Didier Stevens

Wednesday 4 October 2023

Update: myjson-filter.py Version 0.0.5

Filed under: My Software,Update — Didier Stevens @ 0:00

This new version adds YARA support.

myjson-filter_V0_0_5.zip (http)
MD5: CA8EAB44E283C2BFE0674CCDA1EE35EE
SHA256: A1E133E5BBB0F129156058E0E8DBD3834A23CEC6173BAFF0ADB79E46BDF48AAB

Tuesday 3 October 2023

Update: pecheck.py Version 0.7.16

Filed under: My Software,Update — Didier Stevens @ 0:00

This new version adds two new values for option -l.

One could already use option -l P to locate all PE files inside an arbitrary binary file.

Option -l PE also adds entries for the extra (E) data, e.g., the data in between found PE files.

Option -l PO is like PE, but adds some more information for the other (O) files: the magic header (hex & ASCII).

pecheck-v0_7_16.zip (http)
MD5: FBC115DDC2C0EDFBA9612B00DE6692DB
SHA256: CA9E6D06A7DA9E6CD6B585423F854030364F1936702B5A0A14B7F90722824A7C

Monday 2 October 2023

Update: xor-kpa.py Version 0.0.8

Filed under: My Software,Update — Didier Stevens @ 0:00

This is just a small update to my XOR known-plaintext attack tool, with some improvements on the algorithm.

xor-kpa_V0_0_8.zip (http)
MD5: EB6397FC81C920DF4E1753A4A31DA9B4
SHA256: 9706979A4B1FBC6E318F6015C69ED2759ADC871632FDB9034615A4488DAC32E0

Sunday 1 October 2023

Update: simple_listener.py Version 0.1.3

Filed under: My Software,Update — Didier Stevens @ 14:34

This updates changes the THP_READALL logic, and adds THP_ECHO_THIS and THP_ALLOW_LIST.

simple_listener_v0_1_3.zip (http)
MD5: 6C90E789D4C10B6EF5E918306A7A58E7
SHA256: 16E55E8983E4208151CB407F72238537C7631396FFFECC431230F7879AFAC664

Overview of Content Published in September

Filed under: Announcement — Didier Stevens @ 7:58
Here is an overview of content I published in September:

Blog posts: SANS ISC Diary entries:

Saturday 30 September 2023

Update: hash.py Version 0.0.10

Filed under: My Software,Update — Didier Stevens @ 11:13

This new versions adds 2 new features:

Option -H adds a human hash for each hash:

Option -r renames a file to its hash (hash) or to its hash with extension .vir (vir).

When more that one hash algorithm is used (default: md5, sha1, sha256), the last hash algorithm is used for the rename operation.

hash_V0_0_10.zip (http)
MD5: 95CD153E3DFD9922D6AD279D1E19CDDD
SHA256: 221B6B4476B0CBD820D696BD63E83DE1F67045C54F343E475447CF66CF4F181E

Update: zipdump.py Version 0.0.28

Filed under: My Software,Update — Didier Stevens @ 11:00

This update of zipdump.py adds parsing for external attributes and DOSDATE and DOSTIME fields when options -f and -E are used.

zipdump_v0_0_29.zip (http)
MD5: 482DEB681C17243B03A699BD6B55D11D
SHA256: 9D89DCAF531621E33A0A36D1EA519A62F1004A762C0789C857976033A32E7F8A

Update: file-magic.py Version 0.0.7

Filed under: My Software,Update — Didier Stevens @ 10:28

This update is just a definition update to detect MSO (ActiveMime files).

file-magic_V0_0_7.zip (http)
MD5: 6EFF124D3D0854F62034E05DAE20AFD4
SHA256: A13ADD0A3F840FF535193CD07BF6218FF77164EB803E9004A0B66A4AC66183F9

Update: emldump.py Version 0.0.13

Filed under: My Software,Update — Didier Stevens @ 10:25

This new update can produce JSON output for each part (option–jsonoutput).

emldump_V0_0_13.zip (http)
MD5: 083C21C2E7EA265947E3D2060A739376
SHA256: 2812EFFCBD9BDCA2634210678C1F2508216E099D94531E5FF29BFE32B3B12B65

Tuesday 5 September 2023

Update: zipdump.py Version 0.0.28

Filed under: My Software,Update — Didier Stevens @ 7:31

This is an update linked to option -f l to find PKZIP records.

When option -E all is used, field externalattributes is parsed now:

zipdump_v0_0_28.zip (http)
MD5: 288DBCFACB42E6563F417E46BD6081BC
SHA256: 4C3AD3A49FCFC1B5A680EAE80CE129A67912BCC03402EC9F46D08F902BC512A1
« Previous PageNext Page »

Blog at WordPress.com.