mirrors/CyberChef
1
0
Fork 0
mirror of https://github.com/gchq/CyberChef.git synced 2025-04-22 07:46:16 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'master' into v10

Browse source
This commit is contained in:
n1474335 2022-10-21 11:56:25 +01:00
commit 01508a2459
27 changed files with 810 additions and 107 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/core/Utils.mjs
View file

@ -217,7 +217,7 @@ class Utils {
* Utils.parseEscapedChars("\\n");
*/
static parseEscapedChars(str) {
return str.replace(/\\([bfnrtv'"]|[0-3][0-7]{2}|[0-7]{1,2}|x[\da-fA-F]{2}|u[\da-fA-F]{4}|u\{[\da-fA-F]{1,6}\}|\\)/g, function(m, a) {
return str.replace(/\\([abfnrtv'"]|[0-3][0-7]{2}|[0-7]{1,2}|x[\da-fA-F]{2}|u[\da-fA-F]{4}|u\{[\da-fA-F]{1,6}\}|\\)/g, function(m, a) {
switch (a[0]) {
case "\\":
return "\\";
@ -230,6 +230,8 @@ class Utils {
case "6":
case "7":
return String.fromCharCode(parseInt(a, 8));
case "a":
return String.fromCharCode(7);
case "b":
return "\b";
case "t":

6
src/core/config/Categories.json
View file

@ -330,8 +330,10 @@
"Bzip2 Compress",
"Tar",
"Untar",
"LZString Decompress",
"LZString Compress",
"LZString Decompress"
"LZMA Decompress",
"LZMA Compress"
]
},
{
@ -367,6 +369,8 @@
"Bcrypt compare",
"Bcrypt parse",
"Scrypt",
"NT Hash",
"LM Hash",
"Fletcher-8 Checksum",
"Fletcher-16 Checksum",
"Fletcher-32 Checksum",

23
src/core/operations/DNSOverHTTPS.mjs
View file

@ -51,10 +51,27 @@ class DNSOverHTTPS extends Operation {
value: [
"A",
"AAAA",
"TXT",
"MX",
"ANAME",
"CERT",
"CNAME",
"DNSKEY",
"NS"
"HTTPS",
"IPSECKEY",
"LOC",
"MX",
"NS",
"OPENPGPKEY",
"PTR",
"RRSIG",
"SIG",
"SOA",
"SPF",
"SRV",
"SSHFP",
"TA",
"TXT",
"URI",
"ANY"
]
},
{

