s0md3v / decodify Goto Github PK

Detect and decode encoded strings, recursively.

Python 97.90% Makefile 2.10%

decoding encoding base64 rot-13 caesar-cipher cipher

decodify's Introduction

Decodify

It can detect and decode encoded strings, recursively.
Lets take this string : s0md3v and encode it in Base 64

czBtZDN2

Now lets encode it in hex

637a42745a444e32

And now again in Base 64

NjM3YTQyNzQ1YTQ0NGUzMg==

Now lets supply it to Decodify

Boom! Thats what Decodify does. It automatically detects the encoding and decodes it and it does that recursively.

Supported Encodings and Encryptions

Caesar ciphers
Hex
Decimal
Binary
Base64
URL
FromChar
MD5
SHA1
SHA2

Warning: Decodify uses third party web services for MD5, SHA1 & SHA2 hash lookups. If you are dealing with sensitive data, you are advised to use the -s option which will prevent Decodify to use these services.

Usage

Download Decodify with the following command:

git clone https://github.com/UltimateHackers/Decodify

Now switch to Decodify directory and run the installer with this command:

make install

Now you can run decodify by entering dcode <string to decode> in your terminal.

To remove Decodify run the uninstaller with this command

make uninstall

Decoding Caesar Cipher

You can supply the offest by --rot option or you can tell Decodify to decode for 1-26 offest by using --rot all.
Using -rot all option on the string bpgkta xh qtiitg iwpc sr gives the following output:

Reversing a String

You can reverse a string by using the -rev option.

Contribution

If you encounter a valid encoded string which wasn't correctly processed by Decodfiy, please open an issue including the string.
You can also contribute by adding support for more encodings or by fixing my poorly writting code.

decodify's People

Contributors

Stargazers

Watchers

Forkers

exploitcollection shekkbuilder h3di johnjohnsp1 z00nx bigfacecat2017 wawava lw1988 h1d3r krashman clicknull ykankaya ch4p34un0ir purplebyteone vinaya-kumar-p mmilleror fouroctets ieguiguren vimokumar darcy0511 sukelluskello vysecurity sair770 kreptotrash nestor abdennabislimi pixelmimic samjaninf hmilkovi 5up3rc tazjel riviera12345 heikipikker bravery9 junnplus cmscardoso jthomp888999 seamustuohy mnomkar2008 b1tp0ck3t enforcer-pro tatsuryu sudhakrdwivedi gr3yr0n1n hadryan ssh-shashi 5cr1p70633k f4l13n5n0w thanosgn bldesign permikomnaskaltara lamer1337crew 1r0dm480 pabit suhailms raymondseger ironmen007 fo0nikens johndoex1 anomous threatinteltest unforeseenocean modulexcite ovillabona qing-q douglasanpa fakegit seabreg niedfelj w1ck3dth1ngs brewhacker 0x7fffffffffffffff nevinhappy digitaloffensive rkreddypandu sagaroffsec jackyyvan rich-roth per-fide hkylin marciopocebon shahedkhanulab ihab000 masterscott jermainlaforce 5l1v3r1 6un9-h0-dan goofwear 773-process-312 frk001 abuba42 simhaonline cyberfallen lrlrlrlr xuan2261 rahulmehta123 linnaiwei aminu-muhammed mysterioussonofgod fadinglr

decodify's Issues

Producing gibberish

This was occuring because the regex search identifies "637a42745a444e32" as both hex and base64 encoded string. This can be avoided if lines like these
decode(base, 'url')
decode(string, 'none')

are replaced with
decode(string, 'none')
decode(base, 'url')

[Feature Request] Run against a file

Would be nice to run dcode against a file that has several hex or base64 encoded strings and have it decode them all. Thank you.

[Feature request] webstorm / jetty password deobf

Might be worth considering adding the below:

https://github.com/arthepsy/deobf/blob/master/webstorm.obf.py
https://github.com/arthepsy/deobf/blob/master/jetty.obf.py

Hashes are improperly extracted from input string

For example, a hex string of length 70 will be detected as a SHA2 hash because the regex only checks if a hex string of length 64 is within the string:

sha2 = search(r'([a-f0-9]{64})', string)

This results in all long hex strings being treated as hashes.

Solution should be simply changing the hash regexes to only capture fixed-length strings:

sha2 = search(r'^([a-f0-9]{64})$', string)

It doesnt preserve the case of the letters

It converts all letters to lowercase.
I'll try to work on this issue myself.

