From 8b85cf94be982032d85a6d45e50087f3193f4429 Mon Sep 17 00:00:00 2001
From: gogo <gogo246475@gmail.com>
Date: Thu, 7 Sep 2023 22:41:55 +0200
Subject: [PATCH] Add caesar shellcode example.

---
 Cargo.toml                                    |  3 +-
 .../Cargo.toml                                | 12 ++++++
 .../caesar_shellcode_statistical_analysis/bin |  1 +
 .../data/bin                                  |  1 +
 .../data/how-to-compile-opcode.sh             |  2 +
 .../data/opcode.txt                           |  1 +
 .../data/out.bin                              |  1 +
 .../data/shellcode.txt                        |  1 +
 .../src/main.rs                               | 42 +++++++++++++++++++
 9 files changed, 63 insertions(+), 1 deletion(-)
 create mode 100644 docs/doc-examples/caesar_shellcode_statistical_analysis/Cargo.toml
 create mode 100644 docs/doc-examples/caesar_shellcode_statistical_analysis/bin
 create mode 100644 docs/doc-examples/caesar_shellcode_statistical_analysis/data/bin
 create mode 100644 docs/doc-examples/caesar_shellcode_statistical_analysis/data/how-to-compile-opcode.sh
 create mode 100644 docs/doc-examples/caesar_shellcode_statistical_analysis/data/opcode.txt
 create mode 100644 docs/doc-examples/caesar_shellcode_statistical_analysis/data/out.bin
 create mode 100644 docs/doc-examples/caesar_shellcode_statistical_analysis/data/shellcode.txt
 create mode 100644 docs/doc-examples/caesar_shellcode_statistical_analysis/src/main.rs

diff --git a/Cargo.toml b/Cargo.toml
index 33cb87f3f..4c27c4687 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -25,5 +25,6 @@ members = [
     "cryptatools-gui",
 	"docs/doc-examples/ethereum-colision-evaluation",
     "docs/doc-examples/ethereum-wallet-collision-with-web3js",
-    "docs/doc-examples/ethereum-wallet-collision-with-web3js-node"
+    "docs/doc-examples/ethereum-wallet-collision-with-web3js-node",
+    "docs/doc-examples/caesar_shellcode_statistical_analysis"
 ]
\ No newline at end of file
diff --git a/docs/doc-examples/caesar_shellcode_statistical_analysis/Cargo.toml b/docs/doc-examples/caesar_shellcode_statistical_analysis/Cargo.toml
new file mode 100644
index 000000000..10f82739b
--- /dev/null
+++ b/docs/doc-examples/caesar_shellcode_statistical_analysis/Cargo.toml
@@ -0,0 +1,12 @@
+[package]
+name = "caesar_shellcode_1_statistical_analysis"
+version = "0.1.0"
+edition = "2021"
+
+# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
+
+[dependencies]
+cryptatools-core = { git = "https://github.com/gogo2464/cryptatools-rs", package = 'cryptatools-core' }
+serde_json = "1.0.91"
+r2pipe = { git = "https://github.com/RHL120/r2pipe.rs", branch = "windows_bad" }
+itertools = "0.10.5"
\ No newline at end of file
diff --git a/docs/doc-examples/caesar_shellcode_statistical_analysis/bin b/docs/doc-examples/caesar_shellcode_statistical_analysis/bin
new file mode 100644
index 000000000..eb529b5d5
--- /dev/null
+++ b/docs/doc-examples/caesar_shellcode_statistical_analysis/bin
@@ -0,0 +1 @@
+ë%^1É±€>|€.ë1Û1Ò³²ÿfB*f)ÚˆFââëèÖÿÿÿ8ÇWoihzooipu6o6666êWéZè·Ô‡
\ No newline at end of file
diff --git a/docs/doc-examples/caesar_shellcode_statistical_analysis/data/bin b/docs/doc-examples/caesar_shellcode_statistical_analysis/data/bin
new file mode 100644
index 000000000..eb529b5d5
--- /dev/null
+++ b/docs/doc-examples/caesar_shellcode_statistical_analysis/data/bin
@@ -0,0 +1 @@
+ë%^1É±€>|€.ë1Û1Ò³²ÿfB*f)ÚˆFââëèÖÿÿÿ8ÇWoihzooipu6o6666êWéZè·Ô‡
\ No newline at end of file
diff --git a/docs/doc-examples/caesar_shellcode_statistical_analysis/data/how-to-compile-opcode.sh b/docs/doc-examples/caesar_shellcode_statistical_analysis/data/how-to-compile-opcode.sh
new file mode 100644
index 000000000..7ff27323e
--- /dev/null
+++ b/docs/doc-examples/caesar_shellcode_statistical_analysis/data/how-to-compile-opcode.sh
@@ -0,0 +1,2 @@
+echo "$(cat shellcode.txt | tr -d 'x' | tr -d '\\' | tr -d '\n')" > opcode.txt
+xxd -r -p opcode.txt bin
diff --git a/docs/doc-examples/caesar_shellcode_statistical_analysis/data/opcode.txt b/docs/doc-examples/caesar_shellcode_statistical_analysis/data/opcode.txt
new file mode 100644
index 000000000..660e2e5e9
--- /dev/null
+++ b/docs/doc-examples/caesar_shellcode_statistical_analysis/data/opcode.txt
@@ -0,0 +1 @@
+eb255e31c9b11e803e077c05802e07eb1131db31d2b307b2ff66422a1e6629da881646e2e2eb05e8d6ffffff38c7576f69687a6f6f697075366f3636363690ea5790e95a90e8b712d487
diff --git a/docs/doc-examples/caesar_shellcode_statistical_analysis/data/out.bin b/docs/doc-examples/caesar_shellcode_statistical_analysis/data/out.bin
new file mode 100644
index 000000000..eb529b5d5
--- /dev/null
+++ b/docs/doc-examples/caesar_shellcode_statistical_analysis/data/out.bin
@@ -0,0 +1 @@
+ë%^1É±€>|€.ë1Û1Ò³²ÿfB*f)ÚˆFââëèÖÿÿÿ8ÇWoihzooipu6o6666êWéZè·Ô‡
\ No newline at end of file
diff --git a/docs/doc-examples/caesar_shellcode_statistical_analysis/data/shellcode.txt b/docs/doc-examples/caesar_shellcode_statistical_analysis/data/shellcode.txt
new file mode 100644
index 000000000..7bdffe6bb
--- /dev/null
+++ b/docs/doc-examples/caesar_shellcode_statistical_analysis/data/shellcode.txt
@@ -0,0 +1 @@
+\xeb\x25\x5e\x31\xc9\xb1\x1e\x80\x3e\x07\x7c\x05\x80\x2e\x07\xeb\x11\x31\xdb\x31\xd2\xb3\x07\xb2\xff\x66\x42\x2a\x1e\x66\x29\xda\x88\x16\x46\xe2\xe2\xeb\x05\xe8\xd6\xff\xff\xff\x38\xc7\x57\x6f\x69\x68\x7a\x6f\x6f\x69\x70\x75\x36\x6f\x36\x36\x36\x36\x90\xea\x57\x90\xe9\x5a\x90\xe8\xb7\x12\xd4\x87
diff --git a/docs/doc-examples/caesar_shellcode_statistical_analysis/src/main.rs b/docs/doc-examples/caesar_shellcode_statistical_analysis/src/main.rs
new file mode 100644
index 000000000..cb2eabb27
--- /dev/null
+++ b/docs/doc-examples/caesar_shellcode_statistical_analysis/src/main.rs
@@ -0,0 +1,42 @@
+use r2pipe::R2Pipe;
+use r2pipe::open_pipe;
+use cryptatools_core::utils::alphabets::Alphabet;
+use cryptatools_core::cryptanalysis::custom::general_cryptanalysis_methods::frequency_analysis::distribution_algorithms::statistical::Statistical;
+use std::u8;
+
+fn read_plain_text(cipher_text: String) -> Vec<u8> {
+  let mut bytes = Vec::new();
+  for o in (0..cipher_text.len()).step_by(2) {
+	let left = cipher_text.chars().nth(o).unwrap();
+	let right = cipher_text.chars().nth(o+1).unwrap();
+	let mut opcode = String::from(left);
+	opcode.push(right);
+	bytes.push(u8::from_str_radix(&opcode, 16).unwrap());
+  }	
+  
+  bytes
+}
+
+fn main() {
+  let mut r2p = open_pipe!(Some("bin")).unwrap();
+  let mut cipher_text = String::from(r2p.cmd("p8 0x1e @ 0x2c ;").unwrap());
+  cipher_text.remove(cipher_text.len()-1);
+  cipher_text.remove(cipher_text.len()-1);
+  
+  println!("cipher text: {:?}", cipher_text);
+  
+  let unknow_opcode_alphabet = Alphabet::new_empty().unknow_opcodes();
+  
+  let bytes = read_plain_text(cipher_text);
+  
+  let stat = Statistical::new(unknow_opcode_alphabet.clone());
+  let stat_percentage = stat.guess_statistical_distribution(bytes);
+  
+  for character in stat_percentage {
+	  for opcode in character.0 {
+		  println!("opcode {:x}, statistic: {:?}", opcode, character.1);
+	  }
+  }
+  
+  r2p.close();
+}
\ No newline at end of file