CyberChef/src/core/operations/FromHexdump.mjs

/**
 * @author n1474335 [n1474335@gmail.com]
 * @copyright Crown Copyright 2016
 * @license Apache-2.0
 */

import Operation from "../Operation";
import {fromHex} from "../lib/Hex";

/**
 * From Hexdump operation
 */
class FromHexdump extends Operation {

    /**
     * FromHexdump constructor
     */
    constructor() {
        super();

        this.name = "From Hexdump";
        this.module = "Default";
        this.description = "Attempts to convert a hexdump back into raw data. This operation supports many different hexdump variations, but probably not all. Make sure you verify that the data it gives you is correct before continuing analysis.";
        this.inputType = "string";
        this.outputType = "byteArray";
        this.args = [];
        this.patterns = [
            {
                match: "^(?:(?:[\\dA-F]{4,16}:?)?\\s*((?:[\\dA-F]{2}\\s){1,8}(?:\\s|[\\dA-F]{2}-)(?:[\\dA-F]{2}\\s){1,8}|(?:[\\dA-F]{2}\\s|[\\dA-F]{4}\\s)+)[^\\n]*\\n?)+$",
                flags: "i",
                args: []
            },
        ];
    }

    /**
     * @param {string} input
     * @param {Object[]} args
     * @returns {byteArray}
     */
    run(input, args) {
        const output = [],
            regex = /^\s*(?:[\dA-F]{4,16}h?:?)?\s*((?:[\dA-F]{2}\s){1,8}(?:\s|[\dA-F]{2}-)(?:[\dA-F]{2}\s){1,8}|(?:[\dA-F]{2}\s|[\dA-F]{4}\s)+)/igm;
        let block, line;

        while ((block = regex.exec(input))) {
            line = fromHex(block[1].replace(/-/g, " "));
            for (let i = 0; i < line.length; i++) {
                output.push(line[i]);
            }
        }
        // Is this a CyberChef hexdump or is it from a different tool?
        const width = input.indexOf("\n");
        const w = (width - 13) / 4;
        // w should be the specified width of the hexdump and therefore a round number
        if (Math.floor(w) !== w || input.indexOf("\r") !== -1 || output.indexOf(13) !== -1) {
            if (ENVIRONMENT_IS_WORKER()) self.setOption("attemptHighlight", false);
        }
        return output;
    }

    /**
     * Highlight From Hexdump
     *
     * @param {Object[]} pos
     * @param {number} pos[].start
     * @param {number} pos[].end
     * @param {Object[]} args
     * @returns {Object[]} pos
     */
    highlight(pos, args) {
        const w = args[0] || 16;
        const width = 14 + (w*4);

        let line = Math.floor(pos[0].start / width);
        let offset = pos[0].start % width;

        if (offset < 10) { // In line number section
            pos[0].start = line*w;
        } else if (offset > 10+(w*3)) { // In ASCII section
            pos[0].start = (line+1)*w;
        } else { // In byte section
            pos[0].start = line*w + Math.floor((offset-10)/3);
        }

        line = Math.floor(pos[0].end / width);
        offset = pos[0].end % width;

        if (offset < 10) { // In line number section
            pos[0].end = line*w;
        } else if (offset > 10+(w*3)) { // In ASCII section
            pos[0].end = (line+1)*w;
        } else { // In byte section
            pos[0].end = line*w + Math.ceil((offset-10)/3);
        }

        return pos;
    }

    /**
     * Highlight From Hexdump in reverse
     *
     * @param {Object[]} pos
     * @param {number} pos[].start
     * @param {number} pos[].end
     * @param {Object[]} args
     * @returns {Object[]} pos
     */
    highlightReverse(pos, args) {
        // Calculate overall selection
        const w = args[0] || 16,
            width = 14 + (w*4);
        let line = Math.floor(pos[0].start / w),
            offset = pos[0].start % w,
            start = 0,
            end = 0;

        pos[0].start = line*width + 10 + offset*3;

        line = Math.floor(pos[0].end / w);
        offset = pos[0].end % w;
        if (offset === 0) {
            line--;
            offset = w;
        }
        pos[0].end = line*width + 10 + offset*3 - 1;

