MAYBE THY USED FILES FOR MALST YEARS AGAIN
THIS ARE THINGS WE XORED LAST YEAR http://prntscr.com/2h92vj NOTE THAT WE IN ONE CASE XORED THREE FILES TO GET RESULT
THIS ARE FILES WE HAVENT USED LAST YEAR, http://prntscr.com/2h932z CHECK GREEN "ends never tied"
THINGS WE HAVE FROM 2014:
- Twitter pic: http://i.imgur.com/zN4h51m.jpg
- ONION 1 3301.jpg
- ONION 2 STRING
EXAMPLE 1
634292ba49fe336edada779a34054a335c2ec12c8bbaed4b92dcc05efe98f76abffdc2389bdb9de2cf20c009acdc1945ab095a52609a5c219afd5f3b3edf10fcb25950666dfe8d8c433cd10c0b4c72efdfe12c6270d5cfde291f9cf0d73cb1211140136e4057380c963d70c76948d9cf6775960cf98fbafa435c44015c5959837a0f8d9f46e094f27c5797b7f8ab49bf28fa674d2ad2f726e197839956921dab29724c
XOR
560.17
=
634292ba49fe336edada779a34054a335c2ec12c8bbaed4b92dcc05efe98f76abffdc2389bdb9de2cf20c009acdc1945ab095a52609a5c219afd5f3b3edf10fcb25950666dfe8d8c433cd10c0b4c72efdfe12c6270d5cfde291f9cf0d73cb1211140136e4057380c963d70c76948d9cf6775960cf98fbafa435c44015c5959837a0f8d9f46e094f27c5797b7f8ab49bf28fa674d2ad2f726e197839956921dab29724c
THIS IS ONLY EXMAPLE THIS IS ONLY EXMAPLE THIS IS ONLY EXMAPLE THIS IS ONLY EXMAPLE
EXAMPLE 2
Statistical analysis of the data shows that if it was XOR:ed with a repeating key, possibilities are good that the key length is either 3 or 11. All combinations of keys of length 1, 2 and 3 have been tried without success. 11 is too long to brute force, but might work with a wordlist attack.
XOR script to run tests on the (currently 3) 256 byte strings
#!/usr/bin/perl
# THESE STRINGS ARE FROM NUMINTS SITE (verified also on this wiki)
# You can add additional strings, just use key onion for onion strings
# and key totient for totients. Make sure to use the number at the end for ordering
my $data = {
#Onoin 2
onion2 =>
'634292ba49fe336edada779a34054a335c2ec12c8bbaed4b92dcc05efe98f76abffdc2389bdb9de2cf20c009acdc1945ab095a52609a5c219afd5f3b3edf10fcb25950666dfe8d8c433cd10c0b4c72efdfe12c6270d5cfde291f9cf0d73cb1211140136e4057380c963d70c76948d9cf6775960cf98fbafa435c44015c5959837a0f8d9f46e094f27c5797b7f8ab49bf28fa674d2ad2f726e197839956921dab29724cd48e1a81fc9bab3565f7513e3e368cd0327b47cf595afebb78d6b5bca92ba021cd6734f4362a0b341f359157173b53d49ea5dff5889d2c9de6b0d7e8c615286ce596bfa83f50b6eeabd153aaf50cd75f39929ba11fb0f8e8d611442846',
# Onion 2 Totient
totient2 =>
'3c14483c487e20286c6c603c180424202c16c0148a3c9c284850402e7e48d834bedc601878909c70841040065450142c6c061828203c2c143cdc483a1ede0848585820206c7e5c304210b4040a2424eede78142a308c8448281e3040a81074141020122820381804283c30c63018b48466482804a4783c64422c20012c5858823c085c681860486e3c389678786c48be1064663c0c30d812789682602a481c6c28242468460c5448786c3464d8361e1e1230601450468458187ea0206ab45c9c2a4014a0661878120c0a181e347038163a52684e50dea8409c149c5850a8703c0c1024e428be30242048606cb45240a804a848244878841e5078706a10201018',
#Onion 3
onion3 =>
'87de5b7fa26ab85d2256c453e7f5bc3ac7f25ee743297817febd7741ededf07ca0c7e8b1788ea4131441a8f71c63943d8b56aea6a45159e2f59f9a194af23eaabf9de0f3123c041c882d5b7e03e17ac49be67cef29fbc7786e3bda321a176498835f6198ef22e81c30d44281cd217f7a46f58c84dd7b29b941403ecd75c0c735d20266121f875aa8dec28f32fc153b1393e143fc71616945eea3c10d6820bd631cf775cf3c1f27925b4a2da655f783f7616f3359b23cff6fb5cb69bcb745c55dff439f7eb6a4094bd302b65a84360a62f94c8b010250fcc431c190d6ed8cc8a3bfce37dddb24b93f502ad83c5fa21923189d8be7a6127c4105fcf0e5275286f2',
# Onion 3 Totient
totient3 =>
'4848487e3634583c102a545278a85c1cc66e2e78422820167e6c60309c9c403c40c6707420465012083030d80c3c483c8a2a385250365870a8683c14246e1e40be9c60a20610020c4018482402783c5478583cee28fac620283a6c140c16284882486048ee10700c10681454a0147e3c18a83028c050289030201ea04840c634300120061e48183048607814480c3a12547842487060302c60a2c00c30106c3c0cd84884101e18484824185240d882d86048205858108048b4a8305c782cc43c8042682448500628d20148182812042aa4248a01012048542ac0306a9c3050a2be6628c0900c9024200c481048361418089c8a7852063c30044840e41828426e',
