6.7.2

update

README.md

@@ -2,7 +2,7 @@
 
 [![Build Status](https://travis-ci.org/gchq/CyberChef.svg?branch=master)](https://travis-ci.org/gchq/CyberChef)
 [![dependencies Status](https://david-dm.org/gchq/CyberChef/status.svg)](https://david-dm.org/gchq/CyberChef)
-[![npm](http://img.shields.io/npm/v/cyberchef.svg)](https://www.npmjs.com/package/cyberchef)
+[![npm](https://img.shields.io/npm/v/cyberchef.svg)](https://www.npmjs.com/package/cyberchef)
 ![](https://reposs.herokuapp.com/?path=gchq/CyberChef&color=blue)
 [![](https://img.shields.io/badge/license-Apache%202.0-blue.svg)](https://github.com/gchq/CyberChef/blob/master/LICENSE)
 [![Gitter](https://badges.gitter.im/gchq/CyberChef.svg)](https://gitter.im/gchq/CyberChef?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge)
@@ -100,6 +100,6 @@ CyberChef is released under the [Apache 2.0 Licence](https://www.apache.org/lice
   [5]: https://gchq.github.io/CyberChef/#recipe=From_Hexdump()Gunzip()&input=MDAwMDAwMDAgIDFmIDhiIDA4IDAwIDEyIGJjIGYzIDU3IDAwIGZmIDBkIGM3IGMxIDA5IDAwIDIwICB8Li4uLi6881cu/y7HwS4uIHwKMDAwMDAwMTAgIDA4IDA1IGQwIDU1IGZlIDA0IDJkIGQzIDA0IDFmIGNhIDhjIDQ0IDIxIDViIGZmICB8Li7QVf4uLdMuLsouRCFb/3wKMDAwMDAwMjAgIDYwIGM3IGQ3IDAzIDE2IGJlIDQwIDFmIDc4IDRhIDNmIDA5IDg5IDBiIDlhIDdkICB8YMfXLi6%2BQC54Sj8uLi4ufXwKMDAwMDAwMzAgIDRlIGM4IDRlIDZkIDA1IDFlIDAxIDhiIDRjIDI0IDAwIDAwIDAwICAgICAgICAgICB8TshObS4uLi5MJC4uLnw
   [6]: https://gchq.github.io/CyberChef/#recipe=RC4(%7B'option':'UTF8','string':'secret'%7D,'Hex','Hex')Disassemble_x86('64','Full%20x86%20architecture',16,0,true,true)&input=MjFkZGQyNTQwMTYwZWU2NWZlMDc3NzEwM2YyYTM5ZmJlNWJjYjZhYTBhYWJkNDE0ZjkwYzZjYWY1MzEyNzU0YWY3NzRiNzZiM2JiY2QxOTNjYjNkZGZkYmM1YTI2NTMzYTY4NmI1OWI4ZmVkNGQzODBkNDc0NDIwMWFlYzIwNDA1MDcxMzhlMmZlMmIzOTUwNDQ2ZGIzMWQyYmM2MjliZTRkM2YyZWIwMDQzYzI5M2Q3YTVkMjk2MmMwMGZlNmRhMzAwNzJkOGM1YTZiNGZlN2Q4NTlhMDQwZWVhZjI5OTczMzYzMDJmNWEwZWMxOQ
   [7]: https://gchq.github.io/CyberChef/#recipe=Fork('%5C%5Cn','%5C%5Cn',false)From_UNIX_Timestamp('Seconds%20(s)')&input=OTc4MzQ2ODAwCjEwMTI2NTEyMDAKMTA0NjY5NjQwMAoxMDgxMDg3MjAwCjExMTUzMDUyMDAKMTE0OTYwOTYwMA
-  [8]: https://gchq.github.io/CyberChef/#recipe=Fork('%5C%5Cn','%5C%5Cn',false)Conditional_Jump('1',2,10)To_Hex('Space')Return()To_Base64('A-Za-z0-9%2B/%3D')&input=U29tZSBkYXRhIHdpdGggYSAxIGluIGl0ClNvbWUgZGF0YSB3aXRoIGEgMiBpbiBpdA
+  [8]: https://gchq.github.ioeCyberChef/#recipe=Fork('%5C%5Cn','%5C%5Cn',false)Conditional_Jump('1',false,'base64',10)To_Hex('Space')Return()Label('base64')To_Base64('A-Za-z0-9%2B/%3D')&input=U29tZSBkYXRhIHdpdGggYSAxIGluIGl0ClNvbWUgZGF0YSB3aXRoIGEgMiBpbiBpdA
   [9]: https://gchq.github.io/CyberChef/#recipe=Register('key%3D(%5B%5C%5Cda-f%5D*)',true,false)Find_/_Replace(%7B'option':'Regex','string':'.*data%3D(.*)'%7D,'$1',true,false,true)RC4(%7B'option':'Hex','string':'$R0'%7D,'Hex','Latin1')&input=aHR0cDovL21hbHdhcmV6LmJpei9iZWFjb24ucGhwP2tleT0wZTkzMmE1YyZkYXRhPThkYjdkNWViZTM4NjYzYTU0ZWNiYjMzNGUzZGIxMQ
   [10]: https://gchq.github.io/CyberChef/#recipe=XOR(%7B'option':'Hex','string':'3a'%7D,'',false)To_Hexdump(16,false,false)&input=VGhlIGFuc3dlciB0byB0aGUgdWx0aW1hdGUgcXVlc3Rpb24gb2YgbGlmZSwgdGhlIFVuaXZlcnNlLCBhbmQgZXZlcnl0aGluZyBpcyA0Mi4

