8.12.0

CHANGELOG.md

@@ -1,6 +1,9 @@
 # Changelog
 All notable changes to CyberChef will be documented in this file.
 
+### [8.12.0] - 2018-11-21
+- 'Citrix CTX1 Encode' and 'Citrix CTX1 Decode' operations added [@bwhitn] | [#428]
+
 ### [8.11.0] - 2018-11-13
 - 'CSV to JSON' and 'JSON to CSV' operations added [@n1474335] | [#277]
 
@@ -87,6 +90,7 @@ All notable changes to CyberChef will be documented in this file.
 [@PenguinGeorge]: https://github.com/PenguinGeorge
 [@arnydo]: https://github.com/arnydo
 [@klaxon1]: https://github.com/klaxon1
+[@bwhitn]: https://github.com/bwhitn
 
 [#95]: https://github.com/gchq/CyberChef/pull/299
 [#173]: https://github.com/gchq/CyberChef/pull/173
@@ -109,3 +113,4 @@ All notable changes to CyberChef will be documented in this file.
 [#351]: https://github.com/gchq/CyberChef/pull/351
 [#387]: https://github.com/gchq/CyberChef/pull/387
 [#394]: https://github.com/gchq/CyberChef/pull/394
+[#428]: https://github.com/gchq/CyberChef/pull/428

package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "cyberchef",
-  "version": "8.11.1",
+  "version": "8.12.0",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {

package.json

@@ -1,6 +1,6 @@
 {
   "name": "cyberchef",
-  "version": "8.11.1",
+  "version": "8.12.0",
   "description": "The Cyber Swiss Army Knife for encryption, encoding, compression and data analysis.",
   "author": "n1474335 <n1474335@gmail.com>",
   "homepage": "https://gchq.github.io/CyberChef",

src/core/config/Categories.json

@@ -95,6 +95,8 @@
             "JWT Sign",
             "JWT Verify",
             "JWT Decode",
+            "Citrix CTX1 Encode",
+            "Citrix CTX1 Decode",
             "Pseudo-Random Number Generator"
         ]
     },

src/core/lib/Base64.mjs

@@ -126,14 +126,14 @@ export function fromBase64(data, alphabet="A-Za-z0-9+/=", returnType="string", r
  * Base64 alphabets.
  */
 export const ALPHABET_OPTIONS = [
-    {name: "Standard: A-Za-z0-9+/=", value: "A-Za-z0-9+/="},
-    {name: "URL safe: A-Za-z0-9-_", value: "A-Za-z0-9-_"},
+    {name: "Standard (RFC 4648): A-Za-z0-9+/=", value: "A-Za-z0-9+/="},
+    {name: "URL safe (RFC 4648 \u00A75): A-Za-z0-9-_", value: "A-Za-z0-9-_"},
     {name: "Filename safe: A-Za-z0-9+-=", value: "A-Za-z0-9+\\-="},
     {name: "itoa64: ./0-9A-Za-z=", value: "./0-9A-Za-z="},
     {name: "XML: A-Za-z0-9_.", value: "A-Za-z0-9_."},
     {name: "y64: A-Za-z0-9._-", value: "A-Za-z0-9._-"},
     {name: "z64: 0-9a-zA-Z+/=", value: "0-9a-zA-Z+/="},
-    {name: "Radix-64: 0-9A-Za-z+/=", value: "0-9A-Za-z+/="},
+    {name: "Radix-64 (RFC 4880): 0-9A-Za-z+/=", value: "0-9A-Za-z+/="},
     {name: "Uuencoding: [space]-_", value: " -_"},
     {name: "Xxencoding: +-0-9A-Za-z", value: "+\\-0-9A-Za-z"},
     {name: "BinHex: !-,-0-689@A-NP-VX-Z[`a-fh-mp-r", value: "!-,-0-689@A-NP-VX-Z[`a-fh-mp-r"},

src/core/operations/CitrixCTX1Decode.mjs

@@ -0,0 +1,58 @@
+/**
+ * @author bwhitn [brian.m.whitney@gmail.com]
+ * @copyright Crown Copyright 2018
+ * @license Apache-2.0
+ */
+
+import Operation from "../Operation";
+import OperationError from "../errors/OperationError";
+import cptable from "../vendor/js-codepage/cptable.js";
+
+/**
+ * Citrix CTX1 Decode operation
+ */
+class CitrixCTX1Decode extends Operation {
+
+    /**
+     * CitrixCTX1Decode constructor
+     */
+    constructor() {
+        super();
+
+        this.name = "Citrix CTX1 Decode";
+        this.module = "Encodings";
+        this.description = "Decodes strings in a Citrix CTX1 password format to plaintext.";
+        this.infoURL = "https://www.reddit.com/r/AskNetsec/comments/1s3r6y/citrix_ctx1_hash_decoding/";
+        this.inputType = "byteArray";
+        this.outputType = "string";
+        this.args = [];
+    }
+
+    /**
+     * @param {byteArray} input
+     * @param {Object[]} args
+     * @returns {string}
+     */
+    run(input, args) {
+        if (input.length % 4 !== 0) {
+            throw new OperationError("Incorrect hash length");
+        }
+        const revinput = input.reverse();
+        const result = [];
+        let temp = 0;
+        for (let i = 0; i < revinput.length; i += 2) {
+            if (i + 2 >= revinput.length) {
+                temp = 0;
+            } else {
+                temp = ((revinput[i + 2] - 0x41) & 0xf) ^ (((revinput[i + 3]- 0x41) << 4) & 0xf0);
+            }
+            temp = (((revinput[i] - 0x41) & 0xf) ^ (((revinput[i + 1] - 0x41) << 4) & 0xf0)) ^ 0xa5 ^ temp;
+            result.push(temp);
+        }
+        // Decodes a utf-16le string
+        return cptable.utils.decode(1200, result.reverse());
+    }
+
+}
+
+export default CitrixCTX1Decode;