191
src/core/operations/GenerateAllHashes.mjs
View file

@ -1,5 +1,6 @@
/**
* @author n1474335 [n1474335@gmail.com]
* @author john19696 [john19696@protonmail.com]
* @copyright Crown Copyright 2016
* @license Apache-2.0
*/
@ -33,6 +34,9 @@ import BLAKE2b from "./BLAKE2b.mjs";
import BLAKE2s from "./BLAKE2s.mjs";
import Streebog from "./Streebog.mjs";
import GOSTHash from "./GOSTHash.mjs";
import LMHash from "./LMHash.mjs";
import NTHash from "./NTHash.mjs";
import OperationError from "../errors/OperationError.mjs";
/**
* Generate all hashes operation
@ -51,7 +55,75 @@ class GenerateAllHashes extends Operation {
this.infoURL = "https://wikipedia.org/wiki/Comparison_of_cryptographic_hash_functions";
this.inputType = "ArrayBuffer";
this.outputType = "string";
this.args = [];
this.args = [
{
name: "Length (bits)",
type: "option",
value: [
"All", "128", "160", "224", "256", "320", "384", "512"
]
},
{
name: "Include names",
type: "boolean",
value: true
},
];
this.hashes = [
{name: "MD2", algo: (new MD2()), inputType: "arrayBuffer", params: []},
{name: "MD4", algo: (new MD4()), inputType: "arrayBuffer", params: []},
{name: "MD5", algo: (new MD5()), inputType: "arrayBuffer", params: []},
{name: "MD6", algo: (new MD6()), inputType: "str", params: []},
{name: "SHA0", algo: (new SHA0()), inputType: "arrayBuffer", params: []},
{name: "SHA1", algo: (new SHA1()), inputType: "arrayBuffer", params: []},
{name: "SHA2 224", algo: (new SHA2()), inputType: "arrayBuffer", params: ["224"]},
{name: "SHA2 256", algo: (new SHA2()), inputType: "arrayBuffer", params: ["256"]},
{name: "SHA2 384", algo: (new SHA2()), inputType: "arrayBuffer", params: ["384"]},
{name: "SHA2 512", algo: (new SHA2()), inputType: "arrayBuffer", params: ["512"]},
{name: "SHA3 224", algo: (new SHA3()), inputType: "arrayBuffer", params: ["224"]},
{name: "SHA3 256", algo: (new SHA3()), inputType: "arrayBuffer", params: ["256"]},
{name: "SHA3 384", algo: (new SHA3()), inputType: "arrayBuffer", params: ["384"]},
{name: "SHA3 512", algo: (new SHA3()), inputType: "arrayBuffer", params: ["512"]},
{name: "Keccak 224", algo: (new Keccak()), inputType: "arrayBuffer", params: ["224"]},
{name: "Keccak 256", algo: (new Keccak()), inputType: "arrayBuffer", params: ["256"]},
{name: "Keccak 384", algo: (new Keccak()), inputType: "arrayBuffer", params: ["384"]},
{name: "Keccak 512", algo: (new Keccak()), inputType: "arrayBuffer", params: ["512"]},
{name: "Shake 128", algo: (new Shake()), inputType: "arrayBuffer", params: ["128", 256]},
{name: "Shake 256", algo: (new Shake()), inputType: "arrayBuffer", params: ["256", 512]},
{name: "RIPEMD-128", algo: (new RIPEMD()), inputType: "arrayBuffer", params: ["128"]},
{name: "RIPEMD-160", algo: (new RIPEMD()), inputType: "arrayBuffer", params: ["160"]},
{name: "RIPEMD-256", algo: (new RIPEMD()), inputType: "arrayBuffer", params: ["256"]},
{name: "RIPEMD-320", algo: (new RIPEMD()), inputType: "arrayBuffer", params: ["320"]},
{name: "HAS-160", algo: (new HAS160()), inputType: "arrayBuffer", params: []},
{name: "Whirlpool-0", algo: (new Whirlpool()), inputType: "arrayBuffer", params: ["Whirlpool-0"]},
{name: "Whirlpool-T", algo: (new Whirlpool()), inputType: "arrayBuffer", params: ["Whirlpool-T"]},
{name: "Whirlpool", algo: (new Whirlpool()), inputType: "arrayBuffer", params: ["Whirlpool"]},
{name: "BLAKE2b-128", algo: (new BLAKE2b), inputType: "arrayBuffer", params: ["128", "Hex", {string: "", option: "UTF8"}]},
{name: "BLAKE2b-160", algo: (new BLAKE2b), inputType: "arrayBuffer", params: ["160", "Hex", {string: "", option: "UTF8"}]},