#Onion 4
onion4 =>
'bf1d5574ca36efd524e6c34c26cbd628b19aa835aceb94ea7f2ca7f33d1b8f51476bc597d4bf9ad5111d8f39ef5351b3b090bce47f023002fe69928e79f6f8147f6fe051f2f159041f932f5190308d7441fc3cecead0851662d3217485827e640a4183fa5bc8cef5ff7d1473d2746a37fbc8b94318ff0d3aeb467017c0ea5cb33b3e6967453986e1450b35ad47861f679cf7db5a6c170bcfb67544983ec1e36b27ee8c5721da39d27dbfa0cdc15ba3cbaa425e8a8b96b81ab665f3ebc41563a0e9270695d3d68887cfab2c07b290718307f764afba684b17fcfd71323f64206e5fa378b4ee89e80885733080065dd34a5c838898906b8d43de9f1d8eb6922bad',
# Onion 4 Totient
totient4 =>
'be1c40386412ee8c0c58602412a86a10743c303454b848487e14a6a23c127836466ac49668be3c8c101c7824ee5236b250305c487e0110017e3048466e5078087e4860366ef058021e542e3630105c383048107448606c0a2ad214386c30242804308264485066a88064085830383428fa50904208800c1cb818301640482cb23a1e30662c2442782c0a34ac46421e6630d8901824160a84484820481ec0e26a18603038146c243064be40a0c048a2a840142e2c8a28580c4864a2b8540c3c40e8180294d26a4048846c14065830708206d828783c30281648dc70142428102848a22030608870046c581040023cd2242c824048306a5c4248681c4648482aac',
};
sub byteReverse
{
my ($hex) = @_;
return join , reverse split /(..)/, $hex;
}
sub XORstrings
{
my (@hex) = @_;
my $x = undef;
while (my $v = shift @hex) {
$v = pack("H*", $v);
if (!defined($x)) {
$x = $v;
next;
}
$x ^= $v;
}
return $x;
}
# More tests can be added, they should
# as hash refs in the list below.
# They should include these components:
# 'title' = The name of the test
# 'run' = A sub function reference that actuall performs the test
# it will be passed an array ref of the onion strings and an array ref
# of the totient strings from the $data reference above
my @tests = (
{
title => 'XOR onion strings in sequential order (no byte reversal)',
run => sub {
my ($o, $t) = @_;
my $x = XORstrings(@$o);
return $x;
}
},
{
title => 'XOR onion strings and their totients in sequential order (no byte reversal)',
run => sub {
my ($o, $t) = @_;
my $x = undef;
while (my $v = shift @$o) {
$v = pack("H*", $v);
if (!defined($x)) {
$x = $v;
next;
}
$x ^= $v;
# Apply totient xor now (for each piece, in sequence)
my $tv = shift @$t;
if (!$tv) {
print STDERR "ERROR: Missing totient for:\n$v\nCan not continue\n";
break;
}
$x ^= pack("H*", $tv);
}
return $x;
}
},
{
title => 'XOR onion strings in sequential order (WITH all strings byte reversed)',
run => sub {
my ($o, $t) = @_;
my $x = XORstrings(@$o);
return $x;
}
},
{
title => 'XOR onion strings and their totients in sequential order (WITH all onion strings byte reversed but not the totients)',
run => sub {
my ($o, $t) = @_;
my $x = undef;
while (my $v = shift @$o) {
$v = pack("H*", byteReverse($v));
if (!defined($x)) {
$x = $v;
next;
}
$x ^= $v;
# Apply totient xor now (for each piece, in sequence)
my $tv = shift @$t;
if (!$tv) {
print STDERR "ERROR: Missing totient for:\n$v\nCan not continue\n";
break;
}
$x ^= pack("H*", $tv);
}
return $x;
}
},
);
# RUN THE TESTS
my %x = %$data;
# Simple xor with each file (no byte reversal
for (my $i = 0; $i < @tests; ++$i) {
my @ostrings = @x{sort grep{/^onion/} keys %x};
my @totients = @x{sort grep{/^totient/} keys %x};
my $t = $tests[$i];
print "[ T#".($i+1)." $t->{title} ]\n";
my $r = $t->{run}->(\@ostrings, \@totients);
{
use bytes;
open(my $tmpf, ">/tmp/$$.z");
print $tmpf $r;
close $tmpf;
print qx(xxd /tmp/$$.z);
print "Length: ". (-s "/tmp/$$.z")."\n";
}
$r = undef;
print "\n";
}
__END__
Here is the current results from the script tests
[ T#1 XOR onion strings in sequential order (no byte reversal) ]
0000000: 5b81 9cb1 21a2 64e6 dc6a 7085 f53b 2021 [...!.d..jp..; !
