mirrors/CyberChef
1
0
Fork 0
mirror of https://github.com/gchq/CyberChef.git synced 2025-05-03 13:09:15 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge branch 'master' into object-object-errors-fix

Browse source
This commit is contained in:
a3957273 2024-04-01 17:51:40 +01:00 committed by GitHub
commit bfcc6c4ea2
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
108 changed files with 9458 additions and 12113 deletions
Download patch file Download diff file Expand all files Collapse all files

41
.devcontainer/devcontainer.json Normal file
View file

@ -0,0 +1,41 @@
// For format details, see https://aka.ms/devcontainer.json. For config options, see the
// README at: https://github.com/devcontainers/templates/tree/main/src/javascript-node
{
"name": "CyberChef",
// Or use a Dockerfile or Docker Compose file. More info: https://containers.dev/guide/dockerfile
"image": "mcr.microsoft.com/devcontainers/javascript-node:1-18-bookworm",
// Features to add to the dev container. More info: https://containers.dev/features.
"features": {
"ghcr.io/devcontainers/features/github-cli": "latest"
},
// Use 'forwardPorts' to make a list of ports inside the container available locally.
"forwardPorts": [8080],
// Use 'postCreateCommand' to run commands after the container is created.
"postCreateCommand": {
"npm": "bash -c \"sudo chown node node_modules && npm install\""
},
"containerEnv": {
"DISPLAY": ":99"
},
"mounts": [
"source=${localWorkspaceFolderBasename}-node_modules,target=${containerWorkspaceFolder}/node_modules,type=volume"
],
// Configure tool-specific properties.
"customizations": {
"vscode": {
"extensions": [
"dbaeumer.vscode-eslint",
"GitHub.vscode-github-actions"
]
}
}
// Uncomment to connect as root instead. More info: https://aka.ms/dev-containers-non-root.
// "remoteUser": "root"
}

2
.dockerignore Normal file
View file

@ -0,0 +1,2 @@
node_modules
build

1
.gitattributes vendored Normal file
View file

@ -0,0 +1 @@
* text=auto eol=lf

14
.github/workflows/pull_requests.yml vendored
View file

@ -33,6 +33,20 @@ jobs:
if: success()
run: npx grunt prod
- name: Production Image Build
if: success()
id: build-image
uses: redhat-actions/buildah-build@v2
with:
# Not being uploaded to any registry, use a simple name to allow Buildah to build correctly.
image: cyberchef
containerfiles: ./Dockerfile
platforms: linux/amd64
oci: true
# Webpack seems to use a lot of open files, increase the max open file limit to accomodate.
extra-args: |
--ulimit nofile=10000
- name: UI Tests
if: success()
run: |

44
.github/workflows/releases.yml vendored
View file

@ -6,6 +6,12 @@ on:
tags:
- 'v*'
env:
REGISTRY: ghcr.io
REGISTRY_USER: ${{ github.actor }}
REGISTRY_PASSWORD: ${{ github.token }}
IMAGE_NAME: ${{ github.repository }}
jobs:
main:
runs-on: ubuntu-latest
@ -19,7 +25,7 @@ jobs:
- name: Install
run: |
npm install
npm ci
npm run setheapsize
- name: Lint
@ -31,17 +37,38 @@ jobs:
npm run testnodeconsumer
- name: Production Build
if: success()
run: npx grunt prod
- name: UI Tests
if: success()
run: |
sudo apt-get install xvfb
xvfb-run --server-args="-screen 0 1200x800x24" npx grunt testui
- name: Image Metadata
id: image-metadata
uses: docker/metadata-action@v4
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=semver,pattern={{major}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{version}}
- name: Production Image Build
id: build-image
uses: redhat-actions/buildah-build@v2
with:
tags: ${{ steps.image-metadata.outputs.tags }}
labels: ${{ steps.image-metadata.outputs.labels }}
containerfiles: ./Dockerfile
platforms: linux/amd64
oci: true
# Webpack seems to use a lot of open files, increase the max open file limit to accomodate.
extra-args: |
--ulimit nofile=10000
- name: Upload Release Assets
if: success()
id: upload-release-assets
uses: svenstaro/upload-release-action@v2
with:
@ -53,7 +80,14 @@ jobs:
body: "See the [CHANGELOG](https://github.com/gchq/CyberChef/blob/master/CHANGELOG.md) and [commit messages](https://github.com/gchq/CyberChef/commits/master) for details."
- name: Publish to NPM
if: success()
uses: JS-DevTools/npm-publish@v1
with:
token: ${{ secrets.NPM_TOKEN }}
- name: Publish to GHCR
uses: redhat-actions/push-to-registry@v2
with:
tags: ${{ steps.build-image.outputs.tags }}
registry: ${{ env.REGISTRY }}
username: ${{ env.REGISTRY_USER }}
password: ${{ env.REGISTRY_PASSWORD }}

1
.gitignore vendored
View file

@ -3,6 +3,7 @@ npm-debug.log
travis.log
build
.vscode
.idea
.*.swp
src/core/config/modules/*
src/core/config/OperationConfig.json

89
CHANGELOG.md
View file

@ -13,6 +13,47 @@ All major and minor version changes will be documented in this file. Details of
## Details
### [10.14.0] - 2024-03-31
- Added 'To Float' and 'From Float' operations [@tcode2k16] | [#1762]
- Fix ChaCha raw export option [@joostrijneveld] | [#1606]
- Update x86 disassembler vendor library [@evanreichard] | [#1197]
- Allow variable Blowfish key sizes [@cbeuw] | [#933]
- Added 'XXTEA' operation [@devcydo] | [#1361]
### [10.13.0] - 2024-03-30
- Added 'FangURL' operation [@breakersall] [@arnydo] | [#1591] [#654]
### [10.12.0] - 2024-03-29
- Added 'Salsa20' and 'XSalsa20' operation [@joostrijneveld] | [#1750]
### [10.11.0] - 2024-03-29
- Add HEIC/HEIF file signatures [@simonw] | [#1757]
- Update xmldom to fix medium security vulnerability [@chriswhite199] | [#1752]
- Update JSONWebToken to fix medium security vulnerability [@chriswhite199] | [#1753]
### [10.10.0] - 2024-03-27
- Added 'JA4 Fingerprint' operation [@n1474335] | [#1759]
### [10.9.0] - 2024-03-26
- Line ending sequences and UTF-8 character encoding are now detected automatically [@n1474335] | [65ffd8d]
### [10.8.0] - 2024-02-13
- Add official Docker images [@AshCorr] | [#1699]
### [10.7.0] - 2024-02-09
- Added 'File Tree' operation [@sw5678] | [#1667]
- Added 'RISON' operation [@sg5506844] | [#1555]
- Added 'MurmurHash3' operation [@AliceGrey] | [#1694]
### [10.6.0] - 2024-02-03
- Updated 'Forensics Wiki' URLs to new domain [@a3957273] | [#1703]
- Added 'LZNT1 Decompress' operation [@0xThiebaut] | [#1675]
- Updated 'Regex Expression' UUID matcher [@cnotin] | [#1678]
- Removed duplicate 'hover' message within baking info [@KevinSJ] | [#1541]
### [10.5.0] - 2023-07-14
- Added GOST Encrypt, Decrypt, Sign, Verify, Key Wrap, and Key Unwrap operations [@n1474335] | [#592]
### [10.4.0] - 2023-03-24
- Added 'Generate De Bruijn Sequence' operation [@gchq77703] | [#493]
@ -369,8 +410,16 @@ All major and minor version changes will be documented in this file. Details of
## [4.0.0] - 2016-11-28
- Initial open source commit [@n1474335] | [b1d73a72](https://github.com/gchq/CyberChef/commit/b1d73a725dc7ab9fb7eb789296efd2b7e4b08306)
[10.14.0]: https://github.com/gchq/CyberChef/releases/tag/v10.14.0
[10.13.0]: https://github.com/gchq/CyberChef/releases/tag/v10.13.0
[10.12.0]: https://github.com/gchq/CyberChef/releases/tag/v10.12.0
[10.11.0]: https://github.com/gchq/CyberChef/releases/tag/v10.11.0
[10.10.0]: https://github.com/gchq/CyberChef/releases/tag/v10.10.0
[10.9.0]: https://github.com/gchq/CyberChef/releases/tag/v10.9.0
[10.8.0]: https://github.com/gchq/CyberChef/releases/tag/v10.7.0
[10.7.0]: https://github.com/gchq/CyberChef/releases/tag/v10.7.0
[10.6.0]: https://github.com/gchq/CyberChef/releases/tag/v10.6.0
[10.5.0]: https://github.com/gchq/CyberChef/releases/tag/v10.5.0
[10.4.0]: https://github.com/gchq/CyberChef/releases/tag/v10.4.0
[10.3.0]: https://github.com/gchq/CyberChef/releases/tag/v10.3.0
[10.2.0]: https://github.com/gchq/CyberChef/releases/tag/v10.2.0
@ -524,6 +573,20 @@ All major and minor version changes will be documented in this file. Details of
[@joostrijneveld]: https://github.com/joostrijneveld
[@Xenonym]: https://github.com/Xenonym
[@gchq77703]: https://github.com/gchq77703
[@a3957273]: https://github.com/a3957273
[@0xThiebaut]: https://github.com/0xThiebaut
[@cnotin]: https://github.com/cnotin
[@KevinSJ]: https://github.com/KevinSJ
[@sw5678]: https://github.com/sw5678
[@sg5506844]: https://github.com/sg5506844
[@AliceGrey]: https://github.com/AliceGrey
[@AshCorr]: https://github.com/AshCorr
[@simonw]: https://github.com/simonw
[@chriswhite199]: https://github.com/chriswhite199
[@breakersall]: https://github.com/breakersall
[@evanreichard]: https://github.com/evanreichard
[@devcydo]: https://github.com/devcydo
[8ad18b]: https://github.com/gchq/CyberChef/commit/8ad18bc7db6d9ff184ba3518686293a7685bf7b7
[9a33498]: https://github.com/gchq/CyberChef/commit/9a33498fed26a8df9c9f35f39a78a174bf50a513
@ -533,6 +596,7 @@ All major and minor version changes will be documented in this file. Details of
[a895d1d]: https://github.com/gchq/CyberChef/commit/a895d1d82a2f92d440a0c5eca2bc7c898107b737
[31a7f83]: https://github.com/gchq/CyberChef/commit/31a7f83b82e78927f89689f323fcb9185144d6ff
[760eff4]: https://github.com/gchq/CyberChef/commit/760eff49b5307aaa3104c5e5b437ffe62299acd1
[65ffd8d]: https://github.com/gchq/CyberChef/commit/65ffd8d65d88eb369f6f61a5d1d0f807179bffb7
[#95]: https://github.com/gchq/CyberChef/pull/299
[#173]: https://github.com/gchq/CyberChef/pull/173
@ -641,4 +705,23 @@ All major and minor version changes will be documented in this file. Details of
[#1528]: https://github.com/gchq/CyberChef/pull/1528
[#661]: https://github.com/gchq/CyberChef/pull/661
[#493]: https://github.com/gchq/CyberChef/pull/493
[#592]: https://github.com/gchq/CyberChef/issues/592
[#1703]: https://github.com/gchq/CyberChef/issues/1703
[#1675]: https://github.com/gchq/CyberChef/issues/1675
[#1678]: https://github.com/gchq/CyberChef/issues/1678
[#1541]: https://github.com/gchq/CyberChef/issues/1541
[#1667]: https://github.com/gchq/CyberChef/issues/1667
[#1555]: https://github.com/gchq/CyberChef/issues/1555
[#1694]: https://github.com/gchq/CyberChef/issues/1694
[#1699]: https://github.com/gchq/CyberChef/issues/1694
[#1757]: https://github.com/gchq/CyberChef/issues/1757
[#1752]: https://github.com/gchq/CyberChef/issues/1752
[#1753]: https://github.com/gchq/CyberChef/issues/1753
[#1750]: https://github.com/gchq/CyberChef/issues/1750
[#1591]: https://github.com/gchq/CyberChef/issues/1591
[#654]: https://github.com/gchq/CyberChef/issues/654
[#1762]: https://github.com/gchq/CyberChef/issues/1762
[#1606]: https://github.com/gchq/CyberChef/issues/1606
[#1197]: https://github.com/gchq/CyberChef/issues/1197
[#933]: https://github.com/gchq/CyberChef/issues/933
[#1361]: https://github.com/gchq/CyberChef/issues/1361

9
Dockerfile Normal file
View file

@ -0,0 +1,9 @@
FROM node:18-alpine AS build
COPY . .
RUN npm ci
RUN npm run build
FROM nginx:1.25-alpine3.18 AS cyberchef
COPY --from=build ./build/prod /usr/share/nginx/html/

1
Gruntfile.js
View file

@ -197,6 +197,7 @@ module.exports = function (grunt) {
},
webpack: {
options: webpackConfig,
myConfig: webpackConfig,
web: webpackProdConf(),
},
"webpack-dev-server": {

20
README.md
View file

@ -20,6 +20,22 @@ Cryptographic operations in CyberChef should not be relied upon to provide secur
[A live demo can be found here][1] - have fun!
## Containers
If you would like to try out CyberChef locally you can either build it yourself:
```bash
docker build --tag cyberchef --ulimit nofile=10000 .
docker run -it -p 8080:80 cyberchef
```
Or you can use our image directly:
```bash
docker run -it -p 8080:80 ghcr.io/gchq/cyberchef:latest
```
This image is built and published through our [GitHub Workflows](.github/workflows/releases.yml)
## How it works
@ -89,14 +105,14 @@ CyberChef is built to support
## Node.js support
CyberChef is built to fully support Node.js `v16`. For more information, see the Node API page in the project [wiki pages](https://github.com/gchq/CyberChef/wiki)
CyberChef is built to fully support Node.js `v16`. For more information, see the ["Node API" wiki page](https://github.com/gchq/CyberChef/wiki/Node-API)
## Contributing
Contributing a new operation to CyberChef is super easy! The quickstart script will walk you through the process. If you can write basic JavaScript, you can write a CyberChef operation.
An installation walkthrough, how-to guides for adding new operations and themes, descriptions of the repository structure, available data types and coding conventions can all be found in the project [wiki pages](https://github.com/gchq/CyberChef/wiki).
An installation walkthrough, how-to guides for adding new operations and themes, descriptions of the repository structure, available data types and coding conventions can all be found in the ["Contributing" wiki page](https://github.com/gchq/CyberChef/wiki/Contributing).
- Push your changes to your fork.
- Submit a pull request. If you are doing this for the first time, you will be prompted to sign the [GCHQ Contributor Licence Agreement](https://cla-assistant.io/gchq/CyberChef) via the CLA assistant on the pull request. This will also ask whether you are happy for GCHQ to contact you about a token of thanks for your contribution, or about job opportunities at GCHQ.

15330
package-lock.json generated
View file

File diff suppressed because it is too large Load diff

122
package.json
View file

@ -1,6 +1,6 @@
{
"name": "cyberchef",
"version": "10.4.0",
"version": "10.14.0",
"description": "The Cyber Swiss Army Knife for encryption, encoding, compression and data analysis.",
"author": "n1474335 <n1474335@gmail.com>",
"homepage": "https://gchq.github.io/CyberChef",
@ -39,55 +39,55 @@
"node >= 16"
],
"devDependencies": {
"@babel/core": "^7.21.0",
"@babel/eslint-parser": "^7.19.1",
"@babel/plugin-syntax-import-assertions": "^7.20.0",
"@babel/plugin-transform-runtime": "^7.21.0",
"@babel/preset-env": "^7.20.2",
"@babel/runtime": "^7.21.0",
"@codemirror/commands": "^6.2.1",
"@codemirror/language": "^6.6.0",
"@codemirror/search": "^6.2.3",
"@codemirror/state": "^6.2.0",
"@codemirror/view": "^6.9.2",
"autoprefixer": "^10.4.13",
"babel-loader": "^9.1.2",
"@babel/core": "^7.23.9",
"@babel/eslint-parser": "^7.23.10",
"@babel/plugin-syntax-import-assertions": "^7.23.3",
"@babel/plugin-transform-runtime": "^7.23.9",
"@babel/preset-env": "^7.23.9",
"@babel/runtime": "^7.23.9",
"@codemirror/commands": "^6.3.3",
"@codemirror/language": "^6.10.1",
"@codemirror/search": "^6.5.5",
"@codemirror/state": "^6.4.0",
"@codemirror/view": "^6.23.1",
"autoprefixer": "^10.4.17",
"babel-loader": "^9.1.3",
"babel-plugin-dynamic-import-node": "^2.3.3",
"babel-plugin-transform-builtin-extend": "1.1.2",
"base64-loader": "^1.0.0",
"chromedriver": "^110.0.0",
"chromedriver": "^122.0.0",
"cli-progress": "^3.12.0",
"colors": "^1.4.0",
"copy-webpack-plugin": "^11.0.0",
"core-js": "^3.29.0",
"css-loader": "6.7.3",
"eslint": "^8.35.0",
"copy-webpack-plugin": "^12.0.2",
"core-js": "^3.35.1",
"css-loader": "6.10.0",
"eslint": "^8.56.0",
"grunt": "^1.6.1",
"grunt-chmod": "~1.1.1",
"grunt-concurrent": "^3.0.0",
"grunt-contrib-clean": "~2.0.1",
"grunt-contrib-connect": "^3.0.0",
"grunt-contrib-connect": "^4.0.0",
"grunt-contrib-copy": "~1.0.0",
"grunt-contrib-watch": "^1.1.0",
"grunt-eslint": "^24.0.1",
"grunt-eslint": "^24.3.0",
"grunt-exec": "~3.0.0",
"grunt-webpack": "^5.0.0",
"grunt-zip": "^0.20.0",
"html-webpack-plugin": "^5.5.0",
"imports-loader": "^4.0.1",
"mini-css-extract-plugin": "2.7.3",
"grunt-webpack": "^6.0.0",
"grunt-zip": "^1.0.0",
"html-webpack-plugin": "^5.6.0",
"imports-loader": "^5.0.0",
"mini-css-extract-plugin": "2.8.0",
"modify-source-webpack-plugin": "^3.0.0",
"nightwatch": "^2.6.16",
"postcss": "^8.4.21",
"postcss-css-variables": "^0.18.0",
"postcss-import": "^15.1.0",
"postcss-loader": "^7.0.2",
"nightwatch": "^3.4.0",
"postcss": "^8.4.33",
"postcss-css-variables": "^0.19.0",
"postcss-import": "^16.0.0",
"postcss-loader": "^8.1.0",
"prompt": "^1.3.0",
"sitemap": "^7.1.1",
"terser": "^5.16.6",
"webpack": "^5.76.0",
"webpack-bundle-analyzer": "^4.8.0",
"webpack-dev-server": "4.11.1",
"terser": "^5.27.0",
"webpack": "^5.90.1",
"webpack-bundle-analyzer": "^4.10.1",
"webpack-dev-server": "4.15.1",
"webpack-node-externals": "^3.0.0",
"worker-loader": "^3.0.8"
},
@ -95,11 +95,12 @@
"@astronautlabs/amf": "^0.0.6",
"@babel/polyfill": "^7.12.1",
"@blu3r4y/lzma": "^2.3.3",
"@wavesenterprise/crypto-gost-js": "^2.1.0-RC1",
"argon2-browser": "^1.18.0",
"arrive": "^2.4.1",
"avsc": "^5.7.7",
"bcryptjs": "^2.4.3",
"bignumber.js": "^9.1.1",
"bignumber.js": "^9.1.2",
"blakejs": "^1.2.1",
"bootstrap": "4.6.2",
"bootstrap-colorpicker": "^3.4.0",
@ -107,45 +108,47 @@
"browserify-zlib": "^0.2.0",
"bson": "^4.7.2",
"buffer": "^6.0.3",
"cbor": "8.1.0",
"cbor": "9.0.2",
"chi-squared": "^1.1.0",
"codepage": "^1.15.0",
"crypto-api": "^0.8.5",
"crypto-browserify": "^3.12.0",
"crypto-js": "^4.1.1",
"crypto-js": "^4.2.0",
"ctph.js": "0.0.5",
"d3": "7.8.2",
"d3": "7.8.5",
"d3-hexbin": "^0.2.2",
"diff": "^5.1.0",
"es6-promisify": "^7.0.0",
"escodegen": "^2.0.0",
"escodegen": "^2.1.0",
"esprima": "^4.0.1",
"exif-parser": "^0.1.12",
"ieee754": "^1.1.13",
"fernet": "^0.3.2",
"file-saver": "^2.0.5",
"flat": "^5.0.2",
"flat": "^6.0.1",
"geodesy": "1.1.3",
"highlight.js": "^11.7.0",
"highlight.js": "^11.9.0",
"jimp": "^0.16.13",
"jquery": "3.6.4",
"jquery": "3.7.1",
"js-crc": "^0.2.0",
"js-sha3": "^0.8.0",
"js-sha3": "^0.9.3",
"jsesc": "^3.0.2",
"json5": "^2.2.3",
"jsonpath-plus": "^7.2.0",
"jsonwebtoken": "8.5.1",
"jsonpath-plus": "^8.0.0",
"jsonwebtoken": "^9.0.0",
"jsqr": "^1.4.0",
"jsrsasign": "^10.6.1",
"jsrsasign": "^11.1.0",
"kbpgp": "2.1.15",
"libbzip2-wasm": "0.0.4",
"libyara-wasm": "^1.2.1",
"lodash": "^4.17.21",
"loglevel": "^1.8.1",
"loglevel": "^1.9.1",
"loglevel-message-prefix": "^3.0.0",
"lz-string": "^1.5.0",
"lz4js": "^0.2.0",
"markdown-it": "^13.0.1",
"moment": "^2.29.4",
"moment-timezone": "^0.5.41",
"markdown-it": "^14.0.0",
"moment": "^2.30.1",
"moment-timezone": "^0.5.44",
"ngeohash": "^0.6.3",
"node-forge": "^1.3.1",
"node-md6": "^0.1.0",
@ -157,22 +160,23 @@
"path": "^0.12.7",
"popper.js": "^1.16.1",
"process": "^0.11.10",
"protobufjs": "^7.2.2",
"protobufjs": "^7.2.6",
"qr-image": "^3.2.0",
"reflect-metadata": "^0.1.13",
"reflect-metadata": "^0.2.1",
"rison": "^0.1.1",
"scryptsy": "^2.1.0",
"snackbarjs": "^1.1.0",
"sortablejs": "^1.15.0",
"sortablejs": "^1.15.2",
"split.js": "^1.6.5",
"ssdeep.js": "0.0.3",
"stream-browserify": "^3.0.0",
"tesseract.js": "3.0.3",
"ua-parser-js": "^1.0.34",
"tesseract.js": "5.0.4",
"ua-parser-js": "^1.0.37",
"unorm": "^1.6.0",
"utf8": "^3.0.0",
"vkbeautify": "^0.99.3",
"xmldom": "^0.6.0",
"xpath": "0.0.32",
"@xmldom/xmldom": "^0.8.0",
"xpath": "0.0.34",
"xregexp": "^5.1.1",
"zlibjs": "^0.3.1"
},
@ -181,7 +185,7 @@
"build": "npx grunt prod",
"node": "npx grunt node",
"repl": "node --experimental-modules --experimental-json-modules --experimental-specifier-resolution=node --no-experimental-fetch --no-warnings src/node/repl.mjs",
"test": "npx grunt configTests && node --experimental-modules --experimental-json-modules --no-warnings --no-deprecation --openssl-legacy-provider --no-experimental-fetch tests/node/index.mjs && node --experimental-modules --experimental-json-modules --no-warnings --no-deprecation --openssl-legacy-provider --no-experimental-fetch tests/operations/index.mjs",
"test": "npx grunt configTests && node --experimental-modules --experimental-json-modules --no-warnings --no-deprecation --openssl-legacy-provider --no-experimental-fetch tests/node/index.mjs && node --experimental-modules --experimental-json-modules --no-warnings --no-deprecation --openssl-legacy-provider --no-experimental-fetch --trace-uncaught tests/operations/index.mjs",
"testnodeconsumer": "npx grunt testnodeconsumer",
"testui": "npx grunt testui",
"testuidev": "npx nightwatch --env=dev",

17
src/core/Utils.mjs
View file

@ -892,6 +892,23 @@ class Utils {
}
/**
* Converts a string to it's title case equivalent.
*
* @param {string} str
* @returns string
*
* @example
* // return "A Tiny String"
* Utils.toTitleCase("a tIny String");
*/
static toTitleCase(str) {
return str.replace(/\w\S*/g, function(txt) {
return txt.charAt(0).toUpperCase() + txt.substr(1).toLowerCase();
});
}
/**
* Encodes a URI fragment (#) or query (?) using a minimal amount of percent-encoding.
*

36
src/core/config/Categories.json
View file

@ -14,6 +14,8 @@
"From Charcode",
"To Decimal",
"From Decimal",
"To Float",
"From Float",
"To Binary",
"From Binary",
"To Octal",
@ -29,6 +31,8 @@
"To Base64",
"From Base64",
"Show Base64 offsets",
"To Base92",
"From Base92",
"To Base85",
"From Base85",
"To Base",
@ -67,7 +71,10 @@
"JSON to CSV",
"Avro to JSON",
"CBOR Encode",
"CBOR Decode"
"CBOR Decode",
"Caret/M-decode",
"Rison Encode",
"Rison Decode"
]
},
{
@ -81,6 +88,8 @@
"DES Decrypt",
"Triple DES Encrypt",
"Triple DES Decrypt",
"Fernet Encrypt",
"Fernet Decrypt",
"LS47 Encrypt",
"LS47 Decrypt",
"RC2 Encrypt",
@ -88,9 +97,17 @@
"RC4",
"RC4 Drop",
"ChaCha",
"Salsa20",
"XSalsa20",
"Rabbit",
"SM4 Encrypt",
"SM4 Decrypt",
"GOST Encrypt",
"GOST Decrypt",
"GOST Sign",
"GOST Verify",
"GOST Key Wrap",
"GOST Key Unwrap",
"ROT13",
"ROT13 Brute Force",
"ROT47",
@ -138,7 +155,8 @@
"Typex",
"Lorenz",
"Colossus",
"SIGABA"
"SIGABA",
"XXTEA"
]
},
{
@ -218,6 +236,7 @@
"VarInt Decode",
"JA3 Fingerprint",
"JA3S Fingerprint",
"JA4 Fingerprint",
"HASSH Client Fingerprint",
"HASSH Server Fingerprint",
"Format MAC addresses",
@ -226,6 +245,7 @@
"Encode NetBIOS Name",
"Decode NetBIOS Name",
"Defang URL",
"Fang URL",
"Defang IP Addresses"
]
},
@ -288,7 +308,8 @@
"Escape string",
"Unescape string",
"Pseudo-Random Number Generator",
"Sleep"
"Sleep",
"File Tree"
]
},
{
@ -322,7 +343,8 @@
"CSS selector",
"Extract EXIF",
"Extract ID3",
"Extract Files"
"Extract Files",
"RAKE"
]
},
{
@ -345,7 +367,8 @@
"LZMA Decompress",
"LZMA Compress",
"LZ4 Decompress",
"LZ4 Compress"
"LZ4 Compress",
"LZNT1 Decompress"
]
},
{
@ -362,6 +385,7 @@
"SHA2",
"SHA3",
"SM3",
"MurmurHash3",
"Keccak",
"Shake",
"RIPEMD",
@ -370,7 +394,7 @@
"Snefru",
"BLAKE2b",
"BLAKE2s",
"GOST hash",
"GOST Hash",
"Streebog",
"SSDEEP",
"CTPH",

44
src/core/lib/Base92.mjs Normal file
View file

@ -0,0 +1,44 @@
/**
* Base92 resources.
*
* @author sg5506844 [sg5506844@gmail.com]
* @copyright Crown Copyright 2021
* @license Apache-2.0
*/
import OperationError from "../errors/OperationError.mjs";
/**
* Base92 alphabet char
*
* @param {number} val
* @returns {number}
*/
export function base92Chr(val) {
if (val < 0 || val >= 91) {
throw new OperationError("Invalid value");
}
if (val === 0)
return "!".charCodeAt(0);
else if (val <= 61)
return "#".charCodeAt(0) + val - 1;
else
return "a".charCodeAt(0) + val - 62;
}
/**
* Base92 alphabet ord
*
* @param {string} val
* @returns {number}
*/
export function base92Ord(val) {
if (val === "!")
return 0;
else if ("#" <= val && val <= "_")
return val.charCodeAt(0) - "#".charCodeAt(0) + 1;
else if ("a" <= val && val <= "}")
return val.charCodeAt(0) - "a".charCodeAt(0) + 62;
throw new OperationError(`${val} is not a base92 character`);
}

