+ - POC that searches for n-grams and uses them as the XOR key.
+ - Also uses hamming distance to guess key size. Check out cryptopals Challenge 6
+ for more details https://cryptopals.com/sets/1/challenges/6
+pe_ham_brute.py ba5aa03d724d17312d9b65a420f91285caff711e2f891b3699093cc990fdaae0
+Hamming distances & calculated key sizes
+[(2.6437784522003036, 58), (2.6952976867652634, 29), (3.2587556654305727, 63), (3.270363951473137, 53), (3.285315243415802, 61), (3.2863494886616276, 34), (3.29136690647482, 55), (3.300850228907783, 50), (3.306188371302278, 26), (3.309218485361723, 37)]
+Length: 58, Key: IUN0mhqDx239nW3vpeL9YWBPtHC0HIUN0mhqDx239nW3vpeL9YWBPtHC0H File Name: dc53de4f4f022e687908727570345aba.bin
+from cStringIO import StringIO
+from collections import Counter
+from itertools import cycle
+from itertools import product
+def xor_mb(message, key):
+ return''.join(chr(ord(m_byte)^ord(k_byte)) for m_byte,k_byte in zip(message, cycle(key)))
+def hamming_distance(bytes_a, bytes_b):
+ return sum(bin(i ^ j).count("1") for i, j in zip(bytearray(bytes_a), bytearray(bytes_b)))
+def key_len(message, key_size):
+ """"returns [(dist, key_size),(dist, key_size)]"""
+ for k in xrange(2,key_size):
+ for n in xrange(len(message)/k-1):
+ hd.append(hamming_distance(message[k*n:k*(n+1)],message[k*(n+1):k*(n*2)])/k)
+ avg.append((sum(hd) / float(len(hd)), k))
+ return sorted(avg)[:10]
+ '''carve out executable using pefile's trim'''
+ for offset in [temp.start() for temp in re.finditer('\x4d\x5a',data)]:
+ temp_buff = data[offset:]
+ pe = pefile.PE(data=temp_buff)
+def write_file(data, key):
+ key_name = "key-" + name + ".bin"
+ file_name = name + ".bin"
+ print "Length: %s, Key: %s File Name: %s" % (len(key),key, file_name)
+ f = open(file_name, "wb")
+ fk = open(key_name , "wb")
+ key_sizes = key_len(message, 64)
+ print "Hamming distances & calculated key sizes"
+ for temp_sz in key_sizes:
+ substr_counter = Counter(message[i: i+size] for i in range(len(message) - size))
+ sub_count = substr_counter.most_common(32)
+ temp = xor_mb(message, key)
+data = open(sys.argv[1],'rb').read()