package.json

@@ -1,6 +1,6 @@
 {
   "name": "cyberchef",
-  "version": "6.5.0",
+  "version": "6.7.2",
   "description": "The Cyber Swiss Army Knife for encryption, encoding, compression and data analysis.",
   "author": "n1474335 <n1474335@gmail.com>",
   "homepage": "https://gchq.github.io/CyberChef",
@@ -36,7 +36,7 @@
     "css-loader": "^0.28.7",
     "exports-loader": "^0.6.4",
     "extract-text-webpack-plugin": "^3.0.2",
-    "file-loader": "^1.1.5",
+    "file-loader": "^1.1.6",
     "grunt": ">=1.0.1",
     "grunt-accessibility": "~5.0.0",
     "grunt-chmod": "~1.1.1",
@@ -56,13 +56,13 @@
     "less-loader": "^4.0.5",
     "postcss-css-variables": "^0.8.0",
     "postcss-import": "^11.0.0",
-    "postcss-loader": "^2.0.8",
-    "style-loader": "^0.19.0",
+    "postcss-loader": "^2.0.9",
+    "style-loader": "^0.19.1",
     "url-loader": "^0.6.2",
     "val-loader": "^1.1.0",
     "web-resource-inliner": "^4.2.0",
-    "webpack": "^3.8.1",
-    "webpack-dev-server": "^2.9.4",
+    "webpack": "^3.10.0",
+    "webpack-dev-server": "^2.9.7",
     "webpack-node-externals": "^1.6.0",
     "worker-loader": "^1.1.0"
   },
@@ -81,21 +81,22 @@
     "google-code-prettify": "^1.0.5",
     "jquery": "^3.2.1",
     "js-crc": "^0.2.0",
-    "js-sha3": "^0.6.1",
+    "js-sha3": "^0.7.0",
     "jsbn": "^1.1.0",
     "jsonpath": "^1.0.0",
     "jsrsasign": "8.0.4",
     "lodash": "^4.17.4",
-    "moment": "^2.19.2",
+    "moment": "^2.20.1",
     "moment-timezone": "^0.5.14",
     "node-md6": "^0.1.0",
+    "nwmatcher": "^1.4.3",
     "otp": "^0.1.3",
     "sladex-blowfish": "^0.8.1",
     "sortablejs": "^1.7.0",
     "split.js": "^1.3.5",
     "vkbeautify": "^0.99.3",
     "xmldom": "^0.1.27",
-    "xpath": "0.0.24",
+    "xpath": "0.0.27",
     "zlibjs": "^0.3.1"
   },
   "scripts": {

src/core/FlowControl.js

@@ -170,18 +170,14 @@ const FlowControl = {
      */
     runJump: function(state) {
         let ings     = state.opList[state.progress].getIngValues(),
-            jumpNum  = ings[0],
+            jmpIndex = FlowControl._getLabelIndex(ings[0], state),
             maxJumps = ings[1];
 
-        if (jumpNum < 0) {
-            jumpNum--;
-        }
-
-        if (state.numJumps >= maxJumps) {
+        if (state.numJumps >= maxJumps || jmpIndex === -1) {
             return state;
         }
 
-        state.progress += jumpNum;
+        state.progress = jmpIndex;
         state.numJumps++;
         return state;
     },
@@ -201,20 +197,20 @@ const FlowControl = {
         let ings     = state.opList[state.progress].getIngValues(),
             dish     = state.dish,
             regexStr = ings[0],
-            jumpNum  = ings[1],
-            maxJumps = ings[2];
+            invert   = ings[1],
+            jmpIndex = FlowControl._getLabelIndex(ings[2], state),
+            maxJumps = ings[3];
 
-        if (jumpNum < 0) {
-            jumpNum--;
-        }
-
-        if (state.numJumps >= maxJumps) {
+        if (state.numJumps >= maxJumps || jmpIndex === -1) {
             return state;
         }
 