{name: "BLAKE2b-256", algo: (new BLAKE2b), inputType: "arrayBuffer", params: ["256", "Hex", {string: "", option: "UTF8"}]},
{name: "BLAKE2b-384", algo: (new BLAKE2b), inputType: "arrayBuffer", params: ["384", "Hex", {string: "", option: "UTF8"}]},
{name: "BLAKE2b-512", algo: (new BLAKE2b), inputType: "arrayBuffer", params: ["512", "Hex", {string: "", option: "UTF8"}]},
{name: "BLAKE2s-128", algo: (new BLAKE2s), inputType: "arrayBuffer", params: ["128", "Hex", {string: "", option: "UTF8"}]},
{name: "BLAKE2s-160", algo: (new BLAKE2s), inputType: "arrayBuffer", params: ["160", "Hex", {string: "", option: "UTF8"}]},
{name: "BLAKE2s-256", algo: (new BLAKE2s), inputType: "arrayBuffer", params: ["256", "Hex", {string: "", option: "UTF8"}]},
{name: "Streebog-256", algo: (new Streebog), inputType: "arrayBuffer", params: ["256"]},
{name: "Streebog-512", algo: (new Streebog), inputType: "arrayBuffer", params: ["512"]},
{name: "GOST", algo: (new GOSTHash), inputType: "arrayBuffer", params: ["D-A"]},
{name: "LM Hash", algo: (new LMHash), inputType: "str", params: []},
{name: "NT Hash", algo: (new NTHash), inputType: "str", params: []},
{name: "SSDEEP", algo: (new SSDEEP()), inputType: "str"},
{name: "CTPH", algo: (new CTPH()), inputType: "str"}
];
this.checksums = [
{name: "Fletcher-8", algo: (new Fletcher8Checksum), inputType: "byteArray", params: []},
{name: "Fletcher-16", algo: (new Fletcher16Checksum), inputType: "byteArray", params: []},
{name: "Fletcher-32", algo: (new Fletcher32Checksum), inputType: "byteArray", params: []},
{name: "Fletcher-64", algo: (new Fletcher64Checksum), inputType: "byteArray", params: []},
{name: "Adler-32", algo: (new Adler32Checksum), inputType: "byteArray", params: []},
{name: "CRC-8", algo: (new CRC8Checksum), inputType: "arrayBuffer", params: ["CRC-8"]},
{name: "CRC-16", algo: (new CRC16Checksum), inputType: "arrayBuffer", params: []},
{name: "CRC-32", algo: (new CRC32Checksum), inputType: "arrayBuffer", params: []}
];
}
/**
@ -60,63 +132,74 @@ class GenerateAllHashes extends Operation {
* @returns {string}
*/
run(input, args) {
const arrayBuffer = input,
str = Utils.arrayBufferToStr(arrayBuffer, false),
byteArray = new Uint8Array(arrayBuffer),
output = "MD2: " + (new MD2()).run(arrayBuffer, []) +
"\nMD4: " + (new MD4()).run(arrayBuffer, []) +
"\nMD5: " + (new MD5()).run(arrayBuffer, []) +
"\nMD6: " + (new MD6()).run(str, []) +
"\nSHA0: " + (new SHA0()).run(arrayBuffer, []) +
"\nSHA1: " + (new SHA1()).run(arrayBuffer, []) +
"\nSHA2 224: " + (new SHA2()).run(arrayBuffer, ["224"]) +
"\nSHA2 256: " + (new SHA2()).run(arrayBuffer, ["256"]) +
"\nSHA2 384: " + (new SHA2()).run(arrayBuffer, ["384"]) +
"\nSHA2 512: " + (new SHA2()).run(arrayBuffer, ["512"]) +
"\nSHA3 224: " + (new SHA3()).run(arrayBuffer, ["224"]) +
"\nSHA3 256: " + (new SHA3()).run(arrayBuffer, ["256"]) +
"\nSHA3 384: " + (new SHA3()).run(arrayBuffer, ["384"]) +
"\nSHA3 512: " + (new SHA3()).run(arrayBuffer, ["512"]) +
"\nKeccak 224: " + (new Keccak()).run(arrayBuffer, ["224"]) +
"\nKeccak 256: " + (new Keccak()).run(arrayBuffer, ["256"]) +
"\nKeccak 384: " + (new Keccak()).run(arrayBuffer, ["384"]) +
"\nKeccak 512: " + (new Keccak()).run(arrayBuffer, ["512"]) +
"\nShake 128: " + (new Shake()).run(arrayBuffer, ["128", 256]) +
"\nShake 256: " + (new Shake()).run(arrayBuffer, ["256", 512]) +
"\nRIPEMD-128: " + (new RIPEMD()).run(arrayBuffer, ["128"]) +
"\nRIPEMD-160: " + (new RIPEMD()).run(arrayBuffer, ["160"]) +
"\nRIPEMD-256: " + (new RIPEMD()).run(arrayBuffer, ["256"]) +
"\nRIPEMD-320: " + (new RIPEMD()).run(arrayBuffer, ["320"]) +
