mirror of
https://github.com/gchq/CyberChef
synced 2024-12-25 12:03:11 +00:00
Added 'Disassemble x86' operation
This commit is contained in:
parent
89ca2cc631
commit
cd5265fad4
12 changed files with 5886 additions and 19 deletions
|
@ -28,11 +28,7 @@
|
|||
// modify rules from base configurations
|
||||
"no-unused-vars": ["error", {
|
||||
"args": "none",
|
||||
"vars": "local",
|
||||
// Allow vars that start with a capital letter to be unused.
|
||||
// This is mainly for exported module names which are useful to indicate
|
||||
// the name of the module and may be used to refer to itself in future.
|
||||
"varsIgnorePattern": "^[A-Z]"
|
||||
"vars": "all"
|
||||
}],
|
||||
"no-empty": ["error", {
|
||||
"allowEmptyCatch": true
|
||||
|
|
|
@ -92,7 +92,7 @@ async function bake(data) {
|
|||
} catch (err) {
|
||||
self.postMessage({
|
||||
action: "bakeError",
|
||||
data: err.message
|
||||
data: err
|
||||
});
|
||||
}
|
||||
}
|
||||
|
|
|
@ -300,6 +300,7 @@ const Categories = [
|
|||
"Frequency distribution",
|
||||
"Detect File Type",
|
||||
"Scan for Embedded Files",
|
||||
"Disassemble x86",
|
||||
"Generate UUID",
|
||||
"Generate TOTP",
|
||||
"Generate HOTP",
|
||||
|
|
|
@ -5,7 +5,6 @@ import BCD from "../operations/BCD.js";
|
|||
import BitwiseOp from "../operations/BitwiseOp.js";
|
||||
import ByteRepr from "../operations/ByteRepr.js";
|
||||
import CharEnc from "../operations/CharEnc.js";
|
||||
import Checksum from "../operations/Checksum.js";
|
||||
import Cipher from "../operations/Cipher.js";
|
||||
import Code from "../operations/Code.js";
|
||||
import Compress from "../operations/Compress.js";
|
||||
|
@ -26,21 +25,16 @@ import IP from "../operations/IP.js";
|
|||
import JS from "../operations/JS.js";
|
||||
import MAC from "../operations/MAC.js";
|
||||
import MorseCode from "../operations/MorseCode.js";
|
||||
import MS from "../operations/MS.js";
|
||||
import NetBIOS from "../operations/NetBIOS.js";
|
||||
import Numberwang from "../operations/Numberwang.js";
|
||||
import OS from "../operations/OS.js";
|
||||
import OTP from "../operations/OTP.js";
|
||||
import PublicKey from "../operations/PublicKey.js";
|
||||
import Punycode from "../operations/Punycode.js";
|
||||
import QuotedPrintable from "../operations/QuotedPrintable.js";
|
||||
import Rotate from "../operations/Rotate.js";
|
||||
import SeqUtils from "../operations/SeqUtils.js";
|
||||
import Shellcode from "../operations/Shellcode.js";
|
||||
import StrUtils from "../operations/StrUtils.js";
|
||||
import Tidy from "../operations/Tidy.js";
|
||||
import Unicode from "../operations/Unicode.js";
|
||||
import URL_ from "../operations/URL.js";
|
||||
import UUID from "../operations/UUID.js";
|
||||
|
||||
|
||||
/**
|
||||
|
@ -296,6 +290,44 @@ const OperationConfig = {
|
|||
}
|
||||
]
|
||||
},
|
||||
"Disassemble x86": {
|
||||
module: "Shellcode",
|
||||
description: "Disassembly is the process of translating machine language into assembly language.<br><br>This operation supports 64-bit, 32-bit and 16-bit code written for Intel or AMD x86 processors. It is particularly useful for reverse engineering shellcode.<br><br>Input should be in hexadecimal.",
