Added 'Disassemble x86' operation

This commit is contained in:
n1474335 2017-10-04 22:35:44 +01:00
parent 89ca2cc631
commit cd5265fad4
12 changed files with 5886 additions and 19 deletions

View file

@ -28,11 +28,7 @@
// modify rules from base configurations
"no-unused-vars": ["error", {
"args": "none",
"vars": "local",
// Allow vars that start with a capital letter to be unused.
// This is mainly for exported module names which are useful to indicate
// the name of the module and may be used to refer to itself in future.
"varsIgnorePattern": "^[A-Z]"
"vars": "all"
}],
"no-empty": ["error", {
"allowEmptyCatch": true

View file

@ -92,7 +92,7 @@ async function bake(data) {
} catch (err) {
self.postMessage({
action: "bakeError",
data: err.message
data: err
});
}
}

View file

@ -300,6 +300,7 @@ const Categories = [
"Frequency distribution",
"Detect File Type",
"Scan for Embedded Files",
"Disassemble x86",
"Generate UUID",
"Generate TOTP",
"Generate HOTP",

View file

@ -5,7 +5,6 @@ import BCD from "../operations/BCD.js";
import BitwiseOp from "../operations/BitwiseOp.js";
import ByteRepr from "../operations/ByteRepr.js";
import CharEnc from "../operations/CharEnc.js";
import Checksum from "../operations/Checksum.js";
import Cipher from "../operations/Cipher.js";
import Code from "../operations/Code.js";
import Compress from "../operations/Compress.js";
@ -26,21 +25,16 @@ import IP from "../operations/IP.js";
import JS from "../operations/JS.js";
import MAC from "../operations/MAC.js";
import MorseCode from "../operations/MorseCode.js";
import MS from "../operations/MS.js";
import NetBIOS from "../operations/NetBIOS.js";
import Numberwang from "../operations/Numberwang.js";
import OS from "../operations/OS.js";
import OTP from "../operations/OTP.js";
import PublicKey from "../operations/PublicKey.js";
import Punycode from "../operations/Punycode.js";
import QuotedPrintable from "../operations/QuotedPrintable.js";
import Rotate from "../operations/Rotate.js";
import SeqUtils from "../operations/SeqUtils.js";
import Shellcode from "../operations/Shellcode.js";
import StrUtils from "../operations/StrUtils.js";
import Tidy from "../operations/Tidy.js";
import Unicode from "../operations/Unicode.js";
import URL_ from "../operations/URL.js";
import UUID from "../operations/UUID.js";
/**
@ -296,6 +290,44 @@ const OperationConfig = {
}
]
},
"Disassemble x86": {
module: "Shellcode",
description: "Disassembly is the process of translating machine language into assembly language.<br><br>This operation supports 64-bit, 32-bit and 16-bit code written for Intel or AMD x86 processors. It is particularly useful for reverse engineering shellcode.<br><br>Input should be in hexadecimal.",
inputType: "string",
outputType: "string",
args: [
{
name: "Bit mode",
type: "option",
value: Shellcode.MODE
},
{
name: "Compatibility",
type: "option",
value: Shellcode.COMPATIBILITY
},
{
name: "Code Segment (CS)",
type: "number",
value: 16
},
{
name: "Offset (IP)",
type: "number",
value: 0
},
{
name: "Show instruction hex",
type: "boolean",
value: true
},
{
name: "Show instruction position",
type: "boolean",
value: true
}
]
},
"XOR": {
module: "Default",
description: "XOR the input with the given key.<br>e.g. <code>fe023da5</code><br><br><strong>Options</strong><br><u>Null preserving:</u> If the current byte is 0x00 or the same as the key, skip it.<br><br><u>Scheme:</u><ul><li>Standard - key is unchanged after each round</li><li>Input differential - key is set to the value of the previous unprocessed byte</li><li>Output differential - key is set to the value of the previous processed byte</li></ul>",

