xorsearch.py: Python Functions, (Sat, May 17th) SANS Internet Storm Center, InfoCON: green

May 17, 2025

A couple years ago I published tool xorsearch.py for this diary entry: “Small Challenge: A Simple Word Maldoc – Part 4”. 

A couple years ago I published tool xorsearch.py for this diary entry: “Small Challenge: A Simple Word Maldoc – Part 4“.

It could be used to search for XOR-encoded text:

This was a beta version, and its user interface was subject to change. The version I released recently is a rewrite, and option -t no longer exists.

To achieve a similar result with the new version of xorsearch.py, one uses now option -P (Python) and provides a Python function that filters out printable text: IsPrintable

Option -D can then be used to dump the decoded data with an extra newline:

Here too XOR encoding with key 0x6f reveals the hidden command.

 

Didier Stevens
Senior handler
blog.DidierStevens.com

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. 

Read More

Share

In The News

Tech Jacks
Derrick Jackson is a IT Security Professional with over 10 years of experience in Cybersecurity, Risk, & Compliance and over 15 Years of Experience in Enterprise Information Technology

Leave A Reply


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.