def decrypt(data, length=None, print_output=True): new_data = [] for t in data: i = cipher_letters.index(t) new_data.append(i) data_list = [] while len(new_data) > 0: t = new_data[:4] if len(t) < 4: t.extend([0 for i in range(4 - len(t))]) new_data = new_data[4:] data_list.append(t) new_data_list = [] for group in data_list: tmp_group = ['%06d' % int(bin(t)[2:]) for t in group] tmp_group = ''.join(tmp_group) new_data_list.append(tmp_group) result_bin_data = ''.join(new_data_list) decode_str = hex(int(result_bin_data, 2))[2:].rstrip('L') # print(decode_str) if length is not None: # print(len(decode_str)) decode_str = decode_str[:length * 2] decode_str = force_bytes(hex2str(force_bytes(decode_str))) if print_output: print(decode_str) return decode_str
def decode(data, verbose=False): if len(data) % 4 != 0: data = data + '=' * (4 - len(data) % 4) p = PrintCollector() p.print('base64:') r = b64decode(force_bytes(data)) p.print(smart_text(r)) p.print('\nrot13->base64:') r = b64decode(force_bytes(decode_rot13(data))) p.print(smart_text(r)) new_data = [] for t in data: if t in string.ascii_lowercase: t = t.upper() elif t in string.ascii_uppercase: t = t.lower() new_data.append(t) r = ''.join(new_data) p.print('\nswap_case->base64:') r = b64decode(force_bytes(r)) p.print(smart_text(r)) new_data = data[::-1] new_data = new_data.lstrip('=') if len(new_data) % 4 != 0: new_data = new_data + '=' * (4 - len(new_data) % 4) r = b64decode(force_bytes(new_data)) p.print('\nreverse->base64:') p.print(smart_text(r)) return p.smart_output(verbose=verbose)
def decrypt(data, length=None, print_output=True): new_data = [] for t in data: i = cipher_letters.index(t) new_data.append(i) data_list = [] while len(new_data) > 0: t = new_data[:4] if len(t) < 4: t.extend([0 for i in range(4 - len(t))]) new_data = new_data[4:] data_list.append(t) new_data_list = [] for group in data_list: tmp_group = ['%06d' % int(bin(t)[2:]) for t in group] tmp_group = ''.join(tmp_group) new_data_list.append(tmp_group) result_bin_data = ''.join(new_data_list) decode_str = hex(int(result_bin_data, 2))[2:].rstrip('L') # print(decode_str) if length is not None: # print(len(decode_str)) decode_str = decode_str[:length * 2] decode_str = force_bytes(hex2str(force_bytes(decode_str))) if print_output: print(decode_str) return decode_str
def encoding_2_bytes(self, data, encoding): if encoding == 'Hex': if data[:2].lower() == '0x': data = data[2:] data = binascii.a2b_hex(data) elif encoding == 'Base64': data = b64decode(data) elif encoding == 'UTF8': data = force_bytes(data) else: data = force_bytes(data) return data
def post(self): file_content = self.request.files.get('file')[0].body encoding = text_type(self.get_body_argument('encoding', 'Hex')) if encoding == 'Hex': content = force_bytes(file_content).hex() elif encoding == 'Base64': content = b64encode(force_bytes(file_content)) elif encoding == 'Decimal': content = force_bytes(file_content).hex() content = text_type(int(content, 16)) else: content = file_content data = {'content': content} return self.success(data)
