cyberchef 9.47.4 → 9.48.0

package/CHANGELOG.md

@@ -13,6 +13,9 @@ All major and minor version changes will be documented in this file. Details of
 
 ## Details
 
+### [9.48.0] - 2022-10-14
+- Added 'LM Hash' and 'NT Hash' operations [@n1474335] [@brun0ne] | [#1427]
+
 ### [9.47.0] - 2022-10-14
 - Added 'LZMA Decompress' and 'LZMA Compress' operations [@mattnotmitt] | [#1421]
 
@@ -318,6 +321,7 @@ All major and minor version changes will be documented in this file. Details of
 
 
 
+[9.48.0]: https://github.com/gchq/CyberChef/releases/tag/v9.48.0
 [9.47.0]: https://github.com/gchq/CyberChef/releases/tag/v9.47.0
 [9.46.0]: https://github.com/gchq/CyberChef/releases/tag/v9.46.0
 [9.45.0]: https://github.com/gchq/CyberChef/releases/tag/v9.45.0
@@ -454,6 +458,7 @@ All major and minor version changes will be documented in this file. Details of
 [@crespyl]: https://github.com/crespyl
 [@thomasleplus]: https://github.com/thomasleplus
 [@valdelaseras]: https://github.com/valdelaseras
+[@brun0ne]: https://github.com/brun0ne
 
 [8ad18b]: https://github.com/gchq/CyberChef/commit/8ad18bc7db6d9ff184ba3518686293a7685bf7b7
 [9a33498]: https://github.com/gchq/CyberChef/commit/9a33498fed26a8df9c9f35f39a78a174bf50a513
@@ -557,4 +562,5 @@ All major and minor version changes will be documented in this file. Details of
 [#1250]: https://github.com/gchq/CyberChef/pull/1250
 [#1308]: https://github.com/gchq/CyberChef/pull/1308
 [#1421]: https://github.com/gchq/CyberChef/pull/1421
+[#1427]: https://github.com/gchq/CyberChef/pull/1427
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "cyberchef",
-  "version": "9.47.4",
+  "version": "9.48.0",
   "description": "The Cyber Swiss Army Knife for encryption, encoding, compression and data analysis.",
   "author": "n1474335 <n1474335@gmail.com>",
   "homepage": "https://gchq.github.io/CyberChef",
@@ -142,6 +142,7 @@
     "node-md6": "^0.1.0",
     "nodom": "^2.4.0",
     "notepack.io": "^3.0.1",
+    "ntlm": "^0.1.3",
     "nwmatcher": "^1.4.4",
     "otp": "0.1.3",
     "path": "^0.12.7",
@@ -170,7 +171,7 @@
     "build": "npx grunt prod",
     "node": "npx grunt node",
     "repl": "node --experimental-modules --experimental-json-modules --experimental-specifier-resolution=node --no-warnings src/node/repl.mjs",
-    "test": "npx grunt configTests && node --experimental-modules --experimental-json-modules --no-warnings --no-deprecation tests/node/index.mjs && node --experimental-modules --experimental-json-modules --no-warnings --no-deprecation tests/operations/index.mjs",
+    "test": "npx grunt configTests && node --experimental-modules --experimental-json-modules --no-warnings --no-deprecation --openssl-legacy-provider tests/node/index.mjs && node --experimental-modules --experimental-json-modules --no-warnings --no-deprecation --openssl-legacy-provider tests/operations/index.mjs",
     "testnodeconsumer": "npx grunt testnodeconsumer",
     "testui": "npx grunt testui",
     "testuidev": "npx nightwatch --env=dev",

package/src/core/Utils.mjs

@@ -206,7 +206,7 @@ class Utils {
      * Utils.parseEscapedChars("\\n");
      */
     static parseEscapedChars(str) {
-        return str.replace(/\\([bfnrtv'"]|[0-3][0-7]{2}|[0-7]{1,2}|x[\da-fA-F]{2}|u[\da-fA-F]{4}|u\{[\da-fA-F]{1,6}\}|\\)/g, function(m, a) {
+        return str.replace(/\\([abfnrtv'"]|[0-3][0-7]{2}|[0-7]{1,2}|x[\da-fA-F]{2}|u[\da-fA-F]{4}|u\{[\da-fA-F]{1,6}\}|\\)/g, function(m, a) {
             switch (a[0]) {
                 case "\\":
                     return "\\";
@@ -219,6 +219,8 @@ class Utils {
                 case "6":
                 case "7":
                     return String.fromCharCode(parseInt(a, 8));
+                case "a":
+                    return String.fromCharCode(7);
                 case "b":
                     return "\b";
                 case "t":

