Overclock.net › Forums › Software, Programming and Coding › Coding and Programming › Application Programming › Python Base64 encoding with a non-standard alphabet
New Posts  All Forums:Forum Nav:

Python Base64 encoding with a non-standard alphabet

post #1 of 3
Thread Starter 
One of my classes requires that I write a command and control server for a piece of malware that accepts commands that are Base64 encoded with a non-standard alphabet. It's not anything special really.

ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
This is the standard Base64 alphabet.

0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ+/
This is the non-standard alphabet.

I know that Python has a built-in library that handles Base64 conversion, but I can't seem to make it use the non-standard library. Any ideas?

UPDATE: Would replacing the characters after the Base64 coversion is run work? In theory, each character represents a specific numerical value 0-63. If I were to replace the character with the corresponding character, would that work?

Yeahh... that idea won't work...
Edited by Terrere - 3/19/14 at 7:34pm
Dark Space
(18 items)
 
  
Reply
Dark Space
(18 items)
 
  
Reply
post #2 of 3
Quote:
Originally Posted by Terrere View Post

One of my classes requires that I write a command and control server for a piece of malware that accepts commands that are Base64 encoded with a non-standard alphabet. It's not anything special really.

ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
This is the standard Base64 alphabet.

0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ+/
This is the non-standard alphabet.

I know that Python has a built-in library that handles Base64 conversion, but I can't seem to make it use the non-standard library. Any ideas?

UPDATE: Would replacing the characters after the Base64 coversion is run work? In theory, each character represents a specific numerical value 0-63. If I were to replace the character with the corresponding character, would that work?

Yeahh... that idea won't work...

Your idea of replacing the characters should work. Use string.maketrans to create a translation table, and then use str.translate to use it.
Code:
import string
import base64

STANDARD_ALPHABET = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'
CUSTOM_ALPHABET = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ+/'
ENCODE_TRANS = string.maketrans(STANDARD_ALPHABET, CUSTOM_ALPHABET)
DECODE_TRANS = string.maketrans(CUSTOM_ALPHABET, STANDARD_ALPHABET)

def encode(input):
  return base64.b64encode(input).translate(ENCODE_TRANS)

def decode(input):
  return base64.b64decode(input.translate(DECODE_TRANS))
Cube
(9 items)
 
  
CPUMotherboardRAMHard Drive
i7-4930k EVGA X79 Dark Corsair Vengeance Pro Samsung 840 Pro 
CoolingMonitorPowerCase
Corsair H100i Viewsonic VP2770 EVGA SuperNova 1000P2 Corsair Air 540 
Mouse
Corsair M65 
  hide details  
Reply
Cube
(9 items)
 
  
CPUMotherboardRAMHard Drive
i7-4930k EVGA X79 Dark Corsair Vengeance Pro Samsung 840 Pro 
CoolingMonitorPowerCase
Corsair H100i Viewsonic VP2770 EVGA SuperNova 1000P2 Corsair Air 540 
Mouse
Corsair M65 
  hide details  
Reply
post #3 of 3
Thread Starter 
Quote:
Originally Posted by jvolkman View Post

Your idea of replacing the characters should work. Use string.maketrans to create a translation table, and then use str.translate to use it.
Code:
import string
import base64

STANDARD_ALPHABET = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'
CUSTOM_ALPHABET = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ+/'
ENCODE_TRANS = string.maketrans(STANDARD_ALPHABET, CUSTOM_ALPHABET)
DECODE_TRANS = string.maketrans(CUSTOM_ALPHABET, STANDARD_ALPHABET)

def encode(input):
  return base64.b64encode(input).translate(ENCODE_TRANS)

def decode(input):
  return base64.b64decode(input.translate(DECODE_TRANS))

Wow, thanks for the reply. I figured out last night that I could create a for loop to do the translations. When I was doing the conversions, I was using documentation from a report on the malware to compare my conversions. The tail end of the command was correct, but the conversion of the 6 "#" symbols didn't convert well. Your version is actually cleaner and more efficient than my loop.
Code:
import base64
import string

custom = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ+/"
Base64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
s = ""
encode = "######pslist"
result = base64.b64encode(encode);
for ch in result:
    if (ch in custom):
        s = s+custom[string.find(Base64,str(ch))]
    elif (ch == '='):
            s += "="

The loop also handles all of the padding. I came up with the base loop, but on checking for algorithms I had forgotten the presence of "=" paddings in Base64 and had to steal the idea from someone else.

Thanks again for affirming my thought of substitution.
Dark Space
(18 items)
 
  
Reply
Dark Space
(18 items)
 
  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Application Programming
Overclock.net › Forums › Software, Programming and Coding › Coding and Programming › Application Programming › Python Base64 encoding with a non-standard alphabet