-
Notifications
You must be signed in to change notification settings - Fork 0
/
check-enc.py
executable file
·320 lines (275 loc) · 10.1 KB
/
check-enc.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
#!/usr/bin/env python3
# Name: check-enc.py
# Purpose: Attempts to decode/encode unknown data
# History:
# v0.1 - Ben Britton - Initial encodings
# v0.2 - Jonathan Elchison - Code organization
# - Added exception handling
# - Added scoring of results based on letter frequencies
# - Added reporting of results
# - Added support for second pass
# - Added support for params, help text
# - Added support for yenc
import base64
import binascii
import codecs
import copy
import math
import sys
import yenc
# default number of results to display
numResults = 20
# create table of frequency logarithms
logs = dict()
logs['a'] = math.log(0.11602, 2)
logs['b'] = math.log(0.04702, 2)
logs['c'] = math.log(0.03511, 2)
logs['d'] = math.log(0.02670, 2)
logs['e'] = math.log(0.02000, 2)
logs['f'] = math.log(0.03779, 2)
logs['g'] = math.log(0.01950, 2)
logs['h'] = math.log(0.07232, 2)
logs['i'] = math.log(0.06286, 2)
logs['j'] = math.log(0.00631, 2)
logs['k'] = math.log(0.00690, 2)
logs['l'] = math.log(0.02705, 2)
logs['m'] = math.log(0.04374, 2)
logs['n'] = math.log(0.02365, 2)
logs['o'] = math.log(0.06264, 2)
logs['p'] = math.log(0.02545, 2)
logs['q'] = math.log(0.00173, 2)
logs['r'] = math.log(0.01653, 2)
logs['s'] = math.log(0.07755, 2)
logs['t'] = math.log(0.16671, 2)
logs['u'] = math.log(0.01487, 2)
logs['v'] = math.log(0.00619, 2)
logs['w'] = math.log(0.06661, 2)
logs['x'] = math.log(0.00005, 2)
logs['y'] = math.log(0.01620, 2)
logs['z'] = math.log(0.00050, 2)
def print_help():
print("""Purpose: Attempts to decode/encode unknown data
Prereq: Python package 'yenc'. On Debian systems, this can be installed
using `sudo apt-get install python3-yenc`
Usage: checkenc.py [-d|-e] [-1] [-a] [-v] -f <file>
reads data from file
checkenc.py [-d|-e] [-1] [-a] [-v] '<data>'
reads data from last non-option argument
checkenc.py -h
displays this help
Options: -d Decode data (default)
-e Encode data (if absent, -d is assumed)
-1 Only performs one decoding/encoding pass on data (if absent,
default behavior is to attempt all permutations of any two
encodings). This will decrease running time for large data
sets.
-a Display all results (if absent, only top %d are displayed)
-v Verbose mode
Output: One row is displayed for each result. There are three columns in
each row:
1) Score. higher (more positive) is better. The score will
usually be negative.
2) Encoding used (or combination of encodings). "Caesar_XXX"
is a Caesar cipher with each byte incremented by XXX.
3) Result after de/encoding. Special characters will be escaped
appropriately.
""" % numResults)
def calculate_entropy(data):
score = 0
for char in data:
try:
score += logs[chr(char).lower()]
except:
# not a character. subtract arbitrary amount from score.
score -= 100
return score
def parse_data(data, my_decode_flag, my_caesar_flag):
my_answers = list()
if my_decode_flag is True:
for name in ('hex_codec', 'base64_codec', 'rot_13', 'utf_8', 'utf_16_be', 'utf_16_le', 'bz2', 'zip', 'idna', 'palmos', 'punycode', 'quopri_codec', 'utf_7'):
try:
result = data.decode(name)
if verbose_flag:
print("%s succeeded" % name)
my_answers.append([name, str.encode(result)])
except Exception as ex:
if verbose_flag:
print("%s FAILED: %s" % (name, ex))
name = 'base32'
try:
result = base64.b32decode(data)
if verbose_flag:
print("%s succeeded" % name)
my_answers.append([name, str.encode(result)])
except Exception as ex:
if verbose_flag:
print("%s FAILED: %s" % (name, ex))
name = 'uuencode'
try:
result = binascii.a2b_uu(data)
if verbose_flag:
print("%s succeeded" % name)
my_answers.append([name, str.encode(result)])
except Exception as ex:
if verbose_flag:
print("%s FAILED: %s" % (name, ex))
name = 'quotable'
try:
result = binascii.a2b_qp(data)
if verbose_flag:
print("%s succeeded" % name)
my_answers.append([name, str.encode(result)])
except Exception as ex:
if verbose_flag:
print("%s FAILED: %s" % (name, ex))
name = 'binhex4'
try:
result = binascii.rledecode_hqx(binascii.a2b_hqx(data))
if verbose_flag:
print("%s succeeded" % name)
my_answers.append([name, str.encode(result)])
except Exception as ex:
if verbose_flag:
print("%s FAILED: %s" % (name, ex))
name = 'yenc'
try:
decoder = yenc.Decoder()
decoder.feed(data)
result = decoder.getDecoded()
if verbose_flag:
print("%s succeeded" % name)
my_answers.append([name, str.encode(result)])
except Exception as ex:
if verbose_flag:
print("%s FAILED: %s" % (name, ex))
else:
for name in ('hex_codec', 'base64_codec', 'rot_13', 'utf_8', 'utf_16_be', 'utf_16_le', 'bz2', 'zip', 'idna', 'palmos', 'punycode', 'quopri_codec', 'utf_7'):
try:
result = data.encode(name)
if verbose_flag:
print("%s succeeded" % name)
my_answers.append([name, str.encode(result)])
except Exception as ex:
if verbose_flag:
print("%s FAILED: %s" % (name, ex))
name = 'base32'
try:
result = base64.b32encode(data)
if verbose_flag:
print("%s succeeded" % name)
my_answers.append([name, str.encode(result)])
except Exception as ex:
if verbose_flag:
print("%s FAILED: %s" % (name, ex))
name = 'uuencode'
try:
result = binascii.b2a_uu(data)
if verbose_flag:
print("%s succeeded" % name)
my_answers.append([name, str.encode(result)])
except Exception as ex:
if verbose_flag:
print("%s FAILED: %s" % (name, ex))
name = 'quotable'
try:
result = binascii.b2a_qp(data)
if verbose_flag:
print("%s succeeded" % name)
my_answers.append([name, str.encode(result)])
except Exception as ex:
if verbose_flag:
print("%s FAILED: %s" % (name, ex))
name = 'binhex4'
try:
result = binascii.b2a_hqx(binascii.rlecode_hqx(data))
if verbose_flag:
print("%s succeeded" % name)
my_answers.append([name, str.encode(result)])
except Exception as ex:
if verbose_flag:
print("%s FAILED: %s" % (name, ex))
name = 'yenc'
try:
encoder = yenc.Encoder()
encoder.feed(data)
result = encoder.getEncoded()
if verbose_flag:
print("%s succeeded" % name)
my_answers.append([name, str.encode(result)])
except Exception as ex:
if verbose_flag:
print("%s FAILED: %s" % (name, ex))
if my_caesar_flag:
for i in range(1, 256):
my_answers.append(["Caesar_%d" % i, bytearray([((c + i) % 256) for c in data])])
my_answers.append(["xor_%d" % i, bytearray([((c ^ i) % 256) for c in data])])
return my_answers
# initialize parameters
decode_flag = True
verbose_flag = False
is_file = False
two_passes = True
print_all = False
in_data = ''
in_file = ''
in_filename = ''
if len(sys.argv) == 1:
print_help()
exit()
for arg in sys.argv[1:]:
if arg == '-e':
decode_flag = False
elif arg == '-d':
decode_flag = True
elif arg == '-v':
verbose_flag = True
elif arg == '-f':
is_file = True
elif arg == '-1':
two_passes = False
elif arg == '-a':
print_all = True
elif arg == '-h':
print_help()
exit()
else:
if is_file:
in_filename = arg
else:
in_data = str.encode(arg)
if is_file is True:
in_file = open(in_filename, 'rb')
in_data = in_file.read()
in_file.close()
# do operation
answers = parse_data(in_data, decode_flag, True)
if two_passes:
print("First pass complete. Now trying permutating each result...")
# try "2-dimensional" operation (perform parse_data() on each answer)
answers_orig = copy.copy(answers)
for answer in answers_orig:
# only do Caesar once
if answer[0].find('Caesar') == -1:
newAnswers = parse_data(answer[1], decode_flag, True)
else:
newAnswers = parse_data(answer[1], decode_flag, False)
for newAnswer in newAnswers:
newAnswer[0] = "%s + %s" % (answer[0], newAnswer[0])
answers.extend(newAnswers)
if verbose_flag:
print('======================================================================')
for answer in answers:
try:
answer.append(calculate_entropy(answer[1]))
except:
# this is basically disqualified
answer.append(-10000)
sortedAnswers = sorted(answers, key=lambda my_answer: my_answer[2])
if print_all:
print("All %d results, worst to best:" % len(sortedAnswers))
for answer in sortedAnswers:
print("%.2f <%s> %s" % (answer[2], answer[0], repr(answer[1])))
else:
print("Top %d results, worst to best:" % numResults)
for answer in sortedAnswers[len(sortedAnswers) - numResults + 1:]:
print("%.2f <%s> %s" % (answer[2], answer[0], repr(answer[1])))