81
src/core/lib/ChrEnc.mjs
View file

@ -224,8 +224,85 @@ export function chrEncWidth(page) {
* @copyright Crown Copyright 2019
* @license Apache-2.0
*/
export const UNICODE_NORMALISATION_FORMS = ["NFD", "NFC", "NFKD", "NFKC"];
/**
* Character encoding format mappings.
* Detects whether the input buffer is valid UTF8.
*
* @param {ArrayBuffer} data
* @returns {number} - 0 = not UTF8, 1 = ASCII, 2 = UTF8
*/
export const UNICODE_NORMALISATION_FORMS = ["NFD", "NFC", "NFKD", "NFKC"];
export function isUTF8(data) {
const bytes = new Uint8Array(data);
let i = 0;
let onlyASCII = true;
while (i < bytes.length) {
if (( // ASCII
bytes[i] === 0x09 ||
bytes[i] === 0x0A ||
bytes[i] === 0x0D ||
(0x20 <= bytes[i] && bytes[i] <= 0x7E)
)) {
i += 1;
continue;
}
onlyASCII = false;
if (( // non-overlong 2-byte
(0xC2 <= bytes[i] && bytes[i] <= 0xDF) &&
(0x80 <= bytes[i+1] && bytes[i+1] <= 0xBF)
)) {
i += 2;
continue;
}
if (( // excluding overlongs
bytes[i] === 0xE0 &&
(0xA0 <= bytes[i + 1] && bytes[i + 1] <= 0xBF) &&
(0x80 <= bytes[i + 2] && bytes[i + 2] <= 0xBF)
) ||
( // straight 3-byte
((0xE1 <= bytes[i] && bytes[i] <= 0xEC) ||
bytes[i] === 0xEE ||
bytes[i] === 0xEF) &&
(0x80 <= bytes[i + 1] && bytes[i+1] <= 0xBF) &&
(0x80 <= bytes[i+2] && bytes[i+2] <= 0xBF)
) ||
( // excluding surrogates
bytes[i] === 0xED &&
(0x80 <= bytes[i+1] && bytes[i+1] <= 0x9F) &&
(0x80 <= bytes[i+2] && bytes[i+2] <= 0xBF)
)) {
i += 3;
continue;
}
if (( // planes 1-3
bytes[i] === 0xF0 &&
(0x90 <= bytes[i + 1] && bytes[i + 1] <= 0xBF) &&
(0x80 <= bytes[i + 2] && bytes[i + 2] <= 0xBF) &&
(0x80 <= bytes[i + 3] && bytes[i + 3] <= 0xBF)
) ||
( // planes 4-15
(0xF1 <= bytes[i] && bytes[i] <= 0xF3) &&
(0x80 <= bytes[i + 1] && bytes[i + 1] <= 0xBF) &&
(0x80 <= bytes[i + 2] && bytes[i + 2] <= 0xBF) &&
(0x80 <= bytes[i + 3] && bytes[i + 3] <= 0xBF)
) ||
( // plane 16
bytes[i] === 0xF4 &&
(0x80 <= bytes[i + 1] && bytes[i + 1] <= 0x8F) &&
(0x80 <= bytes[i + 2] && bytes[i + 2] <= 0xBF) &&
(0x80 <= bytes[i + 3] && bytes[i + 3] <= 0xBF)
)) {
i += 4;
continue;
}
return 0;
}
return onlyASCII ? 1 : 2;
}

21
src/core/lib/FileSignatures.mjs
View file

@ -72,6 +72,27 @@ export const FILE_SIGNATURES = {
},
extractor: extractWEBP
},
{
name: "High Efficiency Image File Format",
extension: "heic,heif",
mime: "image/heif",
description: "",
signature: {
0: 0x00,
1: 0x00,
2: 0x00,
// 3 could be 0x24 or 0x18, so skip it
4: 0x66, // ftypheic
5: 0x74,
6: 0x79,
7: 0x70,
8: 0x68,
9: 0x65,
10: 0x69,
11: 0x63
},
extractor: null
},
{
name: "Camera Image File Format",
extension: "crw",

166
src/core/lib/JA4.mjs Normal file
View file

@ -0,0 +1,166 @@
/**
* JA4 resources.
*
* @author n1474335 [n1474335@gmail.com]
* @copyright Crown Copyright 2024
* @license Apache-2.0
*
* JA4 Copyright 2023 FoxIO, LLC.
* @license BSD-3-Clause
*/
import OperationError from "../errors/OperationError.mjs";
import { parseTLSRecord, parseHighestSupportedVersion, parseFirstALPNValue } from "./TLS.mjs";
import { toHexFast } from "./Hex.mjs";
import { runHash } from "./Hash.mjs";
import Utils from "../Utils.mjs";
/**
* Calculate the JA4 from a given TLS Client Hello Stream
* @param {Uint8Array} bytes
* @returns {string}
*/
export function toJA4(bytes) {
let tlsr = {};
try {
tlsr = parseTLSRecord(bytes);
} catch (err) {
throw new OperationError("Data is not a valid TLS Client Hello. QUIC is not yet supported.\n" + err);
}
/* QUIC
q or t, which denotes whether the hello packet is for QUIC or TCP.
TODO: Implement QUIC
*/
const ptype = "t";
/* TLS Version
TLS version is shown in 3 different places. If extension 0x002b exists (supported_versions), then the version
is the highest value in the extension. Remember to ignore GREASE values. If the extension doesnt exist, then
the TLS version is the value of the Protocol Version. Handshake version (located at the top of the packet)
should be ignored.
*/
let version = tlsr.version.value;
for (const ext of tlsr.handshake.value.extensions.value) {
if (ext.type.value === "supported_versions") {
version = parseHighestSupportedVersion(ext.value.data);
break;
}
}
switch (version) {
case 0x0304: version = "13"; break; // TLS 1.3
case 0x0303: version = "12"; break; // TLS 1.2
case 0x0302: version = "11"; break; // TLS 1.1
case 0x0301: version = "10"; break; // TLS 1.0
case 0x0300: version = "s3"; break; // SSL 3.0
case 0x0200: version = "s2"; break; // SSL 2.0
case 0x0100: version = "s1"; break; // SSL 1.0
default: version = "00"; // Unknown
}
/* SNI
If the SNI extension (0x0000) exists, then the destination of the connection is a domain, or d in the fingerprint.
If the SNI does not exist, then the destination is an IP address, or i.
*/
let sni = "i";
for (const ext of tlsr.handshake.value.extensions.value) {
if (ext.type.value === "server_name") {
sni = "d";
break;
}
}
/* Number of Ciphers
2 character number of cipher suites, so if theres 6 cipher suites in the hello packet, then the value should be 06.
If theres > 99, which there should never be, then output 99. Remember, ignore GREASE values. They dont count.
*/
let cipherLen = 0;
for (const cs of tlsr.handshake.value.cipherSuites.value) {
if (cs.value !== "GREASE") cipherLen++;
}
cipherLen = cipherLen > 99 ? "99" : cipherLen.toString().padStart(2, "0");
/* Number of Extensions
Same as counting ciphers. Ignore GREASE. Include SNI and ALPN.
*/
let extLen = 0;
for (const ext of tlsr.handshake.value.extensions.value) {
if (ext.type.value !== "GREASE") extLen++;
}
extLen = extLen > 99 ? "99" : extLen.toString().padStart(2, "0");
/* ALPN Extension Value
The first and last characters of the ALPN (Application-Layer Protocol Negotiation) first value.
If there are no ALPN values or no ALPN extension then we print 00 as the value in the fingerprint.
*/
let alpn = "00";
for (const ext of tlsr.handshake.value.extensions.value) {
if (ext.type.value === "application_layer_protocol_negotiation") {
alpn = parseFirstALPNValue(ext.value.data);
alpn = alpn.charAt(0) + alpn.charAt(alpn.length - 1);
break;
}
}
/* Cipher hash
A 12 character truncated sha256 hash of the list of ciphers sorted in hex order, first 12 characters.
The list is created using the 4 character hex values of the ciphers, lower case, comma delimited, ignoring GREASE.
*/
const originalCiphersList = [];
for (const cs of tlsr.handshake.value.cipherSuites.value) {
if (cs.value !== "GREASE") {
originalCiphersList.push(toHexFast(cs.data));
}
}
const sortedCiphersList = [...originalCiphersList].sort();
const sortedCiphersRaw = sortedCiphersList.join(",");
const originalCiphersRaw = originalCiphersList.join(",");
const sortedCiphers = runHash(
"sha256",
Utils.strToArrayBuffer(sortedCiphersRaw)
).substring(0, 12);
const originalCiphers = runHash(
"sha256",
Utils.strToArrayBuffer(originalCiphersRaw)
).substring(0, 12);
/* Extension hash
A 12 character truncated sha256 hash of the list of extensions, sorted by hex value, followed by the list of signature
algorithms, in the order that they appear (not sorted).
The extension list is created using the 4 character hex values of the extensions, lower case, comma delimited, sorted
(not in the order they appear). Ignore the SNI extension (0000) and the ALPN extension (0010) as weve already captured
them in the a section of the fingerprint. These values are omitted so that the same application would have the same b
section of the fingerprint regardless of if it were going to a domain, IP, or changing ALPNs.
*/
const originalExtensionsList = [];
let signatureAlgorithms = "";
for (const ext of tlsr.handshake.value.extensions.value) {
if (ext.type.value !== "GREASE") {
originalExtensionsList.push(toHexFast(ext.type.data));
}
if (ext.type.value === "signature_algorithms") {
signatureAlgorithms = toHexFast(ext.value.data.slice(2));
signatureAlgorithms = signatureAlgorithms.replace(/(.{4})/g, "$1,");
signatureAlgorithms = signatureAlgorithms.substring(0, signatureAlgorithms.length - 1);
}
}
const sortedExtensionsList = [...originalExtensionsList].filter(e => e !== "0000" && e !== "0010").sort();
const sortedExtensionsRaw = sortedExtensionsList.join(",") + "_" + signatureAlgorithms;
const originalExtensionsRaw = originalExtensionsList.join(",") + "_" + signatureAlgorithms;
const sortedExtensions = runHash(
"sha256",
Utils.strToArrayBuffer(sortedExtensionsRaw)
).substring(0, 12);
const originalExtensions = runHash(
"sha256",
Utils.strToArrayBuffer(originalExtensionsRaw)
).substring(0, 12);
return {
"JA4": `${ptype}${version}${sni}${cipherLen}${extLen}${alpn}_${sortedCiphers}_${sortedExtensions}`,
"JA4_o": `${ptype}${version}${sni}${cipherLen}${extLen}${alpn}_${originalCiphers}_${originalExtensions}`,
"JA4_r": `${ptype}${version}${sni}${cipherLen}${extLen}${alpn}_${sortedCiphersRaw}_${sortedExtensionsRaw}`,
"JA4_ro": `${ptype}${version}${sni}${cipherLen}${extLen}${alpn}_${originalCiphersRaw}_${originalExtensionsRaw}`,
};
}

88
src/core/lib/LZNT1.mjs Normal file
View file

@ -0,0 +1,88 @@
/**
*
* LZNT1 Decompress.
*
* @author 0xThiebaut [thiebaut.dev]
* @copyright Crown Copyright 2023
* @license Apache-2.0
*
* https://github.com/Velocidex/go-ntfs/blob/master/parser%2Flznt1.go
*/
import Utils from "../Utils.mjs";
import OperationError from "../errors/OperationError.mjs";
const COMPRESSED_MASK = 1 << 15,
SIZE_MASK = (1 << 12) - 1;
/**
* @param {number} offset
* @returns {number}
*/
function getDisplacement(offset) {
let result = 0;
while (offset >= 0x10) {
offset >>= 1;
result += 1;
}
return result;
}
/**
* @param {byteArray} compressed
* @returns {byteArray}
*/
export function decompress(compressed) {
const decompressed = Array();
let coffset = 0;
while (coffset + 2 <= compressed.length) {
const doffset = decompressed.length;
const blockHeader = Utils.byteArrayToInt(compressed.slice(coffset, coffset + 2), "little");
coffset += 2;
const size = blockHeader & SIZE_MASK;
const blockEnd = coffset + size + 1;
if (size === 0) {
break;
} else if (compressed.length < coffset + size) {
throw new OperationError("Malformed LZNT1 stream: Block too small! Has the stream been truncated?");
}
if ((blockHeader & COMPRESSED_MASK) !== 0) {
while (coffset < blockEnd) {
let header = compressed[coffset++];
for (let i = 0; i < 8 && coffset < blockEnd; i++) {
if ((header & 1) === 0) {
decompressed.push(compressed[coffset++]);
} else {
const pointer = Utils.byteArrayToInt(compressed.slice(coffset, coffset + 2), "little");
coffset += 2;
const displacement = getDisplacement(decompressed.length - doffset - 1);
const symbolOffset = (pointer >> (12 - displacement)) + 1;
const symbolLength = (pointer & (0xFFF >> displacement)) + 2;
const shiftOffset = decompressed.length - symbolOffset;
for (let shiftDelta = 0; shiftDelta < symbolLength + 1; shiftDelta++) {
const shift = shiftOffset + shiftDelta;
if (shift < 0 || decompressed.length <= shift) {
throw new OperationError("Malformed LZNT1 stream: Invalid shift!");
}
decompressed.push(decompressed[shift]);
}
}
header >>= 1;
}
}
} else {
decompressed.push(...compressed.slice(coffset, coffset + size + 1));
coffset += size + 1;
}
}
return decompressed;
}

79
src/core/lib/Magic.mjs
View file

@ -3,6 +3,7 @@ import Utils, { isWorkerEnvironment } from "../Utils.mjs";
import Recipe from "../Recipe.mjs";
import Dish from "../Dish.mjs";
import {detectFileType, isType} from "./FileType.mjs";
import {isUTF8} from "./ChrEnc.mjs";
import chiSquared from "chi-squared";
/**
@ -111,82 +112,6 @@ class Magic {
};
}
/**
* Detects whether the input buffer is valid UTF8.
*
* @returns {boolean}
*/
isUTF8() {
const bytes = new Uint8Array(this.inputBuffer);
let i = 0;
while (i < bytes.length) {
if (( // ASCII
bytes[i] === 0x09 ||
bytes[i] === 0x0A ||
bytes[i] === 0x0D ||
(0x20 <= bytes[i] && bytes[i] <= 0x7E)
)) {
i += 1;
continue;
}
if (( // non-overlong 2-byte
(0xC2 <= bytes[i] && bytes[i] <= 0xDF) &&
(0x80 <= bytes[i+1] && bytes[i+1] <= 0xBF)
)) {
i += 2;
continue;
}
if (( // excluding overlongs
bytes[i] === 0xE0 &&
(0xA0 <= bytes[i + 1] && bytes[i + 1] <= 0xBF) &&
(0x80 <= bytes[i + 2] && bytes[i + 2] <= 0xBF)
) ||
( // straight 3-byte
((0xE1 <= bytes[i] && bytes[i] <= 0xEC) ||
bytes[i] === 0xEE ||
bytes[i] === 0xEF) &&
(0x80 <= bytes[i + 1] && bytes[i+1] <= 0xBF) &&
(0x80 <= bytes[i+2] && bytes[i+2] <= 0xBF)
) ||
( // excluding surrogates
bytes[i] === 0xED &&
(0x80 <= bytes[i+1] && bytes[i+1] <= 0x9F) &&
(0x80 <= bytes[i+2] && bytes[i+2] <= 0xBF)
)) {
i += 3;
continue;
}
if (( // planes 1-3
bytes[i] === 0xF0 &&
(0x90 <= bytes[i + 1] && bytes[i + 1] <= 0xBF) &&
(0x80 <= bytes[i + 2] && bytes[i + 2] <= 0xBF) &&
(0x80 <= bytes[i + 3] && bytes[i + 3] <= 0xBF)
) ||
( // planes 4-15
(0xF1 <= bytes[i] && bytes[i] <= 0xF3) &&
(0x80 <= bytes[i + 1] && bytes[i + 1] <= 0xBF) &&
(0x80 <= bytes[i + 2] && bytes[i + 2] <= 0xBF) &&
(0x80 <= bytes[i + 3] && bytes[i + 3] <= 0xBF)
) ||
( // plane 16
bytes[i] === 0xF4 &&
(0x80 <= bytes[i + 1] && bytes[i + 1] <= 0x8F) &&
(0x80 <= bytes[i + 2] && bytes[i + 2] <= 0xBF) &&
(0x80 <= bytes[i + 3] && bytes[i + 3] <= 0xBF)
)) {
i += 4;
continue;
}
return false;
}
return true;
}
/**
* Calculates the Shannon entropy of the input data.
*
@ -336,7 +261,7 @@ class Magic {
data: this.inputStr.slice(0, 100),
languageScores: this.detectLanguage(extLang),
fileType: this.detectFileType(),
isUTF8: this.isUTF8(),
isUTF8: !!isUTF8(this.inputBuffer),
entropy: this.calcEntropy(),
matchingOps: matchingOps,
useful: useful,

144
src/core/lib/Salsa20.mjs Normal file
View file

@ -0,0 +1,144 @@
/**
* @author joostrijneveld [joost@joostrijneveld.nl]
* @copyright Crown Copyright 2024
* @license Apache-2.0
*/
import Utils from "../Utils.mjs";
/**
* Computes the Salsa20 permute function
*
* @param {byteArray} x
* @param {integer} rounds
*/
function salsa20Permute(x, rounds) {
/**
* Macro to compute a 32-bit rotate-left operation
*
* @param {integer} x
* @param {integer} n
* @returns {integer}
*/
function ROL32(x, n) {
return ((x << n) & 0xFFFFFFFF) | (x >>> (32 - n));
}
/**
* Macro to compute a single Salsa20 quarterround operation
*
* @param {integer} x
* @param {integer} a
* @param {integer} b
* @param {integer} c
* @param {integer} d
* @returns {integer}
*/
function quarterround(x, a, b, c, d) {
x[b] ^= ROL32((x[a] + x[d]) & 0xFFFFFFFF, 7);
x[c] ^= ROL32((x[b] + x[a]) & 0xFFFFFFFF, 9);
x[d] ^= ROL32((x[c] + x[b]) & 0xFFFFFFFF, 13);
x[a] ^= ROL32((x[d] + x[c]) & 0xFFFFFFFF, 18);
}
for (let i = 0; i < rounds / 2; i++) {
quarterround(x, 0, 4, 8, 12);
quarterround(x, 5, 9, 13, 1);
quarterround(x, 10, 14, 2, 6);
quarterround(x, 15, 3, 7, 11);
quarterround(x, 0, 1, 2, 3);
quarterround(x, 5, 6, 7, 4);
quarterround(x, 10, 11, 8, 9);
quarterround(x, 15, 12, 13, 14);
}
}
/**
* Computes the Salsa20 block function
*
* @param {byteArray} key
* @param {byteArray} nonce
* @param {byteArray} counter
* @param {integer} rounds
* @returns {byteArray}
*/
export function salsa20Block(key, nonce, counter, rounds) {
const tau = "expand 16-byte k";
const sigma = "expand 32-byte k";
let state, c;
if (key.length === 16) {
c = Utils.strToByteArray(tau);
key = key.concat(key);
} else {
c = Utils.strToByteArray(sigma);
}
state = c.slice(0, 4);
state = state.concat(key.slice(0, 16));
state = state.concat(c.slice(4, 8));
state = state.concat(nonce);
state = state.concat(counter);
state = state.concat(c.slice(8, 12));
state = state.concat(key.slice(16, 32));
state = state.concat(c.slice(12, 16));
const x = Array();
for (let i = 0; i < 64; i += 4) {
x.push(Utils.byteArrayToInt(state.slice(i, i + 4), "little"));
}
const a = [...x];
salsa20Permute(x, rounds);
for (let i = 0; i < 16; i++) {
x[i] = (x[i] + a[i]) & 0xFFFFFFFF;
}
let output = Array();
for (let i = 0; i < 16; i++) {
output = output.concat(Utils.intToByteArray(x[i], 4, "little"));
}
return output;
}
/**
* Computes the hSalsa20 function
*
* @param {byteArray} key
* @param {byteArray} nonce
* @param {integer} rounds
* @returns {byteArray}
*/
export function hsalsa20(key, nonce, rounds) {
const tau = "expand 16-byte k";
const sigma = "expand 32-byte k";
let state, c;
if (key.length === 16) {
c = Utils.strToByteArray(tau);
key = key.concat(key);
} else {
c = Utils.strToByteArray(sigma);
}
state = c.slice(0, 4);
state = state.concat(key.slice(0, 16));
state = state.concat(c.slice(4, 8));
state = state.concat(nonce);
state = state.concat(c.slice(8, 12));
state = state.concat(key.slice(16, 32));
state = state.concat(c.slice(12, 16));
const x = Array();
for (let i = 0; i < 64; i += 4) {
x.push(Utils.byteArrayToInt(state.slice(i, i + 4), "little"));
}
salsa20Permute(x, rounds);
let output = Array();
const idx = [0, 5, 10, 15, 6, 7, 8, 9];
for (let i = 0; i < 8; i++) {
output = output.concat(Utils.intToByteArray(x[idx[i]], 4, "little"));
}
return output;
}

17
src/core/lib/Stream.mjs
View file

@ -18,12 +18,23 @@ export default class Stream {
* Stream constructor.
*
* @param {Uint8Array} input
* @param {number} pos
* @param {number} bitPos
*/
constructor(input) {
constructor(input, pos=0, bitPos=0) {
this.bytes = input;
this.length = this.bytes.length;
this.position = 0;
this.bitPos = 0;
this.position = pos;
this.bitPos = bitPos;
}
/**
* Clone this Stream returning a new identical Stream.
*
* @returns {Stream}
*/
clone() {
return new Stream(this.bytes, this.position, this.bitPos);
}
/**

