Didier Stevens

Monday 21 November 2016

Update: base64dump.py Version 0.0.5

Filed under: My Software,Uncategorized — Didier Stevens @ 0:00

This new version supports different encodings besides base64 (but the name remains base64dump).

The new encodings are hexadecimal (hex), \u unicode (bu) and %u unicode (pu).

Here’s an example with escaped unicode in JavaScript (%u), namely a PDF with shellcode in JavaScript:

20161118-221959

The shellcode, escaped with %u, can be extracted with base64dump:

20161118-222032

20161118-222049

There’s also a new option to do a string dump: -S

20161118-222059

And a last small update: this version also counts unique bytes, i.e. the number of different byte values found in the data.

base64dump_V0_0_5.zip (https)
MD5: 7AACFD3E34FEAAF41897F60FBC5279A3
SHA256: B4AB7B3A9D2947F08C6CC94F88CD825C9B2B63EE65AF7475E66BE9565EC4337A

4 Comments »

  1. […] Didier Stevens updated his base64dump Python script to version 0.0.5 to support additional encodings (hexadecimal (hex), u unicode (bu) and %u unicode (pu)) Update: base64dump.py Version 0.0.5 […]

    Pingback by Week 47 – 2016 – This Week In 4n6 — Saturday 26 November 2016 @ 23:04

  2. […] Update: base64dump.py Version 0.0.5 […]

    Pingback by Overview of Content Published In November | Didier Stevens — Tuesday 6 December 2016 @ 0:00

  3. […] The data field looks like BASE64, so let’s try to decode it with base64dump.py: […]

    Pingback by Quickpost: Dropbox & Alternate Data Streams | Didier Stevens — Monday 30 January 2017 @ 0:00

  4. […] base64dump.py is a tool to search for BASE64 strings (and other encodings like hexadecimal). We will use it to search for a payload in the EPS file. Since the file is large, we can expect to have a lot of hits. So let’s set a minimum sequence length of 1000: […]

    Pingback by Maldoc: It’s not all VBA these days | NVISO LABS – blog — Wednesday 8 February 2017 @ 9:04


RSS feed for comments on this post. TrackBack URI

Leave a Reply (comments are moderated)

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: