#Please review my code for a xor encryptor/decryptor

#include <stdio.h>
#include <string.h>
#include <stdlib.h>

void str_to_hex(char text[]) {
    char hex_text[2*strlen(text)+1];
    
    for (int i=0, j=0; i < strlen(text); i++, j+=2) {
        sprintf(hex_text+j, "%02X", text[i]);
    }
    hex_text[strlen(hex_text)] = '\0';
    
    strcpy(text, hex_text);
    
}

void hex_to_str(char hex_text[]) {
    
    char text[strlen(hex_text)/2+1];
    
    int j=0;
    for (int i=0; i < strlen(hex_text); i+=2) {
        char hex_chars[3];
        hex_chars[0] = hex_text[i];
        hex_chars[1] = hex_text[i+1];
        hex_chars[2] = '\0';
        
        int decimal_value;
        sscanf(hex_chars, "%x", &decimal_value);
        text[j++] = (char) decimal_value; 
    }
    text[j] = '\0';
    strcpy(hex_text, text);
}

void xor_encryptor(char text[], char key[]) {
    
    char encrypted_text[strlen(text)];
    char encrypted_hex_text[strlen(text)*2+1];
    
    for (int i=0, j=0; i < strlen(text); i++, j+=2) {
        encrypted_text[i] = text[i] ^ key[i % strlen(key)];
        sprintf(encrypted_hex_text+j, "%02X", encrypted_text[i]);
    }
    
    encrypted_hex_text[strlen(text) * 2 - 1] = '\0';
    
    strcpy(text, encrypted_hex_text);
}

void xor_decryptor(char text[], char key[]) {
    int non_hex_str_len = strlen(text)/2;
    char decrypted_text[non_hex_str_len+1];
    hex_to_str(text);
    for (int i=0; i < non_hex_str_len; i++) {
        decrypted_text[i] = text[i] ^ key[i % strlen(key)];
    }
    strcpy(text, decrypted_text);
}

int main() {
    
    
    char data[] = "Hello World";
    xor_encryptor(data, "lol");
    printf("%s\n", data);
    xor_decryptor(data, "lol");
    printf("%s", data);
    
    return 0;
}

I am very bad at coding and C.ik this code is bad, I just wonna bring it to working. Encryptor is working fine ig.the decryptor is not printing the exact text.Suppose I encrypt Hello World with the encryptor function and dcrypt it, it prints Hel-\\ ⌠√. I tried alot before coming here

why are you saving to a string the hexadecimal values of the individual characters and viceversa? you don't need any of that, indexing a string gets you a character which is just an integer you can xor with

char text[] = "foo";
char key[] = "bar";
char enc = text[0] ^ key[0]; // ascii value of 'f' xor'd with the ascii value of 'b'

oh ok will try try this. thanks

sorry I was late in my response

np

hey

@dire nest

#include <stdio.h>
#include <string.h>

void xor_encrypt(char str[], char key[]) {
    for (int i=0; i < strlen(str); i++) {
        str[i] = str[i] ^ key[i % strlen(key)];
    }
    printf("%d", str);
}


int main() {
    
    xor_encrypt("Hello World", "lol");
    return 0;
}

does the encrypted string contains non printable characters?

my motto of hexing it before was to convert it to printable characters.. This code does not prints anything, so ig the encrypted string consists of non-printable characters

Correct

But also %d is the wrong format for a string

You can printf %02hhx str[i]

That should print the 2 hex digits for each 8 bit character in str

If you put it inside the for loop

@lunar orchid The compiler will probably optimize it but all the strlen() calls would be better replaced with a variable

    char encrypted_text[strlen(text)];
    char encrypted_hex_text[strlen(text)*2+1];
```these are VLAs, which should be avoided

encrypted_hex_text[strlen(text) * 2 - 1] = '\0'; this sets a null terminator at the wrong place

encrypted_text isn't needed, you're just strcpy'ing it back over text anyway

from a cryptography standpoint, be aware that xor with a key shorter than the message size is very insecure

same with decrypted_text

overall, great start but there's a lot of small things that would make your code much cleaner

@quick fiber and @mellow pendant I will contemplate on your points and will try to make it again. and I didn't even knew that the xor keys can be greater than the message length

key longer than message length is ok

but message length longer than the key such that you reuse the key for later parts of the message, i.e. what's happening with i % strlen(key), is a big issue

(that being said I recognize this is a learning project not a practical utility so that's more of a theoretical concern and just something good to be aware of :P)

Yes. If you have a message that is n×(length of key), then you can do a fancy analysis. You essentially make a matrix of n rows and (length of key) columns. Then the rows will all be strongly correlated and with some extra analysis, you can recover the key and decrypt the message

Especially if you can simply guess at the first few characters of the message. In WW2, uboat transmissions always started with a standard opening and then the weather forecast of that day. This was easy to guess.

Even modern encryption like AES has a limit to how much it can safely encrypt per amount of key bits. This is usually mitigated by making new keys from the provided key (derived keys so called) and then iterating through those

yeah it is a learning project. Infact I just wanted to see the virustotal analysis of an msfvenom shellcode loaded with a simple virtualalloc C loader but it is encrypted with xor. I could have chose very high level langs like python to do so.. But I really want to get better at low level and C stuff. If I will be able to complete this thing, I will compare the loader exes which contain the raw shellcodes, vs the exes with xorred shellcodes. I don't think so there will be much difference as AV devs are definately 10000000 * smarter than me.. But still I wanted to do this out of curosity

wow I had no idea about that we can even break xor encryption

Interesting. I really need to learn about cryptography and stuff. I was even amazed when I knew that we could use the xor bitwise operator for encrypting stuff, before that I didn't even knew even 1 practical usage of xor operator

I can recommend this one: https://www.cryptopals.com/

Thanks a lot sir

it's a lot of work, but getting dirty with the work will make you learn the most

yeah

I can see this is hard. but its interesting. I hope the interest exceeds the difficulty

https://cryptohack.org/

thanks!

one last question, should I use C to solve these challenges or I can use python and suff

I recommend C, in C it's always clear what is a byte, how to do binary operators, what is formatting as a string etc

in python these things are a bit fuzzier and that, for me, leads to confusion. But that's just me, I find python a highly confusing and conceiling language