BackOrifice-Cracker

A script for decoding the XOR-based communication channel of Back Orifice 2000. It demonstrates a Know-Plainext Attack against its simple XOR encoding scheme.

The script was developed during my reverse engineering analysis of Back Orifice 2000. If you are interested in the full analysis, please click here.

Disclaimer

This script is for educational and research purposes only. The analysis and script were developed in an isolated lab environment. Do not use this tool against systems without proper authorization.

Principle

Property of XOR:

$$\begin{align*} A \oplus B = C \implies A \oplus C = B \end{align*}$$ Proof: $$\begin{align*} \because A \oplus B = C \implies A'B + AB' = C \end{align*}$$ $$\begin{align*} \therefore A \oplus C &= A \oplus (A'B + AB') \\ &= A'(A'B + AB') + A(A'B + AB')' \\ &= A'B + A((A + B')(A' + B)) \\ &= A'B + A(AB + A'B') \\ &= A'B + AB \\ &= B(A' + A) \\ &= B \end{align*}$$

Demonstration

$ python3 bo_cracker.py