Didier Stevens

Sunday 30 August 2020

Update: oledump.py 0.0.53

Filed under: My Software,Update — Didier Stevens @ 13:45

This new version of oledump.py has bug fixes, updates for -s and –raw -v options, plugins, and a bug fix for plugin_vbaproject.

Streams can now be select (-s –select) by name too. Make sure to include the single quotes:

oledump_V0_0_53.zip (https)
MD5: C26EB56580D65B2E856169A3EFC9BC03
SHA256: A10D90284F10C6D7811E2573049FE0F8315F04129846898C88E0184423988CD9

Sunday 16 August 2020

Update: numbers-to-string.py Version 0.0.10

Filed under: My Software,Update — Didier Stevens @ 8:39

This new version of numbers-to-string.py, a tool to extract numbers from text files and convert them to strings, adds a verbose option (-v –verbose).

Example:

Running this with verbose option shows which lines were selected for number extraction:

numbers-to-string_v0_0_10.zip (https)
MD5: C7B8985C5A7D856F68A88BBD491375E6
SHA256: 8CED403C795E9287DD1500C8A0EFBF41F8837BE112113D425A7F8C97D9D1A27E

Thursday 30 July 2020

Update: pecheck.py Version 0.7.11

Filed under: My Software,Update — Didier Stevens @ 0:00

This is a bugfix version

pecheck-v0_7_11.zip (https)
MD5: D3B69575F0A08377D1A08886D34230FD
SHA256: 2B59F745377EABDF81118997CA70F5F4DBC1CE927370F02C6E0262869F988FA9

Tuesday 28 July 2020

Update: InteractiveSieve 0.9.1

Filed under: My Software,Update — Didier Stevens @ 0:00

There are many new features in this update to InteractiveSieve (I neglected to publish updates).

InteractiveSieve is a C# tool I developed to help me visualize and sift through logs (CSV files).

I want to record a couple of videos to show what this tool can do.

Here is a list of updates:

  • Added Remember and >= <= popup menu commands
  • Added Paste to Sift dialog
  • Added separator option None
  • Added choice for Pivot table: matrix, list and uniques
  • Fixed Reveal all bug, thanks Bart Vanautgaerden for reporting
  • Added Hide colored lines and Hine uncolored lines; Added Info and Set as index column
  • Bugfix DataGridViewEx
  • Added Load sieve and Save sieve
  • Added m:n to pivot table
  • Added Invert
  • Added bookmarks
  • Added Previous and Next Bookmark toolbar buttons
  • Bugfix SaveSieve for bookmarks
  • Added Comment…
  • Added header when saving
  • Fix for header when loading with filter
  • Added load with lookup
  • Added Treeview
  • Added drag and drop; automatic and colon separator; invert with load filter
  • Added Copy for row
  • Pivot table list and uniques: Added support for Hide and Color buttons
  • Added Sift… value
  • Added Transform (regex) and restore
  • Added Reload

InteractiveSieve_V_0_9_1_0.zip (https)
MD5: C8B5B3E768FB62B7508F055122453594
SHA256: 063A83D9DBA900C8B245532D510E822A305B258C9A3DD05F19F4F0ED2753B6E1

Monday 27 July 2020

Update: zipdump.py Version 0.0.20

Filed under: My Software,Update — Didier Stevens @ 0:00

I added detection of data descriptor records (PK 0x07 0x08) to option -f L (list all ZIP records found inside the provided file).

zipdump_v0_0_20.zip (https)
MD5: A0A826BB92805997ED3D9793C8B24385
SHA256: AC626299A6048FA4A7E8BE2993411870F77B4B89F647B6C4264E0CC22E180999

Sunday 26 July 2020

Update: oledump.py 0.0.52

Filed under: My Software,Update — Didier Stevens @ 0:00

This new version of oledump.py brings support for AES encrypted ZIP files via Python module pyzipper (Python 3 only). If module pyzipper is not installed, oledump will fall back to builtin module zipfile.

 

And plugin plugin_vbaproject.py does now a small dictionary attack on the extracted hash to try to recover the password.

I use the same dictionary as in zipdump.py, a dictionary that is the public domain, default wordlist used by John the Ripper, extended with a couple of passwords: infected, P@ssw0rd and VelvetSweatshop.

oledump_V0_0_52.zip (https)
MD5: 2528824D8A7CD2BE98615B1B1AE8C61A
SHA256: C47A9CC658571FF23E70264B4DD4F8F47D244708E7110EA0A28128F175CF80F5

Sunday 19 July 2020

Update: oledump.py Version 0.0.51

Filed under: My Software,Update — Didier Stevens @ 0:00

This is a bugfix update to oledump.py, and a feature update for plugins.

plugin_biff.py has a new -S (–statistics) option:

This option can be combined with option -c (–csv).

And there is a new plugin for VBA projects: plugin_vbaproject.py. More info in tomorrow’s blog post.

 

oledump_V0_0_51.zip (https)
MD5: 9A55FC37AD0C4C2F3D08F252C72C1A82
SHA256: 071D1605D520A4BABBE2CDA461866C349628FE4B428AC54823492A6CD89EA487

Saturday 18 July 2020

Update XORSearch Version 1.11.4

Filed under: My Software,Update — Didier Stevens @ 10:08

This is a small bug fix version of XORSearch: fixing some printf format strings for Linux, thanks to Lenny Zeltser for reporting.

Because of Google, I can no longer host this tool on my website.

You have to get it from my FalsePositives GitHub repository.

XORSearch_V1_11_4.zip
MD5: E66290D1EB15D9394C8D1264A09ECFE6
SHA256: BF20A1D76AAD83FC3AABEDC6DDC7F96B655DC94BEC3FA276A50AF6046EBB554C

Friday 3 July 2020

Update: base64dump.py Version 0.0.12

Filed under: My Software,Update — Didier Stevens @ 0:00

This new version of base64dump.py adds the following new features:

  • encoding zxc (0x4D,0x5A,0x90,…)
  • update for YARA rules
  • update for –cut option
  • option -A: run-length encoded HEX/ASCII dump
  • warning when no encoding was selected
  • environment variable to set hash algorithm (DSS_DEFAULT_HASH_ALGORITHMS)
  • option –jsonoutput
  • option -T: headtail
  • option -p: process encodings
  • Python 3 support

base64dump_V0_0_12.zip (https)
MD5: 834B0D2DB5915ECE1C2F016B9E8462D1
SHA256: 952A5009C945AF350DB0875E8F025E3B5D271FB54AC60BE7569CFBD949DD7B77

Monday 8 June 2020

Update: translate.py Version 2.5.8

Filed under: My Software,Update — Didier Stevens @ 20:14

This is a small Python 3 bugfix version.

translate_v2_5_8.zip (https)
MD5: 677BD5D6007F264A05D23A9A01B3DD13
SHA256: 977D7A87F771F5E86A6B57D2B565D7C789A7AC7696599E8B7412E9051D66DCFF

Next Page »

Blog at WordPress.com.