Didier Stevens

This new version of strings.py comes with a new option -T to trim the strings to a given length. And also 2 bug fixes.

strings_V0_0_4.zip (https)
MD5: 8B1F5A6BEBA2BC8BDFF16B99C27050E4
SHA256: 7BBAAB0E83692288BDC35BC0FBDD6B2F8A141280E506131E2818F49BEF31D01A

hex-to-bin.py is a program to convert hexadecimal dumps (text) to binary data.

This new version of hex-to-bin.py can handle different hexdump formats, like registry dumps (text files). Use option -x to handle these hexdumps.

And option -t was added if the input is a text file that is non-ASCII, like UTF16. Option -t can be used to convert the text file.

And it supports Python3, but that code is a kludge. Something I’ll have to do better later.

hex-to-bin_V0_0_3.zip (https)
MD5: 0F87942CC9EF566D4C3B5A34073D5399
SHA256: 02447247C59F530CD6559B0FB287E314AC3AB807D843729CA9CE3F16D0930CAB

This new version of pecheck.py adds option -l to carve embedded PE files. This will be explained in detail in an upcoming blog post.

pecheck-v0_7_7.zip (https)
MD5: CEFCCC094EF9E29A539092A6ECB77EEE
SHA256: 91041D17A39C7FA4151830AF8FBD151680A04FC617CB0EADDA32D240E9AB9C03

This new version supports CRC32 hashing.

hash_V0_0_7.zip (https)
MD5: 9BE8A26F2940FA2FF5C3671B7BB6DC6F
SHA256: CFA2767F0FAA792F9B75344B2F15FF40267F3EDE77D221B0134F07FDB04E515B

This new version of msoffcrypto-crack.py, a simple tool to crack passwords of MS Office documents, adds rules via option -r.

In this release, there is only one rule to modify candidate passwords: case toggle.

If you use option -r, all passwords in the provide list will be tested, together with their case toggle variant: Secret -> sECRET.

msoffcrypto-crack_V0_0_4.zip (https)
MD5: D3D7A0475FF1C9AAB7BE773514784465
SHA256: 4A27E0FF50863A925FEE55B8F7D16AD29C2DF5E4611F9493DAEEBA89B5F3DBA9

This new version of format-bytes brings support for TLV records.

Here is an example with certificates in the Windows registry:

More details will be provided in an upcoming blog post.

format-bytes_V0_0_9.zip (https)
MD5: 2F97370D12A7DBB53EB8B30AA0A40463
SHA256: 87C9F3120673C0E92C9562EC2687B60AA93DAF612CE854939E48F6E902BFBBB4

sets.py is a program to perform set operations. In this new version, I added operations unique, product, substitute and sort.

And I added options -s and -i.

Operation unique will remove all double entries (which shouldn’t occur anyway in a mathematical set):

“Line 5” appears twice in set4.txt, thus one occurrence is remove by operation unique. “Line 4” and “Line 6” not, because their case is different, or because they have leading whitespace.

To ignore case, use option -i, and to ignore leading and trailing whitespace, use option -s:

sets_V0_0_3.zip (https)
MD5: F8B1EB9140EBA621CBF6F393717BF2EA
SHA256: 94200F8313A66D7CAB6C200A24DD6A5B1D9644004C2ECCF01F22004A801EFE03

This new version comes with option -a to parse ASCII/hexdumps as produced by my tools.

Option -s can be used to select another hexadecimal/ASCII dump than the first one (for example, -s 2 to select the second dump).

Option -l (list) can be used to produce an overview of all hexadecimal/ASCII dumps found in the input, together with an index number to be used with option -s.

hex-to-bin_V0_0_2.zip (https)
MD5: 4F415E4117EC497C52E244A7087E36B9
SHA256: D283C312CC169419BC16D9199F5EC850D5D7565B9FDB272CA5236F97EDAD22C3