mirrors/CyberChef
1
0
Fork 0
mirror of https://github.com/gchq/CyberChef.git synced 2025-05-06 22:47:11 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Adding nTcpdump as new operations

Browse source
This commit is contained in:
windhamwong@nva-hk.com 2017-03-23 13:13:49 +00:00
parent 87d6459074
commit e2f72ddea6
4 changed files with 213 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
package.json
View file

@ -42,5 +42,8 @@
"grunt-jsdoc": "^2.1.0",
"ink-docstrap": "^1.1.4",
"phantomjs-prebuilt": "^2.1.14"
},
"dependencies": {
"grunt-cli": "^1.2.0"
}
}

1
src/js/config/Categories.js
View file

@ -27,6 +27,7 @@ var Categories = [
ops: [
"To Hexdump",
"From Hexdump",
"From nTcpdump",
"To Hex",
"From Hex",
"To Charcode",

9
src/js/config/OperationConfig.js
View file

@ -517,6 +517,15 @@ var OperationConfig = {
}
]
},
"From nTcpdump": {
description: "For Tcpdump conversion only. (nva-hk)",
run: nTcpdump.runFrom,
highlight: nTcpdump.highlightFrom,
highlightReverse: nTcpdump.highlightTo,
inputType: "string",
outputType: "byteArray",
args: []
},
"From Hexdump": {
description: "Attempts to convert a hexdump back into raw data. This operation supports many different hexdump variations, but probably not all. Make sure you verify that the data it gives you is correct before continuing analysis.",
run: Hexdump.runFrom,

200
src/js/operations/nTcpdump.js Normal file
View file

@ -0,0 +1,200 @@
/* globals app */
/**
* Hexdump operations.
*
* @author n1474335 [n1474335@gmail.com]
* @copyright Crown Copyright 2016
* @license Apache-2.0
*
* @namespace
*/
var nTcpdump = {
/**
* @constant
* @default
*/
WIDTH: 16,
/**
* @constant
* @default
*/
UPPER_CASE: false,
/**
* @constant
* @default
*/
INCLUDE_FINAL_LENGTH: false,
/**
* To Hexdump operation.
*
* @param {byteArray} input
* @param {Object[]} args
* @returns {string}
*/
runTo: function(input, args) {
var length = args[0] || nTcpdump.WIDTH;
var upperCase = args[1];
var includeFinalLength = args[2];
var output = "", padding = 2;
for (var i = 0; i < input.length; i += length) {
var buff = input.slice(i, i+length);
var hexa = "";
for (var j = 0; j < buff.length; j++) {
hexa += Utils.hex(buff[j], padding) + " ";
}
var lineNo = Utils.hex(i, 8);
if (upperCase) {
hexa = hexa.toUpperCase();
lineNo = lineNo.toUpperCase();
}
output += lineNo + " " +
Utils.padRight(hexa, (length*(padding+1))) +
" |" + Utils.padRight(Utils.printable(Utils.byteArrayToChars(buff)), buff.length) + "|\n";
if (includeFinalLength && i+buff.length === input.length) {
output += Utils.hex(i+buff.length, 8) + "\n";
}
}
return output.slice(0, -1);
},
/**
* From Hexdump operation.
*
* @param {string} input
* @param {Object[]} args
* @returns {byteArray}
*/
runFrom: function(input, args) {
var output = [],
regex = /^\s*(?:0x[\dA-F]{4}:?)?\s*((?:[\dA-F]{4}\s?){1,8})/igm,
regex_header = /^\s*(?:0x0000:){1}\s*((?:[\dA-F]{4}\s?){6})/igm,
block, line;
while ((block = regex.exec(input))) {
// block[1].replace(regex_header, "0x0000:");
line = Utils.fromHex(block[1].replace(/-/g, " "));
for (var i = 0; i < line.length; i++) {
output.push(line[i]);
}
}
// Is this a CyberChef hexdump or is it from a different tool?
var width = input.indexOf("\n");
var w = (width - 13) / 4;
// w should be the specified width of the hexdump and therefore a round number
if (Math.floor(w) !== w || input.indexOf("\r") !== -1 || output.indexOf(13) !== -1) {
app.options.attemptHighlight = false;
}
return output;
},
/**
* Highlight to hexdump
*
* @param {Object[]} pos
* @param {number} pos[].start
* @param {number} pos[].end
* @param {Object[]} args
* @returns {Object[]} pos
*/
highlightTo: function(pos, args) {
// Calculate overall selection
var w = args[0] || 16,
width = 14 + (w*4),
line = Math.floor(pos[0].start / w),
offset = pos[0].start % w,
start = 0,
end = 0;
pos[0].start = line*width + 10 + offset*3;
line = Math.floor(pos[0].end / w);
offset = pos[0].end % w;
if (offset === 0) {
line--;
offset = w;
}
pos[0].end = line*width + 10 + offset*3 - 1;
// Set up multiple selections for bytes
var startLineNum = Math.floor(pos[0].start / width);
var endLineNum = Math.floor(pos[0].end / width);
if (startLineNum === endLineNum) {
pos.push(pos[0]);
} else {
start = pos[0].start;
end = (startLineNum+1) * width - w - 5;
pos.push({ start: start, end: end });
while (end < pos[0].end) {
startLineNum++;
start = startLineNum * width + 10;
end = (startLineNum+1) * width - w - 5;
if (end > pos[0].end) end = pos[0].end;
pos.push({ start: start, end: end });
}
}
// Set up multiple selections for ASCII
var len = pos.length, lineNum = 0;
start = 0;
end = 0;
for (var i = 1; i < len; i++) {
lineNum = Math.floor(pos[i].start / width);
start = (((pos[i].start - (lineNum * width)) - 10) / 3) + (width - w -2) + (lineNum * width);
end = (((pos[i].end + 1 - (lineNum * width)) - 10) / 3) + (width - w -2) + (lineNum * width);
pos.push({ start: start, end: end });
}
return pos;
},
/**
* Highlight from hexdump
*
* @param {Object[]} pos
* @param {number} pos[].start
* @param {number} pos[].end
* @param {Object[]} args
* @returns {Object[]} pos
*/
highlightFrom: function(pos, args) {
var w = args[0] || 16;
var width = 14 + (w*4);
var line = Math.floor(pos[0].start / width);
var offset = pos[0].start % width;
if (offset < 10) { // In line number section
pos[0].start = line*w;
} else if (offset > 10+(w*3)) { // In ASCII section
pos[0].start = (line+1)*w;
} else { // In byte section
pos[0].start = line*w + Math.floor((offset-10)/3);
}
line = Math.floor(pos[0].end / width);
offset = pos[0].end % width;
if (offset < 10) { // In line number section
pos[0].end = line*w;
} else if (offset > 10+(w*3)) { // In ASCII section
pos[0].end = (line+1)*w;
} else { // In byte section
pos[0].end = line*w + Math.ceil((offset-10)/3);
}
return pos;
},
};