All forms of content modification for the purpose of hiding intent
Encoding is an easy way to hide readable strings from basic tools like GNU strings

Formed by shifting the letters of alphabet fixed numbers of characters to the left or right to encode

_{caesar cipher by shifting alphabet 3 letters to the right to encode}

Modifies each byte of plaintext by performing a logical XOR operation with a static byte value
Identifying XOR Loop: looks for a small loop that contains the XOR function (where it is xor-ing a register and a constant or a register with another register)
Single-byte XOR's Weakness: if there are many null bytes then key will be easy to figure out since XOR-ing nulls with the key reveals the key.
Solutions To Single-Byte XOR Encoding's Weakness:
- Null-preserving single-byte XOR encoding: if plaintext is NULL or key itself, then it will not be encoded via XOR
- Generates the keystream used to XOR the data using a pseudorandom number generator

ROL, ROR: instructions rotate the bits within a byte right or left
Multibyte: XOR key is multibyte
Chained or Loopback: use content itself as part of the key
- the original key is applied at one side of the plaintext and the encoded output character is used as the key for the next character

Encodes binary data into character set of 64 ASCII characters
Most common character set is MIME’s Base64, whose table consists of A-Z, a-z, and 0-9 for the first 62 values and + / for the last 2 values
Base64 operates every 3 bytes (24 bits). For every 6 bits, it indexes the table with 64 characters. The encoded value is the character that is indexed with the 6 bits
One padding character may be presented at the end of the encoded string (typically =) since Base64 operates every 3 bytes
Easy to develop a custom substitution cipher using Base64 since the only item that needs to be changed is the indexing string table of 64 characters

_{base64 conversion}

Provide feedback

Saved searches