From 618b413d051e869512d751f46907e9924071a76c Mon Sep 17 00:00:00 2001 From: John Aho Date: Sun, 9 Jul 2017 19:17:04 -0700 Subject: [PATCH 01/12] Fix for decloaking Fix for decloaking, needed temp file to be passed around --- cloakifyFactory.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/cloakifyFactory.py b/cloakifyFactory.py index 574a0e5..4bba506 100644 --- a/cloakifyFactory.py +++ b/cloakifyFactory.py @@ -119,7 +119,11 @@ def DecloakifyFile(): print "" decloakedFile = raw_input( "Save decloaked data to filename (default: 'decloaked.file'): " ) print "" - + + # Create temp file with copy so that it can be manipulated by noise and decloakify + from shutil import copyfile + copyfile(sourceFile,decloakTempFile) + if decloakedFile == "": decloakedFile = "decloaked.file" From 0fdd80af72bbea63135654f3c85019cc6af48643 Mon Sep 17 00:00:00 2001 From: John Aho Date: Sun, 9 Jul 2017 20:22:24 -0700 Subject: [PATCH 02/12] Update to Python3 --- cloakifyFactory.py | 515 +++++++++++++++++++++++---------------------- 1 file changed, 259 insertions(+), 256 deletions(-) diff --git a/cloakifyFactory.py b/cloakifyFactory.py index 4bba506..4b16c30 100644 --- a/cloakifyFactory.py +++ b/cloakifyFactory.py @@ -38,6 +38,7 @@ # # $ ./cloakifyFactory.py # +# Updated to Python3 by John Aho import os, sys, getopt, random, base64, cloakify, decloakify @@ -53,12 +54,12 @@ def CloakifyFile(): - print "" - print "==== Cloakify a File ====" - print "" - sourceFile = raw_input("Enter filename to cloak (e.g. ImADolphin.exe or /foo/bar.zip): ") - print "" - cloakedFile = raw_input("Save cloaked data to filename (default: 'tempList.txt'): ") + print("") + print("==== Cloakify a File ====") + print("") + sourceFile = input("Enter filename to cloak (e.g. ImADolphin.exe or /foo/bar.zip): ") + print("") + cloakedFile = input("Save cloaked data to filename (default: 'tempList.txt'): ") if cloakedFile == "": cloakedFile = "tempList.txt" @@ -66,63 +67,65 @@ def CloakifyFile(): cipherNum = SelectCipher() noiseNum = -1 - choice = raw_input("Add noise to cloaked file? (y/n): ") + choice = input("Add noise to cloaked file? (y/n): ") if choice == "y": noiseNum = SelectNoise() - print "" - print "Creating cloaked file using cipher:", gCipherFiles[ cipherNum ] + print("") + print("Creating cloaked file using cipher:", gCipherFiles[ cipherNum ]) try: cloakify.Cloakify( sourceFile, "ciphers/" + gCipherFiles[ cipherNum ], cloakedFile ) except: - print "" - print "!!! Well that didn't go well. Verify that your cipher is in the 'ciphers/' subdirectory." - print "" + print("") + print("!!! Well that didn't go well. Verify that your cipher is in the 'ciphers/' subdirectory.") + print("") if noiseNum >=0: - print "Adding noise to cloaked file using noise generator:", gNoiseScripts[ noiseNum ] + print("Adding noise to cloaked file using noise generator:", gNoiseScripts[ noiseNum ]) try: os.system( "noiseTools/%s %s" % ( gNoiseScripts[ noiseNum ], cloakedFile )) except: - print "" - print "!!! Well that didn't go well. Verify that '", cloakedFile, "'" - print "!!! is in the current working directory or try again giving full filepath." - print "" + print("") + print("!!! Well that didn't go well. Verify that '", cloakedFile, "'") + print("!!! is in the current working directory or try again giving full filepath." ) + print("") - print "" - print "Cloaked file saved to:", cloakedFile - print "" + print("") + print("Cloaked file saved to:", cloakedFile) + print("") - choice = raw_input( "Preview cloaked file? (y/n): " ) + choice = input( "Preview cloaked file? (y/n): " ) if choice == "y": - print "" + print("") with open( cloakedFile ) as file: cloakedPreview = file.readlines() i = 0; while ( i<20 ): - print cloakedPreview[ i ], + print( cloakedPreview[ i ]), i = i+1 - print "" + print("") - choice = raw_input( "Press return to continue... " ) + choice = input( "Press return to continue... " ) def DecloakifyFile(): decloakTempFile = "decloakTempFile.txt" - print "" - print "==== Decloakify a Cloaked File ====" - print "" - sourceFile = raw_input( "Enter filename to decloakify (e.g. /foo/bar/MyBoringList.txt): " ) - print "" - decloakedFile = raw_input( "Save decloaked data to filename (default: 'decloaked.file'): " ) - print "" + print("") + print("==== Decloakify a Cloaked File ====") + print("") + sourceFile = input( "Enter filename to decloakify (e.g. /foo/bar/MyBoringList.txt): " ) + print("") + decloakedFile = input( "Save decloaked data to filename (default: 'decloaked.file'): " ) + print("") - # Create temp file with copy so that it can be manipulated by noise and decloakify - from shutil import copyfile - copyfile(sourceFile,decloakTempFile) + try: + from shutil import copyfile + copyfile(sourceFile, decloakTempFile) + except Exception as ex: + print("Can't create temp file") if decloakedFile == "": decloakedFile = "decloaked.file" @@ -130,26 +133,26 @@ def DecloakifyFile(): # Reviewing the cloaked file within cloakifyFactory will save a little time for those who # forgot the format of the cloaked file and don't want to hop into a new window just to look - choice = raw_input( "Preview cloaked file? (y/n default=n): " ) + choice = input( "Preview cloaked file? (y/n default=n): " ) if choice == "y": - print "" + print("") try: with open( sourceFile ) as file: cloakedPreview = file.readlines() i = 0; while ( i<20 ): - print cloakedPreview[ i ], + print( cloakedPreview[ i ]), i = i+1 - print "" + print("") except: - print "" - print "!!! Well that didn't go well. Verify that '", sourceFile, "'" - print "!!! is in the current working directory or the filepath you gave." - print "" + print("") + print("!!! Well that didn't go well. Verify that '", sourceFile, "'") + print("!!! is in the current working directory or the filepath you gave.") + print("") - choice = raw_input("Was noise added to the cloaked file? (y/n default=n): ") + choice = input("Was noise added to the cloaked file? (y/n default=n): ") if choice == "y": noiseNum = SelectNoise() @@ -160,315 +163,315 @@ def DecloakifyFile(): if noiseNum >= 0: try: # Remove Noise, overwrite the source file with the stripped contents - print "Removing noise from noise generator:", gNoiseScripts[ noiseNum ] + print("Removing noise from noise generator:", gNoiseScripts[ noiseNum ]) os.system( "./removeNoise.py %s %s %s" % ( stripColumns, sourceFile, decloakTempFile )) except: - print "!!! Error while removing noise from file. Was calling 'removeNoise.py'.\n" + print("!!! Error while removing noise from file. Was calling 'removeNoise.py'.\n") cipherNum = SelectCipher() - print "Decloaking file using cipher: ", gCipherFiles[ cipherNum ] + print("Decloaking file using cipher: ", gCipherFiles[ cipherNum ]) # Call Decloakify() try: decloakify.Decloakify( decloakTempFile, "ciphers/" + gCipherFiles[ cipherNum ], decloakedFile ) - print "" - print "Decloaked file", sourceFile, ", saved to", decloakedFile - except: - print "" - print "!!! Oh noes! Error decloaking file (did you select the same cipher it was cloaked with?)" - print "" + print("") + print("Decloaked file", sourceFile, ", saved to", decloakedFile) + except Exception as ex: + print("") + print("!!! Oh noes! Error decloaking file (did you select the same cipher it was cloaked with?) ", ex) + print("") try: os.system( "rm -f %s" % ( decloakTempFile )) except: - print "" - print "!!! Oh noes! Error while deleting temporary file:", decloakTempFile - print "" + print("") + print("!!! Oh noes! Error while deleting temporary file:", decloakTempFile) + print("") - choice = raw_input("Press return to continue... ") + choice = input("Press return to continue... ") def SelectCipher(): - print "" - print "Ciphers:" - print "" + print("") + print("Ciphers:") + print("") cipherCount = 1 for cipherName in gCipherFiles: - print cipherCount, "-", cipherName + print( cipherCount, "-", cipherName) cipherCount = cipherCount + 1 - print "" + print("") selection = -1 while ( selection < 0 or selection > (cipherCount - 2)): try: - cipherNum = raw_input( "Enter cipher #: " ) + cipherNum = input( "Enter cipher #: " ) selection = int ( cipherNum ) - 1 if ( cipherNum == "" or selection < 0 or selection > (cipherCount - 1)): - print "Invalid