From 7abda44fd656d91970a51c0b42b9adcdf4233d10 Mon Sep 17 00:00:00 2001 From: bwhitn Date: Fri, 24 Nov 2017 05:48:40 -0800 Subject: [PATCH 1/4] Added Negative Matching to conditional jumps so negative lookahead is not required. --- src/core/FlowControl.js | 13 ++++++++----- src/core/config/OperationConfig.js | 5 +++++ 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/src/core/FlowControl.js b/src/core/FlowControl.js index 4a94ffdf..da6fe8c5 100755 --- a/src/core/FlowControl.js +++ b/src/core/FlowControl.js @@ -201,8 +201,9 @@ const FlowControl = { let ings = state.opList[state.progress].getIngValues(), dish = state.dish, regexStr = ings[0], - jumpNum = ings[1], - maxJumps = ings[2]; + invert = ings[1], + jumpNum = ings[2], + maxJumps = ings[3]; if (jumpNum < 0) { jumpNum--; @@ -212,9 +213,11 @@ const FlowControl = { return state; } - if (regexStr !== "" && dish.get(Dish.STRING).search(regexStr) > -1) { - state.progress += jumpNum; - state.numJumps++; + if (regexStr !== "") { + let strMatch = dish.get(Dish.STRING).search(regexStr) > -1; + if (!invert && strMatch || invert && !strMatch) { + state.progress += jumpNum; + state.numJumps++; } return state; diff --git a/src/core/config/OperationConfig.js b/src/core/config/OperationConfig.js index 9caa4f91..87564229 100755 --- a/src/core/config/OperationConfig.js +++ b/src/core/config/OperationConfig.js @@ -165,6 +165,11 @@ const OperationConfig = { type: "string", value: "" }, + { + name: "Negative match (logical NOT)", + type: "boolean", + value: false + }, { name: "Number of operations to jump over if match found", type: "number", From f01c0adee2fce99312c6d75f8c2845c5dde0de37 Mon Sep 17 00:00:00 2001 From: bwhitn Date: Fri, 24 Nov 2017 10:12:08 -0800 Subject: [PATCH 2/4] Changed jumps from index based to label base. Updated test. --- src/core/FlowControl.js | 46 +++++++++++++++++++--------- src/core/config/Categories.js | 1 + src/core/config/OperationConfig.js | 26 ++++++++++++---- src/core/config/modules/Default.js | 1 + test/tests/operations/FlowControl.js | 32 ++++++++++++++----- 5 files changed, 78 insertions(+), 28 deletions(-) diff --git a/src/core/FlowControl.js b/src/core/FlowControl.js index da6fe8c5..3cfce77b 100755 --- a/src/core/FlowControl.js +++ b/src/core/FlowControl.js @@ -170,18 +170,14 @@ const FlowControl = { */ runJump: function(state) { let ings = state.opList[state.progress].getIngValues(), - jumpNum = ings[0], + jmpIndex = FlowControl._getLabelIndex(ings[0], state), maxJumps = ings[1]; - if (jumpNum < 0) { - jumpNum--; - } - - if (state.numJumps >= maxJumps) { + if (state.numJumps >= maxJumps || jmpIndex == -1) { return state; } - state.progress += jumpNum; + state.progress = jmpIndex; state.numJumps++; return state; }, @@ -202,27 +198,49 @@ const FlowControl = { dish = state.dish, regexStr = ings[0], invert = ings[1], - jumpNum = ings[2], + jmpIndex = FlowControl._getLabelIndex(ings[2], state), maxJumps = ings[3]; - if (jumpNum < 0) { - jumpNum--; - } - - if (state.numJumps >= maxJumps) { + if (state.numJumps >= maxJumps || jmpIndex == -1) { return state; } if (regexStr !