Is your feature request related to a problem? Please describe.
At the moment we have the xor modifier, which can interact with the wide modifier in a way where the xor modifier is applied last. There isn't currently a method to define a string where the wide modifier is applied first, and then the xor modifier is applied.
Describe the solution you'd like
There should be a xorwide modifier which performs the xor operation and then the wide operation so that you can have a rule like this:
Is your feature request related to a problem? Please describe. At the moment we have the
xor
modifier, which can interact with thewide
modifier in a way where thexor
modifier is applied last. There isn't currently a method to define a string where thewide
modifier is applied first, and then thexor
modifier is applied.Describe the solution you'd like There should be a
xorwide
modifier which performs the xor operation and then the wide operation so that you can have a rule like this:Which matches a file with contents:
{00 6c 00 70 00 70 00 74 00}
-> (http xor'ed with 0x04)Describe alternatives you've considered I could write a rule with 255 strings instead.
Additional context N/A