0000010: 2a46 37fe 6478 01b6 134d 10ec 2e6e 8847 *F7.dx...M...n.G
0000020: 5851 ef1e 37ea a324 ca7c e7c7 5fec dccb XQ..7..$.|.._...
0000030: 90cf 4810 bbc9 35c1 910b 57ac 0ddb d642 ..H...5...W....B
0000040: 72ab 50c4 8d33 d094 d482 a523 989d 855f r.P..3.....#..._
0000050: 05fb 6c61 b3fe 8db0 25f7 67b6 48a9 abdd ..la....%.g.H...
0000060: 985e f10c f4bd 1ee5 5994 2635 761d cc82 .^......Y.&5v...
0000070: da48 a3cb 3c0b 9e79 e95a 0adb e973 c205 .H..<..y.Z...s..
0000080: 9333 82ea 1c5e 48bb e79e 2d28 4338 6dcb .3...^H...-(C8m.
0000090: 27ec ffeb 37a4 95ac b941 060c 0073 43a3 '...7....A...sC.
00000a0: 126b b54c 93df 9fbc bd5e b80e 63fd 1e02 .k.L.....^..c...
00000b0: fda1 bde1 42ed 882c 5950 212f a5e5 1a54 ....B..,YP!/...T
00000c0: 3dc4 b826 0246 75fa 36a2 ae42 0337 2cf6 =..&.Fu.6..B.7,.
00000d0: c5e8 3b30 1de7 425b 5010 7c02 623f 000b ..;0..B[P.|.b?..
00000e0: f545 238c a312 f908 85ef 0617 88ac 609c .E#...........`.
00000f0: 48c9 5c46 a4e2 501d 6b9b 05bd 8084 8519 H.\F..P.k.......
Length: 256
[ T#2 XOR onion strings and their totients in sequential order (no byte reversal) ]
0000000: 2fdd 9cf3 5fe8 1cf2 a02c 44eb 9597 581d /..._....,D...X.
0000010: c03e d992 ac6c bd88 2571 30f2 ccba 104f .>...l..%q0....O
0000020: a64b ff72 6f3c 6f46 465c 9719 0780 80db .K.ro<oFF\......
0000030: 76e3 686a cbc3 41a5 05bf 2382 376b c04a v.hj..A...#.7k.J
0000040: 946f 1046 e75d 8ea8 d68a 5903 90c1 9de5 .o.F.]....Y.....
0000050: a3db 44a5 ab88 cfd8 25d3 3be2 ecaf f781 ..D.....%.;.....
0000060: 0a36 836c 3a95 76ed 61c0 02a7 e611 063a .6.l:.v.a......:
0000070: a4a8 bbe7 5823 8a8d 9b56 347a 8d6b 5cb3 ....X#...V4z.k\.
0000080: 9f3a fe84 1a76 18e5 93c6 c344 7358 1f67 .:...v.....DsX.g
0000090: 63f0 db9f 4bf4 7d92 a175 4460 1a2b 33f3 c...K.}..uD`.+3.
00000a0: 3697 d9a0 c5cd d3bc 8d16 9438 fb13 82c4 6..........8....
00000b0: 8fd9 fdad 4abb 8c3c f586 b153 b77d 82f4 ....J..<...S.}..