-        if (regexStr !== "" && dish.get(Dish.STRING).search(regexStr) > -1) {
-            state.progress += jumpNum;
-            state.numJumps++;
+        if (regexStr !== "") {
+            let strMatch = dish.get(Dish.STRING).search(regexStr) > -1;
+            if (!invert && strMatch || invert && !strMatch) {
+                state.progress = jmpIndex;
+                state.numJumps++;
+            }
         }
 
         return state;
@@ -249,6 +245,26 @@ const FlowControl = {
         return state;
     },
 
+
+    /**
+     * Returns the index of a label.
+     *
+     * @param {Object} state
+     * @param {string} name
+     * @returns {number}
+     */
+    _getLabelIndex: function(name, state) {
+        for (let o = 0; o < state.opList.length; o++) {
+            let operation = state.opList[o];
+            if (operation.name === "Label"){
+                let ings = operation.getIngValues();
+                if (name === ings[0]) {
+                    return o;
+                }
+            }
+        }
+        return -1;
+    },
 };
 
 export default FlowControl;

src/core/Utils.js

@@ -859,7 +859,7 @@ const Utils = {
      *
      * fragment      = *( pchar / "/" / "?" )
      * query         = *( pchar / "/" / "?" )
-     * pchar         = unreserved / pct-encoded / sub-delims / ":" / "@" 
+     * pchar         = unreserved / pct-encoded / sub-delims / ":" / "@"
      * unreserved    = ALPHA / DIGIT / "-" / "." / "_" / "~"
      * pct-encoded   = "%" HEXDIG HEXDIG
      * sub-delims    = "!" / "$" / "&" / "'" / "(" / ")"

src/core/config/Categories.js

@@ -302,6 +302,7 @@ const Categories = [
         ops: [
             "Entropy",
             "Frequency distribution",
+            "Chi Square",
             "Detect File Type",
             "Scan for Embedded Files",
             "Disassemble x86",
@@ -320,6 +321,7 @@ const Categories = [
             "Fork",
             "Merge",
             "Register",
+            "Label",
             "Jump",
             "Conditional Jump",
             "Return",

src/core/config/OperationConfig.js

@@ -137,15 +137,15 @@ const OperationConfig = {
     },
     "Jump": {
         module: "Default",
-        description: "Jump forwards or backwards over the specified number of operations.",
+        description: "Jump forwards or backwards to the specified Label",
         inputType: "string",
         outputType: "string",
         flowControl: true,
         args: [
             {
-                name: "Number of operations to jump over",
-                type: "number",
-                value: 0
+                name: "Label name",
+                type: "string",
+                value: ""
             },
             {
                 name: "Maximum jumps (if jumping backwards)",
@@ -156,7 +156,7 @@ const OperationConfig = {
     },
     "Conditional Jump": {
         module: "Default",
-        description: "Conditionally jump forwards or backwards over the specified number of operations based on whether the data matches the specified regular expression.",
+        description: "Conditionally jump forwards or backwards to the specified Label  based on whether the data matches the specified regular expression.",
         inputType: "string",
         outputType: "string",
         flowControl: true,
@@ -167,9 +167,14 @@ const OperationConfig = {
                 value: ""
             },
             {
-                name: "Number of operations to jump over if match found",
-                type: "number",
-                value: 0
+                name: "Invert match",
+                type: "boolean",
+                value: false
+            },
+            {
+                name: "Label name",
+                type: "shortString",
+                value: ""
             },
             {
                 name: "Maximum jumps (if jumping backwards)",
@@ -178,6 +183,20 @@ const OperationConfig = {
             }
         ]
     },
+    "Label": {
+        module: "Default",
+        description: "Provides a location for conditional and fixed jumps to redirect execution to.",
+        inputType: "string",
+        outputType: "string",
+        flowControl: true,
+        args: [
+            {
+                name: "Name",
+                type: "shortString",
+                value: ""
+            }
+        ]
+    },
     "Return": {
         module: "Default",
         description: "End execution of operations at this point in the recipe.",
@@ -3186,6 +3205,13 @@ const OperationConfig = {
             }
         ]
     },
+    "Chi Square": {
+        module: "Default",
+        description: "Calculates the Chi Square distribution of values.",
+        inputType: "byteArray",
+        outputType: "number",
+        args: []
+    },
     "Numberwang": {
         module: "Default",
         description: "Based on the popular gameshow by Mitchell and Webb.",
@@ -3821,7 +3847,7 @@ const OperationConfig = {
     "Generate HOTP": {
         module: "Default",
         description: "The HMAC-based One-Time Password algorithm (HOTP) is an algorithm that computes a one-time password from a shared secret key and an incrementing counter. It has been adopted as Internet Engineering Task Force standard RFC 4226, is the cornerstone of Initiative For Open Authentication (OATH), and is used in a number of two-factor authentication systems.<br><br>Enter the secret as the input or leave it blank for a random secret to be generated.",
-        inputType: "string",
+        inputType: "byteArray",
         outputType: "string",
         args: [
             {

