cyberchef 9.39.0 → 9.39.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/package.json +1 -1
  2. package/src/core/config/OperationConfig.json +6 -1
  3. package/src/core/lib/FileSignatures.mjs +25 -1
  4. package/src/core/operations/ConditionalJump.mjs +3 -0
  5. package/src/core/operations/ExtractFiles.mjs +10 -2
  6. package/src/core/operations/Jump.mjs +1 -0
  7. package/src/web/stylesheets/components/_operation.css +1 -1
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "cyberchef",
3
- "version": "9.39.0",
3
+ "version": "9.39.3",
4
4
  "description": "The Cyber Swiss Army Knife for encryption, encoding, compression and data analysis.",
5
5
  "author": "n1474335 <n1474335@gmail.com>",
6
6
  "homepage": "https://gchq.github.io/CyberChef",
package/src/core/config/OperationConfig.json CHANGED
@@ -5044,7 +5044,7 @@
5044
5044
  },
5045
5045
  "Extract Files": {
5046
5046
  "module": "Default",
5047
- "description": "Performs file carving to attempt to extract files from the input.<br><br>This operation is currently capable of carving out the following formats:\n <ul>\n <li>\n JPG,JPEG,JPE,THM,MPO</li><li>GIF</li><li>PNG</li><li>BMP</li><li>ICO</li><li>TGA</li><li>FLV</li><li>WAV</li><li>MP3</li><li>PDF</li><li>RTF</li><li>DOCX,XLSX,PPTX</li><li>EPUB</li><li>EXE,DLL,DRV,VXD,SYS,OCX,VBX,COM,FON,SCR</li><li>ELF,BIN,AXF,O,PRX,SO</li><li>DYLIB</li><li>ZIP</li><li>TAR</li><li>GZ</li><li>BZ2</li><li>ZLIB</li><li>XZ</li><li>JAR</li><li>LZOP,LZO</li><li>DEB</li><li>SQLITE</li><li>EVT</li><li>EVTX</li><li>DMP</li><li>PF</li><li>PLIST</li><li>KEYCHAIN</li><li>LNK\n </li>\n </ul>",
5047
+ "description": "Performs file carving to attempt to extract files from the input.<br><br>This operation is currently capable of carving out the following formats:\n <ul>\n <li>\n JPG,JPEG,JPE,THM,MPO</li><li>GIF</li><li>PNG</li><li>WEBP</li><li>BMP</li><li>ICO</li><li>TGA</li><li>FLV</li><li>WAV</li><li>MP3</li><li>PDF</li><li>RTF</li><li>DOCX,XLSX,PPTX</li><li>EPUB</li><li>EXE,DLL,DRV,VXD,SYS,OCX,VBX,COM,FON,SCR</li><li>ELF,BIN,AXF,O,PRX,SO</li><li>DYLIB</li><li>ZIP</li><li>TAR</li><li>GZ</li><li>BZ2</li><li>ZLIB</li><li>XZ</li><li>JAR</li><li>LZOP,LZO</li><li>DEB</li><li>SQLITE</li><li>EVT</li><li>EVTX</li><li>DMP</li><li>PF</li><li>PLIST</li><li>KEYCHAIN</li><li>LNK\n </li>\n </ul>Minimum File Size can be used to prune small false positives.",
5048
5048
  "infoURL": "https://forensicswiki.xyz/wiki/index.php?title=File_Carving",
5049
5049
  "inputType": "ArrayBuffer",
5050
5050
  "outputType": "html",
@@ -5090,6 +5090,11 @@
5090
5090
  "name": "Ignore failed extractions",
5091
5091
  "type": "boolean",
5092
5092
  "value": true
5093
+ },
5094
+ {
5095
+ "name": "Minimum File Size",
5096
+ "type": "number",
5097
+ "value": 100
5093
5098
  }
5094
5099
  ]
5095
5100
  },
package/src/core/lib/FileSignatures.mjs CHANGED
@@ -70,7 +70,7 @@ export const FILE_SIGNATURES = {
70
70
  10: 0x42,
71
71
  11: 0x50
72
72
  },
73
- extractor: null
73
+ extractor: extractWEBP
74
74
  },
75
75
  {
76
76
  name: "Camera Image File Format",
@@ -3032,6 +3032,30 @@ export function extractPNG(bytes, offset) {
3032
3032
  }
3033
3033
 
