This new version of base64dump adds option -I (ignorehex). Like -i, -I can be used to specify characters to be ignore by base64dump. Option -I takes the characters to be ignored as hexadecimal values, like this:
base64dump.py -I 2209
This will ignore the double-quote character (0x22) and the TAB character (0x09).
base64dump_V0_0_11.zip (https)
MD5: BF9D9EB3E6D574633D7F85345213E3E8
SHA256: 2741F9C3FD7B0897A04F60C741D7125568C8355A82FCF0FD4BB80877EE7FB935
[…] quotes and the newlines (base64dump searches for continuous strings of BASE64 characters). With base64dump‘s -w option I can get rid of whitespace (including newlines), and with option -i I can get […]
Pingback by Extracting DotNetToJScript’s PE Files | Didier Stevens — Wednesday 25 July 2018 @ 0:00
[…] Update: base64dump.py Version 0.0.11 […]
Pingback by Week 30 – 2018 – This Week In 4n6 — Sunday 29 July 2018 @ 12:13
[…] base64dump.py gives us more information: […]
Pingback by PowerShell Inside a Certificate? – Part 2 – NVISO Labs — Wednesday 1 August 2018 @ 7:18
[…] Update: base64dump.py Version 0.0.11 […]
Pingback by Overview of Content Published in July | Didier Stevens — Thursday 2 August 2018 @ 0:01
[…] re-research.py, base64dump.py and […]
Pingback by DotNetToJScript Analysis – Didier Stevens Videos — Sunday 19 August 2018 @ 10:26
[…] The embedded payload in Cymulate’s proof of concept document is a Windows executable (PE file) encoded in BASE64. As such, it’s easy to extract from document.xml and decode with a tool like base64dump: […]
Pingback by Detecting and Analyzing Microsoft Office Online Video – NVISO Labs — Wednesday 29 May 2019 @ 8:15
[…] oledump.py, base64dump.py, […]
Pingback by Analyzing Compressed PowerShell Scripts – Didier Stevens Videos — Sunday 28 July 2019 @ 20:49