Undefined name 'find'

https://github.com/UltimateHackers/Decodify/blob/377bbaa2a4b8f68961b8f9b3b041b49f131d1d8f/dcode#L68

Failure to distinguish between hex and hash strings

For example, the input string 6e6f7461686173686e6f7461686173686e6f7461 is interpreted as a SHA1 hash because of its length, but it is in fact a hex string that decodes to notahashnotahashnota.

A solution may be to attempt to find the hash plaintext first, then try interpreting as a hex string if that fails.

Notify users that calls are being made to external services

The assumption with a local tool is that it will perform the decoding locally. If a user is decoding sensitive information, they may not want it being sent to remote services which can log this data, and especially not over plaintext HTTP.

Ideally, the brute-forcing would be performed locally using a word-list, but if it must be performed remotely,

use HTTPS for all network communications
inform users prevalently in the documentation that their data will be sent to a remote service
provide a warning on the command line before sending and require confirmation (can be bypassed with a command-line arg indicating awareness for scripting)

These URLs are accessed by the tool for the following hash schemes:

SHA-256 -- "http://md5decrypt.net/Api/api.php?hash="+hashvalue+"&hash_type=sha256&[email protected]&code=1152464b80a61728"
SHA-1 -- "http://hashcrack.com/index.php"
MD5 -- "http://www.nitrxgen.net/md5db/" + string

Python 3 support

MD5 strings time out and fail to detect and or decode

Starting recently md5 strings seem to time out trying to use the third party service. No notice if the service is down or if something has changed. I tried installing the newest version of decodify and same issues.

File "./dcode", line 295, in decode
MD5(string, base)
File "./dcode", line 167, in MD5
string = urlopen(url).read()
File "/usr/lib/python2.7/urllib.py", line 87, in urlopen
return opener.open(url)
File "/usr/lib/python2.7/urllib.py", line 213, in open
return getattr(self, name)(url)
File "/usr/lib/python2.7/urllib.py", line 350, in open_http
h.endheaders(data)
File "/usr/lib/python2.7/httplib.py", line 1038, in endheaders
self._send_output(message_body)
File "/usr/lib/python2.7/httplib.py", line 882, in _send_output
self.send(msg)
File "/usr/lib/python2.7/httplib.py", line 844, in send
self.connect()
File "/usr/lib/python2.7/httplib.py", line 821, in connect
self.timeout, self.source_address)
File "/usr/lib/python2.7/socket.py", line 575, in create_connection
raise err
IOError: [Errno socket error] [Errno 110] Connection timed out

pip/homebrew package release

Should indicate failure with exit code / message

When you pass in a string that dcode can't decode, it just outputs the ascii-art logo and exits with a 0 code.

$ dcode "w*282"

    __                         __
  |/  |                   | / /
  |   | ___  ___  ___  ___|  (
  |   )|___)|    |   )|   )| |___ \   )
  |__/ |__  |__  |__/ |__/ | |     \_/
                                    /

$ echo $?
0

At a minimum, this should probably exit with 1 or another code to indicate failure. Even better would be some kind of message to stderr.

add support for Base32 decoding

it's quite common, and can be identified with 1 trailing =, instead of 2 =s used in its Base64 counterpart.
in Python, base64.b32decode can be used to perform the decoding.

Doesn't Work

I ran the most simple of tests and it failed to crack it.

$ echo "marvel is better than dc" | md5sum
4003a149f18c3210b413169b99187096  -

$ dcode 4003a149f18c3210b413169b99187096

    __                         __
  |/  |                   | / /
  |   | ___  ___  ___  ___|  (
  |   )|___)|    |   )|   )| |___ \   )
  |__/ |__  |__  |__/ |__/ | |     \_/
                                    /
[-] Its a MD5 Hash but I failed to crack it.

Did I miss something?

Crashes on certain numerical inputs

Expected result: dcode either succeeds or fails on every input

Actual result:

$ dcode 11230

    __                         __
  |/  |                   | / /
  |   | ___  ___  ___  ___|  (
  |   )|___)|    |   )|   )| |___ \   )
  |__/ |__  |__  |__/ |__/ | |     \_/
                                    /
Traceback (most recent call last):
  File "/usr/local/bin/dcode", line 303, in <module>
    main()
  File "/usr/local/bin/dcode", line 301, in main
    decode(string, 'none')
  File "/usr/local/bin/dcode", line 277, in decode
    hexenc(string, base)
  File "/usr/local/bin/dcode", line 209, in hexenc
    string = bytearray.fromhex(string)
ValueError: non-hexadecimal number found in fromhex() arg at position 4

Decodify fails to detect Base64 encoded string when lacking padding symbol if it could also be hex-encoded

The hex sequence 0x00 * 16 is Base64 encoded as AAAAAAAAAAAAAAAAAAAAAA== ('A' * 22). Some applications call for unpadded Base64 encoding (scrypt hashes, etc.). Decodify has trouble decoding strings which are Base64 encoded but lack the padding symbol, as it tries to interpret it as hex first. I thought this was because the string had an odd number of digits, but it appears to happen with even-numbered (i.e. valid hex string) as well.

hw12203:/Users/alopresto/Workspace/Decodify (master) alopresto
🔓 161127s @ 12:21:01 $ dcode AAAAAAAAAAAAA # 'A' * 13 (arbitrary Base64 no padding)

    __                         __
  |/  |                   | / /
  |   | ___  ___  ___  ___|  (
  |   )|___)|    |   )|   )| |___ \   )
  |__/ |__  |__  |__/ |__/ | |     \_/
                                    /
Traceback (most recent call last):
  File "/usr/local/bin/dcode", line 180, in <module>
    decode(args.string)
  File "/usr/local/bin/dcode", line 160, in decode
    hexenc(string)
  File "/usr/local/bin/dcode", line 113, in hexenc
    string = bytearray.fromhex(string).decode()
ValueError: non-hexadecimal number found in fromhex() arg at position 12
hw12203:/Users/alopresto/Workspace/Decodify (master) alopresto
🔓 161151s @ 12:21:25 $ dcode AAAAAAAAAAAAAAAAAAAAAA # 'A' * 22 (Base64 no padding)

<banner redacted following>

Traceback (most recent call last):
  File "/usr/local/bin/dcode", line 180, in <module>
    decode(args.string)
  File "/usr/local/bin/dcode", line 160, in decode
    hexenc(string)
  File "/usr/local/bin/dcode", line 113, in hexenc
    string = bytearray.fromhex(string).decode()
UnicodeDecodeError: 'ascii' codec can't decode byte 0xaa in position 0: ordinal not in range(128)
hw12203:/Users/alopresto/Workspace/Decodify (master) alopresto
🔓 161184s @ 12:21:58 $ dcode AAAAAAAAAAAAAAAAAAAAAA== # 'A' * 22 + '=' * 2 (Base64 padding)

[+] Decoded from Base64 :
hw12203:/Users/alopresto/Workspace/Decodify (master) alopresto
🔓 161196s @ 12:22:10 $ dcode AAAAAAAAAAAA # 'A' * 12 (valid hex string)

Traceback (most recent call last):
  File "/usr/local/bin/dcode", line 180, in <module>
    decode(args.string)
  File "/usr/local/bin/dcode", line 160, in decode
    hexenc(string)
  File "/usr/local/bin/dcode", line 113, in hexenc
    string = bytearray.fromhex(string).decode()
UnicodeDecodeError: 'ascii' codec can't decode byte 0xaa in position 0: ordinal not in range(128)
hw12203:/Users/alopresto/Workspace/Decodify (master) alopresto
🔓 161372s @ 12:25:06 $ dcode AAAAAAAAAA # 'A' * 10 (valid hex string)

Traceback (most recent call last):
  File "/usr/local/bin/dcode", line 180, in <module>
    decode(args.string)
  File "/usr/local/bin/dcode", line 160, in decode
    hexenc(string)
  File "/usr/local/bin/dcode", line 113, in hexenc
    string = bytearray.fromhex(string).decode()
UnicodeDecodeError: 'ascii' codec can't decode byte 0xaa in position 0: ordinal not in range(128)
hw12203:/Users/alopresto/Workspace/Decodify (master) alopresto
🔓 161400s @ 12:25:34 $ dcode 30313233343536

[+] Decoded from Hex : 0123456
Traceback (most recent call last):
  File "/usr/local/bin/dcode", line 180, in <module>
    decode(args.string)
  File "/usr/local/bin/dcode", line 160, in decode
    hexenc(string)
  File "/usr/local/bin/dcode", line 115, in hexenc
    decode(string)
  File "/usr/local/bin/dcode", line 160, in decode
    hexenc(string)
  File "/usr/local/bin/dcode", line 113, in hexenc
    string = bytearray.fromhex(string).decode()
ValueError: non-hexadecimal number found in fromhex() arg at position 6
hw12203:/Users/alopresto/Workspace/Decodify (master) alopresto
🔓 161621s @ 12:29:15 $

Cracked SHA2 Hash: CODE ERREUR : 002

Cracked SHA2 Hash: CODE ERREUR : 002 error