Stealth Edition - Bypass AV/EDR with 5 Configurable Encryption Algorithms
XORPHER is a cutting-edge XOR encryption tool designed specifically for penetration testers, red teamers, and security researchers. It implements advanced obfuscation techniques to evade Antivirus (AV) and Endpoint Detection & Response (EDR) solutions by making static analysis and signature detection significantly more difficult.
Unlike traditional XOR tools, XORPHER offers 5 distinct encryption algorithms, configurable key lengths, garbage byte insertion, and custom parameter configuration to ensure your payloads and strings remain undetected.
| Feature | Description |
|---|---|
| π 5 Encryption Algorithms | Simple, Rotating, Polymorphic, Custom, and Legacy modes |
| π Configurable Key Lengths | Choose from 1-64 bytes to match your decryption code |
| π‘οΈ Evasion Levels | None, Low, Medium, High, Extreme (0-80% garbage bytes) |
| β Auto-Verification | Automatically decrypts to confirm integrity |
| π Multiple Output Formats | String literals, byte arrays, structs, Python |
| π₯οΈ Full Terminal Output | Complete results displayed immediately |
| πΎ File Output | Automatically saves results with timestamps |
| π¨ Cyberpunk UI | Beautiful colored terminal interface |
| Algorithm | Description | Best For |
|---|---|---|
| Simple | Single static XOR key | Basic obfuscation |
| Rotating | Key repeats every N bytes | General purpose |
| Polymorphic | Hash-based dynamic keys | Maximum stealth |
| Custom | Fully configurable parameters | Advanced users |
| Legacy | 3-key with rolling modifier | Older droppers |
| Key Length | Use Case |
|---|---|
| Auto | Key length = data length (maximum entropy) |
| 1 byte | Simple XOR, legacy compatibility |
| 3 bytes | Common in older malware/droppers |
| 4-8 bytes | Good balance of security & size |
| 16-32 bytes | Maximum security |
| Custom | Specify any length 1-64 bytes |
The Custom mode lets you configure:
- Key length (1-64 bytes)
- Rolling modifier with adjustable multiplier and shift
- Position XOR (include i in calculation)
- Key rotation or combined key mode
Perfect for compatibility with existing droppers:
- 3-key system (k1, k2, k3)
- Rolling modifier:
r = ((i * 19) ^ (i >> 3) ^ (size - i)) & 0xFF - Final XOR:
data[i] ^ (k1^k2^k3) ^ r ^ i
| Level | Garbage Ratio | Best For |
|---|---|---|
| None | 0% | Testing, small payloads |
| Low | 20% | Basic evasion |
| Medium | 40% | General purpose (recommended) |
| High | 60% | Aggressive evasion |
| Extreme | 80% | Maximum stealth |
After every encryption, XORPHER automatically:
- Decrypts the data to verify integrity
- Shows the original string
- Confirms the encryption works before saving
XORPHER generates ready-to-use code in multiple formats:
C/C++ String Literal:
unsigned char encrypted[] = "\x4a\x6f\x68\x6e";
unsigned char key[] = {0x3f, 0x1a, 0x7c};C/C++ Byte Array:
unsigned char encrypted[] = {0x4a, 0x6f, 0x68, 0x6e};
unsigned char key[] = {0x3f, 0x1a, 0x7c};Legacy Dropper Format:
{(BYTE*)"\x4a\x6f\x68\x6e", 4, {0x3f, 0x1a, 0x7c}}Python Implementation:
encrypted = [0x4a, 0x6f, 0x68, 0x6e]
key = [0x3f, 0x1a, 0x7c]
decrypted = bytes([b ^ key[i % len(key)] for i, b in enumerate(encrypted)])- Python 3.6 or higher
- pip (Python package installer)
# Clone the repository
git clone https://github.com/Excalibra/xorpher.git
cd xorpher
# Install dependencies
pip install -r requirements.txt
# Run XORPHER
python xorpher.py# requirements.txt
colorama>=0.4.6 # Colored terminal output
pyperclip>=1.8.2 # Clipboard functionalitySimply run XORPHER without arguments to enter interactive mode:
python xorpher.pyYou'll be greeted with a cyberpunk-themed interactive menu:
βββ βββ βββββββ βββββββ βββββββ βββ ββββββββββββββββββ
ββββββββββββββββββββββββββββββββββββ βββββββββββββββββββ
