Skip to content

Instantly share code, notes, and snippets.

@Midi12

Midi12/sse_pxor_string_encryption_decrypt_poc.py

Created March 19, 2020 09:47
Show Gist options
  • Save Midi12/45411cd351b0044923bf7c5712610868 to your computer and use it in GitHub Desktop.
Save Midi12/45411cd351b0044923bf7c5712610868 to your computer and use it in GitHub Desktop.
Download ZIP
sse pxor string encryption decrypt poc
Raw
sse_pxor_string_encryption_decrypt_poc.py
'''
.text:0000000140007D8C 48 BE 2B 13 85 14 AE A7 C2 BB mov rsi, 0BBC2A7AE1485132Bh <- xmm2_op part 2
.text:0000000140007D96 48 89 74 24 50 mov qword ptr [rsp+170h+var_120], rsi
.text:0000000140007D9B 48 BF F0 F8 D3 3D 23 E3 F1 96 mov rdi, 96F1E3233DD3F8F0h <- xmm2_op part 1
.text:0000000140007DA5 48 89 7C 24 58 mov qword ptr [rsp+170h+var_120+8], rdi
.text:0000000140007DAA 48 B8 5E 60 E0 66 9D 95 EC DF mov rax, 0DFEC959D66E0605Eh <- xmm1_op part 2
.text:0000000140007DB4 48 89 44 24 40 mov qword ptr [rsp+170h+var_130], rax
.text:0000000140007DB9 48 BB 9C 94 D3 3D 23 E3 F1 96 mov rbx, 96F1E3233DD3949Ch <- xmm1_op part 1
.text:0000000140007DC3 48 89 5C 24 48 mov qword ptr [rsp+170h+var_130+8], rbx
.text:0000000140007DC8 66 0F 6F 44 24 40 movdqa xmm0, [rsp+170h+var_130] <- destination
.text:0000000140007DCE 66 0F EF 44 24 50 pxor xmm0, [rsp+170h+var_120] <- source
.text:0000000140007DD4 66 0F 7F 44 24 40 movdqa [rsp+170h+var_130], xmm0
pxor operation : Destination = Destination ^ Source;
'''
def unxor_pxor(xmm1_op, xmm2_op):
xmm1_bytes = xmm1_op.to_bytes(32, 'little')
xmm2_bytes = xmm2_op.to_bytes(32, 'little')
unxored_str = ''
for i in range(0, 32):
unxored_str += chr(xmm1_bytes[i] ^ xmm2_bytes[i])
return unxored_str
print(unxor_pxor(0x96F1E3233DD3F8F0BBC2A7AE1485132B, 0x96F1E3233DD3949CDFEC959D66E0605E))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment