ROT encoded file has its alphabetic characters (A-Z and a-z) rotated by a certain number of positions. XOR and ROL/ROR encoding is used by malware programmers to obfuscate strings like URLs.
XORSearch will try all XOR keys (0 to 255), ROL keys (1 to 7) and ROT keys (1 to 25) when searching. I programmed XORSearch to include key 0, because this allows to search in an unencoded binary file (X XOR 0 equals X).
If the search string is found, XORSearch will print it until the 0 (byte zero) is encountered or until 50 characters have been printed, which ever comes first. 50 is the default value, it can be changed with option -l. Unprintable characters are replaced by a dot.
- Add the following line to /etc/apt/sources.list:
rpm [Sisyphus] http://ftp.altlinux.org/pub/distributions/ALTLinux/Sisyphus i586 classic
rpm [Sisyphus] http://ftp.altlinux.org/pub/distributions/ALTLinux/Sisyphus noarch classic
- Update the package index:
# sudo apt-get update
- Install XORSearch rpm package:
# sudo apt-get install XORSearch
2013-04-15 - Dmitry V. Levin (QA) <firstname.lastname@example.org> 1.6.0-alt1.qa1
- NMU: rebuilt for debuginfo.
2010-07-13 - Fr. Br. George <email@example.com> 1.6.0-alt1
- Initial build for ALT