def caidao_decode(data, *args, **kwargs): p = PrintCollector() data_dict = query_str_2_dict(data.strip()) d = {} for k, v in data_dict.items(): v = unquote(v) try: x = force_bytes(v) missing_padding = len(v) % 4 if missing_padding != 0: x += b'=' * (4 - missing_padding) d[k] = force_text(base64.decodebytes(x)) except Exception as e: print(e) d[k] = v z0_raw = '' if 'z0' in d: z0_raw = d['z0'] d['z0'] = ';\n'.join(d['z0'].split(';')) for k, v in d.items(): value = '{}:\n{}\n'.format(k, v) p.print(value) if k == 'z0': if value != 'z0:\n{}\n'.format(z0_raw): p.print('z0_raw:\n{}\n'.format(z0_raw)) return p.smart_output()
def encoding_2_long(cls, data, encoding): if encoding == 'Hex': if data[:2].lower() == '0x': data = data[2:] data = binascii.a2b_hex(data) elif encoding == 'Base64': data = b64decode(data) elif encoding == 'UTF8': data = force_bytes(data) elif encoding == 'Decimal': logger.info(data) return int(data) else: data = force_bytes(data) data = bytes_to_long(data) return data
def zsteg(self): """ 检测 png 和 bmp 的隐写 :return: """ if self.file_type not in ['bmp', 'png']: return logger.info('\n--------------------') logger.info('run zsteg') out_file = os.path.join(self.output_path, 'zsteg.txt') cmd = 'zsteg -a -v %s > %s' % (self.file_path, out_file) self.run_shell_cmd(cmd) file_list = [ ['PC bitmap, Windows', 'bmp'], ['PNG image data', 'png'], ['JPEG image data', 'jpg'], ['GIF image data', 'gif'], ['Zip archive data', 'zip'], ['RAR archive data', 'rar'], ['gzip compressed data', 'gz'], ['7-zip archive data', '7z'], ['PDF document', 'pdf'], ['Python script', 'py'], ['python ', 'pyc'], ['tcpdump capture file', 'pcap'], ['pcap-ng capture file', 'pcapng'], ['PE32 executable ', 'exe'], ['PE64 executable ', 'exe'], ['ELF ', 'elf'], ] file_list = [[' file: %s' % t[0], t[1]] for t in file_list] # 自动检测 zsteg 隐写是否有检测到隐藏文件 line_count = 0 out_path = os.path.join(self.output_path, 'zsteg') if not os.path.exists(out_path): os.makedirs(out_path) zsteg_text_dict = {} with open(out_file, 'r') as f: for line in f: line = line.strip() line_count += 1 for i, t in enumerate(file_list): # 记录所有的 text 数据 if '.. text: "' in line and line.endswith('"'): md5 = hashlib.md5(force_bytes(line)).hexdigest() if md5 not in zsteg_text_dict: zsteg_text_dict[md5] = line # 凭经验设置的一个大概的值,zsteg 日志没有将所有的文本输出 # 如果输出的内容比较长的情况下,就要考虑将文本文件提取出来 if len(line) <= 120: break else: index = line.find('.. text: "') zsteg_payload = line[:index].rstrip(' .').strip() extract_file_ext = 'txt' extract_file_type = 'txt' else: if t[0] not in line: continue else: index = line.find(t[0]) zsteg_payload = line[:index].rstrip(' .').strip() extract_file_ext = t[1] extract_file_type = t[0][len(' file: '):] # 检测到文件后,自动导出文件 if len(zsteg_payload.split(',')) > 0: f_name = '%s_%s.%s' % (line_count, i, extract_file_ext) out_file_path = os.path.join(out_path, f_name) cmd = "zsteg %s -E '%s' > %s" % ( self.file_path, zsteg_payload, out_file_path) logger.warning('[*] zsteg 检测到文件 %s' % line.strip()) self.run_shell_cmd(cmd) msg = '[*] zsteg日志第%d行检测到文件%s' % ( line_count, extract_file_type) self.result_list.append(msg) break text_out_file = os.path.join(self.output_path, 'zsteg_text.txt') with open(text_out_file, 'w') as f: for line in zsteg_text_dict.values(): f.write(line) f.write('\n') # 自动解码 base64 文本 text = line[line.index('.. text: "') + len('.. text: "'):-1] b64rex = re.compile('^[A-Za-z0-9+/=]{4,}$') if b64rex.match(text): text = file_strings.bytes_2_printable_strings(partial_base64_decode(text)) if len(text) > 5: f.write('[base64_decode]: {}\n'.format(text))
def pad(self, s): return s + (self.bs - len(s) % self.bs) * force_bytes(chr(self.bs - len(s) % self.bs))