776
src/core/lib/TLS.mjs Normal file
View file

@ -0,0 +1,776 @@
/**
* TLS resources.
*
* @author n1474335 [n1474335@gmail.com]
* @copyright Crown Copyright 2024
* @license Apache-2.0
*/
import OperationError from "../errors/OperationError.mjs";
import Stream from "../lib/Stream.mjs";
/**
* Parse a TLS Record
* @param {Uint8Array} bytes
* @returns {JSON}
*/
export function parseTLSRecord(bytes) {
const s = new Stream(bytes);
const b = s.clone();
const r = {};
// Content type
r.contentType = {
description: "Content Type",
length: 1,
data: b.getBytes(1),
value: s.readInt(1)
};
if (r.contentType.value !== 0x16)
throw new OperationError("Not handshake data.");
// Version
r.version = {
description: "Protocol Version",
length: 2,
data: b.getBytes(2),
value: s.readInt(2)
};
// Length
r.length = {
description: "Record Length",
length: 2,
data: b.getBytes(2),
value: s.readInt(2)
};
if (s.length !== r.length.value + 5)
throw new OperationError("Incorrect handshake length.");
// Handshake
r.handshake = {
description: "Handshake",
length: r.length.value,
data: b.getBytes(r.length.value),
value: parseHandshake(s.getBytes(r.length.value))
};
return r;
}
/**
* Parse a TLS Handshake
* @param {Uint8Array} bytes
* @returns {JSON}
*/
function parseHandshake(bytes) {
const s = new Stream(bytes);
const b = s.clone();
const h = {};
// Handshake type
h.handshakeType = {
description: "Client Hello",
length: 1,
data: b.getBytes(1),
value: s.readInt(1)
};
if (h.handshakeType.value !== 0x01)
throw new OperationError("Not a Client Hello.");
// Handshake length
h.handshakeLength = {
description: "Handshake Length",
length: 3,
data: b.getBytes(3),
value: s.readInt(3)
};
if (s.length !== h.handshakeLength.value + 4)
throw new OperationError("Not enough data in Client Hello.");
// Hello version
h.helloVersion = {
description: "Client Hello Version",
length: 2,
data: b.getBytes(2),
value: s.readInt(2)
};
// Random
h.random = {
description: "Client Random",
length: 32,
data: b.getBytes(32),
value: s.getBytes(32)
};
// Session ID Length
h.sessionIDLength = {
description: "Session ID Length",
length: 1,
data: b.getBytes(1),
value: s.readInt(1)
};
// Session ID
h.sessionID = {
description: "Session ID",
length: h.sessionIDLength.value,
data: b.getBytes(h.sessionIDLength.value),
value: s.getBytes(h.sessionIDLength.value)
};
// Cipher Suites Length
h.cipherSuitesLength = {
description: "Cipher Suites Length",
length: 2,
data: b.getBytes(2),
value: s.readInt(2)
};
// Cipher Suites
h.cipherSuites = {
description: "Cipher Suites",
length: h.cipherSuitesLength.value,
data: b.getBytes(h.cipherSuitesLength.value),
value: parseCipherSuites(s.getBytes(h.cipherSuitesLength.value))
};
// Compression Methods Length
h.compressionMethodsLength = {
description: "Compression Methods Length",
length: 1,
data: b.getBytes(1),
value: s.readInt(1)
};
// Compression Methods
h.compressionMethods = {
description: "Compression Methods",
length: h.compressionMethodsLength.value,
data: b.getBytes(h.compressionMethodsLength.value),
value: parseCompressionMethods(s.getBytes(h.compressionMethodsLength.value))
};
// Extensions Length
h.extensionsLength = {
description: "Extensions Length",
length: 2,
data: b.getBytes(2),
value: s.readInt(2)
};
// Extensions
h.extensions = {
description: "Extensions",
length: h.extensionsLength.value,
data: b.getBytes(h.extensionsLength.value),
value: parseExtensions(s.getBytes(h.extensionsLength.value))
};
return h;
}
/**
* Parse Cipher Suites
* @param {Uint8Array} bytes
* @returns {JSON}
*/
function parseCipherSuites(bytes) {
const s = new Stream(bytes);
const b = s.clone();
const cs = [];
while (s.hasMore()) {
cs.push({
description: "Cipher Suite",
length: 2,
data: b.getBytes(2),
value: CIPHER_SUITES_LOOKUP[s.readInt(2)] || "Unknown"
});
}
return cs;
}
/**
* Parse Compression Methods
* @param {Uint8Array} bytes
* @returns {JSON}
*/
function parseCompressionMethods(bytes) {
const s = new Stream(bytes);
const b = s.clone();
const cm = [];
while (s.hasMore()) {
cm.push({
description: "Compression Method",
length: 1,
data: b.getBytes(1),
value: s.readInt(1) // TODO: Compression method name here
});
}
return cm;
}
/**
* Parse Extensions
* @param {Uint8Array} bytes
* @returns {JSON}
*/
function parseExtensions(bytes) {
const s = new Stream(bytes);
const b = s.clone();
const exts = [];
while (s.hasMore()) {
const ext = {};
// Type
ext.type = {
description: "Extension Type",
length: 2,
data: b.getBytes(2),
value: EXTENSION_LOOKUP[s.readInt(2)] || "unknown"
};
// Length
ext.length = {
description: "Extension Length",
length: 2,
data: b.getBytes(2),
value: s.readInt(2)
};
// Value
ext.value = {
description: "Extension Value",
length: ext.length.value,
data: b.getBytes(ext.length.value),
value: s.getBytes(ext.length.value)
};
exts.push(ext);
}
return exts;
}
/**
* Extension type lookup table
*/
const EXTENSION_LOOKUP = {
0: "server_name",
1: "max_fragment_length",
2: "client_certificate_url",
3: "trusted_ca_keys",
4: "truncated_hmac",
5: "status_request",
6: "user_mapping",
7: "client_authz",
8: "server_authz",
9: "cert_type",
10: "supported_groups",
11: "ec_point_formats",
12: "srp",
13: "signature_algorithms",
14: "use_srtp",
15: "heartbeat",
16: "application_layer_protocol_negotiation",
17: "status_request_v2",
18: "signed_certificate_timestamp",
19: "client_certificate_type",
20: "server_certificate_type",
21: "padding",
22: "encrypt_then_mac",
23: "extended_master_secret",
24: "token_binding",
25: "cached_info",
26: "tls_lts",
27: "compress_certificate",
28: "record_size_limit",
29: "pwd_protect",
30: "pwd_clear",
31: "password_salt",
32: "ticket_pinning",
33: "tls_cert_with_extern_psk",
34: "delegated_credential",
35: "session_ticket",
36: "TLMSP",
37: "TLMSP_proxying",
38: "TLMSP_delegate",
39: "supported_ekt_ciphers",
40: "Reserved",
41: "pre_shared_key",
42: "early_data",
43: "supported_versions",
44: "cookie",
45: "psk_key_exchange_modes",
46: "Reserved",
47: "certificate_authorities",
48: "oid_filters",
49: "post_handshake_auth",
50: "signature_algorithms_cert",
51: "key_share",
52: "transparency_info",
53: "connection_id (deprecated)",
54: "connection_id",
55: "external_id_hash",
56: "external_session_id",
57: "quic_transport_parameters",
58: "ticket_request",
59: "dnssec_chain",
60: "sequence_number_encryption_algorithms",
61: "rrc",
2570: "GREASE",
6682: "GREASE",
10794: "GREASE",
14906: "GREASE",
17513: "application_settings",
19018: "GREASE",
23130: "GREASE",
27242: "GREASE",
31354: "GREASE",
35466: "GREASE",
39578: "GREASE",
43690: "GREASE",
47802: "GREASE",
51914: "GREASE",
56026: "GREASE",
60138: "GREASE",
64250: "GREASE",
64768: "ech_outer_extensions",
65037: "encrypted_client_hello",
65281: "renegotiation_info"
};
/**
* Cipher suites lookup table
*/
const CIPHER_SUITES_LOOKUP = {
0x0000: "TLS_NULL_WITH_NULL_NULL",
0x0001: "TLS_RSA_WITH_NULL_MD5",
0x0002: "TLS_RSA_WITH_NULL_SHA",
0x0003: "TLS_RSA_EXPORT_WITH_RC4_40_MD5",
0x0004: "TLS_RSA_WITH_RC4_128_MD5",
0x0005: "TLS_RSA_WITH_RC4_128_SHA",
0x0006: "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5",
0x0007: "TLS_RSA_WITH_IDEA_CBC_SHA",
0x0008: "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA",
0x0009: "TLS_RSA_WITH_DES_CBC_SHA",
0x000A: "TLS_RSA_WITH_3DES_EDE_CBC_SHA",
0x000B: "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA",
0x000C: "TLS_DH_DSS_WITH_DES_CBC_SHA",
0x000D: "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA",
0x000E: "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA",
0x000F: "TLS_DH_RSA_WITH_DES_CBC_SHA",
0x0010: "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA",
0x0011: "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
0x0012: "TLS_DHE_DSS_WITH_DES_CBC_SHA",
0x0013: "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
0x0014: "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
0x0015: "TLS_DHE_RSA_WITH_DES_CBC_SHA",
0x0016: "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
0x0017: "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5",
0x0018: "TLS_DH_anon_WITH_RC4_128_MD5",
0x0019: "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA",
0x001A: "TLS_DH_anon_WITH_DES_CBC_SHA",
0x001B: "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA",
0x001E: "TLS_KRB5_WITH_DES_CBC_SHA",
0x001F: "TLS_KRB5_WITH_3DES_EDE_CBC_SHA",
0x0020: "TLS_KRB5_WITH_RC4_128_SHA",
0x0021: "TLS_KRB5_WITH_IDEA_CBC_SHA",
0x0022: "TLS_KRB5_WITH_DES_CBC_MD5",
0x0023: "TLS_KRB5_WITH_3DES_EDE_CBC_MD5",
0x0024: "TLS_KRB5_WITH_RC4_128_MD5",
0x0025: "TLS_KRB5_WITH_IDEA_CBC_MD5",
0x0026: "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA",
0x0027: "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA",
0x0028: "TLS_KRB5_EXPORT_WITH_RC4_40_SHA",
0x0029: "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5",
0x002A: "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5",
0x002B: "TLS_KRB5_EXPORT_WITH_RC4_40_MD5",
0x002C: "TLS_PSK_WITH_NULL_SHA",
0x002D: "TLS_DHE_PSK_WITH_NULL_SHA",
0x002E: "TLS_RSA_PSK_WITH_NULL_SHA",
0x002F: "TLS_RSA_WITH_AES_128_CBC_SHA",
0x0030: "TLS_DH_DSS_WITH_AES_128_CBC_SHA",
0x0031: "TLS_DH_RSA_WITH_AES_128_CBC_SHA",
0x0032: "TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
0x0033: "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
0x0034: "TLS_DH_anon_WITH_AES_128_CBC_SHA",
0x0035: "TLS_RSA_WITH_AES_256_CBC_SHA",
0x0036: "TLS_DH_DSS_WITH_AES_256_CBC_SHA",
0x0037: "TLS_DH_RSA_WITH_AES_256_CBC_SHA",
0x0038: "TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
0x0039: "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
0x003A: "TLS_DH_anon_WITH_AES_256_CBC_SHA",
0x003B: "TLS_RSA_WITH_NULL_SHA256",
0x003C: "TLS_RSA_WITH_AES_128_CBC_SHA256",
0x003D: "TLS_RSA_WITH_AES_256_CBC_SHA256",
0x003E: "TLS_DH_DSS_WITH_AES_128_CBC_SHA256",
0x003F: "TLS_DH_RSA_WITH_AES_128_CBC_SHA256",
0x0040: "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256",
0x0041: "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA",
0x0042: "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA",
0x0043: "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA",
0x0044: "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA",
0x0045: "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA",
0x0046: "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA",
0x0067: "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
0x0068: "TLS_DH_DSS_WITH_AES_256_CBC_SHA256",
0x0069: "TLS_DH_RSA_WITH_AES_256_CBC_SHA256",
0x006A: "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256",
0x006B: "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
0x006C: "TLS_DH_anon_WITH_AES_128_CBC_SHA256",
0x006D: "TLS_DH_anon_WITH_AES_256_CBC_SHA256",
0x0084: "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA",
0x0085: "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA",
0x0086: "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA",
0x0087: "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA",
0x0088: "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA",
0x0089: "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA",
0x008A: "TLS_PSK_WITH_RC4_128_SHA",
0x008B: "TLS_PSK_WITH_3DES_EDE_CBC_SHA",
0x008C: "TLS_PSK_WITH_AES_128_CBC_SHA",
0x008D: "TLS_PSK_WITH_AES_256_CBC_SHA",
0x008E: "TLS_DHE_PSK_WITH_RC4_128_SHA",
0x008F: "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA",
0x0090: "TLS_DHE_PSK_WITH_AES_128_CBC_SHA",
0x0091: "TLS_DHE_PSK_WITH_AES_256_CBC_SHA",
0x0092: "TLS_RSA_PSK_WITH_RC4_128_SHA",
0x0093: "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA",
0x0094: "TLS_RSA_PSK_WITH_AES_128_CBC_SHA",
0x0095: "TLS_RSA_PSK_WITH_AES_256_CBC_SHA",
0x0096: "TLS_RSA_WITH_SEED_CBC_SHA",
0x0097: "TLS_DH_DSS_WITH_SEED_CBC_SHA",
0x0098: "TLS_DH_RSA_WITH_SEED_CBC_SHA",
0x0099: "TLS_DHE_DSS_WITH_SEED_CBC_SHA",
0x009A: "TLS_DHE_RSA_WITH_SEED_CBC_SHA",
0x009B: "TLS_DH_anon_WITH_SEED_CBC_SHA",
0x009C: "TLS_RSA_WITH_AES_128_GCM_SHA256",
0x009D: "TLS_RSA_WITH_AES_256_GCM_SHA384",
0x009E: "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
0x009F: "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
0x00A0: "TLS_DH_RSA_WITH_AES_128_GCM_SHA256",
0x00A1: "TLS_DH_RSA_WITH_AES_256_GCM_SHA384",
0x00A2: "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256",
0x00A3: "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384",
0x00A4: "TLS_DH_DSS_WITH_AES_128_GCM_SHA256",
0x00A5: "TLS_DH_DSS_WITH_AES_256_GCM_SHA384",
0x00A6: "TLS_DH_anon_WITH_AES_128_GCM_SHA256",
0x00A7: "TLS_DH_anon_WITH_AES_256_GCM_SHA384",
0x00A8: "TLS_PSK_WITH_AES_128_GCM_SHA256",
0x00A9: "TLS_PSK_WITH_AES_256_GCM_SHA384",
0x00AA: "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256",
0x00AB: "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384",
0x00AC: "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256",
0x00AD: "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384",
0x00AE: "TLS_PSK_WITH_AES_128_CBC_SHA256",
0x00AF: "TLS_PSK_WITH_AES_256_CBC_SHA384",
0x00B0: "TLS_PSK_WITH_NULL_SHA256",
0x00B1: "TLS_PSK_WITH_NULL_SHA384",
0x00B2: "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256",
0x00B3: "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384",
0x00B4: "TLS_DHE_PSK_WITH_NULL_SHA256",
0x00B5: "TLS_DHE_PSK_WITH_NULL_SHA384",
0x00B6: "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256",
0x00B7: "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384",
0x00B8: "TLS_RSA_PSK_WITH_NULL_SHA256",
0x00B9: "TLS_RSA_PSK_WITH_NULL_SHA384",
0x00BA: "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256",
0x00BB: "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256",
0x00BC: "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256",
0x00BD: "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256",
0x00BE: "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256",
0x00BF: "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256",
0x00C0: "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256",
0x00C1: "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256",
0x00C2: "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256",
0x00C3: "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256",
0x00C4: "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256",
0x00C5: "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256",
0x00C6: "TLS_SM4_GCM_SM3",
0x00C7: "TLS_SM4_CCM_SM3",
0x00FF: "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
0x0A0A: "GREASE",
0x1301: "TLS_AES_128_GCM_SHA256",
0x1302: "TLS_AES_256_GCM_SHA384",
0x1303: "TLS_CHACHA20_POLY1305_SHA256",
0x1304: "TLS_AES_128_CCM_SHA256",
0x1305: "TLS_AES_128_CCM_8_SHA256",
0x1306: "TLS_AEGIS_256_SHA512",
0x1307: "TLS_AEGIS_128L_SHA256",
0x1A1A: "GREASE",
0x2A2A: "GREASE",
0x3A3A: "GREASE",
0x4A4A: "GREASE",
0x5600: "TLS_FALLBACK_SCSV",
0x5A5A: "GREASE",
0x6A6A: "GREASE",
0x7A7A: "GREASE",
0x8A8A: "GREASE",
0x9A9A: "GREASE",
0xAAAA: "GREASE",
0xBABA: "GREASE",
0xC001: "TLS_ECDH_ECDSA_WITH_NULL_SHA",
0xC002: "TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
0xC003: "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",
0xC004: "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
0xC005: "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
0xC006: "TLS_ECDHE_ECDSA_WITH_NULL_SHA",
0xC007: "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
0xC008: "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
0xC009: "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
0xC00A: "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
0xC00B: "TLS_ECDH_RSA_WITH_NULL_SHA",
0xC00C: "TLS_ECDH_RSA_WITH_RC4_128_SHA",
0xC00D: "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
0xC00E: "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
0xC00F: "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",
0xC010: "TLS_ECDHE_RSA_WITH_NULL_SHA",
0xC011: "TLS_ECDHE_RSA_WITH_RC4_128_SHA",
0xC012: "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
0xC013: "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
0xC014: "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
0xC015: "TLS_ECDH_anon_WITH_NULL_SHA",
0xC016: "TLS_ECDH_anon_WITH_RC4_128_SHA",
0xC017: "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA",
0xC018: "TLS_ECDH_anon_WITH_AES_128_CBC_SHA",
0xC019: "TLS_ECDH_anon_WITH_AES_256_CBC_SHA",
0xC01A: "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA",
0xC01B: "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA",
0xC01C: "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA",
0xC01D: "TLS_SRP_SHA_WITH_AES_128_CBC_SHA",
0xC01E: "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA",
0xC01F: "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA",
0xC020: "TLS_SRP_SHA_WITH_AES_256_CBC_SHA",
0xC021: "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA",
0xC022: "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA",
0xC023: "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
0xC024: "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
0xC025: "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256",
0xC026: "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384",
0xC027: "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
0xC028: "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
0xC029: "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256",
0xC02A: "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384",
0xC02B: "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
0xC02C: "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
0xC02D: "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
0xC02E: "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384",
0xC02F: "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
0xC030: "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
0xC031: "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",
0xC032: "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384",
0xC033: "TLS_ECDHE_PSK_WITH_RC4_128_SHA",
0xC034: "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA",
0xC035: "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA",
0xC036: "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA",
0xC037: "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256",
0xC038: "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384",
0xC039: "TLS_ECDHE_PSK_WITH_NULL_SHA",
0xC03A: "TLS_ECDHE_PSK_WITH_NULL_SHA256",
0xC03B: "TLS_ECDHE_PSK_WITH_NULL_SHA384",
0xC03C: "TLS_RSA_WITH_ARIA_128_CBC_SHA256",
0xC03D: "TLS_RSA_WITH_ARIA_256_CBC_SHA384",
0xC03E: "TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256",
0xC03F: "TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384",
0xC040: "TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256",
0xC041: "TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384",
0xC042: "TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256",
0xC043: "TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384",
0xC044: "TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256",
0xC045: "TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384",
0xC046: "TLS_DH_anon_WITH_ARIA_128_CBC_SHA256",
0xC047: "TLS_DH_anon_WITH_ARIA_256_CBC_SHA384",
0xC048: "TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256",
0xC049: "TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384",
0xC04A: "TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256",
0xC04B: "TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384",
0xC04C: "TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256",
0xC04D: "TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384",
0xC04E: "TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256",
0xC04F: "TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384",
0xC050: "TLS_RSA_WITH_ARIA_128_GCM_SHA256",
0xC051: "TLS_RSA_WITH_ARIA_256_GCM_SHA384",
0xC052: "TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256",
0xC053: "TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384",
0xC054: "TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256",
0xC055: "TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384",
0xC056: "TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256",
0xC057: "TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384",
0xC058: "TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256",
0xC059: "TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384",
0xC05A: "TLS_DH_anon_WITH_ARIA_128_GCM_SHA256",
0xC05B: "TLS_DH_anon_WITH_ARIA_256_GCM_SHA384",
0xC05C: "TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256",
0xC05D: "TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384",
0xC05E: "TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256",
0xC05F: "TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384",
0xC060: "TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256",
0xC061: "TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384",
0xC062: "TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256",
0xC063: "TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384",
0xC064: "TLS_PSK_WITH_ARIA_128_CBC_SHA256",
0xC065: "TLS_PSK_WITH_ARIA_256_CBC_SHA384",
0xC066: "TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256",
0xC067: "TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384",
0xC068: "TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256",
0xC069: "TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384",
0xC06A: "TLS_PSK_WITH_ARIA_128_GCM_SHA256",
0xC06B: "TLS_PSK_WITH_ARIA_256_GCM_SHA384",
0xC06C: "TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256",
0xC06D: "TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384",
0xC06E: "TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256",
0xC06F: "TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384",
0xC070: "TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256",
0xC071: "TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384",
0xC072: "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256",
0xC073: "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384",
0xC074: "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256",
0xC075: "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384",
0xC076: "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256",
0xC077: "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384",
0xC078: "TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256",
0xC079: "TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384",
0xC07A: "TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256",
0xC07B: "TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384",
0xC07C: "TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256",
0xC07D: "TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384",
0xC07E: "TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256",
0xC07F: "TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384",
0xC080: "TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256",
0xC081: "TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384",
0xC082: "TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256",
0xC083: "TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384",
0xC084: "TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256",
0xC085: "TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384",
0xC086: "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256",
0xC087: "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384",
0xC088: "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256",
0xC089: "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384",
0xC08A: "TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256",
0xC08B: "TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384",
0xC08C: "TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256",
0xC08D: "TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384",
0xC08E: "TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256",
0xC08F: "TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384",
0xC090: "TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256",
0xC091: "TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384",
0xC092: "TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256",
0xC093: "TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384",
0xC094: "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256",
0xC095: "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384",
0xC096: "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256",
0xC097: "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384",
0xC098: "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256",
0xC099: "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384",
0xC09A: "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256",
0xC09B: "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384",
0xC09C: "TLS_RSA_WITH_AES_128_CCM",
0xC09D: "TLS_RSA_WITH_AES_256_CCM",
0xC09E: "TLS_DHE_RSA_WITH_AES_128_CCM",
0xC09F: "TLS_DHE_RSA_WITH_AES_256_CCM",
0xC0A0: "TLS_RSA_WITH_AES_128_CCM_8",
0xC0A1: "TLS_RSA_WITH_AES_256_CCM_8",
0xC0A2: "TLS_DHE_RSA_WITH_AES_128_CCM_8",
0xC0A3: "TLS_DHE_RSA_WITH_AES_256_CCM_8",
0xC0A4: "TLS_PSK_WITH_AES_128_CCM",
0xC0A5: "TLS_PSK_WITH_AES_256_CCM",
0xC0A6: "TLS_DHE_PSK_WITH_AES_128_CCM",
0xC0A7: "TLS_DHE_PSK_WITH_AES_256_CCM",
0xC0A8: "TLS_PSK_WITH_AES_128_CCM_8",
0xC0A9: "TLS_PSK_WITH_AES_256_CCM_8",
0xC0AA: "TLS_PSK_DHE_WITH_AES_128_CCM_8",
0xC0AB: "TLS_PSK_DHE_WITH_AES_256_CCM_8",
0xC0AC: "TLS_ECDHE_ECDSA_WITH_AES_128_CCM",
0xC0AD: "TLS_ECDHE_ECDSA_WITH_AES_256_CCM",
0xC0AE: "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8",
0xC0AF: "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8",
0xC0B0: "TLS_ECCPWD_WITH_AES_128_GCM_SHA256",
0xC0B1: "TLS_ECCPWD_WITH_AES_256_GCM_SHA384",
0xC0B2: "TLS_ECCPWD_WITH_AES_128_CCM_SHA256",
0xC0B3: "TLS_ECCPWD_WITH_AES_256_CCM_SHA384",
0xC0B4: "TLS_SHA256_SHA256",
0xC0B5: "TLS_SHA384_SHA384",
0xC100: "TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC",
0xC101: "TLS_GOSTR341112_256_WITH_MAGMA_CTR_OMAC",
0xC102: "TLS_GOSTR341112_256_WITH_28147_CNT_IMIT",
0xC103: "TLS_GOSTR341112_256_WITH_KUZNYECHIK_MGM_L",
0xC104: "TLS_GOSTR341112_256_WITH_MAGMA_MGM_L",
0xC105: "TLS_GOSTR341112_256_WITH_KUZNYECHIK_MGM_S",
0xC106: "TLS_GOSTR341112_256_WITH_MAGMA_MGM_S",
0xCACA: "GREASE",
0xCCA8: "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
0xCCA9: "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
0xCCAA: "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
0xCCAB: "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256",
0xCCAC: "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256",
0xCCAD: "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256",
0xCCAE: "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256",
0xD001: "TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256",
0xD002: "TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384",
0xD003: "TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256",
0xD005: "TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256",
0xDADA: "GREASE",
0xEAEA: "GREASE",
0xFAFA: "GREASE",
};
/**
* GREASE values
*/
export const GREASE_VALUES = [
0x0a0a,
0x1a1a,
0x2a2a,
0x3a3a,
0x4a4a,
0x5a5a,
0x6a6a,
0x7a7a,
0x8a8a,
0x9a9a,
0xaaaa,
0xbaba,
0xcaca,
0xdada,
0xeaea,
0xfafa
];
/**
* Parses the supported_versions extension and returns the highest supported version.
* @param {Uint8Array} bytes
* @returns {number}
*/
export function parseHighestSupportedVersion(bytes) {
const s = new Stream(bytes);
// Length
let i = s.readInt(1);
let highestVersion = 0;
while (s.hasMore() && i-- > 0) {
const v = s.readInt(2);
if (GREASE_VALUES.includes(v)) continue;
if (v > highestVersion) highestVersion = v;
}
return highestVersion;
}
/**
* Parses the application_layer_protocol_negotiation extension and returns the first value.
* @param {Uint8Array} bytes
* @returns {number}
*/
export function parseFirstALPNValue(bytes) {
const s = new Stream(bytes);
const alpnExtLen = s.readInt(2);
if (alpnExtLen < 3) return "00";
const strLen = s.readInt(1);
if (strLen < 2) return "00";
return s.readString(strLen);
}

8
src/core/operations/BlowfishDecrypt.mjs
View file

@ -70,10 +70,14 @@ class BlowfishDecrypt extends Operation {
inputType = args[3],
outputType = args[4];
if (key.length !== 8) {
if (key.length < 4 || key.length > 56) {
throw new OperationError(`Invalid key length: ${key.length} bytes
Blowfish uses a key length of 8 bytes (64 bits).`);
Blowfish's key length needs to be between 4 and 56 bytes (32-448 bits).`);
}
if (iv.length !== 8) {
throw new OperationError(`Invalid IV length: ${iv.length} bytes. Expected 8 bytes`);
}
input = Utils.convertToByteString(input, inputType);

8
src/core/operations/BlowfishEncrypt.mjs
View file

@ -70,10 +70,14 @@ class BlowfishEncrypt extends Operation {
inputType = args[3],
outputType = args[4];
if (key.length !== 8) {
if (key.length < 4 || key.length > 56) {
throw new OperationError(`Invalid key length: ${key.length} bytes
Blowfish's key length needs to be between 4 and 56 bytes (32-448 bits).`);
}
Blowfish uses a key length of 8 bytes (64 bits).`);
if (iv.length !== 8) {
throw new OperationError(`Invalid IV length: ${iv.length} bytes. Expected 8 bytes`);
}
input = Utils.convertToByteString(input, inputType);

2
src/core/operations/CSSSelector.mjs
View file

@ -6,7 +6,7 @@
import Operation from "../Operation.mjs";
import OperationError from "../errors/OperationError.mjs";
import xmldom from "xmldom";
import xmldom from "@xmldom/xmldom";
import nwmatcher from "nwmatcher";
/**

2
src/core/operations/CTPH.mjs
View file

@ -21,7 +21,7 @@ class CTPH extends Operation {
this.name = "CTPH";
this.module = "Crypto";
this.description = "Context Triggered Piecewise Hashing, also called Fuzzy Hashing, can match inputs that have homologies. Such inputs have sequences of identical bytes in the same order, although bytes in between these sequences may be different in both content and length.<br><br>CTPH was originally based on the work of Dr. Andrew Tridgell and a spam email detector called SpamSum. This method was adapted by Jesse Kornblum and published at the DFRWS conference in 2006 in a paper 'Identifying Almost Identical Files Using Context Triggered Piecewise Hashing'.";
this.infoURL = "https://forensicswiki.xyz/wiki/index.php?title=Context_Triggered_Piecewise_Hashing";
this.infoURL = "https://forensics.wiki/context_triggered_piecewise_hashing/";
this.inputType = "string";
this.outputType = "string";
this.args = [];

98
src/core/operations/CaretMdecode.mjs Normal file
View file

@ -0,0 +1,98 @@
/**
* @author tedk [tedk@ted.do]
* @copyright Crown Copyright 2024
* @license Apache-2.0
*/
import Operation from "../Operation.mjs";
/**
* Caret/M-decode operation
*
* https://gist.githubusercontent.com/JaHIY/3c91bbf7bea5661e6abfbd1349ee81a2/raw/c7b480e9ff24bcb8f5287a8a8a2dcb9bf5628506/decode_m_notation.cpp
*/
class CaretMdecode extends Operation {
/**
* CaretMdecode constructor
*/
constructor() {
super();
this.name = "Caret/M-decode";
this.module = "Default";
this.description = "Decodes caret or M-encoded strings, i.e. ^M turns into a newline, M-^] turns into 0x9d. Sources such as `cat -v`.\n\nPlease be aware that when using `cat -v` ^_ (caret-underscore) will not be encoded, but represents a valid encoding (namely that of 0x1f).";
this.infoURL = "https://en.wikipedia.org/wiki/Caret_notation";
this.inputType = "string";
this.outputType = "byteArray";
this.args = [];
}
/**
* @param {string} input
* @param {Object[]} args
* @returns {byteArray}
*/
run(input, args) {
const bytes = [];
let prev = "";
for (let i = 0; i < input.length; i++) {
const charCode = input.charCodeAt(i);
const curChar = input.charAt(i);
if (prev === "M-^") {
if (charCode > 63 && charCode <= 95) {
bytes.push(charCode + 64);
} else if (charCode === 63) {
bytes.push(255);
} else {
bytes.push(77, 45, 94, charCode);
}
prev = "";
} else if (prev === "M-") {
if (curChar === "^") {
prev = prev + "^";
} else if (charCode >= 32 && charCode <= 126) {
bytes.push(charCode + 128);
prev = "";
} else {
bytes.push(77, 45, charCode);
prev = "";
}
} else if (prev === "M") {
if (curChar === "-") {
prev = prev + "-";
} else {
bytes.push(77, charCode);
prev = "";
}
} else if (prev === "^") {
if (charCode > 63 && charCode <= 126) {
bytes.push(charCode - 64);
} else if (charCode === 63) {
bytes.push(127);
} else {
bytes.push(94, charCode);
}
prev = "";
} else {
if (curChar === "M") {
prev = "M";
} else if (curChar === "^") {
prev = "^";
} else {
bytes.push(charCode);
}
}
}
return bytes;
}
}
export default CaretMdecode;

2
src/core/operations/ChaCha.mjs
View file

@ -191,7 +191,7 @@ ChaCha uses a nonce of 8 or 12 bytes (64 or 96 bits).`);
if (outputType === "Hex") {
return toHex(output);
} else {
return Utils.arrayBufferToStr(output);
return Utils.arrayBufferToStr(Uint8Array.from(output).buffer);
}
}

2
src/core/operations/CompareCTPHHashes.mjs
View file

@ -24,7 +24,7 @@ class CompareCTPHHashes extends Operation {
this.name = "Compare CTPH hashes";
this.module = "Crypto";
this.description = "Compares two Context Triggered Piecewise Hashing (CTPH) fuzzy hashes to determine the similarity between them on a scale of 0 to 100.";
this.infoURL = "https://forensicswiki.xyz/wiki/index.php?title=Context_Triggered_Piecewise_Hashing";
this.infoURL = "https://forensics.wiki/context_triggered_piecewise_hashing/";
this.inputType = "string";
this.outputType = "Number";
this.args = [

2
src/core/operations/CompareSSDEEPHashes.mjs
View file

@ -24,7 +24,7 @@ class CompareSSDEEPHashes extends Operation {
this.name = "Compare SSDEEP hashes";
this.module = "Crypto";
this.description = "Compares two SSDEEP fuzzy hashes to determine the similarity between them on a scale of 0 to 100.";
this.infoURL = "https://forensicswiki.xyz/wiki/index.php?title=Ssdeep";
this.infoURL = "https://forensics.wiki/ssdeep/";
this.inputType = "string";
this.outputType = "Number";
this.args = [

4
src/core/operations/Diff.mjs
View file

@ -119,9 +119,9 @@ class Diff extends Operation {
for (let i = 0; i < diff.length; i++) {
if (diff[i].added) {
if (showAdded) output += "<span class='hl5'>" + Utils.escapeHtml(diff[i].value) + "</span>";
if (showAdded) output += "<ins>" + Utils.escapeHtml(diff[i].value) + "</ins>";
} else if (diff[i].removed) {
if (showRemoved) output += "<span class='hl3'>" + Utils.escapeHtml(diff[i].value) + "</span>";
if (showRemoved) output += "<del>" + Utils.escapeHtml(diff[i].value) + "</del>";
} else if (!showSubtraction) {
output += Utils.escapeHtml(diff[i].value);
}

2
src/core/operations/ExtractFiles.mjs
View file

@ -39,7 +39,7 @@ class ExtractFiles extends Operation {
${supportedExts.join("</li><li>")}
</li>
</ul>Minimum File Size can be used to prune small false positives.`;
this.infoURL = "https://forensicswiki.xyz/wiki/index.php?title=File_Carving";
this.infoURL = "https://forensics.wiki/file_carving";
this.inputType = "ArrayBuffer";
this.outputType = "List<File>";
this.presentType = "html";

