diff --git a/cloakify.py b/cloakify.py index e87774f..7f9a577 100644 --- a/cloakify.py +++ b/cloakify.py @@ -1,4 +1,4 @@ -#!/usr/bin/python +#!/usr/bin/env python # # Filename: cloakify.py # @@ -35,30 +35,23 @@ # Current Limitations (to be fixed in future development): # # - Vulnerable to frequency analysis attacks -# - Creates temporary Base64 file in local directory and deletes when finished, -# but does not do "secure delete" (potential digital forensics trail) -import os, sys, getopt, base64 +from __future__ import division, absolute_import, with_statement, print_function, unicode_literals +import sys +import base64 array64 = list("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789/+=") -payloadB64 = "payloadB64.txt"; -if ( len(sys.argv) != 3 ): - print "usage: cloakify.py " - exit +if len(sys.argv) != 3: + print("usage: cloakify.py ") + exit() else: - base64.encode( open( sys.argv[1] ), open( payloadB64, "w" )) + payloadCloaked = base64.b64encode(open(sys.argv[1], 'rb').read()).decode('utf-8') - with open( payloadB64 ) as file: - payloadCloaked = file.read() - - with open( sys.argv[2]) as file: - arrayCipher = file.readlines() + with open(sys.argv[2]) as file: + arrayCipher = file.readlines() for char in payloadCloaked: if char != '\n': - print arrayCipher[ array64.index(char) ], - - if os.path.exists( payloadB64 ): - os.remove( payloadB64 ) + print(arrayCipher[array64.index(char)], end='') diff --git a/decloakify.py b/decloakify.py index 3d778cd..97fccef 100644 --- a/decloakify.py +++ b/decloakify.py @@ -1,4 +1,4 @@ -#!/usr/bin/python +#!/usr/bin/env python # # Filename: decloakify.py # @@ -10,8 +10,8 @@ # against human analysts and their workflows. Bonus Feature: Defeats signature-based # malware detection tools (cloak your other tools). # -# Description: Decodes the output of cloakify.py into its underlying Base64 format, -# then does Base64 decoding to unpack the cloaked payload file. Requires the use of the +# Description: Decodes the output of cloakify.py into its underlying Base64 format, +# then does Base64 decoding to unpack the cloaked payload file. Requires the use of the # same cipher that was used to cloak the file prior to exfitration, of course. # # Prepackaged ciphers include: lists of desserts in English, Arabic, Thai, Russian, @@ -24,25 +24,26 @@ # # $ ./decloakify.py cloakedPayload.txt ciphers/desserts.ciph - -import sys, getopt, base64 +from __future__ import division, absolute_import, with_statement, print_function, unicode_literals +import sys +import base64 array64 = list("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789/+=") -if ( len(sys.argv) != 3 ): - print "usage: decloakify.py " - exit +if len(sys.argv) != 3: + print("usage: decloakify.py ") + exit() else: - with open( sys.argv[1]) as file: - listExfiltrated = file.readlines() + with open(sys.argv[1]) as file: + listExfiltrated = file.readlines() - with open( sys.argv[2]) as file: - arrayCipher = file.readlines() + with open(sys.argv[2]) as file: + arrayCipher = file.readlines() clear64 = "" for word in listExfiltrated: - clear64 += array64[ arrayCipher.index(word) ] + clear64 += array64[arrayCipher.index(word)] - print base64.b64decode( clear64 ) + print(base64.b64decode(clear64).decode('utf-8'))