src/core/config/modules/Default.js

@@ -39,6 +39,7 @@ import UUID from "../../operations/UUID.js";
  *  - Utils.js
  *    - CryptoJS
  *  - otp
+ *  - crypto
  *
  * @author n1474335 [n1474335@gmail.com]
  * @copyright Crown Copyright 2017
@@ -142,6 +143,7 @@ OpModules.Default = {
     "Microsoft Script Decoder": MS.runDecodeScript,
     "Entropy":              Entropy.runEntropy,
     "Frequency distribution": Entropy.runFreqDistrib,
+    "Chi Square":           Entropy.runChiSq,
     "Detect File Type":     FileType.runDetect,
     "Scan for Embedded Files": FileType.runScanForEmbeddedFiles,
     "Generate UUID":        UUID.runGenerateV4,
@@ -151,6 +153,7 @@ OpModules.Default = {
     "Fork":                 FlowControl.runFork,
     "Merge":                FlowControl.runMerge,
     "Register":             FlowControl.runRegister,
+    "Label":                FlowControl.runComment,
     "Jump":                 FlowControl.runJump,
     "Conditional Jump":     FlowControl.runCondJump,
     "Return":               FlowControl.runReturn,

src/core/operations/Code.js

@@ -2,9 +2,10 @@ import {camelCase, kebabCase, snakeCase} from "lodash";
 
 import Utils from "../Utils.js";
 import vkbeautify from "vkbeautify";
-import {DOMParser as dom} from "xmldom";
+import {DOMParser} from "xmldom";
 import xpath from "xpath";
 import jpath from "jsonpath";
+import nwmatcher from "nwmatcher";
 import prettyPrintOne from "imports-loader?window=>global!exports-loader?prettyPrintOne!google-code-prettify/bin/prettify.min.js";
 
 
@@ -336,7 +337,7 @@ const Code = {
 
         let doc;
         try {
-            doc = new dom().parseFromString(input);
+            doc = new DOMParser().parseFromString(input, "application/xml");
         } catch (err) {
             return "Invalid input XML.";
         }
@@ -423,7 +424,7 @@ const Code = {
         let query = args[0],
             delimiter = args[1],
             parser = new DOMParser(),
-            html,
+            dom,
             result;
 
         if (!query.length || !input.length) {
@@ -431,32 +432,32 @@ const Code = {
         }
 
         try {
-            html = parser.parseFromString(input, "text/html");
+            dom = parser.parseFromString(input);
         } catch (err) {
             return "Invalid input HTML.";
         }
 
         try {
-            result = html.querySelectorAll(query);
+            const matcher = nwmatcher({document: dom});
+            result = matcher.select(query, dom);
         } catch (err) {
             return "Invalid CSS Selector. Details:\n" + err.message;
         }
 
         const nodeToString = function(node) {
+            return node.toString();
+            /* xmldom does not return the outerHTML value.
             switch (node.nodeType) {
-                case Node.ELEMENT_NODE: return node.outerHTML;
-                case Node.ATTRIBUTE_NODE: return node.value;
-                case Node.COMMENT_NODE: return node.data;
-                case Node.TEXT_NODE: return node.wholeText;
-                case Node.DOCUMENT_NODE: return node.outerHTML;
+                case node.ELEMENT_NODE: return node.outerHTML;
+                case node.ATTRIBUTE_NODE: return node.value;
+                case node.TEXT_NODE: return node.wholeText;
+                case node.COMMENT_NODE: return node.data;
+                case node.DOCUMENT_NODE: return node.outerHTML;
                 default: throw new Error("Unknown Node Type: " + node.nodeType);
-            }
+            }*/
         };
 
-        return Array.apply(null, Array(result.length))
-            .map(function(_, i) {
-                return result[i];
-            })
+        return result
             .map(nodeToString)
             .join(delimiter);
     },

src/core/operations/Entropy.js

@@ -135,6 +135,31 @@ const Entropy = {
     },
 
 
+    /**
+     * Chi Square operation.
+     *
+     * @param {byteArray} data
+     * @param {Object[]} args
+     * @returns {number}
+     */
+    runChiSq: function(input, args) {
+        let distArray = new Array(256).fill(0),
+            total = 0;
+
+        for (let i = 0; i < input.length; i++) {
+            distArray[input[i]]++;
+        }
+
+        for (let i = 0; i < distArray.length; i++) {
+            if (distArray[i] > 0) {
+                total += Math.pow(distArray[i] - input.length / 256, 2) / (input.length / 256);
+            }
+        }
+
+        return total;
+    },
+
+
     /**
      * Calculates the Shannon entropy for a given chunk of data.
      *

src/core/operations/MS.js

@@ -1,5 +1,5 @@
 /**
- * Microsoft operations. 
+ * Microsoft operations.
  *
  * @author bmwhitn [brian.m.whitney@outlook.com]
  * @copyright Crown Copyright 2017

src/core/operations/NetBIOS.js

@@ -26,9 +26,14 @@ const NetBIOS = {
         let output = [],
             offset = args[0];
 
