diff --git a/src/core/config/Categories.json b/src/core/config/Categories.json index f317e9a1..158f3f76 100755 --- a/src/core/config/Categories.json +++ b/src/core/config/Categories.json @@ -67,6 +67,7 @@ "DES Encrypt", "DES Decrypt", "Citrix CTX1 Encode", + "Citrix CTX1 Decode", "Triple DES Encrypt", "Triple DES Decrypt", "RC2 Encrypt", diff --git a/src/core/operations/DecodeCitrixCTX1.mjs b/src/core/operations/DecodeCitrixCTX1.mjs new file mode 100644 index 00000000..af7fa035 --- /dev/null +++ b/src/core/operations/DecodeCitrixCTX1.mjs @@ -0,0 +1,57 @@ +/** + * @author bwhitn [brian.m.whitney@gmail.com] + * @copyright Crown Copyright 2017 + * @license Apache-2.0 + */ + +import Operation from "../Operation"; +import cptable from "../vendor/js-codepage/cptable.js"; + +/** + * Encode Citrix CTX1 class + */ +class DecodeCitrixCTX1 extends Operation { + + /** + * EncodeCitrixCTX1 constructor + */ + constructor() { + super(); + + this.name = "Citrix CTX1 Decode"; + this.module = "Ciphers"; + this.description = "Decodes strings in a Citrix CTX1 password format to plaintext."; + this.infoURL = "https://www.reddit.com/r/AskNetsec/comments/1s3r6y/citrix_ctx1_hash_decoding/"; + this.inputType = "byteArray"; + this.outputType = "string"; + this.args = []; + } + + /** + * @param {byteArray} input + * @param {Object[]} args + * @returns {string} + */ + run(input, args) { + if (input.length % 4 != 0) { + return ""; + } + let revinput = input.reverse(); + let result = []; + let temp = 0; + for (let i = 0; i < revinput.length; i+=2) { + if (i+2 >= revinput.length) { + temp = 0; + } else { + temp = ((revinput[i + 2] - 0x41) & 0xf) ^ (((revinput[i + 3]- 0x41) << 4) & 0xf0); + } + temp = (((revinput[i] - 0x41) & 0xf) ^ (((revinput[i + 1] - 0x41) << 4) & 0xf0)) ^ 0xa5 ^ temp; + result.push(temp); + } + // Decodes a utf-16le string + return cptable.utils.decode(1200, result.reverse()); + } + +} + +export default DecodeCitrixCTX1; diff --git a/src/core/operations/EncodeCitrixCTX1.mjs b/src/core/operations/EncodeCitrixCTX1.mjs index c0a42b18..ad90b559 100644 --- a/src/core/operations/EncodeCitrixCTX1.mjs +++ b/src/core/operations/EncodeCitrixCTX1.mjs @@ -1,5 +1,5 @@ /** - * @author n1474335 [n1474335@gmail.com] + * @author bwhitn [brian.m.whitney@gmail.com] * @copyright Crown Copyright 2017 * @license Apache-2.0 */ @@ -23,26 +23,26 @@ class EncodeCitrixCTX1 extends Operation { this.description = "Encodes strings to Citrix CTX1 password format."; this.infoURL = "https://www.reddit.com/r/AskNetsec/comments/1s3r6y/citrix_ctx1_hash_decoding/"; this.inputType = "string"; - this.outputType = "string"; + this.outputType = "byteArray"; this.args = []; } /** * @param {string} input * @param {Object[]} args - * @returns {string} + * @returns {byteArray} */ run(input, args) { let utf16pass = Buffer.from(cptable.utils.encode(1200, input)); let result = []; - let temp = 0 + let temp = 0; for (let i = 0; i < utf16pass.length; i++) { temp = utf16pass[i] ^ 0xa5 ^ temp; - result.push(((temp >> 4) & 0xf) + 0x41); + result.push(((temp >>> 4) & 0xf) + 0x41); result.push((temp & 0xf) + 0x41); } - return new TextDecoder("utf-8").decode(Buffer.from(result)); + return result; } } diff --git a/test/tests/operations/Ciphers.mjs b/test/tests/operations/Ciphers.mjs index 553216ef..ad69b6a5 100644 --- a/test/tests/operations/Ciphers.mjs +++ b/test/tests/operations/Ciphers.mjs @@ -220,6 +220,39 @@ TestRegister.addTests([ } ], }, + { + name: "Citrix CTX1 Encode", + input: "Password1", + expectedOutput: "PFFAJEDBOHECJEDBODEGIMCJPOFLJKDPKLAO", + recipeConfig: [ + { + "op": "Citrix CTX1 Encode", + "args": [] + } + ], + }, + { + name: "Citrix CTX1 Decode: normal", + input: "PFFAJEDBOHECJEDBODEGIMCJPOFLJKDPKLAO", + expectedOutput: "Password1", + recipeConfig: [ + { + "op": "Citrix CTX1 Decode", + "args": [] + } + ], + }, + { + name: "Citrix CTX1 Decode: invalid length", + input: "PFFAJEDBOHECJEDBODEGIMCJPOFLJKDPKLA", + expectedOutput: "", + recipeConfig: [ + { + "op": "Citrix CTX1 Decode", + "args": [] + } + ], + }, { name: "Vigenère Encode: no input", input: "",