def decrypt(data, length=None, print_output=True):
new_data = []
for t in data:
i = cipher_letters.index(t)
new_data.append(i)
data_list = []
while len(new_data) > 0:
t = new_data[:4]
if len(t) < 4:
t.extend([0 for i in range(4 - len(t))])
new_data = new_data[4:]
data_list.append(t)
new_data_list = []
for group in data_list:
tmp_group = ['%06d' % int(bin(t)[2:]) for t in group]
tmp_group = ''.join(tmp_group)
new_data_list.append(tmp_group)
result_bin_data = ''.join(new_data_list)
decode_str = hex(int(result_bin_data, 2))[2:].rstrip('L')
# print(decode_str)
if length is not None:
# print(len(decode_str))
decode_str = decode_str[:length * 2]
decode_str = force_bytes(hex2str(force_bytes(decode_str)))
if print_output:
print(decode_str)
return decode_str
def decode(data, verbose=False):
if len(data) % 4 != 0:
data = data + '=' * (4 - len(data) % 4)
p = PrintCollector()
p.print('base64:')
r = b64decode(force_bytes(data))
p.print(smart_text(r))
p.print('\nrot13->base64:')
r = b64decode(force_bytes(decode_rot13(data)))
p.print(smart_text(r))
new_data = []
for t in data:
if t in string.ascii_lowercase:
t = t.upper()
elif t in string.ascii_uppercase:
t = t.lower()
new_data.append(t)
r = ''.join(new_data)
p.print('\nswap_case->base64:')
r = b64decode(force_bytes(r))
p.print(smart_text(r))
new_data = data[::-1]
new_data = new_data.lstrip('=')
if len(new_data) % 4 != 0:
new_data = new_data + '=' * (4 - len(new_data) % 4)
r = b64decode(force_bytes(new_data))
p.print('\nreverse->base64:')
p.print(smart_text(r))
return p.smart_output(verbose=verbose)
def decrypt(data, length=None, print_output=True):
new_data = []
for t in data:
i = cipher_letters.index(t)
new_data.append(i)
data_list = []
while len(new_data) > 0:
t = new_data[:4]
if len(t) < 4:
t.extend([0 for i in range(4 - len(t))])
new_data = new_data[4:]
data_list.append(t)
new_data_list = []
for group in data_list:
tmp_group = ['%06d' % int(bin(t)[2:]) for t in group]
tmp_group = ''.join(tmp_group)
new_data_list.append(tmp_group)
result_bin_data = ''.join(new_data_list)
decode_str = hex(int(result_bin_data, 2))[2:].rstrip('L')
# print(decode_str)
if length is not None:
# print(len(decode_str))
decode_str = decode_str[:length * 2]
decode_str = force_bytes(hex2str(force_bytes(decode_str)))
if print_output:
print(decode_str)
return decode_str
def encoding_2_bytes(self, data, encoding):
if encoding == 'Hex':
if data[:2].lower() == '0x':
data = data[2:]
data = binascii.a2b_hex(data)
elif encoding == 'Base64':
data = b64decode(data)
elif encoding == 'UTF8':
data = force_bytes(data)
else:
data = force_bytes(data)
return data
def post(self):
file_content = self.request.files.get('file')[0].body
encoding = text_type(self.get_body_argument('encoding', 'Hex'))
if encoding == 'Hex':
content = force_bytes(file_content).hex()
elif encoding == 'Base64':
content = b64encode(force_bytes(file_content))
elif encoding == 'Decimal':
content = force_bytes(file_content).hex()
content = text_type(int(content, 16))
else:
content = file_content
data = {'content': content}
return self.success(data)
def caidao_decode(data, *args, **kwargs):
p = PrintCollector()
data_dict = query_str_2_dict(data.strip())
d = {}
for k, v in data_dict.items():
v = unquote(v)
try:
x = force_bytes(v)
missing_padding = len(v) % 4
if missing_padding != 0:
x += b'=' * (4 - missing_padding)
d[k] = force_text(base64.decodebytes(x))
