Merge branch 'bwhitn-citrix'

gchq · Nov 21, 2018 · 6ec52c6 · 6ec52c6
2 parents 20ea050 + 79d7a5d
commit 6ec52c6
Show file tree

Hide file tree

Showing 5 changed files with 148 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,9 @@
 # Changelog
 All notable changes to CyberChef will be documented in this file.
 
+### [8.12.0] - 2018-11-21
+- 'Citrix CTX1 Encode' and 'Citrix CTX1 Decode' operations added [@bwhitn] | [#428]
+
 ### [8.11.0] - 2018-11-13
 - 'CSV to JSON' and 'JSON to CSV' operations added [@n1474335] | [#277]
 
@@ -87,6 +90,7 @@ All notable changes to CyberChef will be documented in this file.
 [@PenguinGeorge]: https://github.com/PenguinGeorge
 [@arnydo]: https://github.com/arnydo
 [@klaxon1]: https://github.com/klaxon1
+[@bwhitn]: https://github.com/bwhitn
 
 [#95]: https://github.com/gchq/CyberChef/pull/299
 [#173]: https://github.com/gchq/CyberChef/pull/173
@@ -109,3 +113,4 @@ All notable changes to CyberChef will be documented in this file.
 [#351]: https://github.com/gchq/CyberChef/pull/351
 [#387]: https://github.com/gchq/CyberChef/pull/387
 [#394]: https://github.com/gchq/CyberChef/pull/394
+[#428]: https://github.com/gchq/CyberChef/pull/428
diff --git a/src/core/config/Categories.json b/src/core/config/Categories.json
@@ -95,6 +95,8 @@
             "JWT Sign",
             "JWT Verify",
             "JWT Decode",
+            "Citrix CTX1 Encode",
+            "Citrix CTX1 Decode",
             "Pseudo-Random Number Generator"
         ]
     },

diff --git a/src/core/operations/CitrixCTX1Decode.mjs b/src/core/operations/CitrixCTX1Decode.mjs
@@ -0,0 +1,58 @@
+/**
+ * @author bwhitn [brian.m.whitney@gmail.com]
+ * @copyright Crown Copyright 2018
+ * @license Apache-2.0
+ */
+
+import Operation from "../Operation";
+import OperationError from "../errors/OperationError";
+import cptable from "../vendor/js-codepage/cptable.js";
+
+/**
+ * Citrix CTX1 Decode operation
+ */
+class CitrixCTX1Decode extends Operation {
+
+    /**
+     * CitrixCTX1Decode constructor
+     */
+    constructor() {
+        super();
+
+        this.name = "Citrix CTX1 Decode";
+        this.module = "Encodings";
+        this.description = "Decodes strings in a Citrix CTX1 password format to plaintext.";
+        this.infoURL = "https://www.reddit.com/r/AskNetsec/comments/1s3r6y/citrix_ctx1_hash_decoding/";
+        this.inputType = "byteArray";
+        this.outputType = "string";
+        this.args = [];
+    }
+
+    /**
+     * @param {byteArray} input
+     * @param {Object[]} args
+     * @returns {string}
+     */
+    run(input, args) {
+        if (input.length % 4 !== 0) {
+            throw new OperationError("Incorrect hash length");
+        }
+        const revinput = input.reverse();
+        const result = [];
+        let temp = 0;
+        for (let i = 0; i < revinput.length; i += 2) {
+            if (i + 2 >= revinput.length) {
+                temp = 0;
+            } else {
+                temp = ((revinput[i + 2] - 0x41) & 0xf) ^ (((revinput[i + 3]- 0x41) << 4) & 0xf0);
+            }
+            temp = (((revinput[i] - 0x41) & 0xf) ^ (((revinput[i + 1] - 0x41) << 4) & 0xf0)) ^ 0xa5 ^ temp;
+            result.push(temp);
+        }
+        // Decodes a utf-16le string
+        return cptable.utils.decode(1200, result.reverse());
+    }
+
+}
+
+export default CitrixCTX1Decode;
diff --git a/src/core/operations/CitrixCTX1Encode.mjs b/src/core/operations/CitrixCTX1Encode.mjs
@@ -0,0 +1,50 @@
+/**
+ * @author bwhitn [brian.m.whitney@gmail.com]
+ * @copyright Crown Copyright 2018
+ * @license Apache-2.0
+ */
+
+import Operation from "../Operation";
+import cptable from "../vendor/js-codepage/cptable.js";
+
+/**
+ * Citrix CTX1 Encode operation
+ */
+class CitrixCTX1Encode extends Operation {
+
+    /**
+     * CitrixCTX1Encode constructor
+     */
+    constructor() {
+        super();
+
+        this.name = "Citrix CTX1 Encode";
+        this.module = "Encodings";
+        this.description = "Encodes strings to Citrix CTX1 password format.";
+        this.infoURL = "https://www.reddit.com/r/AskNetsec/comments/1s3r6y/citrix_ctx1_hash_decoding/";
+        this.inputType = "string";
+        this.outputType = "byteArray";
+        this.args = [];
+    }
+
+    /**
+     * @param {string} input
+     * @param {Object[]} args
+     * @returns {byteArray}
+     */
+    run(input, args) {
+        const utf16pass = Array.from(cptable.utils.encode(1200, input));
+        const result = [];
+        let temp = 0;
+        for (let i = 0; i < utf16pass.length; i++) {
+            temp = utf16pass[i] ^ 0xa5 ^ temp;
+            result.push(((temp >>> 4) & 0xf) + 0x41);
+            result.push((temp & 0xf) + 0x41);
+        }
+
+        return result;
+    }
+
+}
+
+export default CitrixCTX1Encode;
diff --git a/test/tests/operations/Ciphers.mjs b/test/tests/operations/Ciphers.mjs
@@ -220,6 +220,39 @@ TestRegister.addTests([
             }
         ],
     },
+    {
+        name: "Citrix CTX1 Encode",
+        input: "Password1",
+        expectedOutput: "PFFAJEDBOHECJEDBODEGIMCJPOFLJKDPKLAO",
+        recipeConfig: [
+            {
+                "op": "Citrix CTX1 Encode",
+                "args": []
+            }
+        ],
+    },
+    {
+        name: "Citrix CTX1 Decode: normal",
+        input: "PFFAJEDBOHECJEDBODEGIMCJPOFLJKDPKLAO",
+        expectedOutput: "Password1",
+        recipeConfig: [
+            {
+                "op": "Citrix CTX1 Decode",
+                "args": []
+            }
+        ],
+    },
+    {
+        name: "Citrix CTX1 Decode: invalid length",
+        input: "PFFAJEDBOHECJEDBODEGIMCJPOFLJKDPKLA",
+        expectedOutput: "Incorrect hash length",
+        recipeConfig: [
+            {
+                "op": "Citrix CTX1 Decode",
+                "args": []
+            }
+        ],
+    },
     {
         name: "Vigenère Encode: no input",
         input: "",