mirror of
https://github.com/gchq/CyberChef
synced 2025-01-13 21:18:47 +00:00
Added 'Disassemble x86' operation
This commit is contained in:
parent
89ca2cc631
commit
cd5265fad4
12 changed files with 5886 additions and 19 deletions
|
@ -28,11 +28,7 @@
|
||||||
// modify rules from base configurations
|
// modify rules from base configurations
|
||||||
"no-unused-vars": ["error", {
|
"no-unused-vars": ["error", {
|
||||||
"args": "none",
|
"args": "none",
|
||||||
"vars": "local",
|
"vars": "all"
|
||||||
// Allow vars that start with a capital letter to be unused.
|
|
||||||
// This is mainly for exported module names which are useful to indicate
|
|
||||||
// the name of the module and may be used to refer to itself in future.
|
|
||||||
"varsIgnorePattern": "^[A-Z]"
|
|
||||||
}],
|
}],
|
||||||
"no-empty": ["error", {
|
"no-empty": ["error", {
|
||||||
"allowEmptyCatch": true
|
"allowEmptyCatch": true
|
||||||
|
|
|
@ -92,7 +92,7 @@ async function bake(data) {
|
||||||
} catch (err) {
|
} catch (err) {
|
||||||
self.postMessage({
|
self.postMessage({
|
||||||
action: "bakeError",
|
action: "bakeError",
|
||||||
data: err.message
|
data: err
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -300,6 +300,7 @@ const Categories = [
|
||||||
"Frequency distribution",
|
"Frequency distribution",
|
||||||
"Detect File Type",
|
"Detect File Type",
|
||||||
"Scan for Embedded Files",
|
"Scan for Embedded Files",
|
||||||
|
"Disassemble x86",
|
||||||
"Generate UUID",
|
"Generate UUID",
|
||||||
"Generate TOTP",
|
"Generate TOTP",
|
||||||
"Generate HOTP",
|
"Generate HOTP",
|
||||||
|
|
|
@ -5,7 +5,6 @@ import BCD from "../operations/BCD.js";
|
||||||
import BitwiseOp from "../operations/BitwiseOp.js";
|
import BitwiseOp from "../operations/BitwiseOp.js";
|
||||||
import ByteRepr from "../operations/ByteRepr.js";
|
import ByteRepr from "../operations/ByteRepr.js";
|
||||||
import CharEnc from "../operations/CharEnc.js";
|
import CharEnc from "../operations/CharEnc.js";
|
||||||
import Checksum from "../operations/Checksum.js";
|
|
||||||
import Cipher from "../operations/Cipher.js";
|
import Cipher from "../operations/Cipher.js";
|
||||||
import Code from "../operations/Code.js";
|
import Code from "../operations/Code.js";
|
||||||
import Compress from "../operations/Compress.js";
|
import Compress from "../operations/Compress.js";
|
||||||
|
@ -26,21 +25,16 @@ import IP from "../operations/IP.js";
|
||||||
import JS from "../operations/JS.js";
|
import JS from "../operations/JS.js";
|
||||||
import MAC from "../operations/MAC.js";
|
import MAC from "../operations/MAC.js";
|
||||||
import MorseCode from "../operations/MorseCode.js";
|
import MorseCode from "../operations/MorseCode.js";
|
||||||
import MS from "../operations/MS.js";
|
|
||||||
import NetBIOS from "../operations/NetBIOS.js";
|
import NetBIOS from "../operations/NetBIOS.js";
|
||||||
import Numberwang from "../operations/Numberwang.js";
|
|
||||||
import OS from "../operations/OS.js";
|
|
||||||
import OTP from "../operations/OTP.js";
|
|
||||||
import PublicKey from "../operations/PublicKey.js";
|
import PublicKey from "../operations/PublicKey.js";
|
||||||
import Punycode from "../operations/Punycode.js";
|
import Punycode from "../operations/Punycode.js";
|
||||||
import QuotedPrintable from "../operations/QuotedPrintable.js";
|
|
||||||
import Rotate from "../operations/Rotate.js";
|
import Rotate from "../operations/Rotate.js";
|
||||||
import SeqUtils from "../operations/SeqUtils.js";
|
import SeqUtils from "../operations/SeqUtils.js";
|
||||||
|
import Shellcode from "../operations/Shellcode.js";
|
||||||
import StrUtils from "../operations/StrUtils.js";
|
import StrUtils from "../operations/StrUtils.js";
|
||||||
import Tidy from "../operations/Tidy.js";
|
import Tidy from "../operations/Tidy.js";
|
||||||
import Unicode from "../operations/Unicode.js";
|
import Unicode from "../operations/Unicode.js";
|
||||||
import URL_ from "../operations/URL.js";
|
import URL_ from "../operations/URL.js";
|
||||||
import UUID from "../operations/UUID.js";
|
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -296,6 +290,44 @@ const OperationConfig = {
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"Disassemble x86": {
|
||||||
|
module: "Shellcode",
|
||||||
|
description: "Disassembly is the process of translating machine language into assembly language.<br><br>This operation supports 64-bit, 32-bit and 16-bit code written for Intel or AMD x86 processors. It is particularly useful for reverse engineering shellcode.<br><br>Input should be in hexadecimal.",