-        for (let i = 0; i < input.length; i++) {
-            output.push((input[i] >> 4) + offset);
-            output.push((input[i] & 0xf) + offset);
+        if (input.length <= 16) {
+            let len = input.length;
+            input.length = 16;
+            input.fill(32, len, 16);
+            for (let i = 0; i < input.length; i++) {
+                output.push((input[i] >> 4) + offset);
+                output.push((input[i] & 0xf) + offset);
+            }
         }
 
         return output;
@@ -46,9 +51,15 @@ const NetBIOS = {
         let output = [],
             offset = args[0];
 
-        for (let i = 0; i < input.length; i += 2) {
-            output.push(((input[i] - offset) << 4) |
-                        ((input[i + 1] - offset) & 0xf));
+        if (input.length <= 32 && (input.length % 2) === 0) {
+            for (let i = 0; i < input.length; i += 2) {
+                output.push((((input[i] & 0xff) - offset) << 4) |
+                            (((input[i + 1] & 0xff) - offset) & 0xf));
+            }
+            for (let i = output.length - 1; i > 0; i--) {
+                if (output[i] === 32) output.splice(i, i);
+                else break;
+            }
         }
 
         return output;

src/core/operations/Numberwang.js

@@ -14,16 +14,72 @@ const Numberwang = {
      * @returns {string}
      */
     run: function(input, args) {
-        if (!input) return "Let's play Wangernumb!";
-        const match = input.match(/\d+/);
-        if (match) {
-            return match[0] + "! That's Numberwang!";
+        let output;
+        if (!input) {
+            output =  "Let's play Wangernumb!";
         } else {
-            // That's a bad miss!
-            return "Sorry, that's not Numberwang. Let's rotate the board!";
+            const match = input.match(/(f0rty-s1x|shinty-six|filth-hundred and neeb|-?√?\d+(\.\d+)?i?([a-z]?)%?)/i);
+            if (match) {
+                if (match[3]) output = match[0] + "! That's AlphaNumericWang!";
+                else output = match[0] + "! That's Numberwang!";
+            } else {
+                // That's a bad miss!
+                output = "Sorry, that's not Numberwang. Let's rotate the board!";
+            }
         }
+
+        const rand = Math.floor(Math.random() * Numberwang._didYouKnow.length);
+        return output + "\n\nDid you know: " + Numberwang._didYouKnow[rand];
     },
 
+
+    /**
+     * Taken from http://numberwang.wikia.com/wiki/Numberwang_Wikia
+     *
+     * @private
+     * @constant
+     */
+    _didYouKnow: [
+        "Numberwang, contrary to popular belief, is a fruit and not a vegetable.",
+        "Robert Webb once got WordWang while presenting an episode of Numberwang.",
+        "The 6705th digit of pi is Numberwang.",
+        "Numberwang was invented on a Sevenday.",
+        "Contrary to popular belief, Albert Einstein always got good grades in Numberwang at school. He once scored ^4$ on a test.",
+        "680 asteroids have been named after Numberwang.",
+        "Archimedes is most famous for proclaiming \"That's Numberwang!\" during an epiphany about water displacement he had while taking a bath.",
+        "Numberwang Day is celebrated in Japan on every day of the year apart from June 6.",
+        "Biologists recently discovered Numberwang within a strand of human DNA.",
+        "Numbernot is a special type of non-Numberwang number. It is divisible by 3 and the letter \"y\".",
+        "Julie once got 612.04 Numberwangs in a single episode of Emmerdale.",
+        "In India, it is traditional to shout out \"Numberwang!\" instead of checkmate during games of chess.",
+        "There is a rule on Countdown which states that if you get Numberwang in the numbers round, you automatically win. It has only ever been invoked twice.",
+        "\"Numberwang\" was the third-most common baby name for a brief period in 1722.",
+        "\"The Lion King\" was loosely based on Numberwang.",
+        "\"A Numberwang a day keeps the doctor away\" is how Donny Cosy, the oldest man in the world, explained how he was in such good health at the age of 136.",
+        "The \"number lock\" button on a keyboard is based on the popular round of the same name in \"Numberwang\".",
+        "Cambridge became the first university to offer a course in Numberwang in 1567.",
+        "Schrödinger's Numberwang is a number that has been confusing dentists for centuries.",
+        "\"Harry Potter and the Numberwang of Numberwang\" was rejected by publishers -41 times before it became a bestseller.",
+        "\"Numberwang\" is the longest-running British game show in history; it has aired 226 seasons, each containing 19 episodes, which makes a grand total of 132 episodes.",
+        "The triple Numberwang bonus was discovered by archaeologist Thomas Jefferson in Somerset.",
+        "Numberwang is illegal in parts of Czechoslovakia.",
+        "Numberwang was discovered in India in the 12th century.",
+        "Numberwang has the chemical formula Zn4SO2(HgEs)3.",
+        "The first pack of cards ever created featured two \"Numberwang\" cards instead of jokers.",
+        "Julius Caesar was killed by an overdose of Numberwang.",
+        "The most Numberwang musical note is G#.",
+        "In 1934, the forty-third Google Doodle promoted the upcoming television show \"Numberwang on Ice\".",
+        "A recent psychology study found that toddlers were 17% faster at identifying numbers which were Numberwang.",
+        "There are 700 ways to commit a foul in the television show \"Numberwang\". All 700 of these fouls were committed by Julie in one single episode in 1473.",
+        "Astronomers suspect God is Numberwang.",
+        "Numberwang is the official beverage of Canada.",
+        "In the pilot episode of \"The Price is Right\", if a contestant got the value of an item exactly right they were told \"That's Numberwang!\" and immediately won ₹5.7032.",
+        "The first person to get three Numberwangs in a row was Madonna.",
+        "\"Numberwang\" has the code U+46402 in Unicode.",
+        "The musical note \"Numberwang\" is between D# and E♮.",
+        "Numberwang was first played on the moon in 1834.",
+    ],
+
 };
 