"\nHAS-160: " + (new HAS160()).run(arrayBuffer, []) +
"\nWhirlpool-0: " + (new Whirlpool()).run(arrayBuffer, ["Whirlpool-0"]) +
"\nWhirlpool-T: " + (new Whirlpool()).run(arrayBuffer, ["Whirlpool-T"]) +
"\nWhirlpool: " + (new Whirlpool()).run(arrayBuffer, ["Whirlpool"]) +
"\nBLAKE2b-128: " + (new BLAKE2b).run(arrayBuffer, ["128", "Hex", {string: "", option: "UTF8"}]) +
"\nBLAKE2b-160: " + (new BLAKE2b).run(arrayBuffer, ["160", "Hex", {string: "", option: "UTF8"}]) +
"\nBLAKE2b-256: " + (new BLAKE2b).run(arrayBuffer, ["256", "Hex", {string: "", option: "UTF8"}]) +
"\nBLAKE2b-384: " + (new BLAKE2b).run(arrayBuffer, ["384", "Hex", {string: "", option: "UTF8"}]) +
"\nBLAKE2b-512: " + (new BLAKE2b).run(arrayBuffer, ["512", "Hex", {string: "", option: "UTF8"}]) +
"\nBLAKE2s-128: " + (new BLAKE2s).run(arrayBuffer, ["128", "Hex", {string: "", option: "UTF8"}]) +
"\nBLAKE2s-160: " + (new BLAKE2s).run(arrayBuffer, ["160", "Hex", {string: "", option: "UTF8"}]) +
"\nBLAKE2s-256: " + (new BLAKE2s).run(arrayBuffer, ["256", "Hex", {string: "", option: "UTF8"}]) +
"\nStreebog-256: " + (new Streebog).run(arrayBuffer, ["256"]) +
"\nStreebog-512: " + (new Streebog).run(arrayBuffer, ["512"]) +
"\nGOST: " + (new GOSTHash).run(arrayBuffer, ["D-A"]) +
"\nSSDEEP: " + (new SSDEEP()).run(str) +
"\nCTPH: " + (new CTPH()).run(str) +
"\n\nChecksums:" +
"\nFletcher-8: " + (new Fletcher8Checksum).run(byteArray, []) +
"\nFletcher-16: " + (new Fletcher16Checksum).run(byteArray, []) +
"\nFletcher-32: " + (new Fletcher32Checksum).run(byteArray, []) +
"\nFletcher-64: " + (new Fletcher64Checksum).run(byteArray, []) +
"\nAdler-32: " + (new Adler32Checksum).run(byteArray, []) +
"\nCRC-8: " + (new CRC8Checksum).run(arrayBuffer, ["CRC-8"]) +
"\nCRC-16: " + (new CRC16Checksum).run(arrayBuffer, []) +
"\nCRC-32: " + (new CRC32Checksum).run(arrayBuffer, []);
const [length, includeNames] = args;
this.inputArrayBuffer = input;
this.inputStr = Utils.arrayBufferToStr(input, false);
this.inputByteArray = new Uint8Array(input);
let digest, output = "";
// iterate over each of the hashes
this.hashes.forEach(hash => {
digest = this.executeAlgo(hash.algo, hash.inputType, hash.params || []);
output += this.formatDigest(digest, length, includeNames, hash.name);
});
if (length === "All") {
output += "\nChecksums:\n";
this.checksums.forEach(checksum => {
digest = this.executeAlgo(checksum.algo, checksum.inputType, checksum.params || []);
output += this.formatDigest(digest, length, includeNames, checksum.name);
});
}
return output;
}
/**
* Executes a hash or checksum algorithm
*
* @param {Function} algo - The hash or checksum algorithm
* @param {string} inputType
* @param {Object[]} [params=[]]
* @returns {string}
*/
executeAlgo(algo, inputType, params=[]) {
let digest = null;
switch (inputType) {
case "arrayBuffer":
digest = algo.run(this.inputArrayBuffer, params);
break;
case "str":
digest = algo.run(this.inputStr, params);
break;
case "byteArray":
digest = algo.run(this.inputByteArray, params);
break;
default:
throw new OperationError("Unknown hash input type: " + inputType);
}
return digest;
}
/**
* Formats the digest depending on user-specified arguments
* @param {string} digest
* @param {string} length
* @param {boolean} includeNames
* @param {string} name
* @returns {string}
*/
formatDigest(digest, length, includeNames, name) {
if (length !== "All" && (digest.length * 4) !== parseInt(length, 10))
return "";
if (!includeNames)
return digest + "\n";
return `${name}:${" ".repeat(13-name.length)}${digest}\n`;
}
}
export default GenerateAllHashes;