3034
3034
 
3035
+ /**
3036
+ * WEBP extractor.
3037
+ *
3038
+ * @param {Uint8Array} bytes
3039
+ * @param {number} offset
3040
+ * @returns {Uint8Array}
3041
+ */
3042
+ export function extractWEBP(bytes, offset) {
3043
+ const stream = new Stream(bytes.slice(offset));
3044
+
3045
+ // Move to file size offset.
3046
+ stream.moveForwardsBy(4);
3047
+
3048
+ // Read file size field.
3049
+ const fileSize = stream.readInt(4, "le");
3050
+
3051
+ // Move to end of file.
3052
+ // There is no need to minus 8 from the size as the size factors in the offset.
3053
+ stream.moveForwardsBy(fileSize);
3054
+
3055
+ return stream.carve();
3056
+ }
3057
+
3058
+
3035
3059
  /**
3036
3060
  * BMP extractor.
3037
3061
  *
package/src/core/operations/ConditionalJump.mjs CHANGED
@@ -64,6 +64,7 @@ class ConditionalJump extends Operation {
64
64
  jmpIndex = getLabelIndex(label, state);
65
65
 
66
66
  if (state.numJumps >= maxJumps || jmpIndex === -1) {
67
+ state.numJumps = 0;
67
68
  return state;
68
69
  }
69
70
 
@@ -73,6 +74,8 @@ class ConditionalJump extends Operation {
73
74
  if (!invert && strMatch || invert && !strMatch) {
74
75
  state.progress = jmpIndex;
75
76
  state.numJumps++;
77
+ } else {
78
+ state.numJumps = 0;
76
79
  }
77
80
  }
78
81
 
package/src/core/operations/ExtractFiles.mjs CHANGED
@@ -38,7 +38,7 @@ class ExtractFiles extends Operation {
38
38
  <li>
39
39
  ${supportedExts.join("</li><li>")}
40
40
  </li>
41
- </ul>`;
41
+ </ul>Minimum File Size can be used to prune small false positives.`;
42
42
  this.infoURL = "https://forensicswiki.xyz/wiki/index.php?title=File_Carving";
43
43
  this.inputType = "ArrayBuffer";
44
44
  this.outputType = "List<File>";
@@ -54,6 +54,11 @@ class ExtractFiles extends Operation {
54
54
  name: "Ignore failed extractions",
55
55
  type: "boolean",
56
56
  value: true
57
+ },
58
+ {
59
+ name: "Minimum File Size",
60
+ type: "number",
61
+ value: 100
57
62
  }
58
63
  ]);
59
64
  }
@@ -66,6 +71,7 @@ class ExtractFiles extends Operation {
66
71
  run(input, args) {
67
72
  const bytes = new Uint8Array(input),
68
73
  categories = [],
74
+ minSize = args.pop(1),
69
75
  ignoreFailedExtractions = args.pop(1);
70
76
 
71
77
  args.forEach((cat, i) => {
@@ -80,7 +86,9 @@ class ExtractFiles extends Operation {
80
86
  const errors = [];
81
87
  detectedFiles.forEach(detectedFile => {
82
88
  try {
83
- files.push(extractFile(bytes, detectedFile.fileDetails, detectedFile.offset));
89
+ const file = extractFile(bytes, detectedFile.fileDetails, detectedFile.offset);
90
+ if (file.size >= minSize)
91
+ files.push(file);
84
92
  } catch (err) {
85
93
  if (!ignoreFailedExtractions && err.message.indexOf("No extraction algorithm available") < 0) {
86
94
  errors.push(
package/src/core/operations/Jump.mjs CHANGED
@@ -52,6 +52,7 @@ class Jump extends Operation {
52
52
  const jmpIndex = getLabelIndex(label, state);
53
53
 
54
54
  if (state.numJumps >= maxJumps || jmpIndex === -1) {
55
+ state.numJumps = 0;
55
56
  return state;
56
57
  }
57
58
 
package/src/web/stylesheets/components/_operation.css CHANGED
@@ -186,7 +186,7 @@ div.toggle-string {
186
186
  }
187
187
 
188
188
  .ingredients .dropdown-toggle-split {
189
- height: 41px !important;
189
+ height: 40px !important;
190
190
  }
191
191
 
192
192
  .boolean-arg {