except Exception as e:
print(e)
d[k] = v
z0_raw = ''
if 'z0' in d:
z0_raw = d['z0']
d['z0'] = ';\n'.join(d['z0'].split(';'))
for k, v in d.items():
value = '{}:\n{}\n'.format(k, v)
p.print(value)
if k == 'z0':
if value != 'z0:\n{}\n'.format(z0_raw):
p.print('z0_raw:\n{}\n'.format(z0_raw))
return p.smart_output()
def encoding_2_long(cls, data, encoding):
if encoding == 'Hex':
if data[:2].lower() == '0x':
data = data[2:]
data = binascii.a2b_hex(data)
elif encoding == 'Base64':
data = b64decode(data)
elif encoding == 'UTF8':
data = force_bytes(data)
elif encoding == 'Decimal':
logger.info(data)
return int(data)
else:
data = force_bytes(data)
data = bytes_to_long(data)
return data
def zsteg(self):
"""
检测 png 和 bmp 的隐写
:return:
"""
if self.file_type not in ['bmp', 'png']:
return
logger.info('\n--------------------')
logger.info('run zsteg')
out_file = os.path.join(self.output_path, 'zsteg.txt')
cmd = 'zsteg -a -v %s > %s' % (self.file_path, out_file)
self.run_shell_cmd(cmd)
file_list = [
['PC bitmap, Windows', 'bmp'],
['PNG image data', 'png'],
['JPEG image data', 'jpg'],
['GIF image data', 'gif'],
['Zip archive data', 'zip'],
['RAR archive data', 'rar'],
['gzip compressed data', 'gz'],
['7-zip archive data', '7z'],
['PDF document', 'pdf'],
['Python script', 'py'],
['python ', 'pyc'],
['tcpdump capture file', 'pcap'],
['pcap-ng capture file', 'pcapng'],
['PE32 executable ', 'exe'],
['PE64 executable ', 'exe'],
['ELF ', 'elf'],
]
file_list = [[' file: %s' % t[0], t[1]] for t in file_list]
# 自动检测 zsteg 隐写是否有检测到隐藏文件
line_count = 0
out_path = os.path.join(self.output_path, 'zsteg')
if not os.path.exists(out_path):
os.makedirs(out_path)
zsteg_text_dict = {}
with open(out_file, 'r') as f:
for line in f:
line = line.strip()
line_count += 1
for i, t in enumerate(file_list):
# 记录所有的 text 数据
if '.. text: "' in line and line.endswith('"'):
md5 = hashlib.md5(force_bytes(line)).hexdigest()
if md5 not in zsteg_text_dict:
zsteg_text_dict[md5] = line
# 凭经验设置的一个大概的值,zsteg 日志没有将所有的文本输出
# 如果输出的内容比较长的情况下,就要考虑将文本文件提取出来
if len(line) <= 120:
break
else:
index = line.find('.. text: "')
zsteg_payload = line[:index].rstrip(' .').strip()
extract_file_ext = 'txt'
extract_file_type = 'txt'
else:
if t[0] not in line:
continue
else:
index = line.find(t[0])
zsteg_payload = line[:index].rstrip(' .').strip()
extract_file_ext = t[1]
extract_file_type = t[0][len(' file: '):]
# 检测到文件后,自动导出文件
if len(zsteg_payload.split(',')) > 0:
f_name = '%s_%s.%s' % (line_count, i, extract_file_ext)
out_file_path = os.path.join(out_path, f_name)
cmd = "zsteg %s -E '%s' > %s" % (
self.file_path, zsteg_payload, out_file_path)
logger.warning('[*] zsteg 检测到文件 %s' % line.strip())
self.run_shell_cmd(cmd)
msg = '[*] zsteg日志第%d行检测到文件%s' % (
line_count, extract_file_type)
self.result_list.append(msg)
break
text_out_file = os.path.join(self.output_path, 'zsteg_text.txt')
with open(text_out_file, 'w') as f:
for line in zsteg_text_dict.values():
f.write(line)
f.write('\n')
# 自动解码 base64 文本
text = line[line.index('.. text: "') + len('.. text: "'):-1]
b64rex = re.compile('^[A-Za-z0-9+/=]{4,}$')
if b64rex.match(text):
text = file_strings.bytes_2_printable_strings(partial_base64_decode(text))
if len(text) > 5:
f.write('[base64_decode]: {}\n'.format(text))
def pad(self, s):
return s + (self.bs - len(s) % self.bs) * force_bytes(chr(self.bs - len(s) % self.bs))
