Commit graph

3358 commits

Author SHA1 Message Date
TheSavageTeddy
bf4e62b4b7 added choice for base85 all-zero character 2022-11-25 21:36:17 +08:00
TheSavageTeddy
d77f8ba747 fix linting again 2022-11-25 11:08:01 +08:00
TheSavageTeddy
78d35ecec3 better boolean statement 2022-11-25 10:59:04 +08:00
TheSavageTeddy
c79bf5caaf fixed linting 2022-11-25 10:49:56 +08:00
TheSavageTeddy
66cbc6908a Better delimeter parsing for From Base85 2022-11-25 10:36:08 +08:00
n1474335
72889d1c20 9.49.0 2022-11-11 16:29:13 +00:00
n1474335
6c5433b226 Updated CHANGELOG 2022-11-11 16:29:03 +00:00
n1474335
31a7f83b82 Added 'LZ4 Compress' and 'LZ4 Decompress' operations. Closes #1116 2022-11-11 16:27:14 +00:00
n1474335
ed8bd34915 9.48.0 2022-10-15 00:15:49 +01:00
n1474335
5c72791279 Updated CHANGELOG 2022-10-15 00:15:39 +01:00
n1474335
142f91425c Added 'LM Hash' opertaion 2022-10-15 00:13:39 +01:00
n1474335
d6344760ec Merge branch 'master' of https://github.com/brun0ne/CyberChef 2022-10-14 18:45:47 +01:00
n1474335
64c009f266 9.47.5 2022-10-14 16:28:10 +01:00
n1474335
a73decc792 Merge branch 'master' of https://github.com/gariev/CyberChef 2022-10-14 16:26:08 +01:00
n1474335
f332ca4617 9.47.4 2022-10-14 16:24:33 +01:00
n1474335
937791d33d Merge branch 'jwt-magic' of https://github.com/whs/CyberChef 2022-10-14 16:24:19 +01:00
n1474335
a63a130723 Merge branch 'ci/actions' of https://github.com/Fdawgs/CyberChef 2022-10-14 16:21:53 +01:00
n1474335
0f1175bf15 9.47.3 2022-10-14 16:20:38 +01:00
n1474335
e4db23f857 Removed extra comment from Raw Inflate 2022-10-14 16:20:34 +01:00
n1474335
32e7dd030e Merge branch 'master' of https://github.com/XlogicX/CyberChef 2022-10-14 16:19:32 +01:00
n1474335
e33950961e 9.47.2 2022-10-14 16:10:19 +01:00
n1474335
5d65cb419f Tidied up 'Generate all hashes' operation 2022-10-14 16:10:01 +01:00
n1474335
536053d5f9 Merge branch 'hash' of https://github.com/jl2168/CyberChef 2022-10-14 14:53:00 +01:00
n1474335
04ef095b88 9.47.1 2022-10-14 14:47:30 +01:00
n1474335
66277cd71f Added more DNS request types 2022-10-14 14:47:19 +01:00
n1474335
58f01d0464 Merge branch 'PTR-option' of https://github.com/CyberGoat/CyberChef 2022-10-14 14:14:17 +01:00
n1474335
9ba9c56361 9.47.0 2022-10-14 14:07:47 +01:00
n1474335
11902e3220 Updated CHANGELOG 2022-10-14 14:07:42 +01:00
n1474335
c3f79c4b2c Merge branch 'feature/lzma' of https://github.com/mattnotmitt/CyberChef 2022-10-14 14:03:57 +01:00
n1474335
576905e8b8 9.46.7 2022-10-14 14:01:05 +01:00
n1474335
77a3b91afe Merge branch 'ssh-ed25519' of https://github.com/cplussharp/CyberChef 2022-10-14 14:00:03 +01:00
n1474335
40b58aa144 9.46.6 2022-10-14 13:57:35 +01:00
n1474335
d5bcdc8eed Dependency fixes 2022-10-14 13:57:00 +01:00
Manatsawin Hanmongkolchai
674649ca7f Added checks to JWTDecode operation 2022-10-09 14:57:02 +07:00
XlogicX
1a9a070c3b
Removal of unnecessary error condition
This situation occurs because the dependancy (zlibjs/bin/rawinflate.min.js) doesn't do a sanity check on distances going back farther than the current buffer.

For example:
DEFLATE data of '123' and then a length of 9 going back a distance of 6
ASCIIHEX: 333432869300

! infgen 3.0 output
!
last			! 1
fixed			! 01
literal '1		! 10000110
literal '2		! 01000110
literal '3		! 11000110
match 9 6		! 1 00100 1110000
infgen warning: distance too far back (6/3)
end			! 0000000
			! 0

We only have 3 characters, we shouldn't be able to seek 6 characters back. But rawinflate.min.js doesn't check for this like the infgen debug tool (and others) would. So CyberChef would happily provide this as the result:
123...123...
Where the dots are just nulls of likley empty memory preceding the actual buffer

So with the example in this source
// e.g. Input data of [8b, 1d, dc, 44]

last			! 1
fixed			! 01
literal ']		! 10110001
match 158 5		! 0 00100 11011 10000011
infgen warning: distance too far back (5/1)

This means we have a literal ']' and then we are asking for 158 more characters and to find them a distance of 5 back. This explains why the ']', why it repeats every 5, and why it is a length > 158.

