Didier Stevens

Tuesday 6 September 2022

Update: xor-kpa.py Version 0.0.6

Filed under: Encryption,My Software,Update — Didier Stevens @ 0:00

This is an update for my tool to perform XOR known plaintext attacks: xor-kpa.py.

The tool has been updated for Python 3, and 3 new plaintext have been added, all for Cobalt Strike configurations.

cs-key is the header of the configuration entry for the public key.

cs-key-dot is the header of the configuration entry for the public key XORed with value 0x2E (a dot).

cs-key-i is the header of the configuration entry for the public key XORed with value 0x69 (letter i).

xor-kpa_V0_0_6.zip (http)
MD5: 4BA5EDEAEF6C8D528227607E78A2A797
SHA256: F7BE170D09E8B8A5B4127F64EC66FFF69EFD3EFA3B4EAC0304B39905A75CDE2A

Share this:

• Twitter
• Facebook

Related

Comments (1)

1 Comment »

1. […] 1768.py, xor-kpa.py, pecheck.py, translate.py, […]

   Pingback by An Obfuscated Beacon – Extra XOR Layer – Didier Stevens Videos — Tuesday 6 September 2022 @ 7:59

RSS feed for comments on this post. TrackBack URI

Leave a Reply (comments are moderated)

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (Address never made public)

Name

Website

You are commenting using your WordPress.com account. ( Log Out /  Change )

You are commenting using your Facebook account. ( Log Out /  Change )

Cancel

Connecting to %s

Notify me of new comments via email.

Notify me of new posts via email.

Δ

This site uses Akismet to reduce spam. Learn how your comment data is processed.

• Pages

  • About
  • Didier Stevens Suite
  • Links
  • My Python Templates
  • My Software
  • Professional
  • Programs
    • Ariad
    • Authenticode Tools
    • Binary Tools
    • CASToggle
    • Cobalt Strike Tools
    • Disitool
    • EICARgen
    • ExtractScripts
    • FileGen
    • FileScanner
    • HeapLocker
    • Network Appliance Forensic Toolkit
    • Nokia Time Lapse Photography
    • oledump.py
    • OllyStepNSearch
    • PDF Tools
    • Shellcode
    • SpiderMonkey
    • Translate
    • USBVirusScan
    • UserAssist
    • VirusTotal Tools
    • XORSearch & XORStrings
    • YARA Rules
    • ZIPEncryptFTP
  • Public Drafts
    • Cisco Tricks
  • Screencasts & Videos
• Search for:

• Top Posts

  • PDF Tools
  • oledump.py
  • Test File: PDF With Embedded DOC Dropping EICAR
  • Using Metasploit On Windows
  • XORSearch & XORStrings

• Categories

  • .NET
  • 010 Editor
  • Announcement
  • Arduino
  • Bash Bunny
  • Beta
  • bpmtk
  • Certification
  • Didier Stevens Labs
  • Eee PC
  • Elec
  • Encryption
  • Entertainment
  • Fellow Bloggers
  • Forensics
  • Hacking
  • Hardware
  • maldoc
  • Malware
  • My Software
  • N800
  • Networking
  • Nonsense
  • nslu2
  • OSX
  • PDF
  • Personal
  • Physical Security
  • Poll
  • Puzzle
  • Quickpost
  • Release
  • Reverse Engineering
  • RFID
  • Shellcode
  • smart card
  • Spam
  • technology
  • UltraEdit
  • Uncategorized
  • Update
  • video
  • Vulnerabilities
  • WiFi
  • Windows 7
  • Windows 8
  • Windows Vista
  • Wireshark
• 

• Blog Stats

  • 7,359,473 hits

• Twitter @DidierStevens

  Tweets by DidierStevens

• Archives

  • May 2023
  • April 2023
  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • October 2018
  • September 2018
  • August 2018
  • July 2018
  • June 2018
  • May 2018
  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • October 2017
  • September 2017
  • August 2017
  • July 2017
  • June 2017
  • May 2017
  • April 2017
  • March 2017
  • February 2017
  • January 2017
  • December 2016
  • November 2016
  • October 2016
  • September 2016
  • August 2016
  • July 2016
  • June 2016
  • May 2016
  • April 2016
  • March 2016
  • February 2016
  • January 2016
  • December 2015
  • November 2015
  • October 2015
  • September 2015
  • August 2015
  • July 2015
  • June 2015
  • May 2015
  • April 2015
  • March 2015
  • February 2015
  • January 2015
  • December 2014
  • November 2014
  • October 2014
  • September 2014
  • August 2014
  • July 2014
  • June 2014
  • May 2014
  • April 2014
  • March 2014
  • February 2014
  • January 2014
  • December 2013
  • November 2013
  • October 2013
  • September 2013
  • August 2013
  • July 2013
  • June 2013
  • May 2013
  • April 2013
  • March 2013
  • February 2013
  • January 2013
  • December 2012
  • November 2012
  • October 2012
  • September 2012
  • August 2012
  • July 2012
  • June 2012
  • May 2012
  • April 2012
  • March 2012
  • February 2012
  • January 2012
  • December 2011
  • November 2011
  • October 2011
  • September 2011
  • August 2011
  • July 2011
  • June 2011
  • May 2011
  • April 2011
  • March 2011
  • February 2011
  • January 2011
  • December 2010
  • November 2010
  • October 2010
  • September 2010
  • August 2010
  • July 2010
  • June 2010
  • May 2010
  • April 2010
  • March 2010
  • February 2010
  • January 2010
  • December 2009
  • November 2009
  • October 2009
  • September 2009
  • August 2009
  • July 2009
  • June 2009
  • May 2009
  • April 2009
  • March 2009
  • February 2009
  • January 2009
  • December 2008
  • November 2008
  • October 2008
  • September 2008
  • August 2008
  • July 2008
  • June 2008
  • May 2008
  • April 2008
  • March 2008
  • February 2008
  • January 2008
  • December 2007
  • November 2007
  • October 2007
  • September 2007
  • August 2007
  • July 2007
  • June 2007
  • May 2007
  • April 2007
  • March 2007
  • February 2007
  • January 2007
  • December 2006
  • November 2006
  • October 2006
  • September 2006
  • August 2006
  • July 2006
  • June 2006

• September 2022

  M	T	W	T	F	S	S
  			1	2	3	4
  5	6	7	8	9	10	11
  12	13	14	15	16	17	18
  19	20	21	22	23	24	25
  26	27	28	29	30