Group :: Ferramentas de Arquivo
RPM: XORSearch
Principal Changelog Spec Patches Sources Download Gear Bugs e FR Repocop
A versão atual: 1.6.0-alt1.qa1
Data da compilação: 15 abril 2013, 17:34 ( 571.5 weeks ago )
Tamanho:: 46.79 Kb
Home page: http://blog.didierstevens.com/programs/xorsearc…
Licença: Public domain
Sumário: Search for a given string in an XOR, ROL or ROT encoded binary file
Descrição:
Lista dos contribuidores Lista dos rpms provida por esta srpm:
ACL:
Data da compilação: 15 abril 2013, 17:34 ( 571.5 weeks ago )
Tamanho:: 46.79 Kb
Home page: http://blog.didierstevens.com/programs/xorsearc…
Licença: Public domain
Sumário: Search for a given string in an XOR, ROL or ROT encoded binary file
Descrição:
XORSearch is a program to search for a given string in an XOR, ROL or ROT encoded binary file. An XOR encoded binary file is a file where some (or all) bytes have been XORed with a constant value (the key). A ROL (or ROR) encoded file has its bytes rotated by a certain number of bits (the key). A ROT encoded file has its alphabetic characters (A-Z and a-z) rotated by a certain number of positions. XOR and ROL/ROR encoding is used by malware programmers to obfuscate strings like URLs.
XORSearch will try all XOR keys (0 to 255), ROL keys (1 to 7) and ROT keys (1 to 25) when searching. I programmed XORSearch to include key 0, because this allows to search in an unencoded binary file (X XOR 0 equals X).
If the search string is found, XORSearch will print it until the 0 (byte zero) is encountered or until 50 characters have been printed, which ever comes first. 50 is the default value, it can be changed with option -l. Unprintable characters are replaced by a dot.
Mantenedor currente: Dmitry V. Levin (QA) XORSearch will try all XOR keys (0 to 255), ROL keys (1 to 7) and ROT keys (1 to 25) when searching. I programmed XORSearch to include key 0, because this allows to search in an unencoded binary file (X XOR 0 equals X).
If the search string is found, XORSearch will print it until the 0 (byte zero) is encountered or until 50 characters have been printed, which ever comes first. 50 is the default value, it can be changed with option -l. Unprintable characters are replaced by a dot.
Lista dos contribuidores Lista dos rpms provida por esta srpm:
- XORSearch
- XORSearch-debuginfo