so I started using Yara rules,
I have a mysql database with files and their base64 encodes saved in a column.
Is there any way to input in Yara a base64 string without storing it in a file? if so, what is the command? If not, is there a way in Python?
This is what I tried to do:
rule string_exist{
strings:
$a = "just for use in the Virtual Mechanics tutorials. More text. And more" base64
condition:
$a
}
and then in cmd: yara64.exe -r manual_code.yar ..........long base64 string``
but recieved an error: could not open file
Thanks in advance.
Related
We receive a BASE64 encoded representation of a courier label PDF in an xml file, which we store in the IFS of our AS400.
We would like to decode this BASE64 string and save it as a .PDF in the IFS so we can then either email it as an attachment or send it to a printer.
I have looked at the capability of the CPYSPLF command using the *PDF WSCST parameter, but this only seems relevant where we would have a Spooled File representation of the label we want to produce.
Does anyone know if this is possible via native iSeries commands/RPG?
One way is to
IFS_READ_UTF8 to load the XML file
XMLPARSE to make it a XML object
XML_TABLE to extract BASE64 data
BASE64_DECODE to decode B64 data to PDF binary stream
IFS_WRITE_BINARY to write that stream as a .pdf file
You could make it a pure sql prodecure, or a SQLRPGLE program.
You also could extract BASE64 date using RPGLE XML-INTO. The use Scott Klement's BASE64 SRVPGM to decode it, then write it to the IFS
I have a WebApp with a TinyMCE Html Editor that allows users to input some html from a web page. Images can be pasted and are encoded as base64.
Before saving the user input to DB I use OWASP java-html-sanitizer to discard potential dangerous code (javascript,...).
Some characters in the base64 string of the image are escaped and when I try to get the image back (using apache commons Base64) I'm not able to get a valid image.
Here my code for decoding the image:
byte[] b;
String s = html;
b = s.getBytes(Utility.UTF8);
b = org.apache.commons.codec.binary.Base64.decodeBase64(b);
For the HtmlSanitizer I have done nothing special, just followed the Ebay Policy Example allowing base64 images as suggested here.
Ah, as suggested here I need "to HTML decode before base64 decoding".
I have tried with apache common StringEscapeUtils:
org.apache.commons.lang3.StringEscapeUtils.unescapeHtml4(html);
and it's working. Great.
allowedSchemes: [ 'data'] or allowedSchemesByTag: { img: [ 'data' ]} can be used to allow img tag to accept/allow base64.
I have a LDIF file which has a multi-value Base64-encoded attribute, and I'd like to convert it in non-Base64-encoded syntax. How can this be done?
Context
The LDIF file is as such:
dn: cn=johndoe,ou=clients,ou=management,dc=example,dc=com
changetype: modify
replace: foobarStatus
foobarStatus:: ZW5hYmxl... (Base64 string) ...ZCA9IHRydWU
where the decoded Base64 string is as such:
market = "US"
mgmt.account.mode = "X12"
foo.field = "Something"
bar.field = "Something else"
...
Problem
When I try to import this LDIF file into a LDAP server via ldapmodify, I get an error:
ldapmodify: invalid format (line 4) entry: "cn=johndoe,ou=clients,ou=management,dc=example,dc=com"
I've been trying to solve this for a while but couldn't find the error. It could be some spurious character somewhere. Therefore I thought of converting the Base64 part of the LDIF and importing it on this format. The attribute values don't contain any non-printable ASCII (e.g. accented letters) so it should work fine.
Note
This could be a XY problem so if anyone has another suggestion, I'm eager to read it.
It turns out ldapmodify doesn't like long lines. Therefore, after splitting the Base64 code here
foobarStatus:: ZW5hYmxl... (Base64 string) ...ZCA9IHRydWU
into multiple lines of 79 chars or less, ldapmodify was able to import it.
This solved my original problem. I'm leaving the solution here for future readers.
So Ive got a string of:
YDNhZip1cDg1YWg4cCFoKg==
that needs to be decoded using Pythons Base64 module.
Ive written the code
import base64
test = 'YDNhZip1cDg1YWg4cCFoKg=='
print(test)
print(base64.b64decode(test))
which gives the answer
b'`3afup85ah8p!h'
when, according to the website decoders Ive used, its really
`3afup85ah8p!h
Im guessing that its decoding the additional quotes.