package/src/core/config/Categories.json

@@ -369,6 +369,8 @@
             "Bcrypt compare",
             "Bcrypt parse",
             "Scrypt",
+            "NT Hash",
+            "LM Hash",
             "Fletcher-8 Checksum",
             "Fletcher-16 Checksum",
             "Fletcher-32 Checksum",

package/src/core/config/OperationConfig.json

@@ -8010,6 +8010,16 @@
             }
         ]
     },
+    "LM Hash": {
+        "module": "Crypto",
+        "description": "An LM Hash, or LAN Manager Hash, is a deprecated way of storing passwords on old Microsoft operating systems. It is particularly weak and can be cracked in seconds on modern hardware using rainbow tables.",
+        "infoURL": "https://wikipedia.org/wiki/LAN_Manager#Password_hashing_algorithm",
+        "inputType": "string",
+        "outputType": "string",
+        "flowControl": false,
+        "manualBake": false,
+        "args": []
+    },
     "LS47 Decrypt": {
         "module": "Crypto",
         "description": "This is a slight improvement of the ElsieFour cipher as described by Alan Kaminsky. We use 7x7 characters instead of original (barely fitting) 6x6, to be able to encrypt some structured information. We also describe a simple key-expansion algorithm, because remembering passwords is popular. Similar security considerations as with ElsieFour hold.<br>The LS47 alphabet consists of following characters: <code>_abcdefghijklmnopqrstuvwxyz.0123456789,-+*/:?!'()</code><br>An LS47 key is a permutation of the alphabet that is then represented in a 7x7 grid used for the encryption or decryption.",
@@ -8742,6 +8752,16 @@
         "manualBake": false,
         "args": []
     },
+    "NT Hash": {
+        "module": "Crypto",
+        "description": "An NT Hash, sometimes referred to as an NTLM hash, is a method of storing passwords on Windows systems. It works by running MD4 on UTF-16LE encoded input. NTLM hashes are considered weak because they can be brute-forced very easily with modern hardware.",
+        "infoURL": "https://wikipedia.org/wiki/NT_LAN_Manager",
+        "inputType": "string",
+        "outputType": "string",
+        "flowControl": false,
+        "manualBake": false,
+        "args": []
+    },
     "Normalise Image": {
         "module": "Image",
         "description": "Normalise the image colours.",

package/src/core/config/modules/Crypto.mjs

@@ -34,12 +34,14 @@ import JWTDecode from "../../operations/JWTDecode.mjs";
 import JWTSign from "../../operations/JWTSign.mjs";
 import JWTVerify from "../../operations/JWTVerify.mjs";
 import Keccak from "../../operations/Keccak.mjs";
+import LMHash from "../../operations/LMHash.mjs";
 import LS47Decrypt from "../../operations/LS47Decrypt.mjs";
 import LS47Encrypt from "../../operations/LS47Encrypt.mjs";
 import MD2 from "../../operations/MD2.mjs";
 import MD4 from "../../operations/MD4.mjs";
 import MD5 from "../../operations/MD5.mjs";
 import MD6 from "../../operations/MD6.mjs";
+import NTHash from "../../operations/NTHash.mjs";
 import RIPEMD from "../../operations/RIPEMD.mjs";
 import SHA0 from "../../operations/SHA0.mjs";
 import SHA1 from "../../operations/SHA1.mjs";
@@ -85,12 +87,14 @@ OpModules.Crypto = {
     "JWT Sign": JWTSign,
     "JWT Verify": JWTVerify,
     "Keccak": Keccak,
+    "LM Hash": LMHash,
     "LS47 Decrypt": LS47Decrypt,
     "LS47 Encrypt": LS47Encrypt,
     "MD2": MD2,
     "MD4": MD4,
     "MD5": MD5,
     "MD6": MD6,
+    "NT Hash": NTHash,
     "RIPEMD": RIPEMD,
     "SHA0": SHA0,
     "SHA1": SHA1,

package/src/core/operations/GenerateAllHashes.mjs

@@ -34,6 +34,8 @@ import BLAKE2b from "./BLAKE2b.mjs";
 import BLAKE2s from "./BLAKE2s.mjs";
 import Streebog from "./Streebog.mjs";
 import GOSTHash from "./GOSTHash.mjs";
+import LMHash from "./LMHash.mjs";
+import NTHash from "./NTHash.mjs";
 import OperationError from "../errors/OperationError.mjs";
 