00000c0: 97c6 c4a2 2c0e 0bc0 e8a9 fe44 1f55 10ca ....,......D.U..
00000d0: 5b9e d97f 4c19 a24f e6c4 d030 aea7 2095 [...L..O...0.. .
00000e0: 4733 2fa8 1ba0 5908 85ab 2e6b 74c8 342c G3/...Y....kt.4,
00000f0: 44fd 9e1a be9c e833 3fab 3533 888c d76f D......3?.53...o
Length: 256
[ T#3 XOR onion strings in sequential order (WITH all strings byte reversed) ]
0000000: 5b81 9cb1 21a2 64e6 dc6a 7085 f53b 2021 [...!.d..jp..; !
0000010: 2a46 37fe 6478 01b6 134d 10ec 2e6e 8847 *F7.dx...M...n.G
0000020: 5851 ef1e 37ea a324 ca7c e7c7 5fec dccb XQ..7..$.|.._...
0000030: 90cf 4810 bbc9 35c1 910b 57ac 0ddb d642 ..H...5...W....B
0000040: 72ab 50c4 8d33 d094 d482 a523 989d 855f r.P..3.....#..._
0000050: 05fb 6c61 b3fe 8db0 25f7 67b6 48a9 abdd ..la....%.g.H...
0000060: 985e f10c f4bd 1ee5 5994 2635 761d cc82 .^......Y.&5v...
0000070: da48 a3cb 3c0b 9e79 e95a 0adb e973 c205 .H..<..y.Z...s..
0000080: 9333 82ea 1c5e 48bb e79e 2d28 4338 6dcb .3...^H...-(C8m.
0000090: 27ec ffeb 37a4 95ac b941 060c 0073 43a3 '...7....A...sC.
00000a0: 126b b54c 93df 9fbc bd5e b80e 63fd 1e02 .k.L.....^..c...
00000b0: fda1 bde1 42ed 882c 5950 212f a5e5 1a54 ....B..,YP!/...T
00000c0: 3dc4 b826 0246 75fa 36a2 ae42 0337 2cf6 =..&.Fu.6..B.7,.
00000d0: c5e8 3b30 1de7 425b 5010 7c02 623f 000b ..;0..B[P.|.b?..
00000e0: f545 238c a312 f908 85ef 0617 88ac 609c .E#...........`.
00000f0: 48c9 5c46 a4e2 501d 6b9b 05bd 8084 8519 H.\F..P.k.......
Length: 256
[ T#4 XOR onion strings and their totients in sequential order (WITH all onion strings byte reversed but not the totients) ]
0000000: 6dd9 84c2 c34f e37f 6116 d6ca 26f0 b174 m....O..a...&..t
0000010: 7618 42e4 df12 53bb 3ec5 32bd 6ef7 ddfd v.B...S.>.2.n...
0000020: f51a 2f0e 5aaa dc32 d762 97c3 6857 b4d5 ../.Z..2.b..hW..
0000030: 1000 1779 32a4 d652 6ec1 322c 1c08 d235 ...y2..Rn.2,...5
0000040: b2de a527 454f 0e65 2e80 1162 e9e1 b947 ...'EO.e...b...G
0000050: a43e d5a7 16ce 1cd5 bcbb 83c7 e8b3 374e .>............7N
0000060: 312b 0160 c22e 29b1 94c1 80a5 7bf3 269f 1+.`..).....{.&.
0000070: b58d 206f 4c05 8a13 c944 60bd 8e9a ad25 .. oL....D`....%
0000080: 09cb 0f87 dd22 0ab7 0dc6 e550 fbc3 3a76 .....".....P..:v
0000090: c6d0 3902 4976 7c67 fd2a ff98 16a9 2ec8 ..9.Iv|g.*......
00000a0: f957 c5a4 e075 bb25 80c5 d285 f982 67c3 .W...u.%......g.
00000b0: 2dfd ddd4 2bf3 86c4 3806 a3f1 d6c8 33d2 -...+...8.....3.
00000c0: e8d4 a789 821f 75ab 1f3e 99bd 0c2a f3ac ......u..>...*..
00000d0: 55aa 0e10 9619 9cde 9277 4605 d277 71c6 U........wF..wq.
00000e0: f5fe 620a 54a2 ed13 b645 5018 0253 129a ..b.T....EP..S..
00000f0: 2d14 f9a9 9f0e d2f2 b254 92af b994 d32d -........T.....-
Length: 256
Will try to update as we get more strings/tests