Didier Stevens

Tuesday 6 September 2022

Update: xor-kpa.py Version 0.0.6

Filed under: Encryption,My Software,Update — Didier Stevens @ 0:00

This is an update for my tool to perform XOR known plaintext attacks: xor-kpa.py.

The tool has been updated for Python 3, and 3 new plaintext have been added, all for Cobalt Strike configurations.

cs-key is the header of the configuration entry for the public key.

cs-key-dot is the header of the configuration entry for the public key XORed with value 0x2E (a dot).

cs-key-i is the header of the configuration entry for the public key XORed with value 0x69 (letter i).

xor-kpa_V0_0_6.zip (http)
MD5: 4BA5EDEAEF6C8D528227607E78A2A797
SHA256: F7BE170D09E8B8A5B4127F64EC66FFF69EFD3EFA3B4EAC0304B39905A75CDE2A

Blog at WordPress.com.