cipher number, try again..." + print("Invalid cipher number, try again...") selection = -1 except ValueError: - print "Invalid cipher number, try again..." - print "" + print("Invalid cipher number, try again...") + print("") return selection def BrowseCiphers(): - print "" - print "======== Preview Ciphers ========" + print("") + print("======== Preview Ciphers ========") cipherNum = SelectCipher() - print "===== Cipher:", gCipherFiles[ cipherNum ], " =====" - print "" + print("===== Cipher:", gCipherFiles[ cipherNum ], " =====") + print("") try: with open( "ciphers/"+gCipherFiles[ cipherNum ] ) as cipherList: - arrayCipher = cipherList.read() - print( arrayCipher ) + arrayCipher = cipherList.read() + print(arrayCipher) except: - print "!!! Error opening cipher file.\n" + print("!!! Error opening cipher file.\n") - choice = raw_input( "Press return to continue... " ) + choice = input( "Press return to continue... " ) def SelectNoise(): - print "" - print "Noise Generators:" - print "" + print("") + print("Noise Generators:") + print("") noiseCount = 1 for noiseName in gNoiseScripts: - print noiseCount, "-", noiseName + print( noiseCount, "-", noiseName) noiseCount = noiseCount + 1 - print "" + print("") selection = -1 noiseTotal = noiseCount - 2 while ( selection < 0 or selection > noiseTotal ): try: - noiseNum = raw_input( "Enter noise generator #: " ) + noiseNum = input( "Enter noise generator #: " ) selection = int ( noiseNum ) - 1 if ( selection == "" or selection < 0 or selection > noiseTotal ): - print "Invalid generator number, try again..." + print("Invalid generator number, try again...") selection = -1 except ValueError: - print "Invalid generator number, try again..." + print("Invalid generator number, try again...") return selection def BrowseNoise(): - print "" - print "======== Preview Noise Generators ========" + print("") + print("======== Preview Noise Generators ========") noiseNum = SelectNoise() - print "" + print("") # No upper bounds checking, relies on SelectNoise() to return a valid value, fix in next update if noiseNum >= 0: try: - print "Sample output of prepended strings, using noise generator:", gNoiseScripts[ noiseNum ], "\n" + print("Sample output of prepended strings, using noise generator:", gNoiseScripts[ noiseNum ], "\n") os.system( "noiseTools/%s" % ( gNoiseScripts[ noiseNum ] )) except: - print "!!! Error while generating noise preview.\n" + print("!!! Error while generating noise preview.\n") - print "" - choice = raw_input( "Press return to continue... " ) + print("") + choice = input( "Press return to continue... " ) def Help(): - print "" - print "===================== Using Cloakify Factory =====================" - print "" - print "For background and full tutorial, see the presentation slides at" - print "https://github.com/TryCatchHCF/Cloakify" - print "" - print "WHAT IT DOES:" - print "" - print "Cloakify Factory transforms any filetype (e.g. .zip, .exe, .xls, etc.) into" - print "a list of harmless-looking strings. This lets you hide the file in plain sight," - print "and transfer the file without triggering alerts. The fancy term for this is" - print "'text-based steganography', hiding data by making it look like other data." - print "" - print "For example, you can transform a .zip file into a list made of Pokemon creatures" - print "or Top 100 Websites. You then transfer the cloaked file however you choose," - print "and then decloak the exfiltrated file back into its original form. The ciphers" - print "are designed to appear like harmless / ignorable lists, though some (like MD5" - print "password hashes) are specifically meant as distracting bait." - print "" - print "BASIC USE:" - print "" - print "Cloakify Factory will guide you through each step. Follow the prompts and" - print "it will show you the way." - print "" - print "Cloakify a Payload:" - print "- Select 'Cloakify a File' (any filetype will work - zip, binaries, etc.)" - print "- Enter filename that you want to Cloakify (can be filename or filepath)" - print "- Enter filename that you want to save the cloaked file