Merge branch 'master' into v9

This commit is contained in:
n1474335 2019-07-04 18:44:07 +01:00
commit 80386f1c86
5 changed files with 381 additions and 16 deletions

2
package-lock.json generated
View File

@ -1,6 +1,6 @@
{ {
"name": "cyberchef", "name": "cyberchef",
"version": "8.38.0", "version": "8.38.1",
"lockfileVersion": 1, "lockfileVersion": 1,
"requires": true, "requires": true,
"dependencies": { "dependencies": {

View File

@ -1,6 +1,6 @@
{ {
"name": "cyberchef", "name": "cyberchef",
"version": "8.38.0", "version": "8.38.1",
"description": "The Cyber Swiss Army Knife for encryption, encoding, compression and data analysis.", "description": "The Cyber Swiss Army Knife for encryption, encoding, compression and data analysis.",
"author": "n1474335 <n1474335@gmail.com>", "author": "n1474335 <n1474335@gmail.com>",
"homepage": "https://gchq.github.io/CyberChef", "homepage": "https://gchq.github.io/CyberChef",

View File

@ -170,7 +170,7 @@ export const FILE_SIGNATURES = {
mime: "image/vnd.adobe.photoshop", mime: "image/vnd.adobe.photoshop",
description: "", description: "",
signature: { signature: {
0: 0x38, 0: 0x38, // 8BPS
1: 0x42, 1: 0x42,
2: 0x50, 2: 0x50,
3: 0x53, 3: 0x53,
@ -185,6 +185,28 @@ export const FILE_SIGNATURES = {
}, },
extractor: null extractor: null
}, },
{
name: "Photoshop Large Document",
extension: "psb",
mime: "application/x-photoshop",
description: "",
signature: {
0: 0x38, // 8BPS
1: 0x42,
2: 0x50,
3: 0x53,
4: 0x0,
5: 0x2,
6: 0x0,
7: 0x0,
8: 0x0,
9: 0x0,
10: 0x0,
11: 0x0,
12: 0x0
},
extractor: null
},
{ {
name: "Paint Shop Pro image", name: "Paint Shop Pro image",
extension: "psp", extension: "psp",
@ -233,10 +255,114 @@ export const FILE_SIGNATURES = {
5: 0x0, 5: 0x0,
6: [0x10, 0x20, 0x30, 0x40, 0x80], 6: [0x10, 0x20, 0x30, 0x40, 0x80],
7: [0x10, 0x20, 0x30, 0x40, 0x80], 7: [0x10, 0x20, 0x30, 0x40, 0x80],
9: 0x00, 9: 0x0,
10: [0x0, 0x1] 10: [0x0, 0x1]
}, },
extractor: null extractor: null
},
{
name: "Radiance High Dynamic Range image",
extension: "hdr",
mime: "image/vnd.radiance",
description: "",
signature: {
0: 0x23, // #?RADIANCE
1: 0x3f,
2: 0x52,
3: 0x41,
4: 0x44,
5: 0x49,
6: 0x41,
7: 0x4e,
8: 0x43,
9: 0x45,
10: 0x0a
},
extractor: null
},
{
name: "Sony ARW image",
extension: "arw",
mime: "image/x-raw",
description: "",
signature: {
0: 0x05,
1: 0x0,
2: 0x0,
3: 0x0,
4: 0x41,
5: 0x57,
6: 0x31,
7: 0x2e
},
extractor: null
},
{
name: "Fujifilm Raw Image",
extension: "raf",
mime: "image/x-raw",
description: "",
signature: {
0: 0x46, // FUJIFILMCCD-RAW
1: 0x55,
2: 0x4a,
3: 0x49,
4: 0x46,
5: 0x49,
6: 0x4c,
7: 0x4d,
8: 0x43,
9: 0x43,
10: 0x44,
11: 0x2d,
12: 0x52,
13: 0x41,
14: 0x57
},
extractor: null
},
{
name: "Minolta RAW image",
extension: "mrw",
mime: "image/x-raw",
description: "",
signature: {
0: 0x0,
1: 0x4d, // MRM
2: 0x52,
3: 0x4d
},
extractor: null
},
{
name: "Adobe Bridge Thumbnail Cache",
extension: "bct",
mime: "application/octet-stream",
description: "",
signature: {
0: 0x6c,
1: 0x6e,
2: 0x62,
3: 0x74,
4: 0x02,
5: 0x0,
6: 0x0,
7: 0x0
},
extractor: null
},
{
name: "Microsoft Document Imaging",
extension: "mdi",
mime: "image/vnd.ms-modi",
description: "",
signature: {
0: 0x45,
1: 0x50,
2: 0x2a,
3: 0x00
},
extractor: null
} }
], ],