ββββββ βββ βββββββββββββββββββββββββββββββββ ββββββββ
ββββββ βββ ββββββββββββββββββ ββββββββββββββ ββββββββ
ββββ βββββββββββββββ ββββββ βββ ββββββββββββββ βββ
βββ βββ βββββββ βββ ββββββ βββ ββββββββββββββ βββ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββ
βββββββββββββββββββββββββββββββββββββββββββββββββββββ
ALGORITHMS: β’ Simple β’ Rotating β’ Polymorphic β’ Custom β’ Legacy
KEY LENGTHS: β’ 1-64 bytes β’ Auto β’ Custom configurations
β‘ GITHUB: https://github.com/Excalibra
β‘ AUTHOR: Excalibra | VERSION: 2.5.0
β‘ "MULTI-ALGORITHM XOR ENCRYPTION TOOL"
01011000 01001111 01010010 01010000 01001000 01000101 01010010
MAIN MENU
1. π Encrypt a string
2. π Encryption guide
3. βΉοΈ About
4. πͺ Exit
β‘ Select option (1-4):
When encrypting, you can choose from 5 algorithms:
π SELECT ALGORITHM
1. simple - Single key XOR
2. rotating - Key repeats every N bytes
3. poly - Polymorphic (hash-based)
4. custom - Configure your own parameters
5. legacy - 3-key with rolling modifier
Choice (1-5) [default: 2]:
The legacy mode implements the exact algorithm found in many older droppers:
π LEGACY CONFIGURATION
This algorithm uses 3 keys with a rolling modifier
Formula: out[i] = in[i] ^ (k1^k2^k3) ^ r ^ i
where r = ((i * 19) ^ (i >> 3) ^ (size - i)) & 0xFF
1. Generate random 3-byte keys
2. Use custom keys
Choice (1-2) [default: 1]:
The custom mode lets you fine-tune every aspect of the encryption:
π§ CUSTOM CONFIGURATION
Key options:
1. Single key
2. Multiple keys (rotating)
3. 3-key legacy style
Rolling modifier:
1. No rolling (standard XOR)
2. Simple rolling (position only)
3. Legacy rolling (with multiplier and shift)
All results are displayed directly in the terminal:
π LEGACY ENCRYPTION RESULTS
ββββββββββββββββββββββββββββββββββββββββββββββββββ
SUMMARY
Original: api.example.com
Algorithm: Legacy (3-key with rolling modifier)
Keys: k1=0xc1, k2=0xac, k3=0xf5
Combined: 0x98
Size: 18 bytes
OUTPUT FORMAT
Copy this line:
{(BYTE*)"\xe9\xff\xc2\x83\xba\xa1\x89\x61\x71\x5d\x57\x25\x13\x07\xb7\xe7\xca\xae", 18, {0xc1, 0xac, 0xf5}}
VERIFICATION
β Verified: 'api.example.com'
π Full details saved to: xorpher_output/
Press Enter to return to main menu...
# Encrypt a single string
python xorpher.py -s "api.example.com"
# Specify algorithm, key length, and evasion level
python xorpher.py -s "192.168.1.1" --algorithm poly --key-length 8 --evasion extreme
# Encrypt from file
python xorpher.py -f payload.txt
# Batch mode (no prompts)
python xorpher.py -f strings.txt --batch --no-save| Argument | Description | Default |
|---|---|---|
-s, --string |
String to encrypt | None |
-f, --file |
File to encrypt | None |
-a, --algorithm |
Algorithm: simple, rotating, poly, custom, legacy | rotating |
-k, --key-length |
Key length in bytes (1-64, or 'auto') | 3 |
-e, --evasion |
Level: none, low, medium, high, extreme | none |
--batch |
Batch mode (no prompts) | False |
--no-save |
Don't save to file | False |
--no-copy |
Don't copy to clipboard | False |
python xorpher.py -s "api.example.com" --algorithm legacyOutput:
{(BYTE*)"\xe9\xff\xc2\x83\xba\xa1\x89\x61\x71\x5d\x57\x25\x13\x07\xb7\xe7\xca\xae", 18, {0xc1, 0xac, 0xf5}}
python xorpher.py -s "192.168.1.100" --algorithm customThen configure:
- Key type: Multiple keys (rotating)
- Number of keys: 4
- Rolling: Legacy rolling with multiplier 19, shift 3
python xorpher.py -s "secret_payload" --algorithm poly --key-length 32 --evasion extremeCreate strings.txt:
api.example.com
192.168.1.1
C:\Windows\System32\cmd.exe
secret_payload
Run:
python xorpher.py -f strings.txt --batch --algorithm rotating --key-length 8Choose the right algorithm for your specific use case:
- Simple: Basic evasion
- Rotating: Good balance
- Polymorphic: Maximum stealth
- Custom: Tailored to your needs
- Legacy: Compatible with existing code
From 1 to 64 bytes - match your decryption code exactly.