as" - print "- Select the cipher you want to use" - print "- Select a Noise Generator if desired" - print "- Preview cloaked file if you want to check the results" - print "- Transfer cloaked file via whatever method you prefer" - print "" - print "Decloakify a Payload:" - print "- Receive cloaked file via whatever method you prefer" - print "- Select 'Decloakify a File'" - print "- Enter filename of cloaked file (can be filename or filepath)" - print "- Enter filename to save decloaked file to" - print "- Preview cloaked file to review which Noise Generator and Cipher you used" - print "- If Noise Generator was used, select matching Generator to remove noise" - print "- Select the cipher used to cloak the file" - print "- Your decloaked file is ready to go!" - print "" - print "You can browse the ciphers and outputs of the Noise Generators to get" - print "an idea of how to cloak files for your own needs." - print "" - print "Anyone using the same cipher can decloak your cloaked file, but you can" - print "randomize (scramble) the preinstalled ciphers. See 'randomizeCipherExample.txt'" - print "in the Cloakify directory for an example." - print "" - print "NOTE: Cloakify is not a secure encryption scheme. It's vulnerable to" - print "frequency analysis attacks. Use the 'Add Noise' option to add entropy when" - print "cloaking a payload to help degrade frequency analysis attacks. Be sure to" - print "encrypt the file prior to cloaking if secrecy is needed." + print("") + print("===================== Using Cloakify Factory =====================") + print("") + print("For background and full tutorial, see the presentation slides at") + print("https://github.com/TryCatchHCF/Cloakify") + print("") + print("WHAT IT DOES:") + print("") + print("Cloakify Factory transforms any filetype (e.g. .zip, .exe, .xls, etc.) into") + print("a list of harmless-looking strings. This lets you hide the file in plain sight,") + print("and transfer the file without triggering alerts. The fancy term for this is") + print("'text-based steganography', hiding data by making it look like other data.") + print("") + print("For example, you can transform a .zip file into a list made of Pokemon creatures") + print("or Top 100 Websites. You then transfer the cloaked file however you choose,") + print("and then decloak the exfiltrated file back into its original form. The ciphers") + print("are designed to appear like harmless / ignorable lists, though some (like MD5") + print("password hashes) are specifically meant as distracting bait.") + print("") + print("BASIC USE:") + print("") + print("Cloakify Factory will guide you through each step. Follow the prompts and") + print("it will show you the way.") + print("") + print("Cloakify a Payload:") + print("- Select 'Cloakify a File' (any filetype will work - zip, binaries, etc.)") + print("- Enter filename that you want to Cloakify (can be filename or filepath)") + print("- Enter filename that you want to save the cloaked file as") + print("- Select the cipher you want to use") + print("- Select a Noise Generator if desired") + print("- Preview cloaked file if you want to check the results") + print("- Transfer cloaked file via whatever method you prefer") + print("") + print("Decloakify a Payload:") + print("- Receive cloaked file via whatever method you prefer") + print("- Select 'Decloakify a File'") + print("- Enter filename of cloaked file (can be filename or filepath)") + print("- Enter filename to save decloaked file to") + print("- Preview cloaked file to review which Noise Generator and Cipher you used") + print("- If Noise Generator was used, select matching Generator to remove noise") + print("- Select the cipher used to cloak the file") + print("- Your decloaked file is ready to go!") + print("") + print("You can browse the ciphers and outputs of the Noise Generators to get") + print("an idea of how to cloak files for your own needs.") + print("") + print("Anyone using the same cipher can decloak your cloaked file, but you can") + print("randomize (scramble) the preinstalled ciphers. See 