Shikata_ga_nai is an encoding module in Metasploit that XORs the payload through multiple iterations (the number of iterations is up to you),
thereby changing the payload's signature. When the payload bypasses the security devices and the AV software, it then reverses the
XORing and the payload
is executed normally on the victim's system.
What Is XOR?
XOR stands for
eXclusive OR. In logic and in everyday language, an OR can mean that either statement is true or both are true.
So, if I say, "The sky is cloudy OR the sky is blue," it will
evaluate to true if either statement is true or if the sky is blue AND cloudy.
It is used throughout computing for
numerous purposes, including the encryption of the payload using
shikata_ga_nai, error checking, and setting parity bits on a RAID, among many other things.
Truth Table
In the case of XOR, there are only four
possible cases
Note that whenever the two inputs are the same (00, 11) they
evaluate to false.
whenever the two inputs are different
(10, 01) the XOR
evaluates to true. So, to summarize, same is 0 and different is 1
XOR Cipher
The XOR cipher is a relatively simple cipher that encrypts the input by using a key that is then
XORed against the input to create an output.
XOR in RAIDS
XOR is used in RAID levels 3–6 for creating parity information.
XOR in Error Checking
XORing is also implemented in CRC, or cyclic redundancy check, a common method in computing to detect whether any accidental errors have entered the data.
CRC is used for error checking in TCP, hard drives, cell phones, and nearly every other type of data transmission.
https://www.hackers-arise.com/basics-of-xoring
XOR Encryption is an encryption method used to encrypt data and is hard to crack by brute-force method, i.e generating random encryption keys to match with the correct one.
https://www.geeksforgeeks.org/xor-cipher/
- XOR Cipher is a cryptographic method developed with computers. Is consists in encrypting a binary message with a repeated key using a XOR multiplication
https://www.dcode.fr/xor-cipher
- In cryptography, the simple XOR cipher is a type of additive cipher an encryption algorithm that operates according to the principles
With this logic, a string of text can be encrypted by applying the bitwise XOR operator to every character using a given key. To decrypt the output, merely reapplying the XOR function with the key will remove the cipher.
For example, the string "Wiki" (01010111 01101001 01101011 01101001 in 8-bit ASCII) can be encrypted with the repeating key 11110011 as follows:
And conversely, for decryption:
https://en.wikipedia.org/wiki/XOR_cipher