XOR

XOR Files With Python

Standard

This is a simple script, written in Python, that perform a logical exclusion, XOR, on two files and saves the result in the destination file. It is one of the most simple and effective tool in my forensics-toolbox. I used this tool several times for example to recover data from a broken RAID 5 or deobfuscate an obfuscated binary or image. The usage is very simple and intuitive.
You can find the full code and examples in the repository.

Have fun!

#######################
# Powershell XOR 2 Files
# xor.py
# Jul 2016
# Website: http://www.Megabeets.net
# Use: ./xor.py file1 file2 outputFile
# Example: ./xor.py C:\a.txt C:\b.txt C:\result.txt
#######################

import sys

# Read two files as byte arrays
file1_b = bytearray(open(sys.argv[1], 'rb').read())
file2_b = bytearray(open(sys.argv[2], 'rb').read())

# Set the length to be the smaller one
size = len(file1_b) if len(file1_b) < len(file2_b) else len(file2_b)
xord_byte_array = bytearray(size)

# XOR between the files
for i in range(size):
	xord_byte_array[i] = file1_b[i] ^ file2_b[i]

# Write the XORd bytes to the output file	
open(sys.argv[3], 'wb').write(xord_byte_array)

print "[*] %s XOR %s\n[*] Saved to \033[1;33m%s\033[1;m."%(sys.argv[1], sys.argv[2], sys.argv[3])

 

Click here for the Powershell Version.

megabeets_inline_logoEat Veggies

XOR Files With Powershell

Standard

Today I’m sharing with you one of the most simple and effective tool in my forensics-toolbox. A simple script, written in Powershell, that perform a logical exclusion, XOR, on two files and saves the result in the destination file. I used this tool several times for example  to  recover data from a broken RAID 5 or deobfuscate an obfuscated binary or image. The usage is very simple and intuitive.
You can find the full code and examples in the repository.

Have fun!

<#
.DESCRIPTION
    Powershell XOR 2 Files

.EXAMPLE
    ./xor.ps1 C:\a.txt C:\b.txt C:\result.txt

.NOTES
    Author:  Itay Cohen
    Website: http://www.Megabeets.net
    Date:    Jul 2016    

.SYNOPSIS
    .
#>


param (
    [Parameter(Mandatory=$true)]
    [string] $file1, #First File
    [Parameter(Mandatory=$true)]
    [string] $file2, #Second file
    [Parameter(Mandatory=$true)]
    [string] $out #Output File
) #end param

 
# Read two files as byte arrays
$file1_b = [System.IO.File]::ReadAllBytes("$file1") 
$file2_b = [System.IO.File]::ReadAllBytes("$file2")
 
# Set the length to be the smaller one
$len = if ($file1_b.Count -lt $file2_b.Count) {$file1_b.Count} else { $file2_b.Count}
$xord_byte_array = New-Object Byte[] $len

# XOR between the files
for($i=0; $i -lt $len ; $i++)
{
    $xord_byte_array[$i] = $file1_b[$i] -bxor $file2_b[$i]
}
 
# Write the XORd bytes to the output file
[System.IO.File]::WriteAllBytes("$out", $xord_byte_array)

write-host "[*] $file1 XOR $file2`n[*] Saved to " -nonewline;
Write-host "$out" -foregroundcolor yellow -nonewline; Write-host ".";

 

Click here for the Python version.

megabeets_inline_logoEat Veggies