|
||||
inputType: "string",
|
||||
outputType: "string",
|
||||
args: [
|
||||
{
|
||||
name: "Bit mode",
|
||||
type: "option",
|
||||
value: Shellcode.MODE
|
||||
},
|
||||
{
|
||||
name: "Compatibility",
|
||||
type: "option",
|
||||
value: Shellcode.COMPATIBILITY
|
||||
},
|
||||
{
|
||||
name: "Code Segment (CS)",
|
||||
type: "number",
|
||||
value: 16
|
||||
},
|
||||
{
|
||||
name: "Offset (IP)",
|
||||
type: "number",
|
||||
value: 0
|
||||
},
|
||||
{
|
||||
name: "Show instruction hex",
|
||||
type: "boolean",
|
||||
value: true
|
||||
},
|
||||
{
|
||||
name: "Show instruction position",
|
||||
type: "boolean",
|
||||
value: true
|
||||
}
|
||||
]
|
||||
},
|
||||
"XOR": {
|
||||
module: "Default",
|
||||
description: "XOR the input with the given key.<br>e.g. <code>fe023da5</code><br><br><strong>Options</strong><br><u>Null preserving:</u> If the current byte is 0x00 or the same as the key, skip it.<br><br><u>Scheme:</u><ul><li>Standard - key is unchanged after each round</li><li>Input differential - key is set to the value of the previous unprocessed byte</li><li>Output differential - key is set to the value of the previous processed byte</li></ul>",
|
||||
|
|
|
@ -18,6 +18,7 @@ import HTTPModule from "./HTTP.js";
|
|||
import ImageModule from "./Image.js";
|
||||
import JSBNModule from "./JSBN.js";
|
||||
import PublicKeyModule from "./PublicKey.js";
|
||||
import ShellcodeModule from "./Shellcode.js";
|
||||
|
||||
Object.assign(
|
||||
OpModules,
|
||||
|
@ -31,7 +32,8 @@ Object.assign(
|
|||
HTTPModule,
|
||||
ImageModule,
|
||||
JSBNModule,
|
||||
PublicKeyModule
|
||||
PublicKeyModule,
|
||||
ShellcodeModule
|
||||
);
|
||||
|
||||
export default OpModules;
|
||||
|
|
20
src/core/config/modules/Shellcode.js
Normal file
20
src/core/config/modules/Shellcode.js
Normal file
|
@ -0,0 +1,20 @@
|
|||
import Shellcode from "../../operations/Shellcode.js";
|
||||
|
||||
|
||||
/**
|
||||
* Shellcode module.
|
||||
*
|
||||
* Libraries:
|
||||
* - DisassembleX86-64.js
|
||||
*
|
||||
* @author n1474335 [n1474335@gmail.com]
|
||||
* @copyright Crown Copyright 2017
|
||||
* @license Apache-2.0
|
||||
*/
|
||||
let OpModules = typeof self === "undefined" ? {} : self.OpModules || {};
|
||||
|
||||
OpModules.Shellcode = {
|
||||
"Disassemble x86": Shellcode.runDisassemble,
|
||||
};
|
||||
|
||||
export default OpModules;
|
5722
src/core/lib/DisassembleX86-64.js
Normal file
5722
src/core/lib/DisassembleX86-64.js
Normal file
File diff suppressed because it is too large
Load diff
|
@ -1,4 +1,3 @@
|
|||
/* globals app */
|
||||
import Utils from "../Utils.js";
|
||||
|
||||
|
||||
|
|
|
@ -1,6 +1,4 @@
|
|||
import cptable from "../lib/js-codepage/cptable.js";
|
||||
import Utils from "../Utils.js";
|
||||
import CryptoJS from "crypto-js";
|
||||
|
||||
|
||||
/**
|
||||
|
|
|
@ -1,4 +1,3 @@
|
|||
/* globals app */
|
||||
import Utils from "../Utils.js";
|
||||
|
||||
|
||||
|
|
96
src/core/operations/Shellcode.js
Normal file
96
src/core/operations/Shellcode.js
Normal file
|
@ -0,0 +1,96 @@
|
|||
import disassemble from "../lib/DisassembleX86-64.js";
|
||||
|
||||
|
||||
/**
|
||||
* Shellcode operations.
