[Tutor] Pack as HEX question

Tom Green xchimeras at gmail.com
Sat Oct 24 22:52:45 CEST 2009

Thanks for your reply Dave.  I am capturing the data off the network
(wireshark) and saving it in WinHex for testing.  I am actually building a
socket to decrypt the data, so prior to implementing my logic in the socket,
I figured I would write the algorithm in a quick script.  Here is what I
have so far and it works.

import struct,binascii
#packed data consists of HEX values
packed_data = binascii.unhexlify('313B372C2E2C63362E2128')
#XorKey data consists of HEX values
while data_count < len(packed_data):
    if key_pos >len(packed_XorKey)-1:

print "".join(decrypt)

This decrypts to Python rock

This logic seems to work, but I am certain there is a better way.


On Sat, Oct 24, 2009 at 4:43 PM, Dave Angel <davea at ieee.org> wrote:

> Tom Green wrote:
>> Alan,
>> Thanks for your response and hopefully I can clear things up.  I apologize
>> for not being more clear.
>> I obtain the HEX encoded data from Winhex i.e. copy Hex values.  The HEX
>> encode data is very large and I simply paste it into my Python script
>> along
>> with the XOR key.  The data is a string of bytes represented in HEX, as I
>> showed.
>> Here is the problem I ran into.
>> Take the 4 byte XOR key.  If I convert them to int with Base 16 it takes
>> the
>> 4 and converts it to 0x34 when I in turn I actually need 0x41.
>> Thanks for your feedback.
>> Mike
>> On Sat, Oct 24, 2009 at 10:24 AM, Alan Gauld <alan.gauld at btinternet.com
>> >wrote:
>> <snip>
>>>  Encrypted string in hex
>>>> "313B372C2E2C63362E2128"
>>>> Four byte key
>>>> XOR key "41424344"
>>> <snip>
>> If by Winhex, you mean the hex editor, then you're undoubtedly going about
> it the long way.  There's no need to convert the file to printable hex, you
> should be able to work on it directly.  Just open the file, read it into a
> string (in python2.x), then loop through it, one byte at a time.  Store your
> key in a binary string as well.  Now just loop through the two in pairs (use
> zip, and cycle) doing a chr of xor of ords.
> And when you respond, give us your python version, and show us the code
> you've got (almost) working.
> DaveA
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/tutor/attachments/20091024/ce5c88ad/attachment-0001.htm>

More information about the Tutor mailing list