2
src/core/operations/ExtractIPAddresses.mjs
View file

@ -66,7 +66,7 @@ class ExtractIPAddresses extends Operation {
run(input, args) {
const [includeIpv4, includeIpv6, removeLocal, displayTotal, sort, unique] = args,
ipv4 = "(?:(?:\\d|[01]?\\d\\d|2[0-4]\\d|25[0-5])\\.){3}(?:25[0-5]|2[0-4]\\d|[01]?\\d\\d|\\d)(?:\\/\\d{1,2})?",
ipv6 = "((?=.*::)(?!.*::.+::)(::)?([\\dA-F]{1,4}:(:|\\b)|){5}|([\\dA-F]{1,4}:){6})((([\\dA-F]{1,4}((?!\\3)::|:\\b|(?![\\dA-F])))|(?!\\2\\3)){2}|(((2[0-4]|1\\d|[1-9])?\\d|25[0-5])\\.?\\b){4})";
ipv6 = "((?=.*::)(?!.*::.+::)(::)?([\\dA-F]{1,4}:(:|\\b)|){5}|([\\dA-F]{1,4}:){6})(([\\dA-F]{1,4}((?!\\3)::|:\\b|(?![\\dA-F])))|(?!\\2\\3)){2}";
let ips = "";
if (includeIpv4 && includeIpv6) {

77
src/core/operations/FangURL.mjs Normal file
View file

@ -0,0 +1,77 @@
/**
* @author arnydo [github@arnydo.com]
* @copyright Crown Copyright 2019
* @license Apache-2.0
*/
import Operation from "../Operation.mjs";
/**
* FangURL operation
*/
class FangURL extends Operation {
/**
* FangURL constructor
*/
constructor() {
super();
this.name = "Fang URL";
this.module = "Default";
this.description = "Takes a 'Defanged' Universal Resource Locator (URL) and 'Fangs' it. Meaning, it removes the alterations (defanged) that render it useless so that it can be used again.";
this.inputType = "string";
this.outputType = "string";
this.args = [
{
name: "Restore [.]",
type: "boolean",
value: true
},
{
name: "Restore hxxp",
type: "boolean",
value: true
},
{
name: "Restore ://",
type: "boolean",
value: true
}
];
}
/**
* @param {string} input
* @param {Object[]} args
* @returns {string}
*/
run(input, args) {
const [dots, http, slashes] = args;
input = fangURL(input, dots, http, slashes);
return input;
}
}
/**
* Defangs a given URL
*
* @param {string} url
* @param {boolean} dots
* @param {boolean} http
* @param {boolean} slashes
* @returns {string}
*/
function fangURL(url, dots, http, slashes) {
if (dots) url = url.replace(/\[\.\]/g, ".");
if (http) url = url.replace(/hxxp/g, "http");
if (slashes) url = url.replace(/\[:\/\/\]/g, "://");
return url;
}
export default FangURL;

63
src/core/operations/FernetDecrypt.mjs Normal file
View file

@ -0,0 +1,63 @@
/**
* @author Karsten Silkenbäumer [github.com/kassi]
* @copyright Karsten Silkenbäumer 2019
* @license Apache-2.0
*/
import Operation from "../Operation.mjs";
import OperationError from "../errors/OperationError.mjs";
import fernet from "fernet";
/**
* FernetDecrypt operation
*/
class FernetDecrypt extends Operation {
/**
* FernetDecrypt constructor
*/
constructor() {
super();
this.name = "Fernet Decrypt";
this.module = "Default";
this.description = "Fernet is a symmetric encryption method which makes sure that the message encrypted cannot be manipulated/read without the key. It uses URL safe encoding for the keys. Fernet uses 128-bit AES in CBC mode and PKCS7 padding, with HMAC using SHA256 for authentication. The IV is created from os.random().<br><br><b>Key:</b> The key must be 32 bytes (256 bits) encoded with Base64.";
this.infoURL = "https://asecuritysite.com/encryption/fer";
this.inputType = "string";
this.outputType = "string";
this.args = [
{
"name": "Key",
"type": "string",
"value": ""
},
];
this.patterns = [
{
match: "^[A-Z\\d\\-_=]{20,}$",
flags: "i",
args: []
},
];
}
/**
* @param {String} input
* @param {Object[]} args
* @returns {String}
*/
run(input, args) {
const [secretInput] = args;
try {
const secret = new fernet.Secret(secretInput);
const token = new fernet.Token({
secret: secret,
token: input,
ttl: 0
});
return token.decode();
} catch (err) {
throw new OperationError(err);
}
}
}
export default FernetDecrypt;

54
src/core/operations/FernetEncrypt.mjs Normal file
View file

@ -0,0 +1,54 @@
/**
* @author Karsten Silkenbäumer [github.com/kassi]
* @copyright Karsten Silkenbäumer 2019
* @license Apache-2.0
*/
import Operation from "../Operation.mjs";
import OperationError from "../errors/OperationError.mjs";
import fernet from "fernet";
/**
* FernetEncrypt operation
*/
class FernetEncrypt extends Operation {
/**
* FernetEncrypt constructor
*/
constructor() {
super();
this.name = "Fernet Encrypt";
this.module = "Default";
this.description = "Fernet is a symmetric encryption method which makes sure that the message encrypted cannot be manipulated/read without the key. It uses URL safe encoding for the keys. Fernet uses 128-bit AES in CBC mode and PKCS7 padding, with HMAC using SHA256 for authentication. The IV is created from os.random().<br><br><b>Key:</b> The key must be 32 bytes (256 bits) encoded with Base64.";
this.infoURL = "https://asecuritysite.com/encryption/fer";
this.inputType = "string";
this.outputType = "string";
this.args = [
{
"name": "Key",
"type": "string",
"value": ""
},
];
}
/**
* @param {String} input
* @param {Object[]} args
* @returns {String}
*/
run(input, args) {
const [secretInput] = args;
try {
const secret = new fernet.Secret(secretInput);
const token = new fernet.Token({
secret: secret,
});
return token.encode(input);
} catch (err) {
throw new OperationError(err);
}
}
}
export default FernetEncrypt;

93
src/core/operations/FileTree.mjs Normal file
View file

@ -0,0 +1,93 @@
/**
* @author sw5678
* @copyright Crown Copyright 2016
* @license Apache-2.0
*/
import Operation from "../Operation.mjs";
import Utils from "../Utils.mjs";
import {INPUT_DELIM_OPTIONS} from "../lib/Delim.mjs";
/**
* Unique operation
*/
class FileTree extends Operation {
/**
* Unique constructor
*/
constructor() {
super();
this.name = "File Tree";
this.module = "Default";
this.description = "Creates file tree from list of file paths (similar to the tree command in Linux)";
this.inputType = "string";
this.outputType = "string";
this.args = [
{
name: "File Path Delimiter",
type: "binaryString",
value: "/"
},
{
name: "Delimiter",
type: "option",
value: INPUT_DELIM_OPTIONS
}
];
}
/**
* @param {string} input
* @param {Object[]} args
* @returns {string}
*/
run(input, args) {
// Set up arrow and pipe for nice output display
const ARROW = "|---";
const PIPE = "| ";
// Get args from input
const fileDelim = args[0];
const entryDelim = Utils.charRep(args[1]);
// Store path to print
const completedList = [];
const printList = [];
// Loop through all entries
const filePaths = input.split(entryDelim).unique().sort();
for (let i = 0; i < filePaths.length; i++) {
// Split by file delimiter
let path = filePaths[i].split(fileDelim);
if (path[0] === "") {
path = path.slice(1, path.length);
}
for (let j = 0; j < path.length; j++) {
let printLine;
let key;
if (j === 0) {
printLine = path[j];
key = path[j];
} else {
printLine = PIPE.repeat(j-1) + ARROW + path[j];
key = path.slice(0, j+1).join("/");
}
// Check to see we have already added that path
if (!completedList.includes(key)) {
completedList.push(key);
printList.push(printLine);
}
}
}
return printList.join("\n");
}
}
export default FileTree;

8
src/core/operations/FromBase58.mjs
View file

@ -60,7 +60,7 @@ class FromBase58 extends Operation {
run(input, args) {
let alphabet = args[0] || ALPHABET_OPTIONS[0].value;
const removeNonAlphaChars = args[1] === undefined ? true : args[1],
result = [0];
result = [];
alphabet = Utils.expandAlphRange(alphabet).join("");
@ -87,11 +87,9 @@ class FromBase58 extends Operation {
}
}
let carry = result[0] * 58 + index;
result[0] = carry & 0xFF;
carry = carry >> 8;
let carry = index;
for (let i = 1; i < result.length; i++) {
for (let i = 0; i < result.length; i++) {
carry += result[i] * 58;
result[i] = carry & 0xFF;
carry = carry >> 8;

55
src/core/operations/FromBase92.mjs Normal file
View file

@ -0,0 +1,55 @@
/**
* @author sg5506844 [sg5506844@gmail.com]
* @copyright Crown Copyright 2021
* @license Apache-2.0
*/
import { base92Ord } from "../lib/Base92.mjs";
import Operation from "../Operation.mjs";
/**
* From Base92 operation
*/
class FromBase92 extends Operation {
/**
* FromBase92 constructor
*/
constructor() {
super();
this.name = "From Base92";
this.module = "Default";
this.description = "Base92 is a notation for encoding arbitrary byte data using a restricted set of symbols that can be conveniently used by humans and processed by computers.";
this.infoURL = "https://wikipedia.org/wiki/List_of_numeral_systems";
this.inputType = "string";
this.outputType = "byteArray";
}
/**
* @param {string} input
* @param {Object[]} args
* @returns {byteArray}
*/
run(input, args) {
const res = [];
let bitString = "";
for (let i = 0; i < input.length; i += 2) {
if (i + 1 !== input.length) {
const x = base92Ord(input[i]) * 91 + base92Ord(input[i + 1]);
bitString += x.toString(2).padStart(13, "0");
} else {
const x = base92Ord(input[i]);
bitString += x.toString(2).padStart(6, "0");
}
while (bitString.length >= 8) {
res.push(parseInt(bitString.slice(0, 8), 2));
bitString = bitString.slice(8);
}
}
return res;
}
}
export default FromBase92;

78
src/core/operations/FromFloat.mjs Normal file
View file

@ -0,0 +1,78 @@
/**
* @author tcode2k16 [tcode2k16@gmail.com]
* @copyright Crown Copyright 2019
* @license Apache-2.0
*/
import Operation from "../Operation.mjs";
import Utils from "../Utils.mjs";
import ieee754 from "ieee754";
import {DELIM_OPTIONS} from "../lib/Delim.mjs";
/**
* From Float operation
*/
class FromFloat extends Operation {
/**
* FromFloat constructor
*/
constructor() {
super();
this.name = "From Float";
this.module = "Default";
this.description = "Convert from EEE754 Floating Point Numbers";
this.infoURL = "https://en.wikipedia.org/wiki/IEEE_754";
this.inputType = "string";
this.outputType = "byteArray";
this.args = [
{
"name": "Endianness",
"type": "option",
"value": [
"Big Endian",
"Little Endian"
]
},
{
"name": "Size",
"type": "option",
"value": [
"Float (4 bytes)",
"Double (8 bytes)"
]
},
{
"name": "Delimiter",
"type": "option",
"value": DELIM_OPTIONS
}
];
}
/**
* @param {string} input
* @param {Object[]} args
* @returns {byteArray}
*/
run(input, args) {
if (input.length === 0) return [];
const [endianness, size, delimiterName] = args;
const delim = Utils.charRep(delimiterName || "Space");
const byteSize = size === "Double (8 bytes)" ? 8 : 4;
const isLE = endianness === "Little Endian";
const mLen = byteSize === 4 ? 23 : 52;
const floats = input.split(delim);
const output = new Array(floats.length*byteSize);
for (let i = 0; i < floats.length; i++) {
ieee754.write(output, parseFloat(floats[i]), i*byteSize, isLE, mLen, byteSize);
}
return output;
}
}
export default FromFloat;

138
src/core/operations/GOSTDecrypt.mjs Normal file
View file

@ -0,0 +1,138 @@
/**
* @author n1474335 [n1474335@gmail.com]
* @copyright Crown Copyright 2023
* @license Apache-2.0
*/
import Operation from "../Operation.mjs";
import OperationError from "../errors/OperationError.mjs";
import Utils from "../Utils.mjs";
import { toHexFast, fromHex } from "../lib/Hex.mjs";
import { CryptoGost, GostEngine } from "@wavesenterprise/crypto-gost-js/index.js";
/**
* GOST Decrypt operation
*/
class GOSTDecrypt extends Operation {
/**
* GOSTDecrypt constructor
*/
constructor() {
super();
this.name = "GOST Decrypt";
this.module = "Ciphers";
this.description = "The GOST block cipher (Magma), defined in the standard GOST 28147-89 (RFC 5830), is a Soviet and Russian government standard symmetric key block cipher with a block size of 64 bits. The original standard, published in 1989, did not give the cipher any name, but the most recent revision of the standard, GOST R 34.12-2015 (RFC 7801, RFC 8891), specifies that it may be referred to as Magma. The GOST hash function is based on this cipher. The new standard also specifies a new 128-bit block cipher called Kuznyechik.<br><br>Developed in the 1970s, the standard had been marked 'Top Secret' and then downgraded to 'Secret' in 1990. Shortly after the dissolution of the USSR, it was declassified and it was released to the public in 1994. GOST 28147 was a Soviet alternative to the United States standard algorithm, DES. Thus, the two are very similar in structure.";
this.infoURL = "https://wikipedia.org/wiki/GOST_(block_cipher)";
this.inputType = "string";
this.outputType = "string";
this.args = [
{
name: "Key",
type: "toggleString",
value: "",
toggleValues: ["Hex", "UTF8", "Latin1", "Base64"]
},
{
name: "IV",
type: "toggleString",
value: "",
toggleValues: ["Hex", "UTF8", "Latin1", "Base64"]
},
{
name: "Input type",
type: "option",
value: ["Hex", "Raw"]
},
{
name: "Output type",
type: "option",
value: ["Raw", "Hex"]
},
{
name: "Algorithm",
type: "argSelector",
value: [
{
name: "GOST 28147 (Magma, 1989)",
off: [5],
on: [6]
},
{
name: "GOST R 34.12 (Kuznyechik, 2015)",
on: [5],
off: [6]
}
]
},
{
name: "Block length",
type: "option",
value: ["64", "128"]
},
{
name: "sBox",
type: "option",
value: ["E-TEST", "E-A", "E-B", "E-C", "E-D", "E-SC", "E-Z", "D-TEST", "D-A", "D-SC"]
},
{
name: "Block mode",
type: "option",
value: ["ECB", "CFB", "OFB", "CTR", "CBC"]
},
{
name: "Key meshing mode",
type: "option",
value: ["NO", "CP"]
},
{
name: "Padding",
type: "option",
value: ["NO", "PKCS5", "ZERO", "RANDOM", "BIT"]
}
];
}
/**
* @param {string} input
* @param {Object[]} args
* @returns {string}
*/
async run(input, args) {
const [keyObj, ivObj, inputType, outputType, version, length, sBox, blockMode, keyMeshing, padding] = args;
const key = toHexFast(Utils.convertToByteArray(keyObj.string, keyObj.option));
const iv = toHexFast(Utils.convertToByteArray(ivObj.string, ivObj.option));
input = inputType === "Hex" ? input : toHexFast(Utils.strToArrayBuffer(input));
const versionNum = version === "GOST 28147 (Magma, 1989)" ? 1989 : 2015;
const blockLength = versionNum === 1989 ? 64 : parseInt(length, 10);
const sBoxVal = versionNum === 1989 ? sBox : null;
const algorithm = {
version: versionNum,
length: blockLength,
mode: "ES",
sBox: sBoxVal,
block: blockMode,
keyMeshing: keyMeshing,
padding: padding
};
try {
const Hex = CryptoGost.coding.Hex;
if (iv) algorithm.iv = Hex.decode(iv);
const cipher = GostEngine.getGostCipher(algorithm);
const out = Hex.encode(cipher.decrypt(Hex.decode(key), Hex.decode(input)));
return outputType === "Hex" ? out : Utils.byteArrayToChars(fromHex(out));
} catch (err) {
throw new OperationError(err);
}
}
}
export default GOSTDecrypt;

138
src/core/operations/GOSTEncrypt.mjs Normal file
View file

@ -0,0 +1,138 @@
/**
* @author n1474335 [n1474335@gmail.com]
* @copyright Crown Copyright 2023
* @license Apache-2.0
*/
import Operation from "../Operation.mjs";
import OperationError from "../errors/OperationError.mjs";
import Utils from "../Utils.mjs";
import { toHexFast, fromHex } from "../lib/Hex.mjs";
import { CryptoGost, GostEngine } from "@wavesenterprise/crypto-gost-js/index.js";
/**
* GOST Encrypt operation
*/
class GOSTEncrypt extends Operation {
/**
* GOSTEncrypt constructor
*/
constructor() {
super();
this.name = "GOST Encrypt";
this.module = "Ciphers";
this.description = "The GOST block cipher (Magma), defined in the standard GOST 28147-89 (RFC 5830), is a Soviet and Russian government standard symmetric key block cipher with a block size of 64 bits. The original standard, published in 1989, did not give the cipher any name, but the most recent revision of the standard, GOST R 34.12-2015 (RFC 7801, RFC 8891), specifies that it may be referred to as Magma. The GOST hash function is based on this cipher. The new standard also specifies a new 128-bit block cipher called Kuznyechik.<br><br>Developed in the 1970s, the standard had been marked 'Top Secret' and then downgraded to 'Secret' in 1990. Shortly after the dissolution of the USSR, it was declassified and it was released to the public in 1994. GOST 28147 was a Soviet alternative to the United States standard algorithm, DES. Thus, the two are very similar in structure.";
this.infoURL = "https://wikipedia.org/wiki/GOST_(block_cipher)";
this.inputType = "string";
this.outputType = "string";
this.args = [
{
name: "Key",
type: "toggleString",
value: "",
toggleValues: ["Hex", "UTF8", "Latin1", "Base64"]
},
{
name: "IV",
type: "toggleString",
value: "",
toggleValues: ["Hex", "UTF8", "Latin1", "Base64"]
},
{
name: "Input type",
type: "option",
value: ["Raw", "Hex"]
},
{
name: "Output type",
type: "option",
value: ["Hex", "Raw"]
},
{
name: "Algorithm",
type: "argSelector",
value: [
{
name: "GOST 28147 (Magma, 1989)",
off: [5],
on: [6]
},
{
name: "GOST R 34.12 (Kuznyechik, 2015)",
on: [5],
off: [6]
}
]
},
{
name: "Block length",
type: "option",
value: ["64", "128"]
},
{
name: "sBox",
type: "option",
value: ["E-TEST", "E-A", "E-B", "E-C", "E-D", "E-SC", "E-Z", "D-TEST", "D-A", "D-SC"]
},
{
name: "Block mode",
type: "option",
value: ["ECB", "CFB", "OFB", "CTR", "CBC"]
},
{
name: "Key meshing mode",
type: "option",
value: ["NO", "CP"]
},
{
name: "Padding",
type: "option",
value: ["NO", "PKCS5", "ZERO", "RANDOM", "BIT"]
}
];
}
/**
* @param {string} input
* @param {Object[]} args
* @returns {string}
*/
async run(input, args) {
const [keyObj, ivObj, inputType, outputType, version, length, sBox, blockMode, keyMeshing, padding] = args;
const key = toHexFast(Utils.convertToByteArray(keyObj.string, keyObj.option));
const iv = toHexFast(Utils.convertToByteArray(ivObj.string, ivObj.option));
input = inputType === "Hex" ? input : toHexFast(Utils.strToArrayBuffer(input));
const versionNum = version === "GOST 28147 (Magma, 1989)" ? 1989 : 2015;
const blockLength = versionNum === 1989 ? 64 : parseInt(length, 10);
const sBoxVal = versionNum === 1989 ? sBox : null;
const algorithm = {
version: versionNum,
length: blockLength,
mode: "ES",
sBox: sBoxVal,
block: blockMode,
keyMeshing: keyMeshing,
padding: padding
};
try {
const Hex = CryptoGost.coding.Hex;
if (iv) algorithm.iv = Hex.decode(iv);
const cipher = GostEngine.getGostCipher(algorithm);
const out = Hex.encode(cipher.encrypt(Hex.decode(key), Hex.decode(input)));
return outputType === "Hex" ? out : Utils.byteArrayToChars(fromHex(out));
} catch (err) {
throw new OperationError(err);
}
}
}
export default GOSTEncrypt;

62
src/core/operations/GOSTHash.mjs
View file

@ -7,7 +7,7 @@
import Operation from "../Operation.mjs";
import OperationError from "../errors/OperationError.mjs";
import GostDigest from "../vendor/gost/gostDigest.mjs";
import {toHexFast} from "../lib/Hex.mjs";
import { toHexFast } from "../lib/Hex.mjs";
/**
* GOST hash operation
@ -20,7 +20,7 @@ class GOSTHash extends Operation {
constructor() {
super();
this.name = "GOST hash";
this.name = "GOST Hash";
this.module = "Hashing";
this.description = "The GOST hash function, defined in the standards GOST R 34.11-94 and GOST 34.311-95 is a 256-bit cryptographic hash function. It was initially defined in the Russian national standard GOST R 34.11-94 <i>Information Technology Cryptographic Information Security Hash Function</i>. The equivalent standard used by other member-states of the CIS is GOST 34.311-95.<br><br>This function must not be confused with a different Streebog hash function, which is defined in the new revision of the standard GOST R 34.11-2012.<br><br>The GOST hash function is based on the GOST block cipher.";
this.infoURL = "https://wikipedia.org/wiki/GOST_(hash_function)";
@ -28,20 +28,30 @@ class GOSTHash extends Operation {
this.outputType = "string";
this.args = [
{
"name": "S-Box",
"type": "option",
"value": [
"D-A",
"D-SC",
"E-TEST",
"E-A",
"E-B",
"E-C",
"E-D",
"E-SC",
"E-Z",
"D-TEST"
name: "Algorithm",
type: "argSelector",
value: [
{
name: "GOST 28147 (1994)",
off: [1],
on: [2]
},
{
name: "GOST R 34.11 (Streebog, 2012)",
on: [1],
off: [2]
}
]
},
{
name: "Digest length",
type: "option",
value: ["256", "512"]
},
{
name: "sBox",
type: "option",
value: ["E-TEST", "E-A", "E-B", "E-C", "E-D", "E-SC", "E-Z", "D-TEST", "D-A", "D-SC"]
}
];
}
@ -52,13 +62,23 @@ class GOSTHash extends Operation {
* @returns {string}
*/
run(input, args) {
const [version, length, sBox] = args;
const versionNum = version === "GOST 28147 (1994)" ? 1994 : 2012;
const algorithm = {
name: versionNum === 1994 ? "GOST 28147" : "GOST R 34.10",
version: versionNum,
mode: "HASH"
};
if (versionNum === 1994) {
algorithm.sBox = sBox;
} else {
algorithm.length = parseInt(length, 10);
}
try {
const sBox = args[1];
const gostDigest = new GostDigest({
name: "GOST R 34.11",
version: 1994,
sBox: sBox
});
const gostDigest = new GostDigest(algorithm);
return toHexFast(gostDigest.digest(input));
} catch (err) {

129
src/core/operations/GOSTKeyUnwrap.mjs Normal file
View file

@ -0,0 +1,129 @@
/**
* @author n1474335 [n1474335@gmail.com]
* @copyright Crown Copyright 2023
* @license Apache-2.0
*/
import Operation from "../Operation.mjs";
import OperationError from "../errors/OperationError.mjs";
import Utils from "../Utils.mjs";
import { toHexFast, fromHex } from "../lib/Hex.mjs";
import { CryptoGost, GostEngine } from "@wavesenterprise/crypto-gost-js/index.js";
/**
* GOST Key Unwrap operation
*/
class GOSTKeyUnwrap extends Operation {
/**
* GOSTKeyUnwrap constructor
*/
constructor() {
super();
this.name = "GOST Key Unwrap";
this.module = "Ciphers";
this.description = "A decryptor for keys wrapped using one of the GOST block ciphers.";
this.infoURL = "https://wikipedia.org/wiki/GOST_(block_cipher)";
this.inputType = "string";
this.outputType = "string";
this.args = [
{
name: "Key",
type: "toggleString",
value: "",
toggleValues: ["Hex", "UTF8", "Latin1", "Base64"]
},
{
name: "User Key Material",
type: "toggleString",
value: "",
toggleValues: ["Hex", "UTF8", "Latin1", "Base64"]
},
{
name: "Input type",
type: "option",
value: ["Hex", "Raw"]
},
{
name: "Output type",
type: "option",
value: ["Raw", "Hex"]
},
{
name: "Algorithm",
type: "argSelector",
value: [
{
name: "GOST 28147 (Magma, 1989)",
off: [5],
on: [6]
},
{
name: "GOST R 34.12 (Kuznyechik, 2015)",
on: [5],
off: [6]
}
]
},
{
name: "Block length",
type: "option",
value: ["64", "128"]
},
{
name: "sBox",
type: "option",
value: ["E-TEST", "E-A", "E-B", "E-C", "E-D", "E-SC", "E-Z", "D-TEST", "D-A", "D-SC"]
},
{
name: "Key wrapping",
type: "option",
value: ["NO", "CP", "SC"]
}
];
}
/**
* @param {string} input
* @param {Object[]} args
* @returns {string}
*/
async run(input, args) {
const [keyObj, ukmObj, inputType, outputType, version, length, sBox, keyWrapping] = args;
const key = toHexFast(Utils.convertToByteArray(keyObj.string, keyObj.option));
const ukm = toHexFast(Utils.convertToByteArray(ukmObj.string, ukmObj.option));
input = inputType === "Hex" ? input : toHexFast(Utils.strToArrayBuffer(input));
const versionNum = version === "GOST 28147 (Magma, 1989)" ? 1989 : 2015;
const blockLength = versionNum === 1989 ? 64 : parseInt(length, 10);
const sBoxVal = versionNum === 1989 ? sBox : null;
const algorithm = {
version: versionNum,
length: blockLength,
mode: "KW",
sBox: sBoxVal,
keyWrapping: keyWrapping
};
try {
const Hex = CryptoGost.coding.Hex;
algorithm.ukm = Hex.decode(ukm);
const cipher = GostEngine.getGostCipher(algorithm);
const out = Hex.encode(cipher.unwrapKey(Hex.decode(key), Hex.decode(input)));
return outputType === "Hex" ? out : Utils.byteArrayToChars(fromHex(out));
} catch (err) {
if (err.toString().includes("Invalid typed array length")) {
throw new OperationError("Incorrect input length. Must be a multiple of the block size.");
}
throw new OperationError(err);
}
}
}
export default GOSTKeyUnwrap;

129
src/core/operations/GOSTKeyWrap.mjs Normal file
View file

@ -0,0 +1,129 @@
/**
* @author n1474335 [n1474335@gmail.com]
* @copyright Crown Copyright 2023
* @license Apache-2.0
*/
import Operation from "../Operation.mjs";
import OperationError from "../errors/OperationError.mjs";
import Utils from "../Utils.mjs";
import { toHexFast, fromHex } from "../lib/Hex.mjs";
import { CryptoGost, GostEngine } from "@wavesenterprise/crypto-gost-js/index.js";
/**
* GOST Key Wrap operation
*/
class GOSTKeyWrap extends Operation {
/**
* GOSTKeyWrap constructor
*/
constructor() {
super();
this.name = "GOST Key Wrap";
this.module = "Ciphers";
this.description = "A key wrapping algorithm for protecting keys in untrusted storage using one of the GOST block cipers.";
this.infoURL = "https://wikipedia.org/wiki/GOST_(block_cipher)";
this.inputType = "string";
this.outputType = "string";
this.args = [
{
name: "Key",
type: "toggleString",
value: "",
toggleValues: ["Hex", "UTF8", "Latin1", "Base64"]
},
{
name: "User Key Material",
type: "toggleString",
value: "",
toggleValues: ["Hex", "UTF8", "Latin1", "Base64"]
},
{
name: "Input type",
type: "option",
value: ["Raw", "Hex"]
},
{
name: "Output type",
type: "option",
value: ["Hex", "Raw"]
},
{
name: "Algorithm",
type: "argSelector",
value: [
{
name: "GOST 28147 (Magma, 1989)",
off: [5],
on: [6]
},
{
name: "GOST R 34.12 (Kuznyechik, 2015)",
on: [5],
off: [6]
}
]
},
{
name: "Block length",
type: "option",
value: ["64", "128"]
},
{
name: "sBox",
type: "option",
value: ["E-TEST", "E-A", "E-B", "E-C", "E-D", "E-SC", "E-Z", "D-TEST", "D-A", "D-SC"]
},
{
name: "Key wrapping",
type: "option",
value: ["NO", "CP", "SC"]
}
];
}
/**
* @param {string} input
* @param {Object[]} args
* @returns {string}
*/
async run(input, args) {
const [keyObj, ukmObj, inputType, outputType, version, length, sBox, keyWrapping] = args;
const key = toHexFast(Utils.convertToByteArray(keyObj.string, keyObj.option));
const ukm = toHexFast(Utils.convertToByteArray(ukmObj.string, ukmObj.option));
input = inputType === "Hex" ? input : toHexFast(Utils.strToArrayBuffer(input));
const versionNum = version === "GOST 28147 (Magma, 1989)" ? 1989 : 2015;
const blockLength = versionNum === 1989 ? 64 : parseInt(length, 10);
const sBoxVal = versionNum === 1989 ? sBox : null;
const algorithm = {
version: versionNum,
length: blockLength,
mode: "KW",
sBox: sBoxVal,
keyWrapping: keyWrapping
};
try {
const Hex = CryptoGost.coding.Hex;
algorithm.ukm = Hex.decode(ukm);
const cipher = GostEngine.getGostCipher(algorithm);
const out = Hex.encode(cipher.wrapKey(Hex.decode(key), Hex.decode(input)));
return outputType === "Hex" ? out : Utils.byteArrayToChars(fromHex(out));
} catch (err) {
if (err.toString().includes("Invalid typed array length")) {
throw new OperationError("Incorrect input length. Must be a multiple of the block size.");
}
throw new OperationError(err);
}
}
}
export default GOSTKeyWrap;

