Group :: File tools
RPM: XORSearch
Main Changelog Spec Patches Sources Download Gear Bugs and FR Repocop
Current version: 1.6.0-alt1.qa1
Build date: 15 april 2013, 17:34 ( 575.1 weeks ago )
Size: 46.79 Kb
Home page: http://blog.didierstevens.com/programs/xorsearc…
License: Public domain
Summary: Search for a given string in an XOR, ROL or ROT encoded binary file
Description:
List of contributors List of rpms provided by this srpm:
ACL:
Build date: 15 april 2013, 17:34 ( 575.1 weeks ago )
Size: 46.79 Kb
Home page: http://blog.didierstevens.com/programs/xorsearc…
License: Public domain
Summary: Search for a given string in an XOR, ROL or ROT encoded binary file
Description:
XORSearch is a program to search for a given string in an XOR, ROL or ROT encoded binary file. An XOR encoded binary file is a file where some (or all) bytes have been XORed with a constant value (the key). A ROL (or ROR) encoded file has its bytes rotated by a certain number of bits (the key). A ROT encoded file has its alphabetic characters (A-Z and a-z) rotated by a certain number of positions. XOR and ROL/ROR encoding is used by malware programmers to obfuscate strings like URLs.
XORSearch will try all XOR keys (0 to 255), ROL keys (1 to 7) and ROT keys (1 to 25) when searching. I programmed XORSearch to include key 0, because this allows to search in an unencoded binary file (X XOR 0 equals X).
If the search string is found, XORSearch will print it until the 0 (byte zero) is encountered or until 50 characters have been printed, which ever comes first. 50 is the default value, it can be changed with option -l. Unprintable characters are replaced by a dot.
Current maintainer: Dmitry V. Levin (QA) XORSearch will try all XOR keys (0 to 255), ROL keys (1 to 7) and ROT keys (1 to 25) when searching. I programmed XORSearch to include key 0, because this allows to search in an unencoded binary file (X XOR 0 equals X).
If the search string is found, XORSearch will print it until the 0 (byte zero) is encountered or until 50 characters have been printed, which ever comes first. 50 is the default value, it can be changed with option -l. Unprintable characters are replaced by a dot.
List of contributors List of rpms provided by this srpm:
- XORSearch
- XORSearch-debuginfo