|
||||||
|
inputType: "string",
|
||||||
|
outputType: "string",
|
||||||
|
args: [
|
||||||
|
{
|
||||||
|
name: "Bit mode",
|
||||||
|
type: "option",
|
||||||
|
value: Shellcode.MODE
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "Compatibility",
|
||||||
|
type: "option",
|
||||||
|
value: Shellcode.COMPATIBILITY
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "Code Segment (CS)",
|
||||||
|
type: "number",
|
||||||
|
value: 16
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "Offset (IP)",
|
||||||
|
type: "number",
|
||||||
|
value: 0
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "Show instruction hex",
|
||||||
|
type: "boolean",
|
||||||
|
value: true
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "Show instruction position",
|
||||||
|
type: "boolean",
|
||||||
|
value: true
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
"XOR": {
|
"XOR": {
|
||||||
module: "Default",
|
module: "Default",
|
||||||
description: "XOR the input with the given key.<br>e.g. <code>fe023da5</code><br><br><strong>Options</strong><br><u>Null preserving:</u> If the current byte is 0x00 or the same as the key, skip it.<br><br><u>Scheme:</u><ul><li>Standard - key is unchanged after each round</li><li>Input differential - key is set to the value of the previous unprocessed byte</li><li>Output differential - key is set to the value of the previous processed byte</li></ul>",
|
description: "XOR the input with the given key.<br>e.g. <code>fe023da5</code><br><br><strong>Options</strong><br><u>Null preserving:</u> If the current byte is 0x00 or the same as the key, skip it.<br><br><u>Scheme:</u><ul><li>Standard - key is unchanged after each round</li><li>Input differential - key is set to the value of the previous unprocessed byte</li><li>Output differential - key is set to the value of the previous processed byte</li></ul>",
|
||||||
|
|
|
@ -18,6 +18,7 @@ import HTTPModule from "./HTTP.js";
|
||||||
import ImageModule from "./Image.js";
|
import ImageModule from "./Image.js";
|
||||||
import JSBNModule from "./JSBN.js";
|
import JSBNModule from "./JSBN.js";
|
||||||
import PublicKeyModule from "./PublicKey.js";
|
import PublicKeyModule from "./PublicKey.js";
|
||||||
|
import ShellcodeModule from "./Shellcode.js";
|
||||||
|
|
||||||
Object.assign(
|
Object.assign(
|
||||||
OpModules,
|
OpModules,
|
||||||
|
@ -31,7 +32,8 @@ Object.assign(
|
||||||
HTTPModule,
|
HTTPModule,
|
||||||
ImageModule,
|
ImageModule,
|
||||||
JSBNModule,
|
JSBNModule,
|
||||||
PublicKeyModule
|
PublicKeyModule,
|
||||||
|
ShellcodeModule
|
||||||
);
|
);
|
||||||
|
|
||||||
export default OpModules;
|
export default OpModules;
|
||||||
|
|
20
src/core/config/modules/Shellcode.js
Normal file
20
src/core/config/modules/Shellcode.js
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
import Shellcode from "../../operations/Shellcode.js";
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Shellcode module.
|
||||||
|
*
|
||||||
|
* Libraries:
|
||||||
|
* - DisassembleX86-64.js
|
||||||
|
*
|
||||||
|
* @author n1474335 [n1474335@gmail.com]
|
||||||
|
* @copyright Crown Copyright 2017
|
||||||
|
* @license Apache-2.0
|
||||||
|
*/
|
||||||
|
let OpModules = typeof self === "undefined" ? {} : self.OpModules || {};
|
||||||
|
|
||||||
|
OpModules.Shellcode = {
|
||||||
|
"Disassemble x86": Shellcode.runDisassemble,
|
||||||
|
};
|
||||||
|
|
||||||
|
export default OpModules;
|
5722
src/core/lib/DisassembleX86-64.js
Normal file
5722
src/core/lib/DisassembleX86-64.js
Normal file
File diff suppressed because it is too large
Load diff
|
@ -1,4 +1,3 @@
|
||||||
/* globals app */
|
|
||||||
import Utils from "../Utils.js";
|
import Utils from "../Utils.js";
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,4 @@
|
||||||
import cptable from "../lib/js-codepage/cptable.js";
|
import cptable from "../lib/js-codepage/cptable.js";
|
||||||
import Utils from "../Utils.js";
|
|
||||||
import CryptoJS from "crypto-js";
|
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -1,4 +1,3 @@
|
||||||
/* globals app */
|
|
||||||
import Utils from "../Utils.js";
|
import Utils from "../Utils.js";
|
||||||
|
|
||||||
|
|
||||||
|
|
96
src/core/operations/Shellcode.js
Normal file
96
src/core/operations/Shellcode.js
Normal file
|
@ -0,0 +1,96 @@
|
||||||
|
import disassemble from "../lib/DisassembleX86-64.js";
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Shellcode operations.