129
src/core/operations/GOSTSign.mjs Normal file
View file

@ -0,0 +1,129 @@
/**
* @author n1474335 [n1474335@gmail.com]
* @copyright Crown Copyright 2023
* @license Apache-2.0
*/
import Operation from "../Operation.mjs";
import OperationError from "../errors/OperationError.mjs";
import Utils from "../Utils.mjs";
import { toHexFast, fromHex } from "../lib/Hex.mjs";
import { CryptoGost, GostEngine } from "@wavesenterprise/crypto-gost-js/index.js";
/**
* GOST Sign operation
*/
class GOSTSign extends Operation {
/**
* GOSTSign constructor
*/
constructor() {
super();
this.name = "GOST Sign";
this.module = "Ciphers";
this.description = "Sign a plaintext message using one of the GOST block ciphers.";
this.infoURL = "https://wikipedia.org/wiki/GOST_(block_cipher)";
this.inputType = "string";
this.outputType = "string";
this.args = [
{
name: "Key",
type: "toggleString",
value: "",
toggleValues: ["Hex", "UTF8", "Latin1", "Base64"]
},
{
name: "IV",
type: "toggleString",
value: "",
toggleValues: ["Hex", "UTF8", "Latin1", "Base64"]
},
{
name: "Input type",
type: "option",
value: ["Raw", "Hex"]
},
{
name: "Output type",
type: "option",
value: ["Hex", "Raw"]
},
{
name: "Algorithm",
type: "argSelector",
value: [
{
name: "GOST 28147 (Magma, 1989)",
off: [5],
on: [6]
},
{
name: "GOST R 34.12 (Kuznyechik, 2015)",
on: [5],
off: [6]
}
]
},
{
name: "Block length",
type: "option",
value: ["64", "128"]
},
{
name: "sBox",
type: "option",
value: ["E-TEST", "E-A", "E-B", "E-C", "E-D", "E-SC", "E-Z", "D-TEST", "D-A", "D-SC"]
},
{
name: "MAC length",
type: "number",
value: 32,
min: 8,
max: 64,
step: 8
}
];
}
/**
* @param {string} input
* @param {Object[]} args
* @returns {string}
*/
async run(input, args) {
const [keyObj, ivObj, inputType, outputType, version, length, sBox, macLength] = args;
const key = toHexFast(Utils.convertToByteArray(keyObj.string, keyObj.option));
const iv = toHexFast(Utils.convertToByteArray(ivObj.string, ivObj.option));
input = inputType === "Hex" ? input : toHexFast(Utils.strToArrayBuffer(input));
const versionNum = version === "GOST 28147 (Magma, 1989)" ? 1989 : 2015;
const blockLength = versionNum === 1989 ? 64 : parseInt(length, 10);
const sBoxVal = versionNum === 1989 ? sBox : null;
const algorithm = {
version: versionNum,
length: blockLength,
mode: "MAC",
sBox: sBoxVal,
macLength: macLength
};
try {
const Hex = CryptoGost.coding.Hex;
if (iv) algorithm.iv = Hex.decode(iv);
const cipher = GostEngine.getGostCipher(algorithm);
const out = Hex.encode(cipher.sign(Hex.decode(key), Hex.decode(input)));
return outputType === "Hex" ? out : Utils.byteArrayToChars(fromHex(out));
} catch (err) {
throw new OperationError(err);
}
}
}
export default GOSTSign;

123
src/core/operations/GOSTVerify.mjs Normal file
View file

@ -0,0 +1,123 @@
/**
* @author n1474335 [n1474335@gmail.com]
* @copyright Crown Copyright 2023
* @license Apache-2.0
*/
import Operation from "../Operation.mjs";
import OperationError from "../errors/OperationError.mjs";
import Utils from "../Utils.mjs";
import { toHexFast } from "../lib/Hex.mjs";
import { CryptoGost, GostEngine } from "@wavesenterprise/crypto-gost-js/index.js";
/**
* GOST Verify operation
*/
class GOSTVerify extends Operation {
/**
* GOSTVerify constructor
*/
constructor() {
super();
this.name = "GOST Verify";
this.module = "Ciphers";
this.description = "Verify the signature of a plaintext message using one of the GOST block ciphers. Enter the signature in the MAC field.";
this.infoURL = "https://wikipedia.org/wiki/GOST_(block_cipher)";
this.inputType = "string";
this.outputType = "string";
this.args = [
{
name: "Key",
type: "toggleString",
value: "",
toggleValues: ["Hex", "UTF8", "Latin1", "Base64"]
},
{
name: "IV",
type: "toggleString",
value: "",
toggleValues: ["Hex", "UTF8", "Latin1", "Base64"]
},
{
name: "MAC",
type: "toggleString",
value: "",
toggleValues: ["Hex", "UTF8", "Latin1", "Base64"]
},
{
name: "Input type",
type: "option",
value: ["Raw", "Hex"]
},
{
name: "Algorithm",
type: "argSelector",
value: [
{
name: "GOST 28147 (Magma, 1989)",
off: [5],
on: [6]
},
{
name: "GOST R 34.12 (Kuznyechik, 2015)",
on: [5],
off: [6]
}
]
},
{
name: "Block length",
type: "option",
value: ["64", "128"]
},
{
name: "sBox",
type: "option",
value: ["E-TEST", "E-A", "E-B", "E-C", "E-D", "E-SC", "E-Z", "D-TEST", "D-A", "D-SC"]
}
];
}
/**
* @param {string} input
* @param {Object[]} args
* @returns {string}
*/
async run(input, args) {
const [keyObj, ivObj, macObj, inputType, version, length, sBox] = args;
const key = toHexFast(Utils.convertToByteArray(keyObj.string, keyObj.option));
const iv = toHexFast(Utils.convertToByteArray(ivObj.string, ivObj.option));
const mac = toHexFast(Utils.convertToByteArray(macObj.string, macObj.option));
input = inputType === "Hex" ? input : toHexFast(Utils.strToArrayBuffer(input));
const versionNum = version === "GOST 28147 (Magma, 1989)" ? 1989 : 2015;
const blockLength = versionNum === 1989 ? 64 : parseInt(length, 10);
const sBoxVal = versionNum === 1989 ? sBox : null;
const algorithm = {
version: versionNum,
length: blockLength,
mode: "MAC",
sBox: sBoxVal,
macLength: mac.length * 4
};
try {
const Hex = CryptoGost.coding.Hex;
if (iv) algorithm.iv = Hex.decode(iv);
const cipher = GostEngine.getGostCipher(algorithm);
const out = cipher.verify(Hex.decode(key), Hex.decode(mac), Hex.decode(input));
return out ? "The signature matches" : "The signature does not match";
} catch (err) {
throw new OperationError(err);
}
}
}
export default GOSTVerify;

2
src/core/operations/GenerateAllHashes.mjs
View file

@ -108,7 +108,7 @@ class GenerateAllHashes extends Operation {
{name: "BLAKE2s-256", algo: (new BLAKE2s), inputType: "arrayBuffer", params: ["256", "Hex", {string: "", option: "UTF8"}]},
{name: "Streebog-256", algo: (new Streebog), inputType: "arrayBuffer", params: ["256"]},
{name: "Streebog-512", algo: (new Streebog), inputType: "arrayBuffer", params: ["512"]},
{name: "GOST", algo: (new GOSTHash), inputType: "arrayBuffer", params: ["D-A"]},
{name: "GOST", algo: (new GOSTHash), inputType: "arrayBuffer", params: ["GOST 28147 (1994)", "256", "D-A"]},
{name: "LM Hash", algo: (new LMHash), inputType: "str", params: []},
{name: "NT Hash", algo: (new NTHash), inputType: "str", params: []},
{name: "SSDEEP", algo: (new SSDEEP()), inputType: "str"},

73
src/core/operations/JA4Fingerprint.mjs Normal file
View file

@ -0,0 +1,73 @@
/**
* @author n1474335 [n1474335@gmail.com]
* @copyright Crown Copyright 2024
* @license Apache-2.0
*/
import Operation from "../Operation.mjs";
import Utils from "../Utils.mjs";
import {toJA4} from "../lib/JA4.mjs";
/**
* JA4 Fingerprint operation
*/
class JA4Fingerprint extends Operation {
/**
* JA4Fingerprint constructor
*/
constructor() {
super();
this.name = "JA4 Fingerprint";
this.module = "Crypto";
this.description = "Generates a JA4 fingerprint to help identify TLS clients based on hashing together values from the Client Hello.<br><br>Input: A hex stream of the TLS or QUIC Client Hello packet application layer.";
this.infoURL = "https://medium.com/foxio/ja4-network-fingerprinting-9376fe9ca637";
this.inputType = "string";
this.outputType = "string";
this.args = [
{
name: "Input format",
type: "option",
value: ["Hex", "Base64", "Raw"]
},
{
name: "Output format",
type: "option",
value: ["JA4", "JA4 Original Rendering", "JA4 Raw", "JA4 Raw Original Rendering", "All"]
}
];
}
/**
* @param {string} input
* @param {Object[]} args
* @returns {string}
*/
run(input, args) {
const [inputFormat, outputFormat] = args;
input = Utils.convertToByteArray(input, inputFormat);
const ja4 = toJA4(new Uint8Array(input));
// Output
switch (outputFormat) {
case "JA4":
return ja4.JA4;
case "JA4 Original Rendering":
return ja4.JA4_o;
case "JA4 Raw":
return ja4.JA4_r;
case "JA4 Raw Original Rendering":
return ja4.JA4_ro;
case "All":
default:
return `JA4: ${ja4.JA4}
JA4_o: ${ja4.JA4_o}
JA4_r: ${ja4.JA4_r}
JA4_ro: ${ja4.JA4_ro}`;
}
}
}
export default JA4Fingerprint;

7
src/core/operations/JWTSign.mjs
View file

@ -50,7 +50,12 @@ class JWTSign extends Operation {
try {
return jwt.sign(input, key, {
algorithm: algorithm === "None" ? "none" : algorithm
algorithm: algorithm === "None" ? "none" : algorithm,
// To utilize jsonwebtoken 9+ library and maintain backwards compatibility for regression tests
// This could be turned into operation args in a future PR
allowInsecureKeySizes: true,
allowInvalidAsymmetricKeyTypes: true
});
} catch (err) {
throw new OperationError(`Error: Have you entered the key correctly? The key should be either the secret for HMAC algorithms or the PEM-encoded private key for RSA and ECDSA.

41
src/core/operations/LZNT1Decompress.mjs Normal file
View file

@ -0,0 +1,41 @@
/**
* @author 0xThiebaut [thiebaut.dev]
* @copyright Crown Copyright 2023
* @license Apache-2.0
*/
import Operation from "../Operation.mjs";
import {decompress} from "../lib/LZNT1.mjs";
/**
* LZNT1 Decompress operation
*/
class LZNT1Decompress extends Operation {
/**
* LZNT1 Decompress constructor
*/
constructor() {
super();
this.name = "LZNT1 Decompress";
this.module = "Compression";
this.description = "Decompresses data using the LZNT1 algorithm.<br><br>Similar to the Windows API <code>RtlDecompressBuffer</code>.";
this.infoURL = "https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-xca/5655f4a3-6ba4-489b-959f-e1f407c52f15";
this.inputType = "byteArray";
this.outputType = "byteArray";
this.args = [];
}
/**
* @param {byteArray} input
* @param {Object[]} args
* @returns {byteArray}
*/
run(input, args) {
return decompress(input);
}
}
export default LZNT1Decompress;

143
src/core/operations/MurmurHash3.mjs Normal file
View file

@ -0,0 +1,143 @@
/**
* Based on murmurhash-js (https://github.com/garycourt/murmurhash-js)
* @author Gary Court
* @license MIT
*
* @author AliceGrey [alice@grey.systems]
* @copyright Crown Copyright 2024
* @license Apache-2.0
*/
import Operation from "../Operation.mjs";
/**
* MurmurHash3 operation
*/
class MurmurHash3 extends Operation {
/**
* MurmurHash3 constructor
*/
constructor() {
super();
this.name = "MurmurHash3";
this.module = "Default";
this.description = "Generates a MurmurHash v3 for a string input and an optional seed input";
this.infoURL = "https://wikipedia.org/wiki/MurmurHash";
this.inputType = "string";
this.outputType = "number";
this.args = [
{
name: "Seed",
type: "number",
value: 0
},
{
name: "Convert to Signed",
type: "boolean",
value: false
}
];
}
/**
* Calculates the MurmurHash3 hash of the input.
* Based on Gary Court's JS MurmurHash implementation
* @see http://github.com/garycourt/murmurhash-js
* @author AliceGrey [alice@grey.systems]
* @param {string} input ASCII only
* @param {number} seed Positive integer only
* @return {number} 32-bit positive integer hash
*/
mmh3(input, seed) {
let h1b;
let k1;
const remainder = input.length & 3; // input.length % 4
const bytes = input.length - remainder;
let h1 = seed;
const c1 = 0xcc9e2d51;
const c2 = 0x1b873593;
let i = 0;
while (i < bytes) {
k1 =
((input.charCodeAt(i) & 0xff)) |
((input.charCodeAt(++i) & 0xff) << 8) |
((input.charCodeAt(++i) & 0xff) << 16) |
((input.charCodeAt(++i) & 0xff) << 24);
++i;
k1 = ((((k1 & 0xffff) * c1) + ((((k1 >>> 16) * c1) & 0xffff) << 16))) & 0xffffffff;
k1 = (k1 << 15) | (k1 >>> 17);
k1 = ((((k1 & 0xffff) * c2) + ((((k1 >>> 16) * c2) & 0xffff) << 16))) & 0xffffffff;
h1 ^= k1;
h1 = (h1 << 13) | (h1 >>> 19);
h1b = ((((h1 & 0xffff) * 5) + ((((h1 >>> 16) * 5) & 0xffff) << 16))) & 0xffffffff;
h1 = (((h1b & 0xffff) + 0x6b64) + ((((h1b >>> 16) + 0xe654) & 0xffff) << 16));
}
k1 = 0;
if (remainder === 3) {
k1 ^= (input.charCodeAt(i + 2) & 0xff) << 16;
}
if (remainder === 3 || remainder === 2) {
k1 ^= (input.charCodeAt(i + 1) & 0xff) << 8;
}
if (remainder === 3 || remainder === 2 || remainder === 1) {
k1 ^= (input.charCodeAt(i) & 0xff);
k1 = (((k1 & 0xffff) * c1) + ((((k1 >>> 16) * c1) & 0xffff) << 16)) & 0xffffffff;
k1 = (k1 << 15) | (k1 >>> 17);
k1 = (((k1 & 0xffff) * c2) + ((((k1 >>> 16) * c2) & 0xffff) << 16)) & 0xffffffff;
h1 ^= k1;
}
h1 ^= input.length;
h1 ^= h1 >>> 16;
h1 = (((h1 & 0xffff) * 0x85ebca6b) + ((((h1 >>> 16) * 0x85ebca6b) & 0xffff) << 16)) & 0xffffffff;
h1 ^= h1 >>> 13;
h1 = ((((h1 & 0xffff) * 0xc2b2ae35) + ((((h1 >>> 16) * 0xc2b2ae35) & 0xffff) << 16))) & 0xffffffff;
h1 ^= h1 >>> 16;
return h1 >>> 0;
}
/**
* Converts an unsigned 32-bit integer to a signed 32-bit integer
* @author AliceGrey [alice@grey.systems]
* @param {value} 32-bit unsigned integer
* @return {number} 32-bit signed integer
*/
unsignedToSigned(value) {
if (value & 0x80000000) {
return -0x100000000 + value;
} else {
return value;
}
}
/**
* @param {string} input
* @param {Object[]} args
* @returns {number}
*/
run(input, args) {
if (args && args.length >= 1) {
const seed = args[0];
const hash = this.mmh3(input, seed);
if (args.length > 1 && args[1]) {
return this.unsignedToSigned(hash);
}
return hash;
}
return this.mmh3(input);
}
}
export default MurmurHash3;

2
src/core/operations/ParseASN1HexString.mjs
View file

@ -20,7 +20,7 @@ class ParseASN1HexString extends Operation {
this.name = "Parse ASN.1 hex string";
this.module = "PublicKey";
this.description = "Abstract Syntax Notation One (ASN.1) is a standard and notation that describes rules and structures for representing, encoding, transmitting, and decoding data in telecommunications and computer networking.<br><br>This operation parses arbitrary ASN.1 data and presents the resulting tree.";
this.description = "Abstract Syntax Notation One (ASN.1) is a standard and notation that describes rules and structures for representing, encoding, transmitting, and decoding data in telecommunications and computer networking.<br><br>This operation parses arbitrary ASN.1 data (encoded as an hex string: use the 'To Hex' operation if necessary) and presents the resulting tree.";
this.infoURL = "https://wikipedia.org/wiki/Abstract_Syntax_Notation_One";
this.inputType = "string";
this.outputType = "string";

149
src/core/operations/RAKE.mjs Normal file
View file

@ -0,0 +1,149 @@
/**
* @author sw5678
* @copyright Crown Copyright 2024
* @license Apache-2.0
*/
import Operation from "../Operation.mjs";
/**
* RAKE operation
*/
class RAKE extends Operation {
/**
* RAKE constructor
*/
constructor() {
super();
this.name = "RAKE";
this.module = "Default";
this.description = [
"Rapid Keyword Extraction (RAKE)",
"<br><br>",
"RAKE is a domain-independent keyword extraction algorithm in Natural Language Processing.",
"<br><br>",
"The list of stop words are from the NLTK python package",
].join("\n");
this.inputType = "string";
this.outputType = "string";
this.args = [
{
name: "Word Delimiter (Regex)",
type: "text",
value: "\\s"
},
{
name: "Sentence Delimiter (Regex)",
type: "text",
value: "\\.\\s|\\n"
},
{
name: "Stop Words",
type: "text",
value: "i,me,my,myself,we,our,ours,ourselves,you,you're,you've,you'll,you'd,your,yours,yourself,yourselves,he,him,his,himself,she,she's,her,hers,herself,it,it's,its,itsef,they,them,their,theirs,themselves,what,which,who,whom,this,that,that'll,these,those,am,is,are,was,were,be,been,being,have,has,had,having,do,does',did,doing,a,an,the,and,but,if,or,because,as,until,while,of,at,by,for,with,about,against,between,into,through,during,before,after,above,below,to,from,up,down,in,out,on,off,over,under,again,further,then,once,here,there,when,where,why,how,all,any,both,each,few,more,most,other,some,such,no,nor,not,only,own,same,so,than,too,very,s,t,can,will,just,don,don't,should,should've,now,d,ll,m,o,re,ve,y,ain,aren,aren't,couldn,couldn't,didn,didn't,doesn,doesn't,hadn,hadn't,hasn,hasn't,haven,haven't,isn,isn't,ma,mightn,mightn't,mustn,mustn't,needn,needn't,shan,shan't,shouldn,shouldn't,wasn,wasn't,weren,weren't,won,won't,wouldn,wouldn't"
}
];
}
/**
* @param {string} input
* @param {Object[]} args
* @returns {string}
*/
run(input, args) {
// Get delimiter regexs
const wordDelim = new RegExp(args[0], "g");
const sentDelim = new RegExp(args[1], "g");
// Deduplicate the stop words and add the empty string
const stopWords = args[2].toLowerCase().replace(/ /g, "").split(",").unique();
stopWords.push("");
// Lower case input and remove start and ending whitespace
input = input.toLowerCase().trim();
// Get tokens, token count, and phrases
const tokens = [];
const wordFrequencies = [];
let phrases = [];
// Build up list of phrases and token counts
const sentences = input.split(sentDelim);
for (const sent of sentences) {
// Split sentence into words
const splitSent = sent.split(wordDelim);
let startIndex = 0;
for (let i = 0; i < splitSent.length; i++) {
const token = splitSent[i];
if (stopWords.includes(token)) {
// If token is stop word then split to create phrase
phrases.push(splitSent.slice(startIndex, i));
startIndex = i + 1;
} else {
// If token is not a stop word add to the count of the list of words
if (tokens.includes(token)) {
wordFrequencies[tokens.indexOf(token)]+=1;
} else {
tokens.push(token);
wordFrequencies.push(1);
}
}
}
phrases.push(splitSent.slice(startIndex));
}
// remove empty phrases
phrases = phrases.filter(subArray => subArray.length > 0);
// Remove duplicate phrases
const uniquePhrases = [...new Set(phrases.map(function (phrase) {
return phrase.join(" ");
}))];
phrases = uniquePhrases.map(function (phrase) {
return phrase.split(" ");
});
// Generate word_degree_matrix and populate
const wordDegreeMatrix = Array.from(Array(tokens.length), _ => Array(tokens.length).fill(0));
phrases.forEach(function (phrase) {
phrase.forEach(function (word1) {
phrase.forEach(function (word2) {
wordDegreeMatrix[tokens.indexOf(word1)][tokens.indexOf(word2)]++;
});
});
});
// Calculate degree score for each token
const degreeScores = Array(tokens.length).fill(0);
for (let i=0; i<tokens.length; i++) {
let wordDegree = 0;
for (let j=0; j<wordDegreeMatrix.length; j++) {
wordDegree += wordDegreeMatrix[j][i];
}
degreeScores[i] = wordDegree / wordFrequencies[i];
}
// Calculate score for each phrase
const scores = phrases.map(function (phrase) {
let score = 0;
phrase.forEach(function (token) {
score += degreeScores[tokens.indexOf(token)];
});
return new Array(score, phrase.join(" "));
});
scores.sort((a, b) => b[0] - a[0]);
scores.unshift(new Array("Scores: ", "Keywords: "));
// Output works with the 'To Table' functionality already built into CC
return scores.map(function (score) {
return score.join(", ");
}).join("\n");
}
}
export default RAKE;

4
src/core/operations/RegularExpression.mjs
View file

@ -83,6 +83,10 @@ class RegularExpression extends Operation {
name: "Strings",
value: "[A-Za-z\\d/\\-:.,_$%\\x27\"()<>= !\\[\\]{}@]{4,}"
},
{
name: "UUID (any version)",
value: "[0-9a-fA-F]{8}\\b-[0-9a-fA-F]{4}\\b-[0-9a-fA-F]{4}\\b-[0-9a-fA-F]{4}\\b-[0-9a-fA-F]{12}"
},
],
"target": 1
},

60
src/core/operations/RisonDecode.mjs Normal file
View file

@ -0,0 +1,60 @@
/**
* @author sg5506844 [sg5506844@gmail.com]
* @copyright Crown Copyright 2021
* @license Apache-2.0
*/
import Operation from "../Operation.mjs";
import OperationError from "../errors/OperationError.mjs";
import rison from "rison";
/**
* Rison Decode operation
*/
class RisonDecode extends Operation {
/**
* RisonDecode constructor
*/
constructor() {
super();
this.name = "Rison Decode";
this.module = "Default";
this.description = "Rison, a data serialization format optimized for compactness in URIs. Rison is a slight variation of JSON that looks vastly superior after URI encoding. Rison still expresses exactly the same set of data structures as JSON, so data can be translated back and forth without loss or guesswork.";
this.infoURL = "https://github.com/Nanonid/rison";
this.inputType = "string";
this.outputType = "Object";
this.args = [
{
name: "Decode Option",
type: "editableOption",
value: [
{ name: "Decode", value: "Decode", },
{ name: "Decode Object", value: "Decode Object", },
{ name: "Decode Array", value: "Decode Array", },
]
},
];
}
/**
* @param {string} input
* @param {Object[]} args
* @returns {Object}
*/
run(input, args) {
const [decodeOption] = args;
switch (decodeOption) {
case "Decode":
return rison.decode(input);
case "Decode Object":
return rison.decode_object(input);
case "Decode Array":
return rison.decode_array(input);
}
throw new OperationError("Invalid Decode option");
}
}
export default RisonDecode;

63
src/core/operations/RisonEncode.mjs Normal file
View file

@ -0,0 +1,63 @@
/**
* @author sg5506844 [sg5506844@gmail.com]
* @copyright Crown Copyright 2021
* @license Apache-2.0
*/
import Operation from "../Operation.mjs";
import OperationError from "../errors/OperationError.mjs";
import rison from "rison";
/**
* Rison Encode operation
*/
class RisonEncode extends Operation {
/**
* RisonEncode constructor
*/
constructor() {
super();
this.name = "Rison Encode";
this.module = "Default";
this.description = "Rison, a data serialization format optimized for compactness in URIs. Rison is a slight variation of JSON that looks vastly superior after URI encoding. Rison still expresses exactly the same set of data structures as JSON, so data can be translated back and forth without loss or guesswork.";
this.infoURL = "https://github.com/Nanonid/rison";
this.inputType = "Object";
this.outputType = "string";
this.args = [
{
name: "Encode Option",
type: "editableOption",
value: [
{ name: "Encode", value: "Encode", },
{ name: "Encode Object", value: "Encode Object", },
{ name: "Encode Array", value: "Encode Array", },
{ name: "Encode URI", value: "Encode URI", }
]
},
];
}
/**
* @param {Object} input
* @param {Object[]} args
* @returns {string}
*/
run(input, args) {
const [encodeOption] = args;
switch (encodeOption) {
case "Encode":
return rison.encode(input);
case "Encode Object":
return rison.encode_object(input);
case "Encode Array":
return rison.encode_array(input);
case "Encode URI":
return rison.encode_uri(input);
}
throw new OperationError("Invalid encode option");
}
}
export default RisonEncode;

2
src/core/operations/SSDEEP.mjs
View file

@ -21,7 +21,7 @@ class SSDEEP extends Operation {
this.name = "SSDEEP";
this.module = "Crypto";
this.description = "SSDEEP is a program for computing context triggered piecewise hashes (CTPH). Also called fuzzy hashes, CTPH can match inputs that have homologies. Such inputs have sequences of identical bytes in the same order, although bytes in between these sequences may be different in both content and length.<br><br>SSDEEP hashes are now widely used for simple identification purposes (e.g. the 'Basic Properties' section in VirusTotal). Although 'better' fuzzy hashes are available, SSDEEP is still one of the primary choices because of its speed and being a de facto standard.<br><br>This operation is fundamentally the same as the CTPH operation, however their outputs differ in format.";
this.infoURL = "https://forensicswiki.xyz/wiki/index.php?title=Ssdeep";
this.infoURL = "https://forensics.wiki/ssdeep";
this.inputType = "string";
this.outputType = "string";
this.args = [];