== "") { let strMatch = dish.get(Dish.STRING).search(regexStr) > -1; if (!invert && strMatch || invert && !strMatch) { - state.progress += jumpNum; + state.progress = jmpIndex; state.numJumps++; + } } return state; }, + /** + * Returns the index of a label. + * + * @param {Object} state + * @param {string} name + * @returns {number} + */ + + _getLabelIndex: function(name, state) { + let index = -1; + for (let o = 0; o < state.opList.length; o++) { + let operation = state.opList[o]; + if (operation.getConfig()["op"] === "Label"){ + let ings = operation.getIngValues(); + if (name === ings[0]) { + index = o; + break; + } + } + } + return index; + }, + + + /** * Return operation. diff --git a/src/core/config/Categories.js b/src/core/config/Categories.js index f04b5fd9..12bb31c4 100755 --- a/src/core/config/Categories.js +++ b/src/core/config/Categories.js @@ -319,6 +319,7 @@ const Categories = [ "Fork", "Merge", "Register", + "Label", "Jump", "Conditional Jump", "Return", diff --git a/src/core/config/OperationConfig.js b/src/core/config/OperationConfig.js index 87564229..5a7fd839 100755 --- a/src/core/config/OperationConfig.js +++ b/src/core/config/OperationConfig.js @@ -142,9 +142,9 @@ const OperationConfig = { flowControl: true, args: [ { - name: "Number of operations to jump over", - type: "number", - value: 0 + name: "The Label to Jump to", + type: "string", + value: "" }, { name: "Maximum jumps (if jumping backwards)", @@ -171,9 +171,9 @@ const OperationConfig = { value: false }, { - name: "Number of operations to jump over if match found", - type: "number", - value: 0 + name: "The Label to Jump to", + type: "string", + value: "" }, { name: "Maximum jumps (if jumping backwards)", @@ -182,6 +182,20 @@ const OperationConfig = { } ] }, + "Label": { + module: "Default", + description: "Provides a place to write comments within the flow of the recipe. This operation has no computational effect.", + inputType: "string", + outputType: "string", + flowControl: true, + args: [ + { + name: "Jump Label", + type: "string", + value: "" + } + ] + }, "Return": { module: "Default", description: "End execution of operations at this point in the recipe.", diff --git a/src/core/config/modules/Default.js b/src/core/config/modules/Default.js index 682db223..b6261769 100644 --- a/src/core/config/modules/Default.js +++ b/src/core/config/modules/Default.js @@ -151,6 +151,7 @@ OpModules.Default = { "Fork": FlowControl.runFork, "Merge": FlowControl.runMerge, "Register": FlowControl.runRegister, + "Label": FlowControl.runComment, "Jump": FlowControl.runJump, "Conditional Jump": FlowControl.runCondJump, "Return": FlowControl.runReturn, diff --git a/test/tests/operations/FlowControl.js b/test/tests/operations/FlowControl.js index 42a4bfd3..f96a9e4a 100644 --- a/test/tests/operations/FlowControl.js +++ b/test/tests/operations/FlowControl.js @@ -60,14 +60,15 @@ TestRegister.addTests([ expectedOutput: "U29tZSBkYXRhIHdpdGggYSAxIGluIGl0\n53 6f 6d 65 20 64 61 74 61 20 77 69 74 68 20 61 20 32 20 69 6e 20 69 74\n", recipeConfig: [ {"op": "Fork", "args": ["\\n", "\\n", false]}, - {"op": "Conditional Jump", "args": ["1", "2", "10"]}, + {"op": "Conditional Jump", "args": ["1", false, "skipReturn", "10"]}, {"op": "To Hex", "args": ["Space"]}, {"op": "Return", "args": []}, + {"op": "Label", "args": ["skipReturn"]}, {"op": "To Base64", "args": ["A-Za-z0-9+/="]} ] }, { - name: "Jump: skips 0", + name: "Jump: Empty Label", input: [ "should be changed", ].join("\n"), @@ -77,7 +78,7 @@ TestRegister.addTests([ recipeConfig: [ { op: "Jump", - args: [0, 10], + args: ["", 10], }, { op: "Find / Replace", @@ -105,7 +106,7 @@ TestRegister.addTests([ recipeConfig: [ { op: "Jump", - args: [1, 10], + args: ["skipReplace", 10], }, { op: "Find / Replace", @@ -120,6 +121,10 @@ TestRegister.addTests([ true, ], }, + { + op: "Label", + args: ["skipReplace"] + }, ], }, { @@ -137,7 +142,7 @@ TestRegister.addTests([ recipeConfig: [ { op: "Conditional Jump", - args: ["match", 0, 0], + args: ["match", false, "", 0], }, { op: "Find / Replace", @@ -212,7 +217,7 @@ TestRegister.addTests([ recipeConfig: [ { op: "Conditional Jump", - args: ["match", 1, 10], + args: ["match", false, "skip match", 10], }, { op: "Find / Replace", @@ -227,6 +232,9 @@ TestRegister.addTests([ true, ], }, + { + op: "Label", args: ["skip match"], + }, { op: "Find / Replace", args: [ @@ -251,9 +259,13 @@ TestRegister.addTests([ "replaced", ].join("\n"), recipeConfig: [ + { + op: "Label", + args: ["back to the beginning"], + }, { op: "Jump", - args: [1], + args: ["skip replace"], }, { op: "Find / Replace", @@ -268,9 +280,13 @@ TestRegister.addTests([ true, ], }, + { + op: "Label", + args: ["skip replace"], + }, { op: "Conditional Jump", - args: ["match", -2, 10], + args: ["match", false, "back to the beginning", 10], }, ], }, From e500cfae757f10b8cd0dcaa2f2524f7457af9997 Mon Sep 17 00:00:00 2001 From: bwhitn Date: Fri, 24 Nov 2017 10:31:26 -0800 Subject: [PATCH 3/4] Fixed errors --- src/core/FlowControl.js | 8 +++----- src/core/config/OperationConfig.js | 2 +- test/tests/operations/FlowControl.js | 4 ++-- 3 files changed, 6 insertions(+), 8 deletions(-) diff --git a/src/core/FlowControl.js b/src/core/FlowControl.js index 3cfce77b..ea798d7e 100755 --- a/src/core/FlowControl.js +++ b/src/core/FlowControl.js @@ -173,7 +173,7 @@ const FlowControl = { jmpIndex = FlowControl._getLabelIndex(ings[0], state), maxJumps = ings[1]; - if (state.numJumps >= maxJumps || jmpIndex == -1) { + if (state.numJumps >= maxJumps || jmpIndex === -1) { return state; } @@ -201,7 +201,7 @@ const FlowControl = { jmpIndex = FlowControl._getLabelIndex(ings[2], state), maxJumps = ings[3]; - if (state.numJumps >= maxJumps || jmpIndex == -1) { + if (state.numJumps >= maxJumps || jmpIndex === -1) { return state; } @@ -228,7 +228,7 @@ const FlowControl = { let index = -1; for (let o = 0; o < state.opList.length; o++) { let operation = state.opList[o]; - if (operation.getConfig()["op"] === "Label"){ + if (operation.getConfig().op === "Label"){ let ings = operation.getIngValues(); if (name === ings[0]) { index = o; @@ -240,8 +240,6 @@ const FlowControl = { }, - - /** * Return operation. * diff --git a/src/core/config/OperationConfig.js b/src/core/config/OperationConfig.js index 5a7fd839..e3b871ef 100755 --- a/src/core/config/OperationConfig.js +++ b/src/core/config/OperationConfig.js @@ -184,7 +184,7 @@ const OperationConfig = { }, "Label": { module: "Default", - description: "Provides a place to write comments within the flow of the recipe. This operation has no computational effect.", + description: "Provides a location for for conditional and fixed jumps to jump.", inputType: "string", outputType: "string", flowControl: true, diff --git a/test/tests/operations/FlowControl.js b/test/tests/operations/FlowControl.js