        // Set up multiple selections for bytes
        let startLineNum = Math.floor(pos[0].start / width);
        const endLineNum = Math.floor(pos[0].end / width);

        if (startLineNum === endLineNum) {
            pos.push(pos[0]);
        } else {
            start = pos[0].start;
            end = (startLineNum+1) * width - w - 5;
            pos.push({ start: start, end: end });
            while (end < pos[0].end) {
                startLineNum++;
                start = startLineNum * width + 10;
                end = (startLineNum+1) * width - w - 5;
                if (end > pos[0].end) end = pos[0].end;
                pos.push({ start: start, end: end });
            }
        }

        // Set up multiple selections for ASCII
        const len = pos.length;
        let lineNum = 0;
        start = 0;
        end = 0;
        for (let i = 1; i < len; i++) {
            lineNum = Math.floor(pos[i].start / width);
            start = (((pos[i].start - (lineNum * width)) - 10) / 3) + (width - w -2) + (lineNum * width);
            end = (((pos[i].end + 1 - (lineNum * width)) - 10) / 3) + (width - w -2) + (lineNum * width);
            pos.push({ start: start, end: end });
        }
        return pos;
    }

}

export default FromHexdump;
Initial commit 2016-11-28 11:42:58 +01:00			`/**`
			`* @author n1474335 [n1474335@gmail.com]`
			`* @copyright Crown Copyright 2016`
			`* @license Apache-2.0`
			`*/`

ESM: Added portOperation.mjs script. Added To and From Hexdump operations. 2018-05-06 13:24:01 +02:00			`import Operation from "../Operation";`
			`import {fromHex} from "../lib/Hex";`

			`/**`
			`* From Hexdump operation`
			`*/`
			`class FromHexdump extends Operation {`
Updated eslint whitespace rules 2017-02-09 16:09:33 +01:00
Initial commit 2016-11-28 11:42:58 +01:00			`/**`
ESM: Added portOperation.mjs script. Added To and From Hexdump operations. 2018-05-06 13:24:01 +02:00			`* FromHexdump constructor`
Initial commit 2016-11-28 11:42:58 +01:00			`*/`
ESM: Added portOperation.mjs script. Added To and From Hexdump operations. 2018-05-06 13:24:01 +02:00			`constructor() {`
			`super();`

			`this.name = "From Hexdump";`
			`this.module = "Default";`
			`this.description = "Attempts to convert a hexdump back into raw data. This operation supports many different hexdump variations, but probably not all. Make sure you verify that the data it gives you is correct before continuing analysis.";`
			`this.inputType = "string";`
			`this.outputType = "byteArray";`
			`this.args = [];`
Merged esm branch into feature-magic. Ported FileType ops. 2018-05-20 17:49:42 +02:00			`this.patterns = [`
			`{`
			`match: "^(?:(?:[\\dA-F]{4,16}:?)?\\s((?:[\\dA-F]{2}\\s){1,8}(?:\\s\|[\\dA-F]{2}-)(?:[\\dA-F]{2}\\s){1,8}\|(?:[\\dA-F]{2}\\s\|[\\dA-F]{4}\\s)+)[^\\n]\\n?)+$",`
			`flags: "i",`
			`args: []`
			`},`
			`];`
ESM: Added portOperation.mjs script. Added To and From Hexdump operations. 2018-05-06 13:24:01 +02:00			`}`
Updated eslint whitespace rules 2017-02-09 16:09:33 +01:00
Initial commit 2016-11-28 11:42:58 +01:00			`/**`
			`* @param {string} input`
			`* @param {Object[]} args`
Variable names changed from underscore to CamelCase. Eslint rules updated. #64 2017-01-31 19:24:56 +01:00			`* @returns {byteArray}`
Initial commit 2016-11-28 11:42:58 +01:00			`*/`
ESM: Added portOperation.mjs script. Added To and From Hexdump operations. 2018-05-06 13:24:01 +02:00			`run(input, args) {`
			`const output = [],`
			`regex = /^\s(?:[\dA-F]{4,16}h?:?)?\s((?:[\dA-F]{2}\s){1,8}(?:\s\|[\dA-F]{2}-)(?:[\dA-F]{2}\s){1,8}\|(?:[\dA-F]{2}\s\|[\dA-F]{4}\s)+)/igm;`
			`let block, line;`
Updated eslint whitespace rules 2017-02-09 16:09:33 +01:00
Replaced jsHint with eslint. Fixes #4. 2016-12-14 17:39:17 +01:00			`while ((block = regex.exec(input))) {`
ESM: Added portOperation.mjs script. Added To and From Hexdump operations. 2018-05-06 13:24:01 +02:00			`line = fromHex(block[1].replace(/-/g, " "));`
autofix no-var 2017-04-13 19:08:50 +02:00			`for (let i = 0; i < line.length; i++) {`
Initial commit 2016-11-28 11:42:58 +01:00			`output.push(line[i]);`
			`}`
			`}`
			`// Is this a CyberChef hexdump or is it from a different tool?`
autofix no-var 2017-04-13 19:08:50 +02:00			`const width = input.indexOf("\n");`
			`const w = (width - 13) / 4;`
Initial commit 2016-11-28 11:42:58 +01:00			`// w should be the specified width of the hexdump and therefore a round number`
Replaced jsHint with eslint. Fixes #4. 2016-12-14 17:39:17 +01:00			`if (Math.floor(w) !== w \|\| input.indexOf("\r") !== -1 \|\| output.indexOf(13) !== -1) {`
Operations can now set options from within the worker 2017-09-20 01:37:57 +02:00			`if (ENVIRONMENT_IS_WORKER()) self.setOption("attemptHighlight", false);`
Initial commit 2016-11-28 11:42:58 +01:00			`}`
			`return output;`
ESM: Added portOperation.mjs script. Added To and From Hexdump operations. 2018-05-06 13:24:01 +02:00			`}`