"Video": [ "Video": [
@ -534,6 +660,97 @@ export const FILE_SIGNATURES = {
}, },
extractor: null extractor: null
}, },
{
name: "Audacity",
extension: "au",
mime: "audio/x-au",
description: "",
signature: {
0: 0x64, // dns.
1: 0x6e,
2: 0x73,
3: 0x2e,
24: 0x41, // AudacityBlockFile
25: 0x75,
26: 0x64,
27: 0x61,
28: 0x63,
29: 0x69,
30: 0x74,
31: 0x79,
32: 0x42,
33: 0x6c,
34: 0x6f,
35: 0x63,
36: 0x6b,
37: 0x46,
38: 0x69,
39: 0x6c,
40: 0x65
},
extractor: null
},
{
name: "Audacity Block",
extension: "auf",
mime: "application/octet-stream",
description: "",
signature: {
0: 0x41, // AudacityBlockFile
1: 0x75,
2: 0x64,
3: 0x61,
4: 0x63,
5: 0x69,
6: 0x74,
7: 0x79,
8: 0x42,
9: 0x6c,
10: 0x6f,
11: 0x63,
12: 0x6b,
13: 0x46,
14: 0x69,
15: 0x6c,
16: 0x65
},
extractor: null
},
{
name: "Audio Interchange File",
extension: "aif",
mime: "audio/x-aiff",
description: "",
signature: {
0: 0x46, // FORM
1: 0x4f,
2: 0x52,
3: 0x4d,
8: 0x41, // AIFF
9: 0x49,
10: 0x46,
11: 0x46
},
extractor: null
},
{
name: "Audio Interchange File (compressed)",
extension: "aifc",
mime: "audio/x-aifc",
description: "",
signature: {
0: 0x46, // FORM
1: 0x4f,
2: 0x52,
3: 0x4d,
8: 0x41, // AIFC
9: 0x49,
10: 0x46,
11: 0x43
},
extractor: null
}
], ],
"Documents": [ "Documents": [
{ {
@ -898,6 +1115,110 @@ export const FILE_SIGNATURES = {
}, },
extractor: null extractor: null
}, },
{
name: "ARJ Archive",
extension: "arj",
mime: "application/x-arj-compressed",
description: "",
signature: {
0: 0x60,
1: 0xea,
8: [0x0, 0x10, 0x14],
9: 0x0,
10: 0x2
},
extractor: null
},
{
name: "WinAce Archive",
extension: "ace",
mime: "application/x-ace-compressed",
description: "",
signature: {
7: 0x2a, // **ACE**
8: 0x2a,
9: 0x41,
10: 0x43,
11: 0x45,
12: 0x2a,
13: 0x2a
},
extractor: null
},
{
name: "Macintosh BinHex Encoded File",
extension: "hqx",
mime: "application/mac-binhex",
description: "",
signature: {
11: 0x6d, // must be converted with BinHex
12: 0x75,
13: 0x73,
14: 0x74,
15: 0x20,
16: 0x62,
17: 0x65,
18: 0x20,
19: 0x63,
20: 0x6f,
21: 0x6e,
22: 0x76,
23: 0x65,
24: 0x72,
25: 0x74,
26: 0x65,
27: 0x64,
28: 0x20,
29: 0x77,
30: 0x69,
31: 0x74,
32: 0x68,
33: 0x20,
34: 0x42,
35: 0x69,
36: 0x6e,
37: 0x48,
38: 0x65,
39: 0x78
},
extractor: null
},
{
name: "ALZip Archive",
extension: "alz",
mime: "application/octet-stream",
description: "",
signature: {
0: 0x41, // ALZ
1: 0x4c,
2: 0x5a,
3: 0x01,
4: 0x0a,
5: 0x0,
6: 0x0,
7: 0x0
},
extractor: null
},
{
name: "KGB Compressed Archive",
extension: "kgb",
mime: "application/x-kgb-compressed",
description: "",
signature: {
0: 0x4b, // KGB_arch -
1: 0x47,
2: 0x42,
3: 0x5f,
4: 0x61,
5: 0x72,
6: 0x63,
7: 0x68,
8: 0x20,
9: 0x2d
},
extractor: null
}
], ],
"Miscellaneous": [ "Miscellaneous": [
{ {
@ -1041,6 +1362,43 @@ export const FILE_SIGNATURES = {
}, },
extractor: null extractor: null
}, },
{
name: "BitTorrent link",
extension: "torrent",
mime: "application/x-bittorrent",
description: "",
signature: [
{
0: 0x64, // d8:announce##:
1: 0x38,
2: 0x3a,
3: 0x61,
4: 0x6e,
5: 0x6e,
6: 0x6f,
7: 0x75,
8: 0x6e,
9: 0x63,
10: 0x65,
11: 0x23,
12: 0x23,
13: 0x3a
},
{
0: 0x64, // d4:infod
1: 0x34,
2: 0x3a,
3: 0x69,
4: 0x6e,
5: 0x66,
6: 0x6f,
7: 0x64,
8: [0x34, 0x35, 0x36],
9: 0x3a
}
],
extractor: null
}
] ]
}; };

View File

@ -21,7 +21,12 @@ class DetectFileType extends Operation {
this.name = "Detect File Type"; this.name = "Detect File Type";
this.module = "Default"; this.module = "Default";
this.description = "Attempts to guess the MIME (Multipurpose Internet Mail Extensions) type of the data based on 'magic bytes'.<br><br>Currently supports the following file types: 7z, amr, avi, bmp, bz2, class, cr2, crx, dex, dmg, doc, elf, eot, epub, exe, flac, flv, gif, gz, ico, iso, jpg, jxr, m4a, m4v, mid, mkv, mov, mp3, mp4, mpg, ogg, otf, pdf, png, ppt, ps, psd, rar, rtf, sqlite, swf, tar, tar.z, tif, ttf, utf8, vmdk, wav, webm, webp, wmv, woff, woff2, xls, xz, zip."; this.description = "Attempts to guess the MIME (Multipurpose Internet Mail Extensions) type of the data based on 'magic bytes'.<br><br>Currently supports the following file types: " +
Object.keys(FILE_SIGNATURES).map(cat =>
FILE_SIGNATURES[cat].map(sig =>
sig.extension.split(",")[0]
).join(", ")
).join(", ") + ".";
this.infoURL = "https://wikipedia.org/wiki/List_of_file_signatures"; this.infoURL = "https://wikipedia.org/wiki/List_of_file_signatures";
this.inputType = "ArrayBuffer"; this.inputType = "ArrayBuffer";
this.outputType = "string"; this.outputType = "string";
@ -52,18 +57,19 @@ class DetectFileType extends Operation {
if (!types.length) { if (!types.length) {
return "Unknown file type. Have you tried checking the entropy of this data to determine whether it might be encrypted or compressed?"; return "Unknown file type. Have you tried checking the entropy of this data to determine whether it might be encrypted or compressed?";
} else { } else {
let output = ""; const results = types.map(type => {
let output = `File type: ${type.name}
types.forEach(type => { Extension: ${type.extension}
output += "File extension: " + type.extension + "\n" + MIME type: ${type.mime}\n`;
"MIME type: " + type.mime + "\n";
if (type.description && type.description.length) { if (type.description && type.description.length) {
output += "\nDescription: " + type.description + "\n"; output += `Description: ${type.description}\n`;
} }
return output;
}); });
return output; return results.join("\n");
} }
} }

View File

@ -55,12 +55,13 @@ class ScanForEmbeddedFiles extends Operation {
if (types.length) { if (types.length) {
types.forEach(type => { types.forEach(type => {
numFound++; numFound++;
output += "\nOffset " + type.offset + " (0x" + Utils.hex(type.offset) + "):\n" + output += `\nOffset ${type.offset} (0x${Utils.hex(type.offset)}):
" File extension: " + type.fileDetails.extension + "\n" + File type: ${type.fileDetails.name}
" MIME type: " + type.fileDetails.mime + "\n"; Extension: ${type.fileDetails.extension}
MIME type: ${type.fileDetails.mime}\n`;
if (type.fileDetails.description && type.fileDetails.description.length) { if (type.fileDetails.description && type.fileDetails.description.length) {
output += " Description: " + type.fileDetails.description + "\n"; output += ` Description: ${type.fileDetails.description}\n`;
} }
}); });
} }