 Today I'm releasing a new program XORKPA that allows you to do a known plaintext attack on XOR encoded files. So that's a new program XORKPA. It takes plaintext as input, a file with the plaintext and then a file with the ciphertext and then it will try to recover the repeating key. So I have two files here ciphertextxml.txt and prefixxml.txt. Now this one here is encoded. I can do a hex dump like this here. Now we know that it is XML so that's how we can do a known plaintext attack on it. We know that it is XML but you cannot see this here because it is encoded with an XOR key. And since it is XML we know that it will start with this string. So that's what I have in file prefix.xml. So now when I run XORKPA with this prefix and ciphertext I get this as a result. So XORKPA has found three possible keys. The first one here, so the first thing that happens is that when you XOR a known plaintext with ciphertext that is that you recover the key stream. And here you can see the key stream is secret key, secret key, secret key and so on. So this is a repeating key and XORKPA is able to extract the key itself, secret key. And it also tells us that there are 45 extra bytes. So that means that when we look at the key stream here that it is 45 bytes long and that the key itself with secret key is 9 bytes long. So our key stream is 45 extra bytes long. So that's a very good confidence for finding this key. Well in the other cases here we only have one extra byte. So you see here that the key stream starts with an M and then goes on for a long way and then also ends with an M. Sorry it starts again here with an M. So that's very unlikely to be a key. Now you can filter out those keys with low confidence by using option minus E. E stands for extra and here with minus E2 I'm going to filter on all key streams that have at least two extra bytes like this. Then I only get here the 45 extra keys, the secret key. I can decode the file. So the ciphertext file can be decoded with minus D. This will take the key with the most confidence. So here the 45 byte extra key and use that to try to decode the ciphertext. And as you can see here it is able to decode the ciphertext. Now this is as an example a small XML file. You will also encounter frequently XOR encoded EXIF files like this one that I made here. I took notepad and encoded it with a repeat in XOR key. Now what we know about PE files is that it very often contains a following string in the beginning. This program cannot be run in DOS mode. So we could put that in a text file and use that as the known plaintext in the known plaintext attack. But since it is frequent that we want to search for a simple string, a simple ASCII string. I have provided a feature in XOR KPA that you don't need to store the known plaintext in a file but that you can also provide it as an argument. And you just have to start with an X key here like this, the hash character. And then we can type this program cannot be run in DOS mode. And of course in this contains space characters we need to quote it. Like this again we are going to filter on at least two extra bytes and we provide the encrypted notepad executable. Now this here will take a bit longer because the executable is about 200k and XOR KPA has to look for this known plaintext in a whole of 200k. So we have three keys and here you can see that the most likely key here is password with an extra bytes of dirty.