This code should just be removed; it isn't justified. Being that this issue is a lack of sanity checking in a dependancy, and that this routine only catches the symptom of one of the nearly unlimited edge cases like this, AND it could filter out correct inputs, such as a recipe of this as input to RAWDEFLATE
]OMG[]HAX[]OMG[]HAX[]OMG[]HAX[]OMG[]HAX[]OMG[]HAX[]OMG[]HAX[]OMG[]HAX[]OMG[]HAX[]OMG[]HAX[]OMG[]HAX[]OMG[]HAX[]OMG[]HAX[]OMG[]HAX[]OMG[]HAX[]OMG[]HAX[]OMG[]HAX
Then getting an error with the INFLATE even though the input is actually valid.
2022-10-06 14:02:27 -04:00
XlogicX
32bee35f85
Removal of unnecessary error checking routine
This situation occurs because the dependancy (zlibjs/bin/rawinflate.min.js) doesn't do a sanity check on distances going back farther than the current buffer.

For example:
DEFLATE data of '123' and then a length of 9 going back a distance of 6
ASCIIHEX: 333432869300

! infgen 3.0 output
!
last			! 1
fixed			! 01
literal '1		! 10000110
literal '2		! 01000110
literal '3		! 11000110
match 9 6		! 1 00100 1110000
infgen warning: distance too far back (6/3)
end			! 0000000
			! 0

We only have 3 characters, we shouldn't be able to seek 6 characters back. But rawinflate.min.js doesn't check for this like the infgen debug tool (and others) would. So CyberChef would happily provide this as the result:
123...123...
Where the dots are just nulls of likley empty memory preceding the actual buffer

So with the example in this source
// e.g. Input data of [8b, 1d, dc, 44]

last			! 1
fixed			! 01
literal ']		! 10110001
match 158 5		! 0 00100 11011 10000011
infgen warning: distance too far back (5/1)

This means we have a literal ']' and then we are asking for 158 more characters and to find them a distance of 5 back. This explains why the ']', why it repeats every 5, and why it is a length > 158.

This code should just be removed; it isn't justified. Being that this issue is a lack of sanity checking in a dependancy, and that this routine only catches the symptom of one of the nearly unlimited edge cases like this, AND it could filter out correct inputs, such as a recipe of this as input to RAWDEFLATE
]OMG[]HAX[]OMG[]HAX[]OMG[]HAX[]OMG[]HAX[]OMG[]HAX[]OMG[]HAX[]OMG[]HAX[]OMG[]HAX[]OMG[]HAX[]OMG[]HAX[]OMG[]HAX[]OMG[]HAX[]OMG[]HAX[]OMG[]HAX[]OMG[]HAX[]OMG[]HAX
Then getting an error with the INFLATE even though the input is actually valid.
2022-10-06 13:53:32 -04:00
Frazer Smith
a68ce5a5af
Update GitHub Actions 2022-10-06 13:58:01 +01:00
Igor Gariev
026e9ca9c3 Added escape sequence "\a" (audible bell, 0x07) to Utils.parseEscapedChars().
The sequece is part of C and C++ standard, as well as protocol buffer encoding.

- https://en.wikipedia.org/wiki/Escape_sequences_in_C
- https://en.cppreference.com/w/cpp/language/escape
- https://developers.google.com/protocol-buffers/docs/text-format-spec#string
2022-09-28 20:32:21 -07:00
BrunonDEV
f1ce67d79b Added NTLM operation
Hashing operation - MD4 on UTF16LE-encoded input
2022-09-27 23:13:22 +02:00
john19696
312be4772c rsdix 2022-09-23 11:38:15 +01:00
john19696
be97a0062e linted 2022-09-22 16:53:29 +01:00
john19696
00f0101723 author fix 2022-09-22 16:39:51 +01:00
john19696
f450240094 Parameterise All hashes 2022-09-22 16:30:36 +01:00
Ethan Block
a7b8378736
Adding PTR to possiable values for Resolver 2022-09-21 11:37:06 -04:00
Matt C
98a70c2dd2 Add tests and handle decompress returning string or array 2022-09-19 17:33:55 +01:00
Matt C
d502dd9857 Add LZMA Decompress operation 2022-09-19 14:24:09 +01:00
Matt C
1ec7033d46 Add LZMA Compress operation 2022-09-19 14:24:09 +01:00
Matt C
28ec56a27f Update libyara package to fix bug with compile messages and add support for console module 2022-09-18 16:11:04 +01:00
CPlusSharp
bf2afcd2ef Support Ed25519 SSH host key parsing 2022-09-18 12:47:55 +02:00
Matt C
8f710461da Update yara to 4.2.3 and fix output reading 0 matches 2022-09-17 23:48:11 +01:00