 export default Numberwang;

src/core/operations/OTP.js

@@ -1,6 +1,7 @@
 import otp from "otp";
 import Base64 from "./Base64.js";
 
+
 /**
  * One-Time Password operations.
  *

src/core/operations/UUID.js

@@ -1,3 +1,6 @@
+import crypto from "crypto";
+
+
 /**
  * UUID operations.
  *
@@ -17,25 +20,17 @@ const UUID = {
      * @returns {string}
      */
     runGenerateV4: function(input, args) {
-        if (window && typeof(window.crypto) !== "undefined" && typeof(window.crypto.getRandomValues) !== "undefined") {
-            let buf = new Uint32Array(4),
-                i = 0;
-            window.crypto.getRandomValues(buf);
-            return "xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx".replace(/[xy]/g, function(c) {
-                let r = (buf[i >> 3] >> ((i % 8) * 4)) & 0xf,
-                    v = c === "x" ? r : (r & 0x3 | 0x8);
-                i++;
-                return v.toString(16);
-            });
-        } else {
-            return "xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx".replace(/[xy]/g, function(c) {
-                let r = Math.random() * 16 | 0,
-                    v = c === "x" ? r : (r & 0x3 | 0x8);
-                return v.toString(16);
-            });
-        }
-    },
-
+        const buf = new Uint32Array(4).map(() => {
+            return crypto.randomBytes(4).readUInt32BE(0, true);
+        });
+        let i = 0;
+        return "xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx".replace(/[xy]/g, function(c) {
+            let r = (buf[i >> 3] >> ((i % 8) * 4)) & 0xf,
+                v = c === "x" ? r : (r & 0x3 | 0x8);
+            i++;
+            return v.toString(16);
+        });
+    }
 };
 
 export default UUID;

src/web/App.js

@@ -529,7 +529,7 @@ App.prototype.setCompileMessage = function() {
 
 /**
  * Determines whether the browser supports Local Storage and if it is accessible.
- * 
+ *
  * @returns {boolean}
  */
 App.prototype.isLocalStorageAvailable = function() {

