Python Base64 encoding with a non-standard alphabet - Overclock.net - An Overclocking Community

Forum Jump: 

Python Base64 encoding with a non-standard alphabet

 
Thread Tools
post #1 of 3 (permalink) Old 03-19-2014, 08:12 PM - Thread Starter
New to Overclock.net
 
Terrere's Avatar
 
Join Date: Feb 2013
Location: Mississippi, USA
Posts: 1,116
Rep: 59 (Unique: 39)
One of my classes requires that I write a command and control server for a piece of malware that accepts commands that are Base64 encoded with a non-standard alphabet. It's not anything special really.

ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
This is the standard Base64 alphabet.

0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ+/
This is the non-standard alphabet.

I know that Python has a built-in library that handles Base64 conversion, but I can't seem to make it use the non-standard library. Any ideas?

UPDATE: Would replacing the characters after the Base64 coversion is run work? In theory, each character represents a specific numerical value 0-63. If I were to replace the character with the corresponding character, would that work?

Yeahh... that idea won't work...

If you can keep your head about you, when all about you are losing theirs... It's quite possible that you haven't fully grasped the situation.
Terrere is offline  
Sponsored Links
Advertisement
 
post #2 of 3 (permalink) Old 03-19-2014, 11:41 PM
New to Overclock.net
 
jvolkman's Avatar
 
Join Date: Nov 2009
Location: Seattle
Posts: 115
Rep: 32 (Unique: 22)
Quote:
Originally Posted by Terrere View Post

One of my classes requires that I write a command and control server for a piece of malware that accepts commands that are Base64 encoded with a non-standard alphabet. It's not anything special really.

ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
This is the standard Base64 alphabet.

0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ+/
This is the non-standard alphabet.

I know that Python has a built-in library that handles Base64 conversion, but I can't seem to make it use the non-standard library. Any ideas?

UPDATE: Would replacing the characters after the Base64 coversion is run work? In theory, each character represents a specific numerical value 0-63. If I were to replace the character with the corresponding character, would that work?

Yeahh... that idea won't work...

Your idea of replacing the characters should work. Use string.maketrans to create a translation table, and then use str.translate to use it.
Code:
import string
import base64

STANDARD_ALPHABET = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'
CUSTOM_ALPHABET = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ+/'
ENCODE_TRANS = string.maketrans(STANDARD_ALPHABET, CUSTOM_ALPHABET)
DECODE_TRANS = string.maketrans(CUSTOM_ALPHABET, STANDARD_ALPHABET)

def encode(input):
  return base64.b64encode(input).translate(ENCODE_TRANS)

def decode(input):
  return base64.b64decode(input.translate(DECODE_TRANS))

.
jvolkman is offline  
post #3 of 3 (permalink) Old 03-20-2014, 11:41 AM - Thread Starter
New to Overclock.net
 
Terrere's Avatar
 
Join Date: Feb 2013
Location: Mississippi, USA
Posts: 1,116
Rep: 59 (Unique: 39)
Quote:
Originally Posted by jvolkman View Post

Your idea of replacing the characters should work. Use string.maketrans to create a translation table, and then use str.translate to use it.
Code:
import string
import base64

STANDARD_ALPHABET = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'
CUSTOM_ALPHABET = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ+/'
ENCODE_TRANS = string.maketrans(STANDARD_ALPHABET, CUSTOM_ALPHABET)
DECODE_TRANS = string.maketrans(CUSTOM_ALPHABET, STANDARD_ALPHABET)

def encode(input):
  return base64.b64encode(input).translate(ENCODE_TRANS)

def decode(input):
  return base64.b64decode(input.translate(DECODE_TRANS))

Wow, thanks for the reply. I figured out last night that I could create a for loop to do the translations. When I was doing the conversions, I was using documentation from a report on the malware to compare my conversions. The tail end of the command was correct, but the conversion of the 6 "#" symbols didn't convert well. Your version is actually cleaner and more efficient than my loop.
Code:
import base64
import string

custom = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ+/"
Base64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
s = ""
encode = "######pslist"
result = base64.b64encode(encode);
for ch in result:
    if (ch in custom):
        s = s+custom[string.find(Base64,str(ch))]
    elif (ch == '='):
            s += "="

The loop also handles all of the padding. I came up with the base loop, but on checking for algorithms I had forgotten the presence of "=" paddings in Base64 and had to steal the idea from someone else.

Thanks again for affirming my thought of substitution.

If you can keep your head about you, when all about you are losing theirs... It's quite possible that you haven't fully grasped the situation.
Terrere is offline  
Reply

Quick Reply
Message:
Options

Register Now

In order to be able to post messages on the Overclock.net - An Overclocking Community forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.
User Name:
If you do not want to register, fill this field only and the name will be used as user name for your post.
Password
Please enter a password for your user account. Note that passwords are case-sensitive.
Password:
Confirm Password:
Email Address
Please enter a valid email address for yourself.
Email Address:

Log-in



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page


Forum Jump: 

Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off