Random bytes interleaved with real data to break signatures:
Real data: [H][e][l][l][o]
With garbage: [H][@][e][$][l][%][l][^][o][&] (40% garbage)
Add position-dependent transformations:
r = ((i * M) ^ (i >> S) ^ (size - i)) & 0xFF
data[i] ^= r
Automatically avoids common malware keys: 0x00, 0x55, 0xAA, 0xFF, 0x33, 0x66
xorpher_output/
βββ xorpher_api.example.com_20240115_103045.txt
βββ xorpher_192.168.1.1_20240115_103156.txt
βββ xorpher_secret_payload_20240115_103307.txt
βββ ...
Each output file contains:
- Original string and metadata
- Encryption algorithm and parameters
- Complete key data
- Base64 encoded data
- Multiple C array formats
- Python implementation
- Verification results
#include <stdio.h>
#include <string.h>
// Generated by XORPHER Legacy Mode
{(BYTE*)"\xe9\xff\xc2\x83\xba\xa1\x89\x61\x71\x5d\x57\x25\x13\x07\xb7\xe7\xca\xae", 18, {0xc1, 0xac, 0xf5}}
void decrypt_str(unsigned char* data, int size, unsigned char k1, unsigned char k2, unsigned char k3) {
unsigned char combined = k1 ^ k2 ^ k3;
for(int i = 0; i < size; i++) {
unsigned char r = ((i * 19) ^ (i >> 3) ^ (size - i)) & 0xFF;
data[i] ^= combined ^ r ^ (i & 0xFF);
}
}
int main() {
unsigned char encrypted[] = "\xe9\xff\xc2\x83\xba\xa1\x89\x61\x71\x5d\x57\x25\x13\x07\xb7\xe7\xca\xae";
decrypt_str(encrypted, 18, 0xc1, 0xac, 0xf5);
printf("Decrypted: %s\n", encrypted); // Prints: api.example.com
return 0;
}# Generated by XORPHER Custom Mode
encrypted = [233, 255, 194, 131, 186, 161, 137, 97, 113, 93, 87, 37, 19, 7, 183, 231, 202, 174]
keys = [193, 172, 245]
def legacy_decrypt(data, k1, k2, k3):
decrypted = bytearray()
combined = k1 ^ k2 ^ k3
size = len(data)
for i in range(size):
r = ((i * 19) ^ (i >> 3) ^ (size - i)) & 0xFF
decrypted_byte = data[i] ^ combined ^ r ^ (i & 0xFF)
decrypted.append(decrypted_byte)
return bytes(decrypted)
result = legacy_decrypt(encrypted, keys[0], keys[1], keys[2])
print(result.decode('utf-8')) # Prints: api.example.comThis tool is intended for educational purposes and authorized security testing only.
- π« DO NOT use against systems you don't own or have explicit permission to test
- π« DO NOT use for illegal purposes
- β DO use for learning about evasion techniques
- β DO use for improving your own security tools
The author (Excalibra) and contributors are not responsible for any misuse or damage caused by this tool. By using this software, you agree to take full responsibility for your actions.
- Basic XOR encryption
- Rotating key implementation
- Garbage byte insertion
- Polymorphic encryption
- Auto-verification
- Configurable key lengths
- Full terminal output
- Custom algorithm mode (v2.5)
- Legacy dropper compatibility (v2.5)
- GUI interface
- AES-256 support
- Custom garbage byte patterns
- Integration with popular C2 frameworks
Contributions are welcome! Please feel free to submit a Pull Request.
- Fork the repository
- Create your feature branch (
git checkout -b feature/AmazingFeature) - Commit your changes (
git commit -m 'Add some AmazingFeature') - Push to the branch (
git push origin feature/AmazingFeature) - Open a Pull Request
git clone https://github.com/Excalibra/xorpher.git
cd xorpher
pip install -r requirements-dev.txt # Includes testing toolsThis project is licensed under the MIT License - see the LICENSE file for details.
MIT License
Copyright (c) 2024 Excalibra
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files...
- GitHub: https://github.com/Excalibra
- Repository: https://github.com/Excalibra/XORPHER
- Issues: https://github.com/Excalibra/xorpher/issues
- Discussions: https://github.com/Excalibra/xorpher/discussions
Built with β€οΈ by Excalibra | Stealth Edition v2.5
β Star us on GitHub β it motivates us a lot!
```
β Star us on GitHub β it motivates us a lot!
- Version bump to v2.5 throughout
- Added 5 Algorithms section highlighting Simple, Rotating, Polymorphic, Custom, and Legacy
- Updated the banner in the usage section to match the actual output
- Added Legacy Mode documentation with the exact formula
- Added Custom Mode documentation with configurable parameters
- Updated examples to show legacy and custom modes
- Added legacy C integration example with the decrypt_str function
- Updated roadmap to mark v2.5 features as completed
- Added custom and legacy to command line arguments
- Updated all version references from 2.1 to 2.5
- Add option to encrypt from a file for shellcodes