7
src/core/operations/JWTDecode.mjs
View file

@ -26,6 +26,13 @@ class JWTDecode extends Operation {
this.inputType = "string";
this.outputType = "JSON";
this.args = [];
this.checks = [
{
pattern: "^ey([A-Za-z0-9_-]+)\\.ey([A-Za-z0-9_-]+)\\.([A-Za-z0-9_-]+)$",
flags: "",
args: []
},
];
}
/**

41
src/core/operations/LMHash.mjs Normal file
View file

@ -0,0 +1,41 @@
/**
* @author n1474335 [n1474335@gmail.com]
* @copyright Crown Copyright 2022
* @license Apache-2.0
*/
import Operation from "../Operation.mjs";
import {smbhash} from "ntlm";
/**
* LM Hash operation
*/
class LMHash extends Operation {
/**
* LMHash constructor
*/
constructor() {
super();
this.name = "LM Hash";
this.module = "Crypto";
this.description = "An LM Hash, or LAN Manager Hash, is a deprecated way of storing passwords on old Microsoft operating systems. It is particularly weak and can be cracked in seconds on modern hardware using rainbow tables.";
this.infoURL = "https://wikipedia.org/wiki/LAN_Manager#Password_hashing_algorithm";
this.inputType = "string";
this.outputType = "string";
this.args = [];
}
/**
* @param {string} input
* @param {Object[]} args
* @returns {string}
*/
run(input, args) {
return smbhash.lmhash(input);
}
}
export default LMHash;

64
src/core/operations/LZMACompress.mjs Normal file
View file

@ -0,0 +1,64 @@
/**
* @author Matt C [me@mitt.dev]
* @copyright Crown Copyright 2022
* @license Apache-2.0
*/
import Operation from "../Operation.mjs";
import OperationError from "../errors/OperationError.mjs";
import { compress } from "@blu3r4y/lzma";
import {isWorkerEnvironment} from "../Utils.mjs";
/**
* LZMA Compress operation
*/
class LZMACompress extends Operation {
/**
* LZMACompress constructor
*/
constructor() {
super();
this.name = "LZMA Compress";
this.module = "Compression";
this.description = "Compresses data using the Lempel\u2013Ziv\u2013Markov chain algorithm. Compression mode determines the speed and effectiveness of the compression: 1 is fastest and less effective, 9 is slowest and most effective";
this.infoURL = "https://wikipedia.org/wiki/Lempel%E2%80%93Ziv%E2%80%93Markov_chain_algorithm";
this.inputType = "ArrayBuffer";
this.outputType = "ArrayBuffer";
this.args = [
{
name: "Compression Mode",
type: "option",
value: [
"1", "2", "3", "4", "5", "6", "7", "8", "9"
],
"defaultIndex": 6
}
];
}
/**
* @param {ArrayBuffer} input
* @param {Object[]} args
* @returns {ArrayBuffer}
*/
async run(input, args) {
const mode = Number(args[0]);
return new Promise((resolve, reject) => {
compress(new Uint8Array(input), mode, (result, error) => {
if (error) {
reject(new OperationError(`Failed to compress input: ${error.message}`));
}
// The compression returns as an Int8Array, but we can just get the unsigned data from the buffer
resolve(new Int8Array(result).buffer);
}, (percent) => {
if (isWorkerEnvironment()) self.sendStatusMessage(`Compressing input: ${(percent*100).toFixed(2)}%`);
});
});
}
}
export default LZMACompress;

