https://github.com/jelchison/check-enc
Python script that uses character frequency analysis to determine likely encodings of opaque files. Can be useful in CTF competitions.
https://github.com/jelchison/check-enc
ctf encodings frequency-analysis python
Last synced: 6 months ago
JSON representation
Python script that uses character frequency analysis to determine likely encodings of opaque files. Can be useful in CTF competitions.
- Host: GitHub
- URL: https://github.com/jelchison/check-enc
- Owner: JElchison
- License: gpl-3.0
- Created: 2017-08-10T15:32:33.000Z (about 8 years ago)
- Default Branch: master
- Last Pushed: 2022-05-21T20:24:28.000Z (over 3 years ago)
- Last Synced: 2025-02-01T15:45:56.700Z (8 months ago)
- Topics: ctf, encodings, frequency-analysis, python
- Language: Python
- Homepage:
- Size: 18.6 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# check-enc
Python script that uses character frequency analysis to determine likely encodings of opaque files. Can be useful in CTF competitions.
# Features
* Attempts the following encodings:
* hex_codec
* base64_codec
* rot_13
* utf_8
* utf_16_be
* utf_16_le
* bz2
* zip
* idna
* palmos
* punycode
* quopri_codec
* utf_7
* base32
* uuencode
* quotable
* binhex4
* yenc
* Attempts permutations of any 2 of the above-listed enodings
# Prerequisites
To install necessary prerequisites on Ubuntu:
sudo apt-get install python3-yenc
# Usage
```
Purpose: Attempts to decode/encode unknown data
Prereq: Python package 'yenc'. On Debian systems, this can be installed
using `sudo apt-get install python-yenc`
Usage: checkenc.py [-d|-e] [-1] [-a] [-v] -f
reads data from file
checkenc.py [-d|-e] [-1] [-a] [-v] ''
reads data from last non-option argument
checkenc.py -h
displays this help
Options: -d Decode data (default)
-e Encode data (if absent, -d is assumed)
-1 Only performs one decoding/encoding pass on data (if absent,
default behavior is to attempt all permutations of any two
encodings). This will decrease running time for large data
sets.
-a Display all results (if absent, only top 20 are displayed)
-v Verbose mode
Output: One row is displayed for each result. There are three columns in
each row:
1) Score. higher (more positive) is better. The score will
usually be negative.
2) Encoding used (or combination of encodings). "Caesar_XXX"
is a Caesar cipher with each byte incremented by XXX.
3) Result after de/encoding. Special characters will be escaped
appropriately.
```
### Example usage
On Ubuntu:
```
user@computer:~$ ./checkenc.py -f base64.bin
First pass complete. Now trying permutating each result...
Top 20 results, worst to best:
-644.75 "'ThisIsATest\\n'"
-603.41 u'VGhpc0lzQVRlc3QK\n'
-603.41 u'VGhpc0lzQVRlc3QK\n'
-603.41 u'VGhpc0lzQVRlc3QK\n'
-603.41 u'VGhpc0lzQVRlc3QK\n'
-597.33 'VGhpc0lzQVRlc3QK\n'
-597.33 'VGhpc0lzQVRlc3QK\n'
-590.33 u'ITucp0ymDIEyp3DX\n'
-585.33 'UFgob/kyPUQkb2PJ\t'
-584.38 '+XlmwMwEXiwx`r+'
-582.37 '%RfgqGq?RcqrZl%'
-577.70 ')VjkuKuCVguv^p)'
-576.05 '$QefpFp>QbpqYk$'
-569.52 '*WklvLvDWhvw_q*'
-569.10 '#PdeoEo=PaopXj#'
-557.71 '(UijtJtBUftu]o('
-494.86 ',YmnxNxFYjxyas,'
-483.99 '-ZnoyOyGZkyzbt-'
-344.75 'ThisIsATest\n'
user@computer:~$ ./checkenc.py -f base64_plus_caesar.bin
First pass complete. Now trying permutating each result...
Top 20 results, worst to best:
-671.46 "M>_gZ'cqHMIcZ*HB"
-662.67 'PAbj]*ftKPLf]-KE'
-662.13 'RCdl_,hvMRNh_/MG'
-659.41 'L=^fY&bpGLHbY)GA'
-653.25 'SDem`-iwNSOi`0NH'
-601.57 u'JUvdq1z{EJFzq4EY'
-582.36 'XIjre2n|SXTne5SM'
-582.33 'ZKltg4p~UZVpg7UO'
-571.06 u'WHiqd1m{RWSmd4RL'
-571.06 u'WHiqd1m{RWSmd4RL'
-571.06 u'WHiqd1m{RWSmd4RL'
-571.06 u'WHiqd1m{RWSmd4RL'
-564.99 'WHiqd1m{RWSmd4RL'
-564.99 'WHiqd1m{RWSmd4RL'
-564.16 'YJksf3o}TYUof6TN'
-491.93 'VGhpc0lzQVRlc3QK'
-482.75 'UFgob/kyPUQkb2PJ'
-473.34 'TEfna.jxOTPja1OI'
-344.75 'ThisIsATest\n'
```