154
src/core/operations/Salsa20.mjs Normal file
View file

@ -0,0 +1,154 @@
/**
* @author joostrijneveld [joost@joostrijneveld.nl]
* @copyright Crown Copyright 2024
* @license Apache-2.0
*/
import Operation from "../Operation.mjs";
import OperationError from "../errors/OperationError.mjs";
import Utils from "../Utils.mjs";
import { toHex } from "../lib/Hex.mjs";
import { salsa20Block } from "../lib/Salsa20.mjs";
/**
* Salsa20 operation
*/
class Salsa20 extends Operation {
/**
* Salsa20 constructor
*/
constructor() {
super();
this.name = "Salsa20";
this.module = "Default";
this.description = "Salsa20 is a stream cipher designed by Daniel J. Bernstein and submitted to the eSTREAM project; Salsa20/8 and Salsa20/12 are round-reduced variants. It is closely related to the ChaCha stream cipher.<br><br><b>Key:</b> Salsa20 uses a key of 16 or 32 bytes (128 or 256 bits).<br><br><b>Nonce:</b> Salsa20 uses a nonce of 8 bytes (64 bits).<br><br><b>Counter:</b> Salsa uses a counter of 8 bytes (64 bits). The counter starts at zero at the start of the keystream, and is incremented at every 64 bytes.";
this.infoURL = "https://wikipedia.org/wiki/Salsa20";
this.inputType = "string";
this.outputType = "string";
this.args = [
{
"name": "Key",
"type": "toggleString",
"value": "",
"toggleValues": ["Hex", "UTF8", "Latin1", "Base64"]
},
{
"name": "Nonce",
"type": "toggleString",
"value": "",
"toggleValues": ["Hex", "UTF8", "Latin1", "Base64", "Integer"]
},
{
"name": "Counter",
"type": "number",
"value": 0,
"min": 0
},
{
"name": "Rounds",
"type": "option",
"value": ["20", "12", "8"]
},
{
"name": "Input",
"type": "option",
"value": ["Hex", "Raw"]
},
{
"name": "Output",
"type": "option",
"value": ["Raw", "Hex"]
}
];
}
/**
* @param {string} input
* @param {Object[]} args
* @returns {string}
*/
run(input, args) {
const key = Utils.convertToByteArray(args[0].string, args[0].option),
nonceType = args[1].option,
rounds = parseInt(args[3], 10),
inputType = args[4],
outputType = args[5];
if (key.length !== 16 && key.length !== 32) {
throw new OperationError(`Invalid key length: ${key.length} bytes.
Salsa20 uses a key of 16 or 32 bytes (128 or 256 bits).`);
}
let counter, nonce;
if (nonceType === "Integer") {
nonce = Utils.intToByteArray(parseInt(args[1].string, 10), 8, "little");
} else {
nonce = Utils.convertToByteArray(args[1].string, args[1].option);
if (!(nonce.length === 8)) {
throw new OperationError(`Invalid nonce length: ${nonce.length} bytes.
Salsa20 uses a nonce of 8 bytes (64 bits).`);
}
}
counter = Utils.intToByteArray(args[2], 8, "little");
const output = [];
input = Utils.convertToByteArray(input, inputType);
let counterAsInt = Utils.byteArrayToInt(counter, "little");
for (let i = 0; i < input.length; i += 64) {
counter = Utils.intToByteArray(counterAsInt, 8, "little");
const stream = salsa20Block(key, nonce, counter, rounds);
for (let j = 0; j < 64 && i + j < input.length; j++) {
output.push(input[i + j] ^ stream[j]);
}
counterAsInt++;
}
if (outputType === "Hex") {
return toHex(output);
} else {
return Utils.arrayBufferToStr(Uint8Array.from(output).buffer);
}
}
/**
* Highlight Salsa20
*
* @param {Object[]} pos
* @param {number} pos[].start
* @param {number} pos[].end
* @param {Object[]} args
* @returns {Object[]} pos
*/
highlight(pos, args) {
const inputType = args[4],
outputType = args[5];
if (inputType === "Raw" && outputType === "Raw") {
return pos;
}
}
/**
* Highlight Salsa20 in reverse
*
* @param {Object[]} pos
* @param {number} pos[].start
* @param {number} pos[].end
* @param {Object[]} args
* @returns {Object[]} pos
*/
highlightReverse(pos, args) {
const inputType = args[4],
outputType = args[5];
if (inputType === "Raw" && outputType === "Raw") {
return pos;
}
}
}
export default Salsa20;

17
src/core/operations/Streebog.mjs
View file

@ -28,7 +28,7 @@ class Streebog extends Operation {
this.outputType = "string";
this.args = [
{
"name": "Size",
"name": "Digest length",
"type": "option",
"value": ["256", "512"]
}
@ -41,13 +41,16 @@ class Streebog extends Operation {
* @returns {string}
*/
run(input, args) {
const [length] = args;
const algorithm = {
version: 2012,
mode: "HASH",
length: parseInt(length, 10)
};
try {
const length = parseInt(args[0], 10);
const gostDigest = new GostDigest({
name: "GOST R 34.11",
version: 2012,
length: length
});
const gostDigest = new GostDigest(algorithm);
return toHexFast(gostDigest.digest(input));
} catch (err) {

8
src/core/operations/ToBase58.mjs
View file

@ -43,7 +43,7 @@ class ToBase58 extends Operation {
run(input, args) {
input = new Uint8Array(input);
let alphabet = args[0] || ALPHABET_OPTIONS[0].value,
result = [0];
result = [];
alphabet = Utils.expandAlphRange(alphabet).join("");
@ -60,11 +60,9 @@ class ToBase58 extends Operation {
}
input.forEach(function(b) {
let carry = (result[0] << 8) + b;
result[0] = carry % 58;
carry = (carry / 58) | 0;
let carry = b;
for (let i = 1; i < result.length; i++) {
for (let i = 0; i < result.length; i++) {
carry += result[i] << 8;
result[i] = carry % 58;
carry = (carry / 58) | 0;

67
src/core/operations/ToBase92.mjs Normal file
View file

@ -0,0 +1,67 @@
/**
* @author sg5506844 [sg5506844@gmail.com]
* @copyright Crown Copyright 2021
* @license Apache-2.0
*/
import { base92Chr } from "../lib/Base92.mjs";
import Operation from "../Operation.mjs";
/**
* To Base92 operation
*/
class ToBase92 extends Operation {
/**
* ToBase92 constructor
*/
constructor() {
super();
this.name = "To Base92";
this.module = "Default";
this.description = "Base92 is a notation for encoding arbitrary byte data using a restricted set of symbols that can be conveniently used by humans and processed by computers.";
this.infoURL = "https://wikipedia.org/wiki/List_of_numeral_systems";
this.inputType = "string";
this.outputType = "byteArray";
}
/**
* @param {string} input
* @param {Object[]} args
* @returns {byteArray}
*/
run(input, args) {
const res = [];
let bitString = "";
while (input.length > 0) {
while (bitString.length < 13 && input.length > 0) {
bitString += input[0].charCodeAt(0).toString(2).padStart(8, "0");
input = input.slice(1);
}
if (bitString.length < 13)
break;
const i = parseInt(bitString.slice(0, 13), 2);
res.push(base92Chr(Math.floor(i / 91)));
res.push(base92Chr(i % 91));
bitString = bitString.slice(13);
}
if (bitString.length > 0) {
if (bitString.length < 7) {
bitString = bitString.padEnd(6, "0");
res.push(base92Chr(parseInt(bitString, 2)));
} else {
bitString = bitString.padEnd(13, "0");
const i = parseInt(bitString.slice(0, 13), 2);
res.push(base92Chr(Math.floor(i / 91)));
res.push(base92Chr(i % 91));
}
}
return res;
}
}
export default ToBase92;

80
src/core/operations/ToFloat.mjs Normal file
View file

@ -0,0 +1,80 @@
/**
* @author tcode2k16 [tcode2k16@gmail.com]
* @copyright Crown Copyright 2019
* @license Apache-2.0
*/
import Operation from "../Operation.mjs";
import OperationError from "../errors/OperationError.mjs";
import Utils from "../Utils.mjs";
import ieee754 from "ieee754";
import {DELIM_OPTIONS} from "../lib/Delim.mjs";
/**
* To Float operation
*/
class ToFloat extends Operation {
/**
* ToFloat constructor
*/
constructor() {
super();
this.name = "To Float";
this.module = "Default";
this.description = "Convert to EEE754 Floating Point Numbers";
this.infoURL = "https://en.wikipedia.org/wiki/IEEE_754";
this.inputType = "byteArray";
this.outputType = "string";
this.args = [
{
"name": "Endianness",
"type": "option",
"value": [
"Big Endian",
"Little Endian"
]
},
{
"name": "Size",
"type": "option",
"value": [
"Float (4 bytes)",
"Double (8 bytes)"
]
},
{
"name": "Delimiter",
"type": "option",
"value": DELIM_OPTIONS
}
];
}
/**
* @param {byteArray} input
* @param {Object[]} args
* @returns {string}
*/
run(input, args) {
const [endianness, size, delimiterName] = args;
const delim = Utils.charRep(delimiterName || "Space");
const byteSize = size === "Double (8 bytes)" ? 8 : 4;
const isLE = endianness === "Little Endian";
const mLen = byteSize === 4 ? 23 : 52;
if (input.length % byteSize !== 0) {
throw new OperationError(`Input is not a multiple of ${byteSize}`);
}
const output = [];
for (let i = 0; i < input.length; i+=byteSize) {
output.push(ieee754.read(input, i, isLE, mLen, byteSize));
}
return output.join(delim);
}
}
export default ToFloat;

2
src/core/operations/XPathExpression.mjs
View file

@ -6,7 +6,7 @@
import Operation from "../Operation.mjs";
import OperationError from "../errors/OperationError.mjs";
import xmldom from "xmldom";
import xmldom from "@xmldom/xmldom";
import xpath from "xpath";
/**

156
src/core/operations/XSalsa20.mjs Normal file
View file

@ -0,0 +1,156 @@
/**
* @author joostrijneveld [joost@joostrijneveld.nl]
* @copyright Crown Copyright 2024
* @license Apache-2.0
*/
import Operation from "../Operation.mjs";
import OperationError from "../errors/OperationError.mjs";
import Utils from "../Utils.mjs";
import { toHex } from "../lib/Hex.mjs";
import { salsa20Block, hsalsa20 } from "../lib/Salsa20.mjs";
/**
* XSalsa20 operation
*/
class XSalsa20 extends Operation {
/**
* XSalsa20 constructor
*/
constructor() {
super();
this.name = "XSalsa20";
this.module = "Default";
this.description = "XSalsa20 is a variant of the Salsa20 stream cipher designed by Daniel J. Bernstein; XSalsa uses longer nonces.<br><br><b>Key:</b> XSalsa20 uses a key of 16 or 32 bytes (128 or 256 bits).<br><br><b>Nonce:</b> XSalsa20 uses a nonce of 24 bytes (192 bits).<br><br><b>Counter:</b> XSalsa uses a counter of 8 bytes (64 bits). The counter starts at zero at the start of the keystream, and is incremented at every 64 bytes.";
this.infoURL = "https://en.wikipedia.org/wiki/Salsa20#XSalsa20_with_192-bit_nonce";
this.inputType = "string";
this.outputType = "string";
this.args = [
{
"name": "Key",
"type": "toggleString",
"value": "",
"toggleValues": ["Hex", "UTF8", "Latin1", "Base64"]
},
{
"name": "Nonce",
"type": "toggleString",
"value": "",
"toggleValues": ["Hex", "UTF8", "Latin1", "Base64", "Integer"]
},
{
"name": "Counter",
"type": "number",
"value": 0,
"min": 0
},
{
"name": "Rounds",
"type": "option",
"value": ["20", "12", "8"]
},
{
"name": "Input",
"type": "option",
"value": ["Hex", "Raw"]
},
{
"name": "Output",
"type": "option",
"value": ["Raw", "Hex"]
}
];
}
/**
* @param {string} input
* @param {Object[]} args
* @returns {string}
*/
run(input, args) {
const key = Utils.convertToByteArray(args[0].string, args[0].option),
nonceType = args[1].option,
rounds = parseInt(args[3], 10),
inputType = args[4],
outputType = args[5];
if (key.length !== 16 && key.length !== 32) {
throw new OperationError(`Invalid key length: ${key.length} bytes.
XSalsa20 uses a key of 16 or 32 bytes (128 or 256 bits).`);
}
let counter, nonce;
if (nonceType === "Integer") {
nonce = Utils.intToByteArray(parseInt(args[1].string, 10), 8, "little");
} else {
nonce = Utils.convertToByteArray(args[1].string, args[1].option);
if (!(nonce.length === 24)) {
throw new OperationError(`Invalid nonce length: ${nonce.length} bytes.
XSalsa20 uses a nonce of 24 bytes (192 bits).`);
}
}
counter = Utils.intToByteArray(args[2], 8, "little");
const xsalsaKey = hsalsa20(key, nonce.slice(0, 16), rounds);
const output = [];
input = Utils.convertToByteArray(input, inputType);
let counterAsInt = Utils.byteArrayToInt(counter, "little");
for (let i = 0; i < input.length; i += 64) {
counter = Utils.intToByteArray(counterAsInt, 8, "little");
const stream = salsa20Block(xsalsaKey, nonce.slice(16, 24), counter, rounds);
for (let j = 0; j < 64 && i + j < input.length; j++) {
output.push(input[i + j] ^ stream[j]);
}
counterAsInt++;
}
if (outputType === "Hex") {
return toHex(output);
} else {
return Utils.arrayBufferToStr(Uint8Array.from(output).buffer);
}
}
/**
* Highlight XSalsa20
*
* @param {Object[]} pos
* @param {number} pos[].start
* @param {number} pos[].end
* @param {Object[]} args
* @returns {Object[]} pos
*/
highlight(pos, args) {
const inputType = args[4],
outputType = args[5];
if (inputType === "Raw" && outputType === "Raw") {
return pos;
}
}
/**
* Highlight XSalsa20 in reverse
*
* @param {Object[]} pos
* @param {number} pos[].start
* @param {number} pos[].end
* @param {Object[]} args
* @returns {Object[]} pos
*/
highlightReverse(pos, args) {
const inputType = args[4],
outputType = args[5];
if (inputType === "Raw" && outputType === "Raw") {
return pos;
}
}
}
export default XSalsa20;

182
src/core/operations/XXTEA.mjs Normal file
View file

@ -0,0 +1,182 @@
/**
* @author devcydo [devcydo@gmail.com]
* @author Ma Bingyao [mabingyao@gmail.com]
* @copyright Crown Copyright 2022
* @license Apache-2.0
*/
import Operation from "../Operation.mjs";
import OperationError from "../errors/OperationError.mjs";
import {toBase64} from "../lib/Base64.mjs";
import Utils from "../Utils.mjs";
/**
* XXTEA Encrypt operation
*/
class XXTEAEncrypt extends Operation {
/**
* XXTEAEncrypt constructor
*/
constructor() {
super();
this.name = "XXTEA";
this.module = "Default";
this.description = "Corrected Block TEA (often referred to as XXTEA) is a block cipher designed to correct weaknesses in the original Block TEA. XXTEA operates on variable-length blocks that are some arbitrary multiple of 32 bits in size (minimum 64 bits). The number of full cycles depends on the block size, but there are at least six (rising to 32 for small block sizes). The original Block TEA applies the XTEA round function to each word in the block and combines it additively with its leftmost neighbour. Slow diffusion rate of the decryption process was immediately exploited to break the cipher. Corrected Block TEA uses a more involved round function which makes use of both immediate neighbours in processing each word in the block.";
this.infoURL = "https://wikipedia.org/wiki/XXTEA";
this.inputType = "string";
this.outputType = "string";
this.args = [
{
"name": "Key",
"type": "string",
"value": "",
},
];
}
/**
* @param {string} input
* @param {Object[]} args
* @returns {string}
*/
run(input, args) {
let key = args[0];
if (input === undefined || input === null || input.length === 0) {
throw new OperationError("Invalid input length (0)");
}
if (key === undefined || key === null || key.length === 0) {
throw new OperationError("Invalid key length (0)");
}
input = Utils.convertToByteString(input, "utf8");
key = Utils.convertToByteString(key, "utf8");
input = this.convertToUint32Array(input, true);
key = this.fixLength(this.convertToUint32Array(key, false));
let encrypted = this.encryptUint32Array(input, key);
encrypted = toBase64(this.toBinaryString(encrypted, false));
return encrypted;
}
/**
* Convert Uint32Array to binary string
*
* @param {Uint32Array} v
* @param {Boolean} includeLength
* @returns {string}
*/
toBinaryString(v, includeLENGTH) {
const LENGTH = v.length;
let n = LENGTH << 2;
if (includeLENGTH) {
const M = v[LENGTH - 1];
n -= 4;
if ((M < n - 3) || (M > n)) {
return null;
}
n = M;
}
for (let i = 0; i < LENGTH; i++) {
v[i] = String.fromCharCode(
v[i] & 0xFF,
v[i] >>> 8 & 0xFF,
v[i] >>> 16 & 0xFF,
v[i] >>> 24 & 0xFF
);
}
const RESULT = v.join("");
if (includeLENGTH) {
return RESULT.substring(0, n);
}
return RESULT;
}
/**
* @param {number} sum
* @param {number} y
* @param {number} z
* @param {number} p
* @param {number} e
* @param {number} k
* @returns {number}
*/
mx(sum, y, z, p, e, k) {
return ((z >>> 5 ^ y << 2) + (y >>> 3 ^ z << 4)) ^ ((sum ^ y) + (k[p & 3 ^ e] ^ z));
}
/**
* Encrypt Uint32Array
*
* @param {Uint32Array} v
* @param {number} k
* @returns {Uint32Array}
*/
encryptUint32Array(v, k) {
const LENGTH = v.length;
const N = LENGTH - 1;
let y, z, sum, e, p, q;
z = v[N];
sum = 0;
for (q = Math.floor(6 + 52 / LENGTH) | 0; q > 0; --q) {
sum = (sum + 0x9E3779B9) & 0xFFFFFFFF;
e = sum >>> 2 & 3;
for (p = 0; p < N; ++p) {
y = v[p + 1];
z = v[p] = (v[p] + this.mx(sum, y, z, p, e, k)) & 0xFFFFFFFF;
}
y = v[0];
z = v[N] = (v[N] + this.mx(sum, y, z, N, e, k)) & 0xFFFFFFFF;
}
return v;
}
/**
* Fixes the Uint32Array lenght to 4
*
* @param {Uint32Array} k
* @returns {Uint32Array}
*/
fixLength(k) {
if (k.length < 4) {
k.length = 4;
}
return k;
}
/**
* Convert string to Uint32Array
*
* @param {string} bs
* @param {Boolean} includeLength
* @returns {Uint32Array}
*/
convertToUint32Array(bs, includeLength) {
const LENGTH = bs.length;
let n = LENGTH >> 2;
if ((LENGTH & 3) !== 0) {
++n;
}
let v;
if (includeLength) {
v = new Array(n + 1);
v[n] = LENGTH;
} else {
v = new Array(n);
}
for (let i = 0; i < LENGTH; ++i) {
v[i >> 2] |= bs.charCodeAt(i) << ((i & 3) << 3);
}
return v;
}
}
export default XXTEAEncrypt;

2
src/core/vendor/DisassembleX86-64.mjs vendored
View file

@ -4054,7 +4054,7 @@ function DecodeImmediate( type, BySize, SizeSetting )
//Sign bit adjust.
if( V32 >= ( n >> 1 ) ) { V32 -= n; }
if( V32 >= ( n / 2 ) ) { V32 -= n; }
//Add position.

16
src/web/App.mjs
View file

@ -46,6 +46,8 @@ class App {
this.appLoaded = false;
this.workerLoaded = false;
this.waitersLoaded = false;
this.snackbars = [];
}
@ -500,22 +502,22 @@ class App {
// Input Character Encoding
// Must be set before the input is loaded
if (this.uriParams.ienc) {
this.manager.input.chrEncChange(parseInt(this.uriParams.ienc, 10));
this.manager.input.chrEncChange(parseInt(this.uriParams.ienc, 10), true);
}
// Output Character Encoding
if (this.uriParams.oenc) {
this.manager.output.chrEncChange(parseInt(this.uriParams.oenc, 10));
this.manager.output.chrEncChange(parseInt(this.uriParams.oenc, 10), true);
}
// Input EOL sequence
if (this.uriParams.ieol) {
this.manager.input.eolChange(this.uriParams.ieol);
this.manager.input.eolChange(this.uriParams.ieol, true);
}
// Output EOL sequence
if (this.uriParams.oeol) {
this.manager.output.eolChange(this.uriParams.oeol);
this.manager.output.eolChange(this.uriParams.oeol, true);
}
// Read in input data from URI params
@ -708,14 +710,14 @@ class App {
log.info("[" + time.toLocaleString() + "] " + str);
if (silent) return;
this.currentSnackbar = $.snackbar({
this.snackbars.push($.snackbar({
content: str,
timeout: timeout,
htmlAllowed: true,
onClose: () => {
this.currentSnackbar.remove();
this.snackbars.shift().remove();
}
});
}));
}

4
src/web/HTMLOperation.mjs
View file

@ -157,9 +157,9 @@ function titleFromWikiLink(urlStr) {
pageTitle = "";
switch (urlObj.host) {
case "forensicswiki.xyz":
case "forensics.wiki":
wikiName = "Forensics Wiki";
pageTitle = urlObj.query.substr(6).replace(/_/g, " "); // Chop off 'title='
pageTitle = Utils.toTitleCase(urlObj.path.replace(/\//g, "").replace(/_/g, " "));
break;
case "wikipedia.org":
wikiName = "Wikipedia";

3
src/web/html/index.html
View file

@ -62,7 +62,8 @@
"Training branch predictor...",
"Timing cache hits...",
"Speculatively executing recipes...",
"Adding LLM hallucinations..."
"Adding LLM hallucinations...",
"Decompressing malware..."
];
// Shuffle array using Durstenfeld algorithm

6
src/web/stylesheets/components/_operation.css
View file

@ -69,6 +69,10 @@ select.arg {
min-width: 100px;
}
select.arg.form-control:not([size]):not([multiple]), select.custom-file-control:not([size]):not([multiple]) {
height: 100% !important;
}
textarea.arg {
min-height: 74px;
resize: vertical;
@ -80,7 +84,7 @@ div.toggle-string {
input.toggle-string {
border-top-right-radius: 0 !important;
height: 42px !important;
height: 100%;
}
.operation [class^='bmd-label'],

1
src/web/stylesheets/index.css
View file

@ -36,4 +36,5 @@
@import "./layout/_structure.css";
/* Operations */
@import "./operations/diff.css";
@import "./operations/json.css";

8
src/web/stylesheets/operations/diff.css Normal file
View file

@ -0,0 +1,8 @@
del {
background-color: var(--hl3);
}
ins {
text-decoration: underline; /* shouldn't be needed, but Chromium doesn't copy to clipboard without it */
background-color: var(--hl5);
}

3
src/web/stylesheets/operations/json.css
View file

@ -44,7 +44,8 @@ ul.json-dict, ol.json-array {
display: contents;
}
.json-summary {
display: contents;
display: inline;
list-style: none;
}
/* Display object and array brackets when closed */

39
src/web/utils/editorUtils.mjs
View file

@ -95,3 +95,42 @@ export function escapeControlChars(str, preserveWs=false, lineBreak="\n") {
return n.outerHTML;
});
}
/**
* Convert and EOL sequence to its name
*/
export const eolSeqToCode = {
"\u000a": "LF",
"\u000b": "VT",
"\u000c": "FF",
"\u000d": "CR",
"\u000d\u000a": "CRLF",
"\u0085": "NEL",
"\u2028": "LS",
"\u2029": "PS"
};
/**
* Convert an EOL name to its sequence
*/
export const eolCodeToSeq = {
"LF": "\u000a",
"VT": "\u000b",
"FF": "\u000c",
"CR": "\u000d",
"CRLF": "\u000d\u000a",
"NEL": "\u0085",
"LS": "\u2028",
"PS": "\u2029"
};
export const eolCodeToName = {
"LF": "Line Feed",
"VT": "Vertical Tab",
"FF": "Form Feed",
"CR": "Carriage Return",
"CRLF": "Carriage Return + Line Feed",
"NEL": "Next Line",
"LS": "Line Separator",
"PS": "Paragraph Separator"
};

87
src/web/utils/statusBar.mjs
View file

@ -6,6 +6,7 @@
import {showPanel} from "@codemirror/view";
import {CHR_ENC_SIMPLE_LOOKUP, CHR_ENC_SIMPLE_REVERSE_LOOKUP} from "../../core/lib/ChrEnc.mjs";
import { eolCodeToName, eolSeqToCode } from "./editorUtils.mjs";
/**
* A Status bar extension for CodeMirror
@ -23,6 +24,8 @@ class StatusBarPanel {
this.eolHandler = opts.eolHandler;
this.chrEncHandler = opts.chrEncHandler;
this.chrEncGetter = opts.chrEncGetter;
this.getEncodingState = opts.getEncodingState;
this.getEOLState = opts.getEOLState;
this.htmlOutput = opts.htmlOutput;
this.eolVal = null;
@ -92,22 +95,12 @@ class StatusBarPanel {
// preventDefault is required to stop the URL being modified and popState being triggered
e.preventDefault();
const eolLookup = {
"LF": "\u000a",
"VT": "\u000b",
"FF": "\u000c",
"CR": "\u000d",
"CRLF": "\u000d\u000a",
"NEL": "\u0085",
"LS": "\u2028",
"PS": "\u2029"
};
const eolval = eolLookup[e.target.getAttribute("data-val")];
if (eolval === undefined) return;
const eolCode = e.target.getAttribute("data-val");
if (!eolCode) return;
// Call relevant EOL change handler
this.eolHandler(eolval);
this.eolHandler(e.target.getAttribute("data-val"), true);
hideElement(e.target.closest(".cm-status-bar-select-content"));
}
@ -124,7 +117,7 @@ class StatusBarPanel {
if (isNaN(chrEncVal)) return;
this.chrEncHandler(chrEncVal);
this.chrEncHandler(chrEncVal, true);
this.updateCharEnc(chrEncVal);
hideElement(e.target.closest(".cm-status-bar-select-content"));
}
@ -221,25 +214,34 @@ class StatusBarPanel {
* @param {EditorState} state
*/
updateEOL(state) {
if (state.lineBreak === this.eolVal) return;
const eolLookup = {
"\u000a": ["LF", "Line Feed"],
"\u000b": ["VT", "Vertical Tab"],
"\u000c": ["FF", "Form Feed"],
"\u000d": ["CR", "Carriage Return"],
"\u000d\u000a": ["CRLF", "Carriage Return + Line Feed"],
"\u0085": ["NEL", "Next Line"],
"\u2028": ["LS", "Line Separator"],
"\u2029": ["PS", "Paragraph Separator"]
};
if (this.getEOLState() < 2 && state.lineBreak === this.eolVal) return;
const val = this.dom.querySelector(".eol-value");
const button = val.closest(".cm-status-bar-select-btn");
const eolName = eolLookup[state.lineBreak];
val.textContent = eolName[0];
button.setAttribute("title", `End of line sequence:<br>${eolName[1]}`);
button.setAttribute("data-original-title", `End of line sequence:<br>${eolName[1]}`);
let eolCode = eolSeqToCode[state.lineBreak];
let eolName = eolCodeToName[eolCode];
switch (this.getEOLState()) {
case 1: // Detected
val.classList.add("font-italic");
eolCode += " (detected)";
eolName += " (detected)";
// Pulse
val.classList.add("pulse");
setTimeout(() => {
val.classList.remove("pulse");
}, 2000);
break;
case 0: // Unset
case 2: // Manually set
default:
val.classList.remove("font-italic");
break;
}
val.textContent = eolCode;
button.setAttribute("title", `End of line sequence:<br>${eolName}`);
button.setAttribute("data-original-title", `End of line sequence:<br>${eolName}`);
this.eolVal = state.lineBreak;
}
@ -249,12 +251,30 @@ class StatusBarPanel {
*/
updateCharEnc() {
const chrEncVal = this.chrEncGetter();
if (chrEncVal === this.chrEncVal) return;
if (this.getEncodingState() < 2 && chrEncVal === this.chrEncVal) return;
const name = CHR_ENC_SIMPLE_REVERSE_LOOKUP[chrEncVal] ? CHR_ENC_SIMPLE_REVERSE_LOOKUP[chrEncVal] : "Raw Bytes";
let name = CHR_ENC_SIMPLE_REVERSE_LOOKUP[chrEncVal] ? CHR_ENC_SIMPLE_REVERSE_LOOKUP[chrEncVal] : "Raw Bytes";
const val = this.dom.querySelector(".chr-enc-value");
const button = val.closest(".cm-status-bar-select-btn");
switch (this.getEncodingState()) {
case 1: // Detected
val.classList.add("font-italic");
name += " (detected)";
// Pulse
val.classList.add("pulse");
setTimeout(() => {
val.classList.remove("pulse");
}, 2000);
break;
case 0: // Unset
case 2: // Manually set
default:
val.classList.remove("font-italic");
break;
}
val.textContent = name;
button.setAttribute("title", `${this.label} character encoding:<br>${name}`);
button.setAttribute("data-original-title", `${this.label} character encoding:<br>${name}`);
@ -275,7 +295,6 @@ class StatusBarPanel {
bakingTime.textContent = this.timing.duration(this.tabNumGetter());
const info = this.timing.printStages(this.tabNumGetter()).replace(/\n/g, "<br>");
bakingTimeInfo.setAttribute("title", info);
bakingTimeInfo.setAttribute("data-original-title", info);
} else {
bakingTimeInfo.style.display = "none";