57
src/core/operations/LZMADecompress.mjs Normal file
View file

@ -0,0 +1,57 @@
/**
* @author Matt C [me@mitt.dev]
* @copyright Crown Copyright 2022
* @license Apache-2.0
*/
import Operation from "../Operation.mjs";
import OperationError from "../errors/OperationError.mjs";
import {decompress} from "@blu3r4y/lzma";
import Utils, {isWorkerEnvironment} from "../Utils.mjs";
/**
* LZMA Decompress operation
*/
class LZMADecompress extends Operation {
/**
* LZMADecompress constructor
*/
constructor() {
super();
this.name = "LZMA Decompress";
this.module = "Compression";
this.description = "Decompresses data using the Lempel-Ziv-Markov chain Algorithm.";
this.infoURL = "https://wikipedia.org/wiki/Lempel%E2%80%93Ziv%E2%80%93Markov_chain_algorithm";
this.inputType = "ArrayBuffer";
this.outputType = "ArrayBuffer";
}
/**
* @param {ArrayBuffer} input
* @param {Object[]} args
* @returns {ArrayBuffer}
*/
async run(input, args) {
return new Promise((resolve, reject) => {
decompress(new Uint8Array(input), (result, error) => {
if (error) {
reject(new OperationError(`Failed to decompress input: ${error.message}`));
}
// The decompression returns either a String or an untyped unsigned int8 array, but we can just get the unsigned data from the buffer
if (typeof result == "string") {
resolve(Utils.strToArrayBuffer(result));
} else {
resolve(new Int8Array(result).buffer);
}
}, (percent) => {
if (isWorkerEnvironment()) self.sendStatusMessage(`Decompressing input: ${(percent*100).toFixed(2)}%`);
});
});
}
}
export default LZMADecompress;

46
src/core/operations/NTHash.mjs Normal file
View file

@ -0,0 +1,46 @@
/**
* @author brun0ne [brunonblok@gmail.com]
* @copyright Crown Copyright 2022
* @license Apache-2.0
*/
import Operation from "../Operation.mjs";
import cptable from "codepage";
import {runHash} from "../lib/Hash.mjs";
/**
* NT Hash operation
*/
class NTHash extends Operation {
/**
* NTHash constructor
*/
constructor() {
super();
this.name = "NT Hash";
this.module = "Crypto";
this.description = "An NT Hash, sometimes referred to as an NTLM hash, is a method of storing passwords on Windows systems. It works by running MD4 on UTF-16LE encoded input. NTLM hashes are considered weak because they can be brute-forced very easily with modern hardware.";
this.infoURL = "https://wikipedia.org/wiki/NT_LAN_Manager";
this.inputType = "string";
this.outputType = "string";
this.args = [];
}
/**
* @param {string} input
* @param {Object[]} args
* @returns {string}
*/
run(input, args) {
const format = 1200; // UTF-16LE
const encoded = cptable.utils.encode(format, input);
const hashed = runHash("md4", encoded);
return hashed.toUpperCase();
}
}
export default NTHash;

4
src/core/operations/ParseSSHHostKey.mjs
View file

@ -23,7 +23,7 @@ class ParseSSHHostKey extends Operation {
this.name = "Parse SSH Host Key";
this.module = "Default";
this.description = "Parses a SSH host key and extracts fields from it.<br>The key type can be:<ul><li>ssh-rsa</li><li>ssh-dss</li><li>ecdsa-sha2</li></ul>The key format can be either Hex or Base64.";
this.description = "Parses a SSH host key and extracts fields from it.<br>The key type can be:<ul><li>ssh-rsa</li><li>ssh-dss</li><li>ecdsa-sha2</li><li>ssh-ed25519</li></ul>The key format can be either Hex or Base64.";
this.infoURL = "https://wikipedia.org/wiki/Secure_Shell";
this.inputType = "string";
this.outputType = "string";
@ -71,6 +71,8 @@ class ParseSSHHostKey extends Operation {
} else if (keyType.startsWith("ecdsa-sha2")) {
output += `\nCurve: ${Utils.byteArrayToChars(fromHex(fields[1]))}`;
output += `\nPoint: 0x${fields.slice(2)}`;
} else if (keyType === "ssh-ed25519") {
output += `\nx: 0x${fields[1]}`;
} else {
output += "\nUnsupported key type.";
output += `\nParameters: ${fields.slice(1)}`;