src/web/html/index.html

@@ -428,7 +428,7 @@
                                             <li><a href="#recipe=From_Hexdump()Gunzip()&input=MDAwMDAwMDAgIDFmIDhiIDA4IDAwIDEyIGJjIGYzIDU3IDAwIGZmIDBkIGM3IGMxIDA5IDAwIDIwICB8Li4uLi6881cu/y7HwS4uIHwKMDAwMDAwMTAgIDA4IDA1IGQwIDU1IGZlIDA0IDJkIGQzIDA0IDFmIGNhIDhjIDQ0IDIxIDViIGZmICB8Li7QVf4uLdMuLsouRCFb/3wKMDAwMDAwMjAgIDYwIGM3IGQ3IDAzIDE2IGJlIDQwIDFmIDc4IDRhIDNmIDA5IDg5IDBiIDlhIDdkICB8YMfXLi6%2BQC54Sj8uLi4ufXwKMDAwMDAwMzAgIDRlIGM4IDRlIDZkIDA1IDFlIDAxIDhiIDRjIDI0IDAwIDAwIDAwICAgICAgICAgICB8TshObS4uLi5MJC4uLnw">Convert data from a hexdump, then decompress</a></li>
                                             <li><a href="#recipe=RC4(%7B'option':'UTF8','string':'secret'%7D,'Hex','Hex')Disassemble_x86('64','Full%20x86%20architecture',16,0,true,true)&input=MjFkZGQyNTQwMTYwZWU2NWZlMDc3NzEwM2YyYTM5ZmJlNWJjYjZhYTBhYWJkNDE0ZjkwYzZjYWY1MzEyNzU0YWY3NzRiNzZiM2JiY2QxOTNjYjNkZGZkYmM1YTI2NTMzYTY4NmI1OWI4ZmVkNGQzODBkNDc0NDIwMWFlYzIwNDA1MDcxMzhlMmZlMmIzOTUwNDQ2ZGIzMWQyYmM2MjliZTRkM2YyZWIwMDQzYzI5M2Q3YTVkMjk2MmMwMGZlNmRhMzAwNzJkOGM1YTZiNGZlN2Q4NTlhMDQwZWVhZjI5OTczMzYzMDJmNWEwZWMxOQ">Decrypt and disassemble shellcode</a></li>
                                             <li><a href="#recipe=Fork('%5C%5Cn','%5C%5Cn',false)From_UNIX_Timestamp('Seconds%20(s)')&input=OTc4MzQ2ODAwCjEwMTI2NTEyMDAKMTA0NjY5NjQwMAoxMDgxMDg3MjAwCjExMTUzMDUyMDAKMTE0OTYwOTYwMA">Display multiple timestamps as full dates</a></li>
-                                            <li><a href="#recipe=Fork('%5C%5Cn','%5C%5Cn',false)Conditional_Jump('1',2,10)To_Hex('Space')Return()To_Base64('A-Za-z0-9%2B/%3D')&input=U29tZSBkYXRhIHdpdGggYSAxIGluIGl0ClNvbWUgZGF0YSB3aXRoIGEgMiBpbiBpdA">Carry out different operations on data of different types</a></li>
+                                            <li><a href="#recipe=Fork('%5C%5Cn','%5C%5Cn',false)Conditional_Jump('1',false,'base64',10)To_Hex('Space')Return()Label('base64')To_Base64('A-Za-z0-9%2B/%3D')&input=U29tZSBkYXRhIHdpdGggYSAxIGluIGl0ClNvbWUgZGF0YSB3aXRoIGEgMiBpbiBpdA">Carry out different operations on data of different types</a></li>
                                             <li><a href="#recipe=Register('key%3D(%5B%5C%5Cda-f%5D*)',true,false)Find_/_Replace(%7B'option':'Regex','string':'.*data%3D(.*)'%7D,'$1',true,false,true)RC4(%7B'option':'Hex','string':'$R0'%7D,'Hex','Latin1')&input=aHR0cDovL21hbHdhcmV6LmJpei9iZWFjb24ucGhwP2tleT0wZTkzMmE1YyZkYXRhPThkYjdkNWViZTM4NjYzYTU0ZWNiYjMzNGUzZGIxMQ">Use parts of the input as arguments to operations</a></li>
                                         </ul>
                                     </div>

test/index.js

@@ -26,6 +26,8 @@ import "./tests/operations/Image.js";
 import "./tests/operations/MorseCode.js";
 import "./tests/operations/MS.js";
 import "./tests/operations/PHP.js";
+import "./tests/operations/NetBIOS.js";
+import "./tests/operations/OTP.js";
 import "./tests/operations/StrUtils.js";
 import "./tests/operations/SeqUtils.js";
 

test/tests/operations/Code.js

@@ -310,4 +310,26 @@ TestRegister.addTests([
             }
         ],
     },
+    {
+        name: "CSS selector",
+        input: '<div id="test">\n<p class="a">hello</p>\n<p>world</p>\n<p class="a">again</p>\n</div>',
+        expectedOutput: '<p class="a">hello</p>\n<p class="a">again</p>',
+        recipeConfig: [
+            {
+                "op": "CSS selector",
+                "args": ["#test p.a", "\\n"]
+            }
+        ]
+    },
+    {
+        name: "XPath expression",
+        input: '<div id="test">\n<p class="a">hello</p>\n<p>world</p>\n<p class="a">again</p>\n</div>',
+        expectedOutput: '<p class="a">hello</p>\n<p class="a">again</p>',
+        recipeConfig: [
+            {
+                "op": "XPath expression",
+                "args": ["/div/p[@class=\"a\"]", "\\n"]
+            }
+        ]
+    }
 ]);