src/core/operations/CitrixCTX1Encode.mjs

@@ -0,0 +1,50 @@
+/**
+ * @author bwhitn [brian.m.whitney@gmail.com]
+ * @copyright Crown Copyright 2018
+ * @license Apache-2.0
+ */
+
+import Operation from "../Operation";
+import cptable from "../vendor/js-codepage/cptable.js";
+
+/**
+ * Citrix CTX1 Encode operation
+ */
+class CitrixCTX1Encode extends Operation {
+
+    /**
+     * CitrixCTX1Encode constructor
+     */
+    constructor() {
+        super();
+
+        this.name = "Citrix CTX1 Encode";
+        this.module = "Encodings";
+        this.description = "Encodes strings to Citrix CTX1 password format.";
+        this.infoURL = "https://www.reddit.com/r/AskNetsec/comments/1s3r6y/citrix_ctx1_hash_decoding/";
+        this.inputType = "string";
+        this.outputType = "byteArray";
+        this.args = [];
+    }
+
+    /**
+     * @param {string} input
+     * @param {Object[]} args
+     * @returns {byteArray}
+     */
+    run(input, args) {
+        const utf16pass = Array.from(cptable.utils.encode(1200, input));
+        const result = [];
+        let temp = 0;
+        for (let i = 0; i < utf16pass.length; i++) {
+            temp = utf16pass[i] ^ 0xa5 ^ temp;
+            result.push(((temp >>> 4) & 0xf) + 0x41);
+            result.push((temp & 0xf) + 0x41);
+        }
+
+        return result;
+    }
+
+}
+
+export default CitrixCTX1Encode;

src/core/operations/Substitute.mjs

@@ -20,7 +20,7 @@ class Substitute extends Operation {
 
         this.name = "Substitute";
         this.module = "Default";
-        this.description = "A substitution cipher allowing you to specify bytes to replace with other byte values. This can be used to create Caesar ciphers but is more powerful as any byte value can be substituted, not just letters, and the substitution values need not be in order.<br><br>Enter the bytes you want to replace in the Plaintext field and the bytes to replace them with in the Ciphertext field.<br><br>Non-printable bytes can be specified using string escape notation. For example, a line feed character can be written as either <code>\n</code> or <code>\x0a</code>.<br><br>Byte ranges can be specified using a hyphen. For example, the sequence <code>0123456789</code> can be written as <code>0-9</code>.";
+        this.description = "A substitution cipher allowing you to specify bytes to replace with other byte values. This can be used to create Caesar ciphers but is more powerful as any byte value can be substituted, not just letters, and the substitution values need not be in order.<br><br>Enter the bytes you want to replace in the Plaintext field and the bytes to replace them with in the Ciphertext field.<br><br>Non-printable bytes can be specified using string escape notation. For example, a line feed character can be written as either <code>\\n</code> or <code>\\x0a</code>.<br><br>Byte ranges can be specified using a hyphen. For example, the sequence <code>0123456789</code> can be written as <code>0-9</code>.<br><br>Note that blackslash characters are used to escape special characters, so will need to be escaped themselves if you want to use them on their own (e.g.<code>\\\\</code>).";
         this.infoURL = "https://wikipedia.org/wiki/Substitution_cipher";
         this.inputType = "string";
         this.outputType = "string";

test/tests/operations/Ciphers.mjs

@@ -220,6 +220,39 @@ TestRegister.addTests([
             }
         ],
     },
+    {
+        name: "Citrix CTX1 Encode",
+        input: "Password1",
+        expectedOutput: "PFFAJEDBOHECJEDBODEGIMCJPOFLJKDPKLAO",
+        recipeConfig: [
+            {
+                "op": "Citrix CTX1 Encode",
+                "args": []
+            }
+        ],
+    },
+    {
+        name: "Citrix CTX1 Decode: normal",
+        input: "PFFAJEDBOHECJEDBODEGIMCJPOFLJKDPKLAO",
+        expectedOutput: "Password1",
+        recipeConfig: [
+            {
+                "op": "Citrix CTX1 Decode",
+                "args": []
+            }
+        ],
+    },
+    {
+        name: "Citrix CTX1 Decode: invalid length",
+        input: "PFFAJEDBOHECJEDBODEGIMCJPOFLJKDPKLA",
+        expectedOutput: "Incorrect hash length",
+        recipeConfig: [
+            {
+                "op": "Citrix CTX1 Decode",
+                "args": []
+            }
+        ],
+    },
     {
         name: "Vigenère Encode: no input",
         input: "",