Is there some way that I can save this variable with a delimiter, as another type of variable, or run the b64encode on a section of the string as slice doesnt seem to work?
b' is Python's way of delimiting data from bytes, see: What does the 'b' character do in front of a string literal?
i.e., it is decoding it correctly.
I have a text file, that contains 50,000 lines of "strange" text:
UEsDBBQAAgAIACaOVEA6e5H83pcBAMLBAQArAAAAW1NhbXN1
bmddIC0gVGVzdCB0YXNrIC0gU291bmQgZGVjcnlwdG9yLnBu
Z+z9ZVBcXdcFiia4B/cgTQPBJTgEC9bBEtwCBCe4uwVtNN24
QyAQ3C24OwR3d3e303zv++T57vl5761zbt06VV3V1bLWXjLX
mGOuNcfe4I8K0phopGgvXrzABMlIKL14AY/x4gUCKQoc7Jsv
3GZA2NtLByVp8RfFQ+Q7sA8IpmLyYi9elEWh339BhH2mMpRR
kn/xwp3uxQvfgBcvbmFf+W6/eOHE/uLFrv6LFwIJL14Q2ab8
/iT04sVTJEhCTMVVdz8VMUW18+6JF1Rfv2fh4uISpoGCAsUN
pWIMRfz169f0L99Rmdw3aDKaMWgoxCFFGT8qD5+8rkZuBp86
FupLdS4PvYcs9GwP5/nfDjfkCm8l1m0ZEeHjG+1gv8T5+0LB
FgX+n77owcX59yO2H/tLMLAK7d9vQqioINkm1HAAqv++cEFf
4f9+AHwnfekGVVrL1vj71Ua4r4QSf4EtgTqChOj/vKi4YYXy
7JSY/17EXkoUkJeiWhvK9L/qAWeP8zHEoYT4/s9LlJ+GCqIy
xKjTSfBPU2QiYDV/TcGX/afijBSc7zKMpgTFq6G+/y2XDauZ
gVshlPafij8OocgAYyvQ1O0kRf9bTglWcwwpfSfuPxW/MUUA
Qvs0Awtq//YiD1bzh4hoA/A/Fce8hXVio7BNVedvL8ZhNf/s
ApVJ/FNxHwmsE/ZqK4zFf3vxFVbz/+fD8yTi1xn2lPDWdMXj
aJBUyKivv6TB6wn+wcb89pRA3VHgoTL3cu4IsuDiw8dbIql2
OAhu3teuKD/s6/tNbwcd215q3qfT1GRBa7+hgaNMJkjDnoY2
98VqH9VtwdOnXV9j8jaMXzY1vfNoFHTaNZWNu/90uycGyDuf
gjDj/7dJuDSlnjd9/BVEjSM2u2OKkdaT6xN7xTue
And at this moment, I don't know how to process this text. Effectively it reads like puzzle text.
What is it?
This is a Base64 encoding of a PNG file called Sound decryptor.png.
Use any Base64 decoder to convert it to a file... Such as this one: http://download.cnet.com/Base64-Encoder-Decoder/3000-10250_4-10555647.html
This is Base64 encoded data.
The particular snippet in your question looks like the beginning of a ZIP-file (begins with the typical PK).
This is a base64-encoded ZIP archive, here's the start of it: PK...T#:{‘...[Samsung] - Test task - Sound decryptor.png.... (contains a PNG image, perhaps something else).
This seems to be a Base64 encoded PNG file. Could you post the entire file so we're able to try to decode it?
This looks like Base64 encoded text. Depending on the programming language you use, you should be able to find a function to decode it for you.
For Python, use base64.b64decode(text). For PHP, use base64_decode($text). Other environment have similar facilities.
Do this to decode the Base64 encoded data:
$ base64 -d original.file
P&T#:{üޗÂÁ+[Samsung] - Test task - Sound decryptor.pngìýeP\]×&¸÷ MÁ%8
(...)
$ base64 -d original.file > decoded.file
$ file decoded.file
decoded.file: Zip archive data
As it turns out to be a ZIP file, it can be unzipped by:
$ unzip decoded.file
Command base64 is in coreutils.