test/tests/operations/FlowControl.js

@@ -60,14 +60,15 @@ TestRegister.addTests([
         expectedOutput: "U29tZSBkYXRhIHdpdGggYSAxIGluIGl0\n53 6f 6d 65 20 64 61 74 61 20 77 69 74 68 20 61 20 32 20 69 6e 20 69 74\n",
         recipeConfig: [
             {"op": "Fork", "args": ["\\n", "\\n", false]},
-            {"op": "Conditional Jump", "args": ["1", "2", "10"]},
+            {"op": "Conditional Jump", "args": ["1", false, "skipReturn", "10"]},
             {"op": "To Hex", "args": ["Space"]},
             {"op": "Return", "args": []},
+            {"op": "Label", "args": ["skipReturn"]},
             {"op": "To Base64", "args": ["A-Za-z0-9+/="]}
         ]
     },
     {
-        name: "Jump: skips 0",
+        name: "Jump: Empty Label",
         input: [
             "should be changed",
         ].join("\n"),
@@ -77,7 +78,7 @@ TestRegister.addTests([
         recipeConfig: [
             {
                 op: "Jump",
-                args: [0, 10],
+                args: ["", 10],
             },
             {
                 op: "Find / Replace",
@@ -105,7 +106,7 @@ TestRegister.addTests([
         recipeConfig: [
             {
                 op: "Jump",
-                args: [1, 10],
+                args: ["skipReplace", 10],
             },
             {
                 op: "Find / Replace",
@@ -120,6 +121,10 @@ TestRegister.addTests([
                     true,
                 ],
             },
+            {
+                op: "Label",
+                args: ["skipReplace"]
+            },
         ],
     },
     {
@@ -137,7 +142,7 @@ TestRegister.addTests([
         recipeConfig: [
             {
                 op: "Conditional Jump",
-                args: ["match", 0, 0],
+                args: ["match", false, "", 0],
             },
             {
                 op: "Find / Replace",
@@ -212,7 +217,7 @@ TestRegister.addTests([
         recipeConfig: [
             {
                 op: "Conditional Jump",
-                args: ["match", 1, 10],
+                args: ["match", false, "skip match", 10],
             },
             {
                 op: "Find / Replace",
@@ -227,6 +232,9 @@ TestRegister.addTests([
                     true,
                 ],
             },
+            {
+                op: "Label", args: ["skip match"],
+            },
             {
                 op: "Find / Replace",
                 args: [
@@ -251,9 +259,13 @@ TestRegister.addTests([
             "replaced",
         ].join("\n"),
         recipeConfig: [
+            {
+                op: "Label",
+                args: ["back to the beginning"],
+            },
             {
                 op: "Jump",
-                args: [1],
+                args: ["skip replace"],
             },
             {
                 op: "Find / Replace",
@@ -268,9 +280,13 @@ TestRegister.addTests([
                     true,
                 ],
             },
+            {
+                op: "Label",
+                args: ["skip replace"],
+            },
             {
                 op: "Conditional Jump",
-                args: ["match", -2, 10],
+                args: ["match", false, "back to the beginning", 10],
             },
         ],
     },

test/tests/operations/NetBIOS.js

@@ -0,0 +1,34 @@
+/**
+ * NetBIOS tests.
+ *
+ * @author bwhitn [brian.m.whitney@outlook.com]
+ *
+ * @copyright Crown Copyright 2017
+ * @license Apache-2.0
+ */
+import TestRegister from "../../TestRegister.js";
+
+TestRegister.addTests([
+    {
+        name: "Encode NetBIOS name",
+        input: "The NetBIOS name",
+        expectedOutput: "FEGIGFCAEOGFHEECEJEPFDCAGOGBGNGF",
+        recipeConfig: [
+            {
+                op: "Encode NetBIOS Name",
+                args: [65],
+            },
+        ],
+    },
+    {
+        name: "Decode NetBIOS Name",
+        input: "FEGIGFCAEOGFHEECEJEPFDCAGOGBGNGF",
+        expectedOutput: "The NetBIOS name",
+        recipeConfig: [
+            {
+                op: "Decode NetBIOS Name",
+                args: [65],
+            },
+        ],
+    },
+]);

test/tests/operations/OTP.js

@@ -0,0 +1,23 @@
+/**
+ * OTP HOTP tests.
+ *
+ * @author bwhitn [brian.m.whitney@outlook.com]
+ *
+ * @copyright Crown Copyright 2017
+ * @license Apache-2.0
+ */
+import TestRegister from "../../TestRegister.js";
+
+TestRegister.addTests([
+    {
+        name: "Generate HOTP",
+        input: "12345678901234567890",
+        expectedOutput: "URI: otpauth://hotp/OTPAuthentication?secret=GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQ\n\nPassword: 755224",
+        recipeConfig: [
+            {
+                op: "Generate HOTP",
+                args: ["", 32, 6, 0],
+            },
+        ],
+    },
+]);