|
||||||
|
*
|
||||||
|
* @author n1474335 [n1474335@gmail.com]
|
||||||
|
* @copyright Crown Copyright 2017
|
||||||
|
* @license Apache-2.0
|
||||||
|
*
|
||||||
|
* @namespace
|
||||||
|
*/
|
||||||
|
const Shellcode = {
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @constant
|
||||||
|
* @default
|
||||||
|
*/
|
||||||
|
MODE: ["64", "32", "16"],
|
||||||
|
/**
|
||||||
|
* @constant
|
||||||
|
* @default
|
||||||
|
*/
|
||||||
|
COMPATIBILITY: [
|
||||||
|
"Full x86 architecture",
|
||||||
|
"Knights Corner",
|
||||||
|
"Larrabee",
|
||||||
|
"Cyrix",
|
||||||
|
"Geode",
|
||||||
|
"Centaur",
|
||||||
|
"X86/486"
|
||||||
|
],
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Disassemble x86 operation.
|
||||||
|
*
|
||||||
|
* @param {string} input
|
||||||
|
* @param {Object[]} args
|
||||||
|
* @returns {string}
|
||||||
|
*/
|
||||||
|
runDisassemble: function(input, args) {
|
||||||
|
const mode = args[0],
|
||||||
|
compatibility = args[1],
|
||||||
|
codeSegment = args[2],
|
||||||
|
offset = args[3],
|
||||||
|
showInstructionHex = args[4],
|
||||||
|
showInstructionPos = args[5];
|
||||||
|
|
||||||
|
switch (mode) {
|
||||||
|
case "64":
|
||||||
|
disassemble.setBitMode(2);
|
||||||
|
break;
|
||||||
|
case "32":
|
||||||
|
disassemble.setBitMode(1);
|
||||||
|
break;
|
||||||
|
case "16":
|
||||||
|
disassemble.setBitMode(0);
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
throw "Invalid mode value";
|
||||||
|
}
|
||||||
|
|
||||||
|
switch (compatibility) {
|
||||||
|
case "Full x86 architecture":
|
||||||
|
disassemble.CompatibilityMode(0);
|
||||||
|
break;
|
||||||
|
case "Knights Corner":
|
||||||
|
disassemble.CompatibilityMode(1);
|
||||||
|
break;
|
||||||
|
case "Larrabee":
|
||||||
|
disassemble.CompatibilityMode(2);
|
||||||
|
break;
|
||||||
|
case "Cyrix":
|
||||||
|
disassemble.CompatibilityMode(3);
|
||||||
|
break;
|
||||||
|
case "Geode":
|
||||||
|
disassemble.CompatibilityMode(4);
|
||||||
|
break;
|
||||||
|
case "Centaur":
|
||||||
|
disassemble.CompatibilityMode(5);
|
||||||
|
break;
|
||||||
|
case "X86/486":
|
||||||
|
disassemble.CompatibilityMode(6);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
disassemble.SetBasePosition(codeSegment + ":" + offset);
|
||||||
|
disassemble.setShowInstructionHex(showInstructionHex);
|
||||||
|
disassemble.setShowInstructionPos(showInstructionPos);
|
||||||
|
disassemble.LoadBinCode(input.replace(/\s/g, ""));
|
||||||
|
return disassemble.LDisassemble();
|
||||||
|
},
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
|
export default Shellcode;
|
|
@ -9,7 +9,7 @@ require("babel-polyfill");
|
||||||
|
|
||||||
const Chef = require("../core/Chef.js").default;
|
const Chef = require("../core/Chef.js").default;
|
||||||
|
|
||||||
const CyberChef = module.exports = {
|
const CyberChef = {
|
||||||
|
|
||||||
bake: function(input, recipeConfig) {
|
bake: function(input, recipeConfig) {
|
||||||
this.chef = new Chef();
|
this.chef = new Chef();
|
||||||
|
@ -23,3 +23,5 @@ const CyberChef = module.exports = {
|
||||||
}
|
}
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
module.exports = CyberChef;
|
||||||
|
|
Loading…
Reference in a new issue