 /**
@@ -107,6 +109,8 @@ class GenerateAllHashes extends Operation {
             {name: "Streebog-256", algo: (new Streebog), inputType: "arrayBuffer", params: ["256"]},
             {name: "Streebog-512", algo: (new Streebog), inputType: "arrayBuffer", params: ["512"]},
             {name: "GOST", algo: (new GOSTHash), inputType: "arrayBuffer", params: ["D-A"]},
+            {name: "LM Hash", algo: (new LMHash), inputType: "str", params: []},
+            {name: "NT Hash", algo: (new NTHash), inputType: "str", params: []},
             {name: "SSDEEP", algo: (new SSDEEP()), inputType: "str"},
             {name: "CTPH", algo: (new CTPH()), inputType: "str"}
         ];

package/src/core/operations/LMHash.mjs

@@ -0,0 +1,41 @@
+/**
+ * @author n1474335 [n1474335@gmail.com]
+ * @copyright Crown Copyright 2022
+ * @license Apache-2.0
+ */
+
+import Operation from "../Operation.mjs";
+import {smbhash} from "ntlm";
+
+/**
+ * LM Hash operation
+ */
+class LMHash extends Operation {
+
+    /**
+     * LMHash constructor
+     */
+    constructor() {
+        super();
+
+        this.name = "LM Hash";
+        this.module = "Crypto";
+        this.description = "An LM Hash, or LAN Manager Hash, is a deprecated way of storing passwords on old Microsoft operating systems. It is particularly weak and can be cracked in seconds on modern hardware using rainbow tables.";
+        this.infoURL = "https://wikipedia.org/wiki/LAN_Manager#Password_hashing_algorithm";
+        this.inputType = "string";
+        this.outputType = "string";
+        this.args = [];
+    }
+
+    /**
+     * @param {string} input
+     * @param {Object[]} args
+     * @returns {string}
+     */
+    run(input, args) {
+        return smbhash.lmhash(input);
+    }
+
+}
+
+export default LMHash;

package/src/core/operations/NTHash.mjs

@@ -0,0 +1,46 @@
+/**
+ * @author brun0ne [brunonblok@gmail.com]
+ * @copyright Crown Copyright 2022
+ * @license Apache-2.0
+ */
+
+import Operation from "../Operation.mjs";
+
+import cptable from "codepage";
+import {runHash} from "../lib/Hash.mjs";
+
+/**
+ * NT Hash operation
+ */
+class NTHash extends Operation {
+
+    /**
+     * NTHash constructor
+     */
+    constructor() {
+        super();
+
+        this.name = "NT Hash";
+        this.module = "Crypto";
+        this.description = "An NT Hash, sometimes referred to as an NTLM hash, is a method of storing passwords on Windows systems. It works by running MD4 on UTF-16LE encoded input. NTLM hashes are considered weak because they can be brute-forced very easily with modern hardware.";
+        this.infoURL = "https://wikipedia.org/wiki/NT_LAN_Manager";
+        this.inputType = "string";
+        this.outputType = "string";
+        this.args = [];
+    }
+
+    /**
+     * @param {string} input
+     * @param {Object[]} args
+     * @returns {string}
+     */
+    run(input, args) {
+        const format = 1200; // UTF-16LE
+        const encoded = cptable.utils.encode(format, input);
+        const hashed = runHash("md4", encoded);
+
+        return hashed.toUpperCase();
+    }
+}
+
+export default NTHash;

package/src/core/operations/index.mjs

@@ -194,6 +194,7 @@ import JavaScriptMinify from "./JavaScriptMinify.mjs";
 import JavaScriptParser from "./JavaScriptParser.mjs";
 import Jump from "./Jump.mjs";
 import Keccak from "./Keccak.mjs";
+import LMHash from "./LMHash.mjs";
 import LS47Decrypt from "./LS47Decrypt.mjs";
 import LS47Encrypt from "./LS47Encrypt.mjs";
 import LZMACompress from "./LZMACompress.mjs";
@@ -215,6 +216,7 @@ import MicrosoftScriptDecoder from "./MicrosoftScriptDecoder.mjs";
 import MultipleBombe from "./MultipleBombe.mjs";
 import Multiply from "./Multiply.mjs";
 import NOT from "./NOT.mjs";
+import NTHash from "./NTHash.mjs";
 import NormaliseImage from "./NormaliseImage.mjs";
 import NormaliseUnicode from "./NormaliseUnicode.mjs";
 import Numberwang from "./Numberwang.mjs";
@@ -581,6 +583,7 @@ export {
     JavaScriptParser,
     Jump,
     Keccak,
+    LMHash,
     LS47Decrypt,
     LS47Encrypt,
     LZMACompress,
@@ -602,6 +605,7 @@ export {
     MultipleBombe,
     Multiply,
     NOT,
+    NTHash,
     NormaliseImage,
     NormaliseUnicode,
     Numberwang,