9
src/web/waiters/ControlsWaiter.mjs
View file

@ -5,6 +5,7 @@
*/
import Utils from "../../core/Utils.mjs";
import { eolSeqToCode } from "../utils/editorUtils.mjs";
/**
@ -140,16 +141,16 @@ class ControlsWaiter {
const inputChrEnc = this.manager.input.getChrEnc();
const outputChrEnc = this.manager.output.getChrEnc();
const inputEOLSeq = this.manager.input.getEOLSeq();
const outputEOLSeq = this.manager.output.getEOLSeq();
const inputEOL = eolSeqToCode[this.manager.input.getEOLSeq()];
const outputEOL = eolSeqToCode[this.manager.output.getEOLSeq()];
const params = [
includeRecipe ? ["recipe", recipeStr] : undefined,
includeInput && input.length ? ["input", Utils.escapeHtml(input)] : undefined,
inputChrEnc !== 0 ? ["ienc", inputChrEnc] : undefined,
outputChrEnc !== 0 ? ["oenc", outputChrEnc] : undefined,
inputEOLSeq !== "\n" ? ["ieol", inputEOLSeq] : undefined,
outputEOLSeq !== "\n" ? ["oeol", outputEOLSeq] : undefined
inputEOL !== "LF" ? ["ieol", inputEOL] : undefined,
outputEOL !== "LF" ? ["oeol", outputEOL] : undefined
];
const hash = params

114
src/web/waiters/InputWaiter.mjs
View file

@ -42,7 +42,7 @@ import {
import {statusBar} from "../utils/statusBar.mjs";
import {fileDetailsPanel} from "../utils/fileDetails.mjs";
import {renderSpecialChar} from "../utils/editorUtils.mjs";
import {eolCodeToSeq, eolCodeToName, renderSpecialChar} from "../utils/editorUtils.mjs";
/**
@ -62,6 +62,8 @@ class InputWaiter {
this.inputTextEl = document.getElementById("input-text");
this.inputChrEnc = 0;
this.eolState = 0; // 0 = unset, 1 = detected, 2 = manual
this.encodingState = 0; // 0 = unset, 1 = detected, 2 = manual
this.initEditor();
this.inputWorker = null;
@ -92,6 +94,7 @@ class InputWaiter {
fileDetailsPanel: new Compartment
};
const self = this;
const initialState = EditorState.create({
doc: null,
extensions: [
@ -114,7 +117,9 @@ class InputWaiter {
label: "Input",
eolHandler: this.eolChange.bind(this),
chrEncHandler: this.chrEncChange.bind(this),
chrEncGetter: this.getChrEnc.bind(this)
chrEncGetter: this.getChrEnc.bind(this),
getEncodingState: this.getEncodingState.bind(this),
getEOLState: this.getEOLState.bind(this)
}),
// Mutable state
@ -141,10 +146,21 @@ class InputWaiter {
if (e.docChanged && !this.silentInputChange)
this.inputChange(e);
this.silentInputChange = false;
}),
// Event handlers
EditorView.domEventHandlers({
paste(event, view) {
setTimeout(() => {
self.afterPaste(event);
});
}
})
]
});
if (this.inputEditorView) this.inputEditorView.destroy();
this.inputEditorView = new EditorView({
state: initialState,
parent: this.inputTextEl
@ -154,12 +170,23 @@ class InputWaiter {
/**
* Handler for EOL change events
* Sets the line separator
* @param {string} eolVal
* @param {string} eol
* @param {boolean} [manual=false]
*/
eolChange(eolVal) {
const oldInputVal = this.getInput();
eolChange(eol, manual=false) {
const eolVal = eolCodeToSeq[eol];
if (eolVal === undefined) return;
this.eolState = manual ? 2 : this.eolState;
if (this.eolState < 2 && eolVal === this.getEOLSeq()) return;
if (this.eolState === 1) {
// Alert
this.app.alert(`Input end of line separator has been detected and changed to ${eolCodeToName[eol]}`, 5000);
}
// Update the EOL value
const oldInputVal = this.getInput();
this.inputEditorView.dispatch({
effects: this.inputEditorConf.eol.reconfigure(EditorState.lineSeparator.of(eolVal))
});
@ -176,14 +203,24 @@ class InputWaiter {
return this.inputEditorView.state.lineBreak;
}
/**
* Returns whether the input EOL sequence was set manually or has been detected automatically
* @returns {number} - 0 = unset, 1 = detected, 2 = manual
*/
getEOLState() {
return this.eolState;
}
/**
* Handler for Chr Enc change events
* Sets the input character encoding
* @param {number} chrEncVal
* @param {boolean} [manual=false]
*/
chrEncChange(chrEncVal) {
chrEncChange(chrEncVal, manual=false) {
if (typeof chrEncVal !== "number") return;
this.inputChrEnc = chrEncVal;
this.encodingState = manual ? 2 : this.encodingState;
this.inputChange();
}
@ -195,6 +232,14 @@ class InputWaiter {
return this.inputChrEnc;
}
/**
* Returns whether the input character encoding was set manually or has been detected automatically
* @returns {number} - 0 = unset, 1 = detected, 2 = manual
*/
getEncodingState() {
return this.encodingState;
}
/**
* Sets word wrap on the input editor
* @param {boolean} wrap
@ -866,6 +911,55 @@ class InputWaiter {
}, delay, "inputChange", this, [e])();
}
/**
* Handler that fires just after input paste events.
* Checks whether the EOL separator or character encoding should be updated.
*
* @param {event} e
*/
afterPaste(e) {
// If EOL has been fixed, skip this.
if (this.eolState > 1) return;
const inputText = this.getInput();
// Detect most likely EOL sequence
const eolCharCounts = {
"LF": inputText.count("\u000a"),
"VT": inputText.count("\u000b"),
"FF": inputText.count("\u000c"),
"CR": inputText.count("\u000d"),
"CRLF": inputText.count("\u000d\u000a"),
"NEL": inputText.count("\u0085"),
"LS": inputText.count("\u2028"),
"PS": inputText.count("\u2029")
};
// If all zero, leave alone
const total = Object.values(eolCharCounts).reduce((acc, curr) => {
return acc + curr;
}, 0);
if (total === 0) return;
// Find most prevalent line ending sequence
const highest = Object.entries(eolCharCounts).reduce((acc, curr) => {
return curr[1] > acc[1] ? curr : acc;
}, ["LF", 0]);
let choice = highest[0];
// If CRLF not zero and more than half the highest alternative, choose CRLF
if ((eolCharCounts.CRLF * 2) > highest[1]) {
choice = "CRLF";
}
const eolVal = eolCodeToSeq[choice];
if (eolVal === this.getEOLSeq()) return;
// Setting automatically
this.eolState = 1;
this.eolChange(choice);
}
/**
* Handler for input dragover events.
* Gives the user a visual cue to show that items can be dropped here.
@ -1199,6 +1293,14 @@ class InputWaiter {
this.manager.output.removeAllOutputs();
this.manager.output.terminateZipWorker();
this.eolState = 0;
this.encodingState = 0;
this.manager.output.eolState = 0;
this.manager.output.encodingState = 0;
this.initEditor();
this.manager.output.initEditor();
const tabsList = document.getElementById("input-tabs");
const tabsListChildren = tabsList.children;

142
src/web/waiters/OutputWaiter.mjs
View file

@ -7,6 +7,7 @@
import Utils, {debounce} from "../../core/Utils.mjs";
import Dish from "../../core/Dish.mjs";
import {isUTF8, CHR_ENC_SIMPLE_REVERSE_LOOKUP} from "../../core/lib/ChrEnc.mjs";
import {detectFileType} from "../../core/lib/FileType.mjs";
import FileSaver from "file-saver";
import ZipWorker from "worker-loader?inline=no-fallback!../workers/ZipWorker.mjs";
@ -38,7 +39,7 @@ import {
import {statusBar} from "../utils/statusBar.mjs";
import {htmlPlugin} from "../utils/htmlWidget.mjs";
import {copyOverride} from "../utils/copyOverride.mjs";
import {renderSpecialChar} from "../utils/editorUtils.mjs";
import {eolCodeToSeq, eolCodeToName, renderSpecialChar} from "../utils/editorUtils.mjs";
/**
@ -70,6 +71,8 @@ class OutputWaiter {
this.zipWorker = null;
this.maxTabs = this.manager.tabs.calcMaxTabs();
this.tabTimeout = null;
this.eolState = 0; // 0 = unset, 1 = detected, 2 = manual
this.encodingState = 0; // 0 = unset, 1 = detected, 2 = manual
}
/**
@ -109,6 +112,8 @@ class OutputWaiter {
eolHandler: this.eolChange.bind(this),
chrEncHandler: this.chrEncChange.bind(this),
chrEncGetter: this.getChrEnc.bind(this),
getEncodingState: this.getEncodingState.bind(this),
getEOLState: this.getEOLState.bind(this),
htmlOutput: this.htmlOutput
}),
htmlPlugin(this.htmlOutput),
@ -137,6 +142,7 @@ class OutputWaiter {
]
});
if (this.outputEditorView) this.outputEditorView.destroy();
this.outputEditorView = new EditorView({
state: initialState,
parent: this.outputTextEl
@ -146,9 +152,21 @@ class OutputWaiter {
/**
* Handler for EOL change events
* Sets the line separator
* @param {string} eolVal
* @param {string} eol
* @param {boolean} [manual=false]
*/
async eolChange(eolVal) {
async eolChange(eol, manual=false) {
const eolVal = eolCodeToSeq[eol];
if (eolVal === undefined) return;
this.eolState = manual ? 2 : this.eolState;
if (this.eolState < 2 && eolVal === this.getEOLSeq()) return;
if (this.eolState === 1) {
// Alert
this.app.alert(`Output end of line separator has been detected and changed to ${eolCodeToName[eol]}`, 5000);
}
const currentTabNum = this.manager.tabs.getActiveTab("output");
if (currentTabNum >= 0) {
this.outputs[currentTabNum].eolSequence = eolVal;
@ -180,13 +198,23 @@ class OutputWaiter {
return this.outputs[currentTabNum].eolSequence;
}
/**
* Returns whether the output EOL sequence was set manually or has been detected automatically
* @returns {number} - 0 = unset, 1 = detected, 2 = manual
*/
getEOLState() {
return this.eolState;
}
/**
* Handler for Chr Enc change events
* Sets the output character encoding
* @param {number} chrEncVal
* @param {boolean} [manual=false]
*/
async chrEncChange(chrEncVal) {
async chrEncChange(chrEncVal, manual=false) {
if (typeof chrEncVal !== "number") return;
const currentEnc = this.getChrEnc();
const currentTabNum = this.manager.tabs.getActiveTab("output");
if (currentTabNum >= 0) {
@ -195,10 +223,17 @@ class OutputWaiter {
throw new Error(`Cannot change output ${currentTabNum} chrEnc to ${chrEncVal}`);
}
// Reset the output, forcing it to re-decode the data with the new character encoding
await this.setOutput(this.currentOutputCache, true);
// Update the URL manually since we aren't firing a statechange event
this.app.updateURL(true);
this.encodingState = manual ? 2 : this.encodingState;
if (this.encodingState > 1) {
// Reset the output, forcing it to re-decode the data with the new character encoding
await this.setOutput(this.currentOutputCache, true);
// Update the URL manually since we aren't firing a statechange event
this.app.updateURL(true);
} else if (currentEnc !== chrEncVal) {
// Alert
this.app.alert(`Output character encoding has been detected and changed to ${CHR_ENC_SIMPLE_REVERSE_LOOKUP[chrEncVal] || "Raw Bytes"}`, 5000);
}
}
/**
@ -213,6 +248,14 @@ class OutputWaiter {
return this.outputs[currentTabNum].encoding;
}
/**
* Returns whether the output character encoding was set manually or has been detected automatically
* @returns {number} - 0 = unset, 1 = detected, 2 = manual
*/
getEncodingState() {
return this.encodingState;
}
/**
* Sets word wrap on the output editor
* @param {boolean} wrap
@ -248,6 +291,7 @@ class OutputWaiter {
const tabNum = this.manager.tabs.getActiveTab("output");
this.manager.timing.recordTime("outputDecodingStart", tabNum);
if (data instanceof ArrayBuffer) {
await this.detectEncoding(data);
data = await this.bufferToStr(data);
}
this.manager.timing.recordTime("outputDecodingEnd", tabNum);
@ -276,6 +320,9 @@ class OutputWaiter {
// If turning word wrap off, do it before we populate the editor for performance reasons
if (!wrap) this.setWordWrap(wrap);
// Detect suitable EOL sequence
this.detectEOLSequence(data);
// We use setTimeout here to delay the editor dispatch until the next event cycle,
// ensuring all async actions have completed before attempting to set the contents
// of the editor. This is mainly with the above call to setWordWrap() in mind.
@ -345,6 +392,85 @@ class OutputWaiter {
});
}
/**
* Checks whether the EOL separator should be updated
*
* @param {string} data
*/
detectEOLSequence(data) {
// If EOL has been fixed, skip this.
if (this.eolState > 1) return;
// If data is too long, skip this.
if (data.length > 1000000) return;
// Detect most likely EOL sequence
const eolCharCounts = {
"LF": data.count("\u000a"),
"VT": data.count("\u000b"),
"FF": data.count("\u000c"),
"CR": data.count("\u000d"),
"CRLF": data.count("\u000d\u000a"),
"NEL": data.count("\u0085"),
"LS": data.count("\u2028"),
"PS": data.count("\u2029")
};
// If all zero, leave alone
const total = Object.values(eolCharCounts).reduce((acc, curr) => {
return acc + curr;
}, 0);
if (total === 0) return;
// Find most prevalent line ending sequence
const highest = Object.entries(eolCharCounts).reduce((acc, curr) => {
return curr[1] > acc[1] ? curr : acc;
}, ["LF", 0]);
let choice = highest[0];
// If CRLF not zero and more than half the highest alternative, choose CRLF
if ((eolCharCounts.CRLF * 2) > highest[1]) {
choice = "CRLF";
}
const eolVal = eolCodeToSeq[choice];
if (eolVal === this.getEOLSeq()) return;
// Setting automatically
this.eolState = 1;
this.eolChange(choice);
}
/**
* Checks whether the character encoding should be updated.
*
* @param {ArrayBuffer} data
*/
async detectEncoding(data) {
// If encoding has been fixed, skip this.
if (this.encodingState > 1) return;
// If data is too long, skip this.
if (data.byteLength > 1000000) return;
const enc = isUTF8(data); // 0 = not UTF8, 1 = ASCII, 2 = UTF8
switch (enc) {
case 0: // not UTF8
// Set to Raw Bytes
this.encodingState = 1;
await this.chrEncChange(0, false);
break;
case 2: // UTF8
// Set to UTF8
this.encodingState = 1;
await this.chrEncChange(65001, false);
break;
case 1: // ASCII
default:
// Ignore
break;
}
}
/**
* Calculates the maximum number of tabs to display
*/

5
tests/browser/00_nightwatch.js
View file

@ -194,6 +194,9 @@ module.exports = {
// Open category
browser
.useCss()
.waitForElementNotVisible("#snackbar-container", 10000)
.useXpath()
.click(otherCat)
.expect.element(genUUID).to.be.visible;
@ -230,8 +233,8 @@ module.exports = {
// Alert bar shows and contains correct content
browser
.waitForElementNotVisible("#snackbar-container")
.click("#copy-output")
.waitForElementVisible("#snackbar-container")
.waitForElementVisible("#snackbar-container .snackbar-content")
.expect.element("#snackbar-container .snackbar-content").text.to.equal("Copied raw output successfully.");

6
tests/browser/01_io.js
View file

@ -545,8 +545,8 @@ module.exports = {
browser.expect.element("#output-text .cm-status-bar .stats-lines-value").text.to.equal("2");
/* Line endings appear in the URL */
browser.assert.urlContains("ieol=%0D%0A");
browser.assert.urlContains("oeol=%0D");
browser.assert.urlContains("ieol=CRLF");
browser.assert.urlContains("oeol=CR");
/* Preserved when changing tabs */
browser
@ -643,7 +643,7 @@ module.exports = {
"Loading from URL": browser => {
/* Complex deep link populates the input correctly (encoding, eol, input) */
browser
.urlHash("recipe=To_Base64('A-Za-z0-9%2B/%3D')&input=VGhlIHNoaXBzIGh1bmcgaW4gdGhlIHNreSBpbiBtdWNoIHRoZSBzYW1lIHdheSB0aGF0IGJyaWNrcyBkb24ndC4M&ienc=21866&oenc=1201&ieol=%0C&oeol=%E2%80%A9")
.urlHash("recipe=To_Base64('A-Za-z0-9%2B/%3D')&input=VGhlIHNoaXBzIGh1bmcgaW4gdGhlIHNreSBpbiBtdWNoIHRoZSBzYW1lIHdheSB0aGF0IGJyaWNrcyBkb24ndC4M&ienc=21866&oenc=1201&ieol=FF&oeol=PS")
.waitForElementVisible("#rec-list li.operation");
browser.expect.element(`#input-text .cm-content`).to.have.property("textContent").match(/^.{65}$/);

6
tests/browser/02_ops.js
View file

@ -108,7 +108,7 @@ module.exports = {
// testOp(browser, "Derive EVP key", "test input", "test_output");
// testOp(browser, "Derive PBKDF2 key", "test input", "test_output");
// testOp(browser, "Detect File Type", "test input", "test_output");
testOpHtml(browser, "Diff", "The cat sat on the mat\n\nThe mat cat on the sat", ".hl5:first-child", "mat", ["\\n\\n", "Word", true, true, false, false]);
testOpHtml(browser, "Diff", "The cat sat on the mat\n\nThe mat cat on the sat", "ins:first-child", "mat", ["\\n\\n", "Word", true, true, false, false]);
// testOp(browser, "Disassemble x86", "test input", "test_output");
testOpImage(browser, "Dither Image", "files/Hitchhikers_Guide.jpeg");
// testOp(browser, "Divide", "test input", "test_output");
@ -126,8 +126,8 @@ module.exports = {
// testOp(browser, "Extract email addresses", "test input", "test_output");
// testOp(browser, "Extract file paths", "test input", "test_output");
testOpFile(browser, "Extract Files", "files/Hitchhikers_Guide.jpeg", ".card:last-child .collapsed", "extracted_at_0x3d38.zlib");
testOpFile(browser, "Extract ID3", "files/mp3example.mp3", "tr:last-child td:last-child", "Kevin MacLeod");
// testOp(browser, "Extract IP addresses", "test input", "test_output");
// This test seems unreliable on GitHub Actions, not reproducible locally.
// testOpFile(browser, "Extract ID3", "files/mp3example.mp3", "tr:last-child td:last-child", "Kevin MacLeod"); // testOp(browser, "Extract IP addresses", "test input", "test_output");
// testOp(browser, "Extract LSB", "test input", "test_output");
// testOp(browser, "Extract MAC addresses", "test input", "test_output");
// testOp(browser, "Extract RGBA", "test input", "test_output");

2
tests/browser/browserUtils.js
View file

@ -65,6 +65,7 @@ function setChrEnc(browser, io, enc) {
io = `#${io}-text`;
browser
.useCss()
.waitForElementNotVisible("#snackbar-container", 6000)
.click(io + " .chr-enc-value")
.waitForElementVisible(io + " .chr-enc-select .cm-status-bar-select-scroll")
.click("link text", enc)
@ -83,6 +84,7 @@ function setEOLSeq(browser, io, eol) {
io = `#${io}-text`;
browser
.useCss()
.waitForElementNotVisible("#snackbar-container", 6000)
.click(io + " .eol-value")
.waitForElementVisible(io + " .eol-select .cm-status-bar-select-content")
.click(`${io} .cm-status-bar-select-content a[data-val=${eol}]`)

2
tests/node/tests/nodeApi.mjs
View file

@ -136,7 +136,7 @@ TestRegister.addApiTests([
it("chef.help: returns multiple results", () => {
const result = chef.help("base 64");
assert.strictEqual(result.length, 11);
assert.strictEqual(result.length, 13);
}),
it("chef.help: looks in description for matches too", () => {

6
tests/node/tests/operations.mjs
View file

@ -432,7 +432,7 @@ color: white;
it("Disassemble x86", () => {
const result = chef.disassembleX86(chef.toBase64("one two three"));
const expected = `0000000000000000 0000 ADD BYTE PTR [RAX],AL\r
0000000000000002 0B250000000B OR ESP,DWORD PTR [0000000-F4FFFFF8]\r
0000000000000002 0B250000000B OR ESP,DWORD PTR [000000000B000008]\r
`;
assert.strictEqual(result.toString(), expected);
}),
@ -635,6 +635,10 @@ WWFkYSBZYWRh\r
assert.strictEqual(chef.keccak("Flea Market").toString(), "c2a06880b19e453ee5440e8bd4c2024bedc15a6630096aa3f609acfd2b8f15f27cd293e1cc73933e81432269129ce954a6138889ce87831179d55dcff1cc7587");
}),
it("LZNT1 Decompress", () => {
assert.strictEqual(chef.LZNT1Decompress("\x1a\xb0\x00compress\x00edtestda\x04ta\x07\x88alot").toString(), "compressedtestdatacompressedalot");
}),
it("MD6", () => {
assert.strictEqual(chef.MD6("Head Over Heels", {key: "arty"}).toString(), "d8f7fe4931fbaa37316f76283d5f615f50ddd54afdc794b61da522556aee99ad");
}),

130
tests/operations/index.mjs
View file

@ -17,126 +17,136 @@ import {
} from "../lib/utils.mjs";
import TestRegister from "../lib/TestRegister.mjs";
import "./tests/BCD.mjs";
import "./tests/BSON.mjs";
import "./tests/AESKeyWrap.mjs";
import "./tests/AvroToJSON.mjs";
import "./tests/BaconCipher.mjs";
import "./tests/Base45.mjs";
import "./tests/Base58.mjs";
import "./tests/Base64.mjs";
import "./tests/Base62.mjs";
import "./tests/Base64.mjs";
import "./tests/Base85.mjs";
import "./tests/Base92.mjs";
import "./tests/BCD.mjs";
import "./tests/BitwiseOp.mjs";
import "./tests/BLAKE2b.mjs";
import "./tests/BLAKE2s.mjs";
import "./tests/Bombe.mjs";
import "./tests/BSON.mjs";
import "./tests/ByteRepr.mjs";
import "./tests/CaesarBoxCipher.mjs";
import "./tests/CaretMdecode.mjs";
import "./tests/CartesianProduct.mjs";
import "./tests/CetaceanCipherEncode.mjs";
import "./tests/CBORDecode.mjs";
import "./tests/CBOREncode.mjs";
import "./tests/CetaceanCipherDecode.mjs";
import "./tests/CetaceanCipherEncode.mjs";
import "./tests/ChaCha.mjs";
import "./tests/CharEnc.mjs";
import "./tests/ChangeIPFormat.mjs";
import "./tests/CharEnc.mjs";
import "./tests/Charts.mjs";
import "./tests/Checksum.mjs";
import "./tests/Ciphers.mjs";
import "./tests/CipherSaber2.mjs";
import "./tests/CMAC.mjs";
import "./tests/Code.mjs";
import "./tests/Colossus.mjs";
import "./tests/Comment.mjs";
import "./tests/Compress.mjs";
import "./tests/ConditionalJump.mjs";
import "./tests/ConvertCoordinateFormat.mjs";
import "./tests/ConvertToNATOAlphabet.mjs";
import "./tests/Crypt.mjs";
import "./tests/CSV.mjs";
import "./tests/DateTime.mjs";
import "./tests/DefangIP.mjs";
import "./tests/ELFInfo.mjs";
import "./tests/Enigma.mjs";
import "./tests/ExtractEmailAddresses.mjs";
import "./tests/Float.mjs";
import "./tests/FileTree.mjs";
import "./tests/FletcherChecksum.mjs";
import "./tests/Fork.mjs";
import "./tests/FromDecimal.mjs";
import "./tests/GenerateAllHashes.mjs";
import "./tests/Gzip.mjs";
import "./tests/GenerateDeBruijnSequence.mjs";
import "./tests/GetAllCasings.mjs";
import "./tests/GOST.mjs";
import "./tests/Gunzip.mjs";
import "./tests/Gzip.mjs";
import "./tests/Hash.mjs";
import "./tests/HASSH.mjs";
import "./tests/HaversineDistance.mjs";
import "./tests/Hex.mjs";
import "./tests/Hexdump.mjs";
import "./tests/HKDF.mjs";
import "./tests/Image.mjs";
import "./tests/IndexOfCoincidence.mjs";
import "./tests/Jump.mjs";
import "./tests/JA3Fingerprint.mjs";
import "./tests/JA4Fingerprint.mjs";
import "./tests/JA3SFingerprint.mjs";
import "./tests/JSONBeautify.mjs";
import "./tests/JSONMinify.mjs";
import "./tests/JSONtoCSV.mjs";
import "./tests/Jump.mjs";
import "./tests/JWTDecode.mjs";
import "./tests/JWTSign.mjs";
import "./tests/JWTVerify.mjs";
import "./tests/MS.mjs";
import "./tests/LevenshteinDistance.mjs";
import "./tests/Lorenz.mjs";
import "./tests/LS47.mjs";
import "./tests/LuhnChecksum.mjs";
import "./tests/LZNT1Decompress.mjs";
import "./tests/LZString.mjs";
import "./tests/Magic.mjs";
import "./tests/Media.mjs";
import "./tests/MorseCode.mjs";
import "./tests/MS.mjs";
import "./tests/MultipleBombe.mjs";
import "./tests/MurmurHash3.mjs";
import "./tests/NetBIOS.mjs";
import "./tests/NormaliseUnicode.mjs";
import "./tests/NTLM.mjs";
import "./tests/OTP.mjs";
import "./tests/ParseIPRange.mjs";
import "./tests/ParseObjectIDTimestamp.mjs";
import "./tests/ParseQRCode.mjs";
import "./tests/ParseSSHHostKey.mjs";
import "./tests/ParseTCP.mjs";
import "./tests/ParseTLV.mjs";
import "./tests/ParseUDP.mjs";
import "./tests/PEMtoHex.mjs";
import "./tests/PGP.mjs";
import "./tests/PHP.mjs";
import "./tests/ParseIPRange.mjs";
import "./tests/ParseQRCode.mjs";
import "./tests/PEMtoHex.mjs";
import "./tests/PowerSet.mjs";
import "./tests/Protobuf.mjs";
import "./tests/Rabbit.mjs";
import "./tests/RAKE.mjs";
import "./tests/Regex.mjs";
import "./tests/Register.mjs";
import "./tests/RisonEncodeDecode.mjs";
import "./tests/Rotate.mjs";
import "./tests/RSA.mjs";
import "./tests/Salsa20.mjs";
import "./tests/XSalsa20.mjs";
import "./tests/SeqUtils.mjs";
import "./tests/SetDifference.mjs";
import "./tests/SetIntersection.mjs";
import "./tests/SetUnion.mjs";
import "./tests/Shuffle.mjs";
import "./tests/SIGABA.mjs";
import "./tests/SM4.mjs";
// import "./tests/SplitColourChannels.mjs"; // Cannot test operations that use the File type yet
import "./tests/StrUtils.mjs";
import "./tests/Subsection.mjs";
import "./tests/SwapCase.mjs";
import "./tests/SymmetricDifference.mjs";
import "./tests/TextEncodingBruteForce.mjs";
import "./tests/TranslateDateTimeFormat.mjs";
import "./tests/Magic.mjs";
import "./tests/ParseTLV.mjs";
import "./tests/Media.mjs";
import "./tests/ToFromInsensitiveRegex.mjs";
import "./tests/YARA.mjs";
import "./tests/ConvertCoordinateFormat.mjs";
import "./tests/Enigma.mjs";
import "./tests/Bombe.mjs";
import "./tests/MultipleBombe.mjs";
import "./tests/TranslateDateTimeFormat.mjs";
import "./tests/Typex.mjs";
import "./tests/BLAKE2b.mjs";
import "./tests/BLAKE2s.mjs";
import "./tests/Protobuf.mjs";
import "./tests/ParseSSHHostKey.mjs";
import "./tests/DefangIP.mjs";
import "./tests/ParseUDP.mjs";
import "./tests/ParseTCP.mjs";
import "./tests/AvroToJSON.mjs";
import "./tests/Lorenz.mjs";
import "./tests/LuhnChecksum.mjs";
import "./tests/CipherSaber2.mjs";
import "./tests/Colossus.mjs";
import "./tests/ParseObjectIDTimestamp.mjs";
import "./tests/Unicode.mjs";
import "./tests/RSA.mjs";
import "./tests/CBOREncode.mjs";
import "./tests/CBORDecode.mjs";
import "./tests/JA3Fingerprint.mjs";
import "./tests/JA3SFingerprint.mjs";
import "./tests/HASSH.mjs";
import "./tests/GetAllCasings.mjs";
import "./tests/SIGABA.mjs";
import "./tests/ELFInfo.mjs";
import "./tests/Subsection.mjs";
import "./tests/CaesarBoxCipher.mjs";
import "./tests/UnescapeString.mjs";
import "./tests/LS47.mjs";
import "./tests/LZString.mjs";
import "./tests/NTLM.mjs";
import "./tests/Shuffle.mjs";
import "./tests/FletcherChecksum.mjs";
import "./tests/CMAC.mjs";
import "./tests/AESKeyWrap.mjs";
import "./tests/Rabbit.mjs";
import "./tests/LevenshteinDistance.mjs";
import "./tests/SwapCase.mjs";
import "./tests/HKDF.mjs";
import "./tests/GenerateDeBruijnSequence.mjs";
// Cannot test operations that use the File type yet
// import "./tests/SplitColourChannels.mjs";
import "./tests/Unicode.mjs";
import "./tests/YARA.mjs";
const testStatus = {
allTestsPassing: true,

22
tests/operations/tests/Base58.mjs
View file

@ -53,6 +53,28 @@ TestRegister.addTests([
},
],
},
{
name: "To Base58 all null",
input: "\0\0\0\0\0\0",
expectedOutput: "111111",
recipeConfig: [
{
op: "To Base58",
args: ["123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz"],
},
],
},
{
name: "From Base58 all null",
input: "111111",
expectedOutput: "\0\0\0\0\0\0",
recipeConfig: [
{
op: "From Base58",
args: ["123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz"],
},
],
},
{
name: "To Base58 with null prefix and suffix",
input: "\0\0\0Hello\0\0\0",

89
tests/operations/tests/Base92.mjs Normal file
View file

@ -0,0 +1,89 @@
/**
* Base92 tests.
*
* @author sg5506844 [sg5506844@gmail.com]
* @copyright Crown Copyright 2021
* @license Apache-2.0
*/
import TestRegister from "../../lib/TestRegister.mjs";
TestRegister.addTests([
{
name: "To Base92: nothing",
input: "",
expectedOutput: "",
recipeConfig: [
{
op: "To Base92",
args: [],
},
],
},
{
name: "To Base92: Spec encoding example 1",
input: "AB",
expectedOutput: "8y2",
recipeConfig: [
{
op: "To Base92",
args: [],
},
],
},
{
name: "To Base92: Spec encoding example 2",
input: "Hello!!",
expectedOutput: ";K_$aOTo&",
recipeConfig: [
{
op: "To Base92",
args: [],
},
],
},
{
name: "To Base92: Spec encoding example 3",
input: "base-92",
expectedOutput: "DX2?V<Y(*",
recipeConfig: [
{
op: "To Base92",
args: [],
},
],
},
{
name: "From Base92: nothing",
input: "",
expectedOutput: "",
recipeConfig: [
{
op: "From Base92",
args: [],
},
],
},
{
name: "From Base92: Spec decoding example 1",
input: "G'_DW[B",
expectedOutput: "ietf!",
recipeConfig: [
{
op: "From Base92",
args: [],
},
],
},
{
name: "From Base92: Invalid character",
input: "~",
expectedOutput: "~ is not a base92 character",
recipeConfig: [
{
op: "From Base92",
args: [],
},
],
},
]);

39
tests/operations/tests/CaretMdecode.mjs Normal file
View file

@ -0,0 +1,39 @@
/**
* Caesar Box Cipher tests.
*
* @author tedk [tedk@ted.do]
*
* @copyright Crown Copyright 2020
* @license Apache-2.0
*/
import TestRegister from "../../lib/TestRegister.mjs";
TestRegister.addTests([
{
name: "Caret/M-decode: nothing",
input: "",
expectedOutput: "",
recipeConfig: [
{
op: "Caret/M-decode",
args: [],
},
],
},
{
/*
* Tests the full range.
* Everything except "^_" (\x5e\x5f) will decode correctly.
*/
name: "Caret/M-decode: Full set",
input: "^@^A^B^C^D^E^F^G^H^I^J^K^L^M^N^O^P^Q^R^S^T^U^V^W^X^Y^Z^[^\\^]^^^_ !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~^?M-^@M-^AM-^BM-^CM-^DM-^EM-^FM-^GM-^HM-^IM-^JM-^KM-^LM-^MM-^NM-^OM-^PM-^QM-^RM-^SM-^TM-^UM-^VM-^WM-^XM-^YM-^ZM-^[M-^\\M-^]M-^^M-^_M- M-!M-\"M-#M-$M-%M-&M-'M-(M-)M-*M-+M-,M--M-.M-/M-0M-1M-2M-3M-4M-5M-6M-7M-8M-9M-:M-;M-<M-=M->M-?M-@M-AM-BM-CM-DM-EM-FM-GM-HM-IM-JM-KM-LM-MM-NM-OM-PM-QM-RM-SM-TM-UM-VM-WM-XM-YM-ZM-[M-\\M-]M-^M-_M-`M-aM-bM-cM-dM-eM-fM-gM-hM-iM-jM-kM-lM-mM-nM-oM-pM-qM-rM-sM-tM-uM-vM-wM-xM-yM-zM-{M-|M-}M-~M-^?",
expectedOutput: "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x1f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\x8d\x2d\x5f\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff",
recipeConfig: [
{
op: "Caret/M-decode",
args: [],
},
],
},
]);

19
tests/operations/tests/ChaCha.mjs
View file

@ -58,6 +58,25 @@ ChaCha uses a nonce of 8 or 12 bytes (64 or 96 bits).`,
}
],
},
{
name: "ChaCha: RFC8439 Raw output",
input: "Ladies and Gentlemen of the class of '99: If I could offer you only one tip for the future, sunscreen would be it.",
expectedOutput: "6e 2e 35 9a 25 68 f9 80 41 ba 07 28 dd 0d 69 81 e9 7e 7a ec 1d 43 60 c2 0a 27 af cc fd 9f ae 0b f9 1b 65 c5 52 47 33 ab 8f 59 3d ab cd 62 b3 57 16 39 d6 24 e6 51 52 ab 8f 53 0c 35 9f 08 61 d8 07 ca 0d bf 50 0d 6a 61 56 a3 8e 08 8a 22 b6 5e 52 bc 51 4d 16 cc f8 06 81 8c e9 1a b7 79 37 36 5a f9 0b bf 74 a3 5b e6 b4 0b 8e ed f2 78 5e 42 87 4d",
recipeConfig: [
{
"op": "ChaCha",
"args": [
{"option": "Hex", "string": "00:01:02:03:04:05:06:07:08:09:0a:0b:0c:0d:0e:0f:10:11:12:13:14:15:16:17:18:19:1a:1b:1c:1d:1e:1f"},
{"option": "Hex", "string": "00:00:00:00:00:00:00:4a:00:00:00:00"},
1, "20", "Raw", "Raw",
]
},
{
"op": "To Hex",
"args": []
},
],
},
{
name: "ChaCha: draft-strombergson-chacha-test-vectors-01 TC7.1",
input: "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00",

34
tests/operations/tests/Crypt.mjs
View file

@ -1948,4 +1948,38 @@ DES uses a key length of 8 bytes (64 bits).`,
}
],
},
{
name: "Blowfish Encrypt with variable key length: CBC, ASCII, 4 bytes",
input: "The quick brown fox jumps over the lazy dog.",
expectedOutput: "823f337a53ecf121aa9ec1b111bd5064d1d7586abbdaaa0c8fd0c6cc43c831c88bf088ee3e07287e3f36cf2e45f9c7e6",
recipeConfig: [
{
"op": "Blowfish Encrypt",
"args": [
{"option": "Hex", "string": "00112233"}, // Key
{"option": "Hex", "string": "0000000000000000"}, // IV
"CBC", // Mode
"Raw", // Input
"Hex" // Output
]
}
],
},
{
name: "Blowfish Encrypt with variable key length: CBC, ASCII, 42 bytes",
input: "The quick brown fox jumps over the lazy dog.",
expectedOutput: "19f5a68145b34321cfba72226b0f33922ce44dd6e7869fe328db64faae156471216f12ed2a37fd0bdd7cebf867b3cff0",
recipeConfig: [
{
"op": "Blowfish Encrypt",
"args": [
{"option": "Hex", "string": "deadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdead"}, // Key
{"option": "Hex", "string": "0000000000000000"}, // IV
"CBC", // Mode
"Raw", // Input
"Hex" // Output
]
}
],
}
]);

80
tests/operations/tests/Fernet.mjs Normal file
View file

@ -0,0 +1,80 @@
/**
* Fernet tests.
*
* @author Karsten Silkenbäumer [github.com/kassi]
* @copyright Karsten Silkenbäumer 2019
* @license Apache-2.0
*/
import TestRegister from "../TestRegister";
TestRegister.addTests([
{
name: "Fernet Decrypt: no input",
input: "",
expectedOutput: "Error: Invalid version",
recipeConfig: [
{
op: "Fernet Decrypt",
args: ["MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI="]
}
],
},
{
name: "Fernet Decrypt: no secret",
input: "gAAAAABce-Tycae8klRxhDX2uenJ-uwV8-A1XZ2HRnfOXlNzkKKfRxviNLlgtemhT_fd1Fw5P_zFUAjd69zaJBQyWppAxVV00SExe77ql8c5n62HYJOnoIU=",
expectedOutput: "Error: Secret must be 32 url-safe base64-encoded bytes.",
recipeConfig: [
{
op: "Fernet Decrypt",
args: [""]
}
],
},
{
name: "Fernet Decrypt: valid arguments",
input: "gAAAAABce-Tycae8klRxhDX2uenJ-uwV8-A1XZ2HRnfOXlNzkKKfRxviNLlgtemhT_fd1Fw5P_zFUAjd69zaJBQyWppAxVV00SExe77ql8c5n62HYJOnoIU=",
expectedOutput: "This is a secret message.\n",
recipeConfig: [
{
op: "Fernet Decrypt",
args: ["VGhpc0lzVGhpcnR5VHdvQ2hhcmFjdGVyc0xvbmdLZXk="]
}
],
}
]);
TestRegister.addTests([
{
name: "Fernet Encrypt: no input",
input: "",
expectedMatch: /^gAAAAABce-[\w-]+={0,2}$/,
recipeConfig: [
{
op: "Fernet Encrypt",
args: ["MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI="]
}
],
},
{
name: "Fernet Encrypt: no secret",
input: "This is a secret message.\n",
expectedOutput: "Error: Secret must be 32 url-safe base64-encoded bytes.",
recipeConfig: [
{
op: "Fernet Encrypt",
args: [""]
}
],
},
{
name: "Fernet Encrypt: valid arguments",
input: "This is a secret message.\n",
expectedMatch: /^gAAAAABce-[\w-]+={0,2}$/,
recipeConfig: [
{
op: "Fernet Encrypt",
args: ["MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI="]
}
],
}
]);

22
tests/operations/tests/FileTree.mjs Normal file
View file

@ -0,0 +1,22 @@
/**
* File tree tests.
*
* @author sw5678
* @copyright Crown Copyright 2023
* @license Apache-2.0
*/
import TestRegister from "../../lib/TestRegister.mjs";
TestRegister.addTests([
{
"name": "File Tree: basic example",
"input": "/test_dir1/test_file1.txt\n/test_dir1/test_file2.txt\n/test_dir2/test_file1.txt",
"expectedOutput": "test_dir1\n|---test_file1.txt\n|---test_file2.txt\ntest_dir2\n|---test_file1.txt",
"recipeConfig": [
{
"op": "File Tree",
"args": ["/", "Line feed"],
},
],
}
]);

164
tests/operations/tests/Float.mjs Normal file
View file

@ -0,0 +1,164 @@
/**
* Float tests.
*
* @author tcode2k16 [tcode2k16@gmail.com]
*
* @copyright Crown Copyright 2019
* @license Apache-2.0
*/
import TestRegister from "../../lib/TestRegister.mjs";
TestRegister.addTests([
{
name: "To Float: nothing",
input: "",
expectedOutput: "",
recipeConfig: [
{
op: "From Hex",
args: ["Auto"]
},
{
op: "To Float",
args: ["Big Endian", "Float (4 bytes)", "Space"]
}
],
},
{
name: "To Float (Big Endian, 4 bytes): 0.5",
input: "3f0000003f000000",
expectedOutput: "0.5 0.5",
recipeConfig: [
{
op: "From Hex",
args: ["Auto"]
},
{
op: "To Float",
args: ["Big Endian", "Float (4 bytes)", "Space"]
}
]
},
{
name: "To Float (Little Endian, 4 bytes): 0.5",
input: "0000003f0000003f",
expectedOutput: "0.5 0.5",
recipeConfig: [
{
op: "From Hex",
args: ["Auto"]
},
{
op: "To Float",
args: ["Little Endian", "Float (4 bytes)", "Space"]
}
]
},
{
name: "To Float (Big Endian, 8 bytes): 0.5",
input: "3fe00000000000003fe0000000000000",
expectedOutput: "0.5 0.5",
recipeConfig: [
{
op: "From Hex",
args: ["Auto"]
},
{
op: "To Float",
args: ["Big Endian", "Double (8 bytes)", "Space"]
}
]
},
{
name: "To Float (Little Endian, 8 bytes): 0.5",
input: "000000000000e03f000000000000e03f",
expectedOutput: "0.5 0.5",
recipeConfig: [
{
op: "From Hex",
args: ["Auto"]
},
{
op: "To Float",
args: ["Little Endian", "Double (8 bytes)", "Space"]
}
]
},
{
name: "From Float: nothing",
input: "",
expectedOutput: "",
recipeConfig: [
{
op: "From Float",
args: ["Big Endian", "Float (4 bytes)", "Space"]
},
{
op: "To Hex",
args: ["None"]
}
]
},
{
name: "From Float (Big Endian, 4 bytes): 0.5",
input: "0.5 0.5",
expectedOutput: "3f0000003f000000",
recipeConfig: [
{
op: "From Float",
args: ["Big Endian", "Float (4 bytes)", "Space"]
},
{
op: "To Hex",
args: ["None"]
}
]
},
{
name: "From Float (Little Endian, 4 bytes): 0.5",
input: "0.5 0.5",
expectedOutput: "0000003f0000003f",
recipeConfig: [
{
op: "From Float",
args: ["Little Endian", "Float (4 bytes)", "Space"]
},
{
op: "To Hex",
args: ["None"]
}
]
},
{
name: "From Float (Big Endian, 8 bytes): 0.5",
input: "0.5 0.5",
expectedOutput: "3fe00000000000003fe0000000000000",
recipeConfig: [
{
op: "From Float",
args: ["Big Endian", "Double (8 bytes)", "Space"]
},
{
op: "To Hex",
args: ["None"]
}
]
},
{
name: "From Float (Little Endian, 8 bytes): 0.5",
input: "0.5 0.5",
expectedOutput: "000000000000e03f000000000000e03f",
recipeConfig: [
{
op: "From Float",
args: ["Little Endian", "Double (8 bytes)", "Space"]
},
{
op: "To Hex",
args: ["None"]
}
]
}
]);

55
tests/operations/tests/FromGeohash.mjs
View file

@ -1,55 +0,0 @@
/**
* To Geohash tests
*
* @author gchq77703
* @copyright Crown Copyright 2018
* @license Apache-2.0
*/
import TestRegister from "../../lib/TestRegister.mjs";
TestRegister.addTests([
{
name: "From Geohash",
input: "ww8p1r4t8",
expectedOutput: "37.83238649368286,112.55838632583618",
recipeConfig: [
{
op: "From Geohash",
args: [],
},
],
},
{
name: "From Geohash",
input: "ww8p1r",
expectedOutput: "37.83416748046875,112.5604248046875",
recipeConfig: [
{
op: "From Geohash",
args: [],
},
],
},
{
name: "From Geohash",
input: "ww8",
expectedOutput: "37.265625,113.203125",
recipeConfig: [
{
op: "From Geohash",
args: [],
},
],
},
{
name: "From Geohash",
input: "w",
expectedOutput: "22.5,112.5",
recipeConfig: [
{
op: "From Geohash",
args: [],
},
],
},
]);

183
tests/operations/tests/GOST.mjs Normal file
View file

@ -0,0 +1,183 @@
/**
* GOST tests.
*
* The GOST library already includes a range of tests for the correctness of
* the algorithms. These tests are intended only to confirm that the library
* has been correctly integrated into CyberChef.
*
* @author n1474335 [n1474335@gmail.com]
*
* @copyright Crown Copyright 2023
* @license Apache-2.0
*/
import TestRegister from "../../lib/TestRegister.mjs";
TestRegister.addTests([
{
name: "GOST Encrypt: Magma",
input: "Hello, World!",
expectedOutput: "f124ac5c0853870906dbaf9b56",
recipeConfig: [
{
op: "GOST Encrypt",
args: [
{ "option": "Hex", "string": "00112233" },
{ "option": "Hex", "string": "0011223344556677" },
"Raw",
"Hex",
"GOST 28147 (Magma, 1989)",
"64",
"E-SC",
"OFB",
"CP",
"ZERO"
]
}
],
},
{
name: "GOST Encrypt: Kuznyechik",
input: "Hello, World!",
expectedOutput: "8673d490dfa4a66d5e3ff00ba316724f",
recipeConfig: [
{
op: "GOST Encrypt",
args: [
{ "option": "Hex", "string": "00112233" },
{ "option": "Hex", "string": "00112233445566778899aabbccddeeff" },
"Raw",
"Hex",
"GOST R 34.12 (Kuznyechik, 2015)",
"128",
"E-SC",
"CBC",
"CP",
"PKCS5"
]
}
],
},
{
name: "GOST Decrypt: Magma",
input: "f124ac5c0853870906dbaf9b56",
expectedOutput: "Hello, World!",
recipeConfig: [
{
op: "GOST Decrypt",
args: [
{ "option": "Hex", "string": "00112233" },
{ "option": "Hex", "string": "0011223344556677" },
"Hex",
"Raw",
"GOST 28147 (Magma, 1989)",
"128",
"E-SC",
"OFB",
"CP",
"ZERO"
]
}
],
},
{
name: "GOST Decrypt: Kuznyechik",
input: "8673d490dfa4a66d5e3ff00ba316724f",
expectedOutput: "Hello, World!\0\0\0",
recipeConfig: [
{
op: "GOST Decrypt",
args: [
{ "option": "Hex", "string": "00112233" },
{ "option": "Hex", "string": "00112233445566778899aabbccddeeff" },
"Hex",
"Raw",
"GOST R 34.12 (Kuznyechik, 2015)",
"128",
"E-TEST",
"CBC",
"CP",
"PKCS5"
]
}
],
},
{
name: "GOST Sign",
input: "Hello, World!",
expectedOutput: "810d0c40e965",
recipeConfig: [
{
op: "GOST Sign",
args: [
{ "option": "Hex", "string": "00112233" },
{ "option": "Hex", "string": "0011223344556677" },
"Raw",
"Hex",
"GOST 28147 (Magma, 1989)",
"64",
"E-C",
48
]
}
],
},
{
name: "GOST Verify",
input: "Hello, World!",
expectedOutput: "The signature matches",
recipeConfig: [
{
op: "GOST Verify",
args: [
{ "option": "Hex", "string": "00112233" },
{ "option": "Hex", "string": "00112233445566778899aabbccddeeff" },
{ "option": "Hex", "string": "42b77fb3d6f6bf04" },
"Raw",
"GOST R 34.12 (Kuznyechik, 2015)",
"128",
"E-TEST"
]
}
],
},
{
name: "GOST Key Wrap",
input: "Hello, World!123",
expectedOutput: "0bb706e92487fceef97589911faeb28200000000000000000000000000000000\r\n6b7bfd16",
recipeConfig: [
{
op: "GOST Key Wrap",
args: [
{ "option": "Hex", "string": "00112233" },
{ "option": "Hex", "string": "0011223344556677" },
"Raw",
"Hex",
"GOST R 34.12 (Kuznyechik, 2015)",
"64",
"E-TEST",
"CP"
]
}
],
},
{
name: "GOST Key Unwrap",
input: "c8e58458a42d21974d50103d59b469f2c8e58458a42d21974d50103d59b469f2\r\na32a1575",
expectedOutput: "0123456789abcdef0123456789abcdef",
recipeConfig: [
{
op: "GOST Key Unwrap",
args: [
{ "option": "Hex", "string": "" },
{ "option": "Latin1", "string": "00112233" },
"Hex",
"Raw",
"GOST 28147 (Magma, 1989)",
"64",
"E-Z",
"CP"
]
}
],
},
]);

8
tests/operations/tests/Hash.mjs
View file

@ -1094,8 +1094,8 @@ TestRegister.addTests([
expectedOutput: "981e5f3ca30c841487830f84fb433e13ac1101569b9c13584ac483234cd656c0",
recipeConfig: [
{
op: "GOST hash",
args: ["D-A"]
op: "GOST Hash",
args: ["GOST 28147 (1994)", "256", "D-A"]
}
]
},
@ -1105,8 +1105,8 @@ TestRegister.addTests([
expectedOutput: "2cefc2f7b7bdc514e18ea57fa74ff357e7fa17d652c75f69cb1be7893ede48eb",
recipeConfig: [
{
op: "GOST hash",
args: ["D-A"]
op: "GOST Hash",
args: ["GOST 28147 (1994)", "256", "D-A"]
}
]
},

55
tests/operations/tests/JA4Fingerprint.mjs Normal file
View file

@ -0,0 +1,55 @@
/**
* JA4Fingerprint tests.
*
* @author n1474335 [n1474335@gmail.com]
* @copyright Crown Copyright 2024
* @license Apache-2.0
*/
import TestRegister from "../../lib/TestRegister.mjs";
TestRegister.addTests([
{
name: "JA4 Fingerprint: TLS 1.3",
input: "1603010200010001fc0303b2c03e7ba990ef540c316a665d4d925f8e9079ac4b15687e587dc99016e75a6c20d0b0099243c9296a0c84153ea4ada7d87ad017f4211c2ea1350b0b3cc5514d5f00205a5a130113021303c02bc02fc02cc030cca9cca8c013c014009c009d002f003501000193fafa000000000024002200001f636f6e74656e742d6175746f66696c6c2e676f6f676c65617069732e636f6d0033002b00293a3a000100001d0020fb2cd8ef3d605b96ab03119ec4f30a6e2088cb1af86c41a81feace8706068c50000d001200100403080404010503080505010806060100230000000b00020100ff01000100000a000a00083a3a001d00170018001b000302000244690005000302683200120000002d000201010010000e000c02683208687474702f312e31000500050100000000002b0007060a0a03040303001700001a1a000100001500b800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
expectedOutput: "t13d1516h2_8daaf6152771_e5627efa2ab1",
recipeConfig: [
{
"op": "JA4 Fingerprint",
"args": ["Hex", "JA4"]
}
],
},
{
name: "JA4 Fingerprint: TLS 1.3 Original Rendering",
input: "1603010200010001fc0303b2c03e7ba990ef540c316a665d4d925f8e9079ac4b15687e587dc99016e75a6c20d0b0099243c9296a0c84153ea4ada7d87ad017f4211c2ea1350b0b3cc5514d5f00205a5a130113021303c02bc02fc02cc030cca9cca8c013c014009c009d002f003501000193fafa000000000024002200001f636f6e74656e742d6175746f66696c6c2e676f6f676c65617069732e636f6d0033002b00293a3a000100001d0020fb2cd8ef3d605b96ab03119ec4f30a6e2088cb1af86c41a81feace8706068c50000d001200100403080404010503080505010806060100230000000b00020100ff01000100000a000a00083a3a001d00170018001b000302000244690005000302683200120000002d000201010010000e000c02683208687474702f312e31000500050100000000002b0007060a0a03040303001700001a1a000100001500b800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
expectedOutput: "t13d1516h2_acb858a92679_5276cb03a33b",
recipeConfig: [
{
"op": "JA4 Fingerprint",
"args": ["Hex", "JA4 Original Rendering"]
}
],
},
{
name: "JA4 Fingerprint: TLS 1.2",
input: "1603010200010001fc0303ecb2691addb2bf6c599c7aaae23de5f42561cc04eb41029acc6fc050a16ac1d22046f8617b580ac9358e2aa44e306d52466bcc989c87c8ca64309f5faf50ba7b4d0022130113031302c02bc02fcca9cca8c02cc030c00ac009c013c014009c009d002f00350100019100000021001f00001c636f6e74696c652e73657276696365732e6d6f7a696c6c612e636f6d00170000ff01000100000a000e000c001d00170018001901000101000b00020100002300000010000e000c02683208687474702f312e310005000501000000000022000a000804030503060302030033006b0069001d00208909858fbeb6ed2f1248ba5b9e2978bead0e840110192c61daed0096798b184400170041044d183d91f5eed35791fa982464e3b0214aaa5f5d1b78616d9b9fbebc22d11f535b2f94c686143136aa795e6e5a875d6c08064ad5b76d44caad766e2483012748002b00050403040303000d0018001604030503060308040805080604010501060102030201002d00020101001c000240010015007a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
expectedOutput: "t13d1715h2_5b57614c22b0_3d5424432f57",
recipeConfig: [
{
"op": "JA4 Fingerprint",
"args": ["Hex", "JA4"]
}
],
},
{
name: "JA4 Fingerprint: TLS 1.2 Original Rendering",
input: "1603010200010001fc0303ecb2691addb2bf6c599c7aaae23de5f42561cc04eb41029acc6fc050a16ac1d22046f8617b580ac9358e2aa44e306d52466bcc989c87c8ca64309f5faf50ba7b4d0022130113031302c02bc02fcca9cca8c02cc030c00ac009c013c014009c009d002f00350100019100000021001f00001c636f6e74696c652e73657276696365732e6d6f7a696c6c612e636f6d00170000ff01000100000a000e000c001d00170018001901000101000b00020100002300000010000e000c02683208687474702f312e310005000501000000000022000a000804030503060302030033006b0069001d00208909858fbeb6ed2f1248ba5b9e2978bead0e840110192c61daed0096798b184400170041044d183d91f5eed35791fa982464e3b0214aaa5f5d1b78616d9b9fbebc22d11f535b2f94c686143136aa795e6e5a875d6c08064ad5b76d44caad766e2483012748002b00050403040303000d0018001604030503060308040805080604010501060102030201002d00020101001c000240010015007a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
expectedOutput: "t13d1715h2_5b234860e130_014157ec0da2",
recipeConfig: [
{
"op": "JA4 Fingerprint",
"args": ["Hex", "JA4 Original Rendering"]
}
],
},
]);

22
tests/operations/tests/LZNT1Decompress.mjs Normal file
View file

@ -0,0 +1,22 @@
/**
* LZNT1 Decompress tests.
*
* @author 0xThiebaut [thiebaut.dev]
* @copyright Crown Copyright 2023
* @license Apache-2.0
*/
import TestRegister from "../../lib/TestRegister.mjs";
TestRegister.addTests([
{
name: "LZNT1 Decompress",
input: "\x1a\xb0\x00compress\x00edtestda\x04ta\x07\x88alot",
expectedOutput: "compressedtestdatacompressedalot",
recipeConfig: [
{
op: "LZNT1 Decompress",
args: []
}
],
}
]);

Some files were not shown because too many files have changed in this diff Show more