Assembly Language for Beginners

9.1. PRIMITIVE XOR-ENCRYPTION Figure 9.9:Decrypted file in Midnight Commander, 1st attempt Looks like some kind of English phras ...

9.1. PRIMITIVE XOR-ENCRYPTION Encryptedbyteis2, thebytefromthekeyis103, 2 ⊕103 = 101and101isASCIIcodefor“e”character. What byte ...

9.1. PRIMITIVE XOR-ENCRYPTION Indeed, one can switch case just by XOR-ing ASCII character code with 32 (more about it:3.16.3 on ...

9.1. PRIMITIVE XOR-ENCRYPTION Mathematicanotebookfileisdownloadablehere:https://github.com/DennisYurichev/RE-for-beginners/ blob ...

9.1. PRIMITIVE XOR-ENCRYPTION In[]:=input = BinaryReadList["/home/dennis/tmp/cipher.txt"]; In[]:=blocks = Partition[input, 17]; ...

9.1. PRIMITIVE XOR-ENCRYPTION N= 1 [160, 161] len= 2 N= 2 [32, 33, 38] len= 3 N= 3 [80, 81, 87] len= 3 N= 4 [78, 79] len= 2 N= 5 ...

9.1. PRIMITIVE XOR-ENCRYPTION 440}, {39, 31077}, {34, 488}, {59, 17199}, {126, 1}, {95, 71}, {113, 2414}, {81, 1179}, {63, 10476 ...

9.1. PRIMITIVE XOR-ENCRYPTION continue spaces_ratio=len(tmp)/spaces if spaces_ratio<4: continue if spaces_ratio>7: continu ...

9.2 Information entropy stick which our visitor had left behind him the night before. It was a fine, thick piece of wood, bulbou ...

9.2. INFORMATION ENTROPY It is possible to slice a file by blocks, calculate entropy of each and draw a graph. I did this in Wol ...

9.2. INFORMATION ENTROPY There are two parts in graph: first is somewhat chaotic, second is more steady. 0inhorizontalaxisingrap ...

9.2. INFORMATION ENTROPY Indeed, this are names of ISPs. So, entropy of English text is 4.5-5.5 bits per byte? Yes, something li ...

9.2. INFORMATION ENTROPY We see here 3 blocks with empty lacunas. Then the first block with high entropy (started at address 0) ...

9.2. INFORMATION ENTROPY Rising edges are corresponding to rising edges of block on our graph. Falling edges are the points wher ...

9.2. INFORMATION ENTROPY There is cavity at≈ 0 x 19000 (absolute file offset). I’ve opened the executable file in hex editor and ...

9.2. INFORMATION ENTROPY In hex editor I can see PNG file here, embedded in the PE file resource section (it is a large image of ...

9.2. INFORMATION ENTROPY The cavity at the very beginning is an English text: debugging messages. I checked variousISAs and I fo ...

9.2. INFORMATION ENTROPY x64: .text section of ntoskrnl.exe file from Windows 7 x64: 6.5 ARM (thumb mode), Angry Birds Classic: ...

9.2. INFORMATION ENTROPY Here is an example of how Mathematica grouped various entropy values into distinctive groups. Indeed, t ...

9.2. INFORMATION ENTROPY 9.2.4 A word about primitive encryption like XORing It’s interesting that simple XOR encryption doesn’t ...