|
||||
*
|
||||
* @author n1474335 [n1474335@gmail.com]
|
||||
* @copyright Crown Copyright 2017
|
||||
* @license Apache-2.0
|
||||
*
|
||||
* @namespace
|
||||
*/
|
||||
const Shellcode = {
|
||||
|
||||
/**
|
||||
* @constant
|
||||
* @default
|
||||
*/
|
||||
MODE: ["64", "32", "16"],
|
||||
/**
|
||||
* @constant
|
||||
* @default
|
||||
*/
|
||||
COMPATIBILITY: [
|
||||
"Full x86 architecture",
|
||||
"Knights Corner",
|
||||
"Larrabee",
|
||||
"Cyrix",
|
||||
"Geode",
|
||||
"Centaur",
|
||||
"X86/486"
|
||||
],
|
||||
|
||||
/**
|
||||
* Disassemble x86 operation.
|
||||
*
|
||||
* @param {string} input
|
||||
* @param {Object[]} args
|
||||
* @returns {string}
|
||||
*/
|
||||
runDisassemble: function(input, args) {
|
||||
const mode = args[0],
|
||||
compatibility = args[1],
|
||||
codeSegment = args[2],
|
||||
offset = args[3],
|
||||
showInstructionHex = args[4],
|
||||
showInstructionPos = args[5];
|
||||
|
||||
switch (mode) {
|
||||
case "64":
|
||||
disassemble.setBitMode(2);
|
||||
break;
|
||||
case "32":
|
||||
disassemble.setBitMode(1);
|
||||
break;
|
||||
case "16":
|
||||
disassemble.setBitMode(0);
|
||||
break;
|
||||
default:
|
||||
throw "Invalid mode value";
|
||||
}
|
||||
|
||||
switch (compatibility) {
|
||||
case "Full x86 architecture":
|
||||
disassemble.CompatibilityMode(0);
|
||||
break;
|
||||
case "Knights Corner":
|
||||
disassemble.CompatibilityMode(1);
|
||||
break;
|
||||
case "Larrabee":
|
||||
disassemble.CompatibilityMode(2);
|
||||
break;
|
||||
case "Cyrix":
|
||||
disassemble.CompatibilityMode(3);
|
||||
break;
|
||||
case "Geode":
|
||||
disassemble.CompatibilityMode(4);
|
||||
break;
|
||||
case "Centaur":
|
||||
disassemble.CompatibilityMode(5);
|
||||
break;
|
||||
case "X86/486":
|
||||
disassemble.CompatibilityMode(6);
|
||||
break;
|
||||
}
|
||||
|
||||
disassemble.SetBasePosition(codeSegment + ":" + offset);
|
||||
disassemble.setShowInstructionHex(showInstructionHex);
|
||||
disassemble.setShowInstructionPos(showInstructionPos);
|
||||
disassemble.LoadBinCode(input.replace(/\s/g, ""));
|
||||
return disassemble.LDisassemble();
|
||||
},
|
||||
|
||||
};
|
||||
|
||||
export default Shellcode;
|
|
@ -9,7 +9,7 @@ require("babel-polyfill");
|
|||
|
||||
const Chef = require("../core/Chef.js").default;
|
||||
|
||||
const CyberChef = module.exports = {
|
||||
const CyberChef = {
|
||||
|
||||
bake: function(input, recipeConfig) {
|
||||
this.chef = new Chef();
|
||||
|
@ -23,3 +23,5 @@ const CyberChef = module.exports = {
|
|||
}
|
||||
|
||||
};
|
||||
|
||||
module.exports = CyberChef;
|
||||
|
|
Loading…
Reference in a new issue