package/src/node/index.mjs

@@ -197,6 +197,7 @@ import {
     JWTSign as core_JWTSign,
     JWTVerify as core_JWTVerify,
     Keccak as core_Keccak,
+    LMHash as core_LMHash,
     LS47Decrypt as core_LS47Decrypt,
     LS47Encrypt as core_LS47Encrypt,
     LZMACompress as core_LZMACompress,
@@ -216,6 +217,7 @@ import {
     MultipleBombe as core_MultipleBombe,
     Multiply as core_Multiply,
     NOT as core_NOT,
+    NTHash as core_NTHash,
     NormaliseImage as core_NormaliseImage,
     NormaliseUnicode as core_NormaliseUnicode,
     Numberwang as core_Numberwang,
@@ -584,6 +586,7 @@ function generateChef() {
         "JWTSign": _wrap(core_JWTSign),
         "JWTVerify": _wrap(core_JWTVerify),
         "keccak": _wrap(core_Keccak),
+        "LMHash": _wrap(core_LMHash),
         "LS47Decrypt": _wrap(core_LS47Decrypt),
         "LS47Encrypt": _wrap(core_LS47Encrypt),
         "LZMACompress": _wrap(core_LZMACompress),
@@ -603,6 +606,7 @@ function generateChef() {
         "multipleBombe": _wrap(core_MultipleBombe),
         "multiply": _wrap(core_Multiply),
         "NOT": _wrap(core_NOT),
+        "NTHash": _wrap(core_NTHash),
         "normaliseImage": _wrap(core_NormaliseImage),
         "normaliseUnicode": _wrap(core_NormaliseUnicode),
         "numberwang": _wrap(core_Numberwang),
@@ -986,6 +990,7 @@ const javaScriptMinify = chef.javaScriptMinify;
 const javaScriptParser = chef.javaScriptParser;
 const jump = chef.jump;
 const keccak = chef.keccak;
+const LMHash = chef.LMHash;
 const LS47Decrypt = chef.LS47Decrypt;
 const LS47Encrypt = chef.LS47Encrypt;
 const LZMACompress = chef.LZMACompress;
@@ -1007,6 +1012,7 @@ const microsoftScriptDecoder = chef.microsoftScriptDecoder;
 const multipleBombe = chef.multipleBombe;
 const multiply = chef.multiply;
 const NOT = chef.NOT;
+const NTHash = chef.NTHash;
 const normaliseImage = chef.normaliseImage;
 const normaliseUnicode = chef.normaliseUnicode;
 const numberwang = chef.numberwang;
@@ -1375,6 +1381,7 @@ const operations = [
     javaScriptParser,
     jump,
     keccak,
+    LMHash,
     LS47Decrypt,
     LS47Encrypt,
     LZMACompress,
@@ -1396,6 +1403,7 @@ const operations = [
     multipleBombe,
     multiply,
     NOT,
+    NTHash,
     normaliseImage,
     normaliseUnicode,
     numberwang,
@@ -1768,6 +1776,7 @@ export {
     javaScriptParser,
     jump,
     keccak,
+    LMHash,
     LS47Decrypt,
     LS47Encrypt,
     LZMACompress,
@@ -1789,6 +1798,7 @@ export {
     multipleBombe,
     multiply,
     NOT,
+    NTHash,
     normaliseImage,
     normaliseUnicode,
     numberwang,

package/tests/operations/index.mjs

@@ -120,9 +120,10 @@ import "./tests/SIGABA.mjs";
 import "./tests/ELFInfo.mjs";
 import "./tests/Subsection.mjs";
 import "./tests/CaesarBoxCipher.mjs";
+import "./tests/UnescapeString.mjs";
 import "./tests/LS47.mjs";
 import "./tests/LZString.mjs";
-
+import "./tests/NTLM.mjs";
 