'randomizeCipherExample.txt'") + print("in the Cloakify directory for an example.") + print("") + print("NOTE: Cloakify is not a secure encryption scheme. It's vulnerable to") + print("frequency analysis attacks. Use the 'Add Noise' option to add entropy when") + print("cloaking a payload to help degrade frequency analysis attacks. Be sure to") + print("encrypt the file prior to cloaking if secrecy is needed.") def About(): - print "" - print "===================== About Cloakify Factory =====================" - print "" - print " \"Hide & Exfiltrate Any Filetype in Plain Sight\"" - print "" - print " Written by TryCatchHCF" - print " https://github.com/TryCatchHCF/Cloakify" - print "" - print "Data Exfiltration In Plain Sight; Evade DLP/MLS Devices; Social Engineering" - print "of Analysts; Defeat Data Whitelisting Controls; Evade AV Detection. Text-based" - print "steganography usings lists. Convert any file type (e.g. executables, Office," - print "Zip, images) into a list of everyday strings. Very simple tools, powerful" - print "concept, limited only by your imagination." - print "" - print "Cloakify Factory uses Python scripts to cloak / uncloak any file type using" - print "list-based ciphers (text-based steganography). Allows you to transfer data" - print "across a secure network's perimeter without triggering alerts, defeating data" - print "whitelisting controls, and derailing analyst's review via social engineering" - print "attacks against their workflows. As a bonus, cloaked files defeat signature-" - print "based malware detection tools." - print "" - print "NOTE: Cloakify is not a secure encryption scheme. It's vulnerable to" - print "frequency analysis attacks. Use the 'Add Noise' option to add entropy when" - print "cloaking a payload to help degrade frequency analysis attacks. Be sure to" - print "encrypt the file prior to cloaking if secrecy is needed." - print "" - print "DETAILS:" - print "" - print "Cloakify first Base64-encodes the payload, then applies a cipher to generate" - print "a list of strings that encodes the Base64 payload. Once exfiltrated, use" - print "Decloakify with the same cipher to decode the payload. The ciphers are" - print "designed to appear like harmless / ingorable lists, though some (like MD5" - print "password hashes) are specifically meant as distracting bait." - print "" - print "Prepackaged ciphers include lists of:" - print "" - print "- Amphibians (scientific names)" - print "- Belgian Beers" - print "- Desserts in English, Arabic, Thai, Russian, Hindi, Chinese, Persian, and" - print " Muppet (Swedish Chef)" - print "- Emoji" - print "- evadeAV (smallest cipher space, x3 payload size)" - print "- GeoCoords World Capitals (Lat/Lon)" - print "- GeoCaching Coordinates (w/ Site Names)" - print "- IPv4 Addresses of Popular Websites" - print "- MD5 Password Hashes" - print "- PokemonGo Monsters" - print "- Top 100 Websites" - print "- Ski Resorts" - print "- Status Codes (generic)" - print "- Star Trek characters" - print "- World Beaches" - print "- World Cup Teams" - print "" - print "Prepackaged scripts for adding noise / entropy to your cloaked payloads:" - print "" - print "- prependEmoji.py: Adds a randomized emoji to each line" - print "- prependID.py: Adds a randomized ID tag to each line" - print "- prependLatLonCoords.py: Adds random LatLong coordinates to each line" - print "- prependTimestamps.py: Adds timestamps (log file style) to each line" - print "" - print "CREATE YOUR OWN CIPHERS:" - print "" - print "Cloakify Factory is at its best when you're using your own customized" - print "ciphers. The default ciphers may work for most needs, but in a unique" - print "exfiltration scenario you may need to build your own." - print "" - print "Creating a Cipher:" - print "" - print "- Create a list of at least 66 unique words/phrases/symbols (Unicode accepted)" - print "- Randomize the list order" - print "- Remove all duplicate entries and all blank lines" - print "- Place cipher file in the 'ciphers/' subdirectory" - print "- Re-run Cloakify Factory to automatically load the new cipher" - print "- Test cloaking / decloaking with new cipher before using operationally" - print "" + print("") + print("===================== About Cloakify Factory =====================") + print("") + print(" \"Hide & Exfiltrate Any Filetype in Plain Sight\"") + print("") + print(" Written by TryCatchHCF") + print(" https://github.com/TryCatchHCF/Cloakify") + print("") + print("Data Exfiltration In Plain Sight; Evade DLP/MLS Devices; Social Engineering") + print("of Analysts; Defeat Data Whitelisting Controls; Evade AV Detection. Text-based") + print("steganography usings lists. Convert any file type (e.g. executables, Office,") + print("Zip, images) into a list of everyday strings. Very simple tools, powerful") + print("concept, limited only by your imagination.") + print("") + print("Cloakify Factory uses Python scripts to cloak / uncloak any file type using") + print("list-based ciphers (text-based steganography). Allows you to transfer data") + print("across a secure network's perimeter without triggering alerts, defeating data") + print("whitelisting controls, and derailing analyst's review via social engineering") + print("attacks against their workflows. As a bonus, cloaked files defeat signature-") + print("based malware detection tools.") + print("") + print("NOTE: Cloakify is not a secure encryption scheme. It's vulnerable to") + print("frequency analysis attacks. Use the 'Add Noise' option to add entropy when") + print("cloaking a payload to help degrade frequency analysis attacks. Be sure to") + print("encrypt the file prior to cloaking if secrecy is needed.") + print("") + print("DETAILS:") + print("") + print("Cloakify first Base64-encodes the payload, then applies a cipher to generate") + print("a list of strings that encodes the Base64 payload. Once exfiltrated, use") + print("Decloakify with the same cipher to decode the payload. The ciphers are") + print("designed to appear like harmless / ingorable lists, though some (like MD5") + print("password hashes) are specifically meant as distracting bait.") + print("") + print("Prepackaged ciphers include lists of:") + print("") + print("- Amphibians (scientific names)") + print("- Belgian Beers") + print("- Desserts in English, Arabic, Thai, Russian, Hindi, Chinese, Persian, and") + print(" Muppet (Swedish Chef)") + print("- Emoji") + print("- evadeAV (smallest cipher space, x3 payload size)") + print("- GeoCoords World Capitals (Lat/Lon)") + print("- GeoCaching Coordinates (w/ Site Names)") + print("- IPv4 Addresses of Popular Websites") + print("- MD5 Password Hashes") + print("- PokemonGo Monsters") + print("- Top 100 Websites") + print("- Ski Resorts") + print("- Status Codes (generic)") + print("- Star Trek characters") + print("- World Beaches") + print("- World Cup Teams") + print("") + print("Prepackaged scripts for adding noise / entropy to your cloaked payloads:") + print("") + print("- prependEmoji.py: Adds a randomized emoji to each line") + print("- prependID.py: Adds a randomized ID tag to each line") + print("- prependLatLonCoords.py: Adds random LatLong coordinates to each line") + print("- prependTimestamps.py: Adds timestamps (log file style) to each line") + print("") + print("CREATE YOUR OWN CIPHERS:") + print("") + print("Cloakify Factory is at its best when you're using your own customized") + print("ciphers. The default ciphers may work for most needs, but in a unique") + print("exfiltration scenario you may need to build your own.") + print("") + print("Creating a Cipher:") + print("") + print("- Create a list of at least 66 unique words/phrases/symbols (Unicode accepted)") + print("- Randomize the list order") + print("- Remove all duplicate entries and all blank lines") + print("- Place cipher file in the 'ciphers/' subdirectory") + print("- Re-run Cloakify Factory to automatically load the new cipher") + print("- Test cloaking / decloaking with new cipher before using operationally") + print("") def MainMenu(): - print " ____ _ _ _ __ ______ _ " - print " / __ \ | | | |_|/ _| | ___| | | " - print "| / \/ | ___ __ _| | ___| |_ _ _ | |_ __ _ ___| |_ ