translate.py – Security Slice

Description

Translate bytes according to a Python expression.

Platform	N/A – Python
Author	Didier Stevens
License	Free / Public Domain
URL	https://blog.didierstevens.com/

Usage

Usage: translate.py [options] [file-in] [file-out] command [script]
 
Options:
  --version             show program's version number and exit
  -h, --help            show this help message and exit
  -o OUTPUT, --output=OUTPUT
                        Output file (default is stdout)
  -s SCRIPT, --script=SCRIPT
                        Script with definitions to include
  -f, --fullread        Full read of the file
  -r REGEX, --regex=REGEX
                        Regex to search input file for and apply function to
  -R FILTERREGEX, --filterregex=FILTERREGEX
                        Regex to filter input file for and apply function to
  -m, --man             print manual

Examples

translate.py encoded.raw decoded.txt ‘byte ^ 0x5b’

XORs encoded.raw with the key 0x5b. Hex ASCII can be encoded as raw bytes by using the command “xxd -r -p encoded.hex > encoded.raw”.

translate.py -o svchost.exe.dec svchost.exe ‘byte ^ 0x10’

“byte” is the current byte in the file, ‘byte ^ 0x10’ does an XOR 0x10
Extra functions:
rol(byte, count)
ror(byte, count)
IFF(expression, valueTrue, valueFalse)
Variable “position” is an index into the input file, starting at 0

Blog Posts