20
src/core/operations/RawInflate.mjs
View file

@ -7,7 +7,6 @@
import Operation from "../Operation.mjs";
import {INFLATE_BUFFER_TYPE} from "../lib/Zlib.mjs";
import rawinflate from "zlibjs/bin/rawinflate.min.js";
import OperationError from "../errors/OperationError.mjs";
const Zlib = rawinflate.Zlib;
@ -83,25 +82,6 @@ class RawInflate extends Operation {
}),
result = new Uint8Array(inflate.decompress());
// Raw Inflate sometimes messes up and returns nonsense like this:
// ]....]....]....]....]....]....]....]....]....]....]....]....]....]...
// e.g. Input data of [8b, 1d, dc, 44]
// Look for the first two square brackets:
if (result.length > 158 && result[0] === 93 && result[5] === 93) {
// If the first two square brackets are there, check that the others
// are also there. If they are, throw an error. If not, continue.
let valid = false;
for (let i = 0; i < 155; i += 5) {
if (result[i] !== 93) {
valid = true;
}
}
if (!valid) {
throw new OperationError("Error: Unable to inflate data");
}
}
// This seems to be the easiest way...
return result.buffer;
}

30
src/core/operations/YARARules.mjs
View file

@ -52,7 +52,17 @@ class YARARules extends Operation {
name: "Show counts",
type: "boolean",
value: true
}
},
{
name: "Show rule warnings",
type: "boolean",
value: true
},
{
name: "Show console module messages",
type: "boolean",
value: true
},
];
}
@ -64,7 +74,7 @@ class YARARules extends Operation {
async run(input, args) {
if (isWorkerEnvironment())
self.sendStatusMessage("Instantiating YARA...");
const [rules, showStrings, showLengths, showMeta, showCounts] = args;
const [rules, showStrings, showLengths, showMeta, showCounts, showRuleWarns, showConsole] = args;
return new Promise((resolve, reject) => {
Yara().then(yara => {
if (isWorkerEnvironment()) self.sendStatusMessage("Converting data for YARA.");
@ -83,11 +93,19 @@ class YARARules extends Operation {
const compileError = resp.compileErrors.get(i);
if (!compileError.warning) {
reject(new OperationError(`Error on line ${compileError.lineNumber}: ${compileError.message}`));
} else {
matchString += `Warning on line ${compileError.lineNumber}: ${compileError.message}`;
} else if (showRuleWarns) {
matchString += `Warning on line ${compileError.lineNumber}: ${compileError.message}\n`;
}
}
}
if (showConsole) {
const consoleLogs = resp.consoleLogs;
for (let i = 0; i < consoleLogs.size(); i++) {
matchString += consoleLogs.get(i) + "\n";
}
}
const matchedRules = resp.matchedRules;
for (let i = 0; i < matchedRules.size(); i++) {
const rule = matchedRules.get(i);
@ -100,11 +118,11 @@ class YARARules extends Operation {
}
meta = meta.slice(0, -2) + "]";
}
const countString = showCounts ? `${matches.size()} time${matches.size() > 1 ? "s" : ""}` : "";
const countString = matches.size() === 0 ? "" : (showCounts ? ` (${matches.size()} time${matches.size() > 1 ? "s" : ""})` : "");
if (matches.size() === 0 || !(showStrings || showLengths)) {
matchString += `Input matches rule "${rule.ruleName}"${meta}${countString.length > 0 ? ` ${countString}`: ""}.\n`;
} else {
matchString += `Rule "${rule.ruleName}"${meta} matches (${countString}):\n`;
matchString += `Rule "${rule.ruleName}"${meta} matches${countString}:\n`;
for (let j = 0; j < matches.size(); j++) {
const match = matches.get(j);
if (showStrings || showLengths) {