 // Cannot test operations that use the File type yet
 // import "./tests/SplitColourChannels.mjs";

package/tests/operations/tests/GenerateAllHashes.mjs

@@ -50,6 +50,8 @@ BLAKE2s-256:  f308fc02ce9172ad02a7d75800ecfc027109bc67987ea32aba9b8dcc7b10150e
 Streebog-256: 12a50838191b5504f1e5f2fd078714cf6b592b9d29af99d0b10d8d02881c3857
 Streebog-512: 7200bf5dea560f0d7960d07fdc8874ad9f3b86ece2e45f5502ae2e176f2c928e0e581152281f5aee818318bed7cbe6aa69999589234723ceb33175598365b5c8
 GOST:         ee67303696d205ddd2b2363e8e01b4b7199a80957d94d7678eaad3fc834c5a27
+LM Hash:      01FC5A6BE7BC6929AAD3B435B51404EE
+NT Hash:      0CB6948805F797BF2A82807973B89537
 SSDEEP:       3:Hn:Hn
 CTPH:         A:E:E
 
@@ -79,6 +81,8 @@ MD5:          098f6bcd4621d373cade4e832627b4f6
 RIPEMD-128:   f1abb5083c9ff8a9dbbca9cd2b11fead
 BLAKE2b-128:  44a8995dd50b6657a037a7839304535b
 BLAKE2s-128:  e9ddd9926b9dcb382e09be39ba403d2c
+LM Hash:      01FC5A6BE7BC6929AAD3B435B51404EE
+NT Hash:      0CB6948805F797BF2A82807973B89537
 `,
         recipeConfig: [
             {

package/tests/operations/tests/NTLM.mjs

@@ -0,0 +1,34 @@
+/**
+ * NTLM test.
+ *
+ * @author brun0ne [brunonblok@gmail.com]
+ * @copyright Crown Copyright 2022
+ * @license Apache-2.0
+ */
+import TestRegister from "../../lib/TestRegister.mjs";
+
+TestRegister.addTests([
+    {
+        name: "NT Hash",
+        input: "QWERTYUIOPASDFGHJKLZXCVBNM1234567890!@#$%^&*()_+.,?/",
+        expectedOutput: "C5FA1C40E55734A8E528DBFE21766D23",
+        recipeConfig: [
+            {
+                op: "NT Hash",
+                args: [],
+            },
+        ],
+    },
+    {
+        name: "LM Hash",
+        input: "QWERTYUIOPASDFGHJKLZXCVBNM1234567890!@#$%^&*()_+.,?/",
+        expectedOutput: "6D9DF16655336CA75A3C13DD18BA8156",
+        recipeConfig: [
+            {
+                op: "LM Hash",
+                args: [],
+            },
+        ],
+    },
+
+]);

package/tests/operations/tests/UnescapeString.mjs

@@ -0,0 +1,55 @@
+/**
+ * UnescapeString tests.
+ *
+ * @copyright Crown Copyright 2022
+ * @license Apache-2.0
+ */
+import TestRegister from "../../lib/TestRegister.mjs";
+
+TestRegister.addTests([
+    {
+        name: "UnescapeString: escape sequences",
+        input: "\\a\\b\\f\\n\\r\\t\\v\\'\\\"",
+        expectedOutput: String.fromCharCode(0x07, 0x08, 0x0c, 0x0a, 0x0d, 0x09,
+            0x0b, 0x27, 0x22),
+        recipeConfig: [
+            {
+                op: "Unescape string",
+                args: [],
+            },
+        ],
+    },
+    {
+        name: "UnescapeString: octals",
+        input: "\\0\\01\\012\\1\\12",
+        expectedOutput: String.fromCharCode(0, 1, 10, 1, 10),
+        recipeConfig: [
+            {
+                op: "Unescape string",
+                args: [],
+            },
+        ],
+    },
+    {
+        name: "UnescapeString: hexadecimals",
+        input: "\\x00\\xAA\\xaa",
+        expectedOutput: String.fromCharCode(0, 170, 170),
+        recipeConfig: [
+            {
+                op: "Unescape string",
+                args: [],
+            },
+        ],
+    },
+    {
+        name: "UnescapeString: unicode",
+        input: "\\u0061\\u{0062}",
+        expectedOutput: "ab",
+        recipeConfig: [
+            {
+                op: "Unescape string",
+                args: [],
+            },
+        ],
+    },
+]);