Comments on: XORSearch http://blog.didierstevens.com (blog \'DidierStevens) Mon, 10 Jun 2013 08:49:54 +0000 hourly 1 http://wordpress.com/ By: New Tool: XORStrings | Didier Stevens http://blog.didierstevens.com/programs/xorsearch/#comment-73260 Mon, 15 Apr 2013 00:01:12 +0000 http://didierstevens.wordpress.com/programs/xorsearch/#comment-73260 [...] is best described as the combination of my XORSearch tool and the well-known strings [...]

]]> By: Obfuscation: Malware’s best friend | Malwarebytes Unpacked http://blog.didierstevens.com/programs/xorsearch/#comment-69679 Fri, 08 Mar 2013 16:59:29 +0000 http://didierstevens.wordpress.com/programs/xorsearch/#comment-69679 [...] in search of a particular string.  One popular tool available on both UNIX and Window platforms is XORSearch written by Didier Stevens.  This tool searches for strings encoded in multiple formats, including [...]

]]> By: Update XORSearch V1.8.0: Shifting « Didier Stevens http://blog.didierstevens.com/programs/xorsearch/#comment-68543 Wed, 20 Feb 2013 21:33:28 +0000 http://didierstevens.wordpress.com/programs/xorsearch/#comment-68543 [...] new version of XORSearch comes with a new operation: shifting [...]

]]> By: unXOR - recover plaintext and key from XORed data | tomchop[is].me http://blog.didierstevens.com/programs/xorsearch/#comment-64947 Sun, 30 Dec 2012 12:03:06 +0000 http://didierstevens.wordpress.com/programs/xorsearch/#comment-64947 [...] go through the trouble if a single-byte XOR key can easily be bruteforced? Tools such as Didier Steven’s XORsearch do the job fine. The nice thing about this technique is that it can be extended to multi-byte [...]

]]> By: » * XOR search -- Niebezpiecznik.pl -- http://blog.didierstevens.com/programs/xorsearch/#comment-61448 Tue, 13 Nov 2012 07:21:17 +0000 http://didierstevens.wordpress.com/programs/xorsearch/#comment-61448 [...] narzędzie, teraz także na OS [...]

]]> By: XORSearch for OSX « Didier Stevens http://blog.didierstevens.com/programs/xorsearch/#comment-61089 Thu, 08 Nov 2012 21:59:52 +0000 http://didierstevens.wordpress.com/programs/xorsearch/#comment-61089 [...] You can find the new version on XORSearch’s page. [...]

]]> By: XOR em arquivos binarios | Alan Carvalho de Assis http://blog.didierstevens.com/programs/xorsearch/#comment-61009 Wed, 07 Nov 2012 13:44:38 +0000 http://didierstevens.wordpress.com/programs/xorsearch/#comment-61009 [...] Update: there is another interesting project: http://blog.didierstevens.com/programs/xorsearch [...]

]]> By: Where’s char *wally?: Searching for Strings in Single Byte Xor Encrypted Data « Malware Musings http://blog.didierstevens.com/programs/xorsearch/#comment-60399 Tue, 30 Oct 2012 21:45:43 +0000 http://didierstevens.wordpress.com/programs/xorsearch/#comment-60399 [...] Malware Analysis Essentials using REMnux webcast, during which he demonstrated the ‘xorsearch‘ command. This command will search for an xored version of a given string by, I believe, [...]

]]> By: Didier Stevens http://blog.didierstevens.com/programs/xorsearch/#comment-60262 Mon, 29 Oct 2012 18:38:03 +0000 http://didierstevens.wordpress.com/programs/xorsearch/#comment-60262 @Christophe Yup, I Tweeted about it a couple of weeks ago.

And you can just drop the line with malloc.h, you don’t need conditional compilation.
Works fine on Windows and Linux too.

]]> By: Christophe Vandeplas http://blog.didierstevens.com/programs/xorsearch/#comment-60233 Mon, 29 Oct 2012 09:28:01 +0000 http://didierstevens.wordpress.com/programs/xorsearch/#comment-60233 To compile on Mac you first need to apply the following patch as malloc.h is a deprecated import.

— XORSearch.c 2012-10-29 10:25:26.000000000 +0100
+++ XORSearch.c.ori 2010-01-17 10:57:24.000000000 +0100
@@ -28,9 +28,7 @@
#include
#include
#include
-#if !defined(__APPLE__)
#include
-#endif
#include
#include
#include

]]>