View file

@ -18,6 +18,7 @@ import HTTPModule from "./HTTP.js";
import ImageModule from "./Image.js";
import JSBNModule from "./JSBN.js";
import PublicKeyModule from "./PublicKey.js";
import ShellcodeModule from "./Shellcode.js";
Object.assign(
OpModules,
@ -31,7 +32,8 @@ Object.assign(
HTTPModule,
ImageModule,
JSBNModule,
PublicKeyModule
PublicKeyModule,
ShellcodeModule
);
export default OpModules;

View file

@ -0,0 +1,20 @@
import Shellcode from "../../operations/Shellcode.js";
/**
* Shellcode module.
*
* Libraries:
* - DisassembleX86-64.js
*
* @author n1474335 [n1474335@gmail.com]
* @copyright Crown Copyright 2017
* @license Apache-2.0
*/
let OpModules = typeof self === "undefined" ? {} : self.OpModules || {};
OpModules.Shellcode = {
"Disassemble x86": Shellcode.runDisassemble,
};
export default OpModules;

File diff suppressed because it is too large Load diff

View file

@ -1,4 +1,3 @@
/* globals app */
import Utils from "../Utils.js";

View file

@ -1,6 +1,4 @@
import cptable from "../lib/js-codepage/cptable.js";
import Utils from "../Utils.js";
import CryptoJS from "crypto-js";
/**

View file

@ -1,4 +1,3 @@
/* globals app */
import Utils from "../Utils.js";

View file

@ -0,0 +1,96 @@
import disassemble from "../lib/DisassembleX86-64.js";
/**
* Shellcode operations.
*
* @author n1474335 [n1474335@gmail.com]
* @copyright Crown Copyright 2017
* @license Apache-2.0
*
* @namespace
*/
const Shellcode = {
/**
* @constant
* @default
*/
MODE: ["64", "32", "16"],
/**
* @constant
* @default
*/
COMPATIBILITY: [
"Full x86 architecture",
"Knights Corner",
"Larrabee",
"Cyrix",
"Geode",
"Centaur",
"X86/486"
],
/**
* Disassemble x86 operation.
*
* @param {string} input
* @param {Object[]} args
* @returns {string}
*/
runDisassemble: function(input, args) {
const mode = args[0],
compatibility = args[1],
codeSegment = args[2],
offset = args[3],
showInstructionHex = args[4],
showInstructionPos = args[5];
switch (mode) {
case "64":
disassemble.setBitMode(2);
break;
case "32":
disassemble.setBitMode(1);
break;
case "16":
disassemble.setBitMode(0);
break;
default:
throw "Invalid mode value";
}
switch (compatibility) {
case "Full x86 architecture":
disassemble.CompatibilityMode(0);
break;
case "Knights Corner":
disassemble.CompatibilityMode(1);
break;
case "Larrabee":
disassemble.CompatibilityMode(2);
break;
case "Cyrix":
disassemble.CompatibilityMode(3);
break;
case "Geode":
disassemble.CompatibilityMode(4);
break;
case "Centaur":
disassemble.CompatibilityMode(5);
break;
case "X86/486":
disassemble.CompatibilityMode(6);
break;
}
disassemble.SetBasePosition(codeSegment + ":" + offset);
disassemble.setShowInstructionHex(showInstructionHex);
disassemble.setShowInstructionPos(showInstructionPos);
disassemble.LoadBinCode(input.replace(/\s/g, ""));
return disassemble.LDisassemble();
},
};
export default Shellcode;

View file

@ -9,7 +9,7 @@ require("babel-polyfill");
const Chef = require("../core/Chef.js").default;
const CyberChef = module.exports = {
const CyberChef = {
bake: function(input, recipeConfig) {
this.chef = new Chef();
@ -23,3 +23,5 @@ const CyberChef = module.exports = {
}
};
module.exports = CyberChef;