index f96a9e4a..04ed93eb 100644 --- a/test/tests/operations/FlowControl.js +++ b/test/tests/operations/FlowControl.js @@ -260,8 +260,8 @@ TestRegister.addTests([ ].join("\n"), recipeConfig: [ { - op: "Label", - args: ["back to the beginning"], + op: "Label", + args: ["back to the beginning"], }, { op: "Jump", From 12fc8c22dd44960337bb08086d5ea0ecde40b569 Mon Sep 17 00:00:00 2001 From: n1474335 Date: Tue, 19 Dec 2017 13:18:25 +0000 Subject: [PATCH 4/4] Made some naming changes to Label-related operations. --- README.md | 2 +- src/core/FlowControl.js | 43 ++++++++++++++---------------- src/core/config/OperationConfig.js | 18 ++++++------- src/web/html/index.html | 2 +- 4 files changed, 31 insertions(+), 34 deletions(-) diff --git a/README.md b/README.md index aa04fb8c..9dffba47 100755 --- a/README.md +++ b/README.md @@ -100,6 +100,6 @@ CyberChef is released under the [Apache 2.0 Licence](https://www.apache.org/lice [5]: https://gchq.github.io/CyberChef/#recipe=From_Hexdump()Gunzip()&input=MDAwMDAwMDAgIDFmIDhiIDA4IDAwIDEyIGJjIGYzIDU3IDAwIGZmIDBkIGM3IGMxIDA5IDAwIDIwICB8Li4uLi6881cu/y7HwS4uIHwKMDAwMDAwMTAgIDA4IDA1IGQwIDU1IGZlIDA0IDJkIGQzIDA0IDFmIGNhIDhjIDQ0IDIxIDViIGZmICB8Li7QVf4uLdMuLsouRCFb/3wKMDAwMDAwMjAgIDYwIGM3IGQ3IDAzIDE2IGJlIDQwIDFmIDc4IDRhIDNmIDA5IDg5IDBiIDlhIDdkICB8YMfXLi6%2BQC54Sj8uLi4ufXwKMDAwMDAwMzAgIDRlIGM4IDRlIDZkIDA1IDFlIDAxIDhiIDRjIDI0IDAwIDAwIDAwICAgICAgICAgICB8TshObS4uLi5MJC4uLnw [6]: https://gchq.github.io/CyberChef/#recipe=RC4(%7B'option':'UTF8','string':'secret'%7D,'Hex','Hex')Disassemble_x86('64','Full%20x86%20architecture',16,0,true,true)&input=MjFkZGQyNTQwMTYwZWU2NWZlMDc3NzEwM2YyYTM5ZmJlNWJjYjZhYTBhYWJkNDE0ZjkwYzZjYWY1MzEyNzU0YWY3NzRiNzZiM2JiY2QxOTNjYjNkZGZkYmM1YTI2NTMzYTY4NmI1OWI4ZmVkNGQzODBkNDc0NDIwMWFlYzIwNDA1MDcxMzhlMmZlMmIzOTUwNDQ2ZGIzMWQyYmM2MjliZTRkM2YyZWIwMDQzYzI5M2Q3YTVkMjk2MmMwMGZlNmRhMzAwNzJkOGM1YTZiNGZlN2Q4NTlhMDQwZWVhZjI5OTczMzYzMDJmNWEwZWMxOQ [7]: https://gchq.github.io/CyberChef/#recipe=Fork('%5C%5Cn','%5C%5Cn',false)From_UNIX_Timestamp('Seconds%20(s)')&input=OTc4MzQ2ODAwCjEwMTI2NTEyMDAKMTA0NjY5NjQwMAoxMDgxMDg3MjAwCjExMTUzMDUyMDAKMTE0OTYwOTYwMA - [8]: https://gchq.github.io/CyberChef/#recipe=Fork('%5C%5Cn','%5C%5Cn',false)Conditional_Jump('1',2,10)To_Hex('Space')Return()To_Base64('A-Za-z0-9%2B/%3D')&input=U29tZSBkYXRhIHdpdGggYSAxIGluIGl0ClNvbWUgZGF0YSB3aXRoIGEgMiBpbiBpdA + [8]: https://gchq.github.ioeCyberChef/#recipe=Fork('%5C%5Cn','%5C%5Cn',false)Conditional_Jump('1',false,'base64',10)To_Hex('Space')Return()Label('base64')To_Base64('A-Za-z0-9%2B/%3D')&input=U29tZSBkYXRhIHdpdGggYSAxIGluIGl0ClNvbWUgZGF0YSB3aXRoIGEgMiBpbiBpdA [9]: https://gchq.github.io/CyberChef/#recipe=Register('key%3D(%5B%5C%5Cda-f%5D*)',true,false)Find_/_Replace(%7B'option':'Regex','string':'.*data%3D(.*)'%7D,'$1',true,false,true)RC4(%7B'option':'Hex','string':'$R0'%7D,'Hex','Latin1')&input=aHR0cDovL21hbHdhcmV6LmJpei9iZWFjb24ucGhwP2tleT0wZTkzMmE1YyZkYXRhPThkYjdkNWViZTM4NjYzYTU0ZWNiYjMzNGUzZGIxMQ [10]: https://gchq.github.io/CyberChef/#recipe=XOR(%7B'option':'Hex','string':'3a'%7D,'',false)To_Hexdump(16,false,false)&input=VGhlIGFuc3dlciB0byB0aGUgdWx0aW1hdGUgcXVlc3Rpb24gb2YgbGlmZSwgdGhlIFVuaXZlcnNlLCBhbmQgZXZlcnl0aGluZyBpcyA0Mi4 diff --git a/src/core/FlowControl.js b/src/core/FlowControl.js index ea798d7e..bba5eaf1 100755 --- a/src/core/FlowControl.js +++ b/src/core/FlowControl.js @@ -216,29 +216,6 @@ const FlowControl = { return state; }, - /** - * Returns the index of a label. - * - * @param {Object} state - * @param {string} name - * @returns {number} - */ - - _getLabelIndex: function(name, state) { - let index = -1; - for (let o = 0; o < state.opList.length; o++) { - let operation = state.opList[o]; - if (operation.getConfig().op === "Label"){ - let ings = operation.getIngValues(); - if (name === ings[0]) { - index = o; - break; - } - } - } - return index; - }, - /** * Return operation. @@ -268,6 +245,26 @@ const FlowControl = { return state; }, + + /** + * Returns the index of a label. + * + * @param {Object} state + * @param {string} name + * @returns {number} + */ + _getLabelIndex: function(name, state) { + for (let o = 0; o < state.opList.length; o++) { + let operation = state.opList[o]; + if (operation.name === "Label"){ + let ings = operation.getIngValues(); + if (name === ings[0]) { + return o; + } + } + } + return -1; + }, }; export default FlowControl; diff --git a/src/core/config/OperationConfig.js b/src/core/config/OperationConfig.js index 5ae2992b..56b6cca1 100755 --- a/src/core/config/OperationConfig.js +++ b/src/core/config/OperationConfig.js @@ -137,13 +137,13 @@ const OperationConfig = { }, "Jump": { module: "Default", - description: "Jump forwards or backwards over the specified number of operations.", + description: "Jump forwards or backwards to the specified Label", inputType: "string", outputType: "string", flowControl: true, args: [ { - name: "The Label to Jump to", + name: "Label name", type: "string", value: "" }, @@ -156,7 +156,7 @@ const OperationConfig = { }, "Conditional Jump": { module: "Default", - description: "Conditionally jump forwards or backwards over the specified number of operations based on whether the data matches the specified regular expression.", + description: "Conditionally jump forwards or backwards to the specified Label based on whether the data matches the specified regular expression.", inputType: "string", outputType: "string", flowControl: true, @@ -167,13 +167,13 @@ const OperationConfig = { value: "" }, { - name: "Negative match (logical NOT)", + name: "Invert match", type: "boolean", value: false }, { - name: "The Label to Jump to", - type: "string", + name: "Label name", + type: "shortString", value: "" }, { @@ -185,14 +185,14 @@ const OperationConfig = { }, "Label": { module: "Default", - description: "Provides a location for for conditional and fixed jumps to jump.", + description: "Provides a location for conditional and fixed jumps to redirect execution to.", inputType: "string", outputType: "string", flowControl: true, args: [ { - name: "Jump Label", - type: "string", + name: "Name", + type: "shortString", value: "" } ] diff --git a/src/web/html/index.html b/src/web/html/index.html index 66dfcc80..b6289772 100755 --- a/src/web/html/index.html +++ b/src/web/html/index.html @@ -428,7 +428,7 @@
  • Convert data from a hexdump, then decompress
  • Decrypt and disassemble shellcode
  • Display multiple timestamps as full dates
  • -
  • Carry out different operations on data of different types
  • +
  • Carry out different operations on data of different types
  • Use parts of the input as arguments to operations