			`/**`
			`* Highlight From Hexdump`
			`*`
			`* @param {Object[]} pos`
			`* @param {number} pos[].start`
			`* @param {number} pos[].end`
			`* @param {Object[]} args`
			`* @returns {Object[]} pos`
			`*/`
			`highlight(pos, args) {`
			`const w = args[0] \|\| 16;`
			`const width = 14 + (w*4);`

			`let line = Math.floor(pos[0].start / width);`
			`let offset = pos[0].start % width;`

			`if (offset < 10) { // In line number section`
			`pos[0].start = line*w;`
			`} else if (offset > 10+(w*3)) { // In ASCII section`
			`pos[0].start = (line+1)*w;`
			`} else { // In byte section`
			`pos[0].start = line*w + Math.floor((offset-10)/3);`
			`}`

			`line = Math.floor(pos[0].end / width);`
			`offset = pos[0].end % width;`

			`if (offset < 10) { // In line number section`
			`pos[0].end = line*w;`
			`} else if (offset > 10+(w*3)) { // In ASCII section`
			`pos[0].end = (line+1)*w;`
			`} else { // In byte section`
			`pos[0].end = line*w + Math.ceil((offset-10)/3);`
			`}`
Updated eslint whitespace rules 2017-02-09 16:09:33 +01:00
ESM: Added portOperation.mjs script. Added To and From Hexdump operations. 2018-05-06 13:24:01 +02:00			`return pos;`
			`}`
Updated eslint whitespace rules 2017-02-09 16:09:33 +01:00
Initial commit 2016-11-28 11:42:58 +01:00			`/**`
ESM: Added portOperation.mjs script. Added To and From Hexdump operations. 2018-05-06 13:24:01 +02:00			`* Highlight From Hexdump in reverse`
Initial commit 2016-11-28 11:42:58 +01:00			`*`
			`* @param {Object[]} pos`
			`* @param {number} pos[].start`
			`* @param {number} pos[].end`
			`* @param {Object[]} args`
			`* @returns {Object[]} pos`
			`*/`
ESM: Added portOperation.mjs script. Added To and From Hexdump operations. 2018-05-06 13:24:01 +02:00			`highlightReverse(pos, args) {`
Initial commit 2016-11-28 11:42:58 +01:00			`// Calculate overall selection`
ESM: Added portOperation.mjs script. Added To and From Hexdump operations. 2018-05-06 13:24:01 +02:00			`const w = args[0] \|\| 16,`
			`width = 14 + (w*4);`
			`let line = Math.floor(pos[0].start / w),`
Initial commit 2016-11-28 11:42:58 +01:00			`offset = pos[0].start % w,`
			`start = 0,`
			`end = 0;`
Updated eslint whitespace rules 2017-02-09 16:09:33 +01:00
Initial commit 2016-11-28 11:42:58 +01:00			`pos[0].start = linewidth + 10 + offset3;`
Updated eslint whitespace rules 2017-02-09 16:09:33 +01:00
Initial commit 2016-11-28 11:42:58 +01:00			`line = Math.floor(pos[0].end / w);`
			`offset = pos[0].end % w;`
Replaced jsHint with eslint. Fixes #4. 2016-12-14 17:39:17 +01:00			`if (offset === 0) {`
			`line--;`
			`offset = w;`
			`}`
Initial commit 2016-11-28 11:42:58 +01:00			`pos[0].end = linewidth + 10 + offset3 - 1;`
Updated eslint whitespace rules 2017-02-09 16:09:33 +01:00
Initial commit 2016-11-28 11:42:58 +01:00			`// Set up multiple selections for bytes`
autofix no-var 2017-04-13 19:08:50 +02:00			`let startLineNum = Math.floor(pos[0].start / width);`
			`const endLineNum = Math.floor(pos[0].end / width);`
Updated eslint whitespace rules 2017-02-09 16:09:33 +01:00
Variable names changed from underscore to CamelCase. Eslint rules updated. #64 2017-01-31 19:24:56 +01:00			`if (startLineNum === endLineNum) {`
Initial commit 2016-11-28 11:42:58 +01:00			`pos.push(pos[0]);`
			`} else {`
			`start = pos[0].start;`
Variable names changed from underscore to CamelCase. Eslint rules updated. #64 2017-01-31 19:24:56 +01:00			`end = (startLineNum+1) * width - w - 5;`
Initial commit 2016-11-28 11:42:58 +01:00			`pos.push({ start: start, end: end });`
			`while (end < pos[0].end) {`
Variable names changed from underscore to CamelCase. Eslint rules updated. #64 2017-01-31 19:24:56 +01:00			`startLineNum++;`
			`start = startLineNum * width + 10;`
			`end = (startLineNum+1) * width - w - 5;`
Initial commit 2016-11-28 11:42:58 +01:00			`if (end > pos[0].end) end = pos[0].end;`
			`pos.push({ start: start, end: end });`
			`}`
			`}`
Updated eslint whitespace rules 2017-02-09 16:09:33 +01:00
Initial commit 2016-11-28 11:42:58 +01:00			`// Set up multiple selections for ASCII`
ESM: Added portOperation.mjs script. Added To and From Hexdump operations. 2018-05-06 13:24:01 +02:00			`const len = pos.length;`
			`let lineNum = 0;`
Initial commit 2016-11-28 11:42:58 +01:00			`start = 0;`
			`end = 0;`
autofix no-var 2017-04-13 19:08:50 +02:00			`for (let i = 1; i < len; i++) {`
Variable names changed from underscore to CamelCase. Eslint rules updated. #64 2017-01-31 19:24:56 +01:00			`lineNum = Math.floor(pos[i].start / width);`
			`start = (((pos[i].start - (lineNum * width)) - 10) / 3) + (width - w -2) + (lineNum * width);`
			`end = (((pos[i].end + 1 - (lineNum * width)) - 10) / 3) + (width - w -2) + (lineNum * width);`
Initial commit 2016-11-28 11:42:58 +01:00			`pos.push({ start: start, end: end });`
			`}`
			`return pos;`
ESM: Added portOperation.mjs script. Added To and From Hexdump operations. 2018-05-06 13:24:01 +02:00			`}`
Updated eslint whitespace rules 2017-02-09 16:09:33 +01:00
ESM: Added portOperation.mjs script. Added To and From Hexdump operations. 2018-05-06 13:24:01 +02:00			`}`
Converted all modules from CommonJS to ES6 2017-03-23 18:52:20 +01:00
ESM: Added portOperation.mjs script. Added To and From Hexdump operations. 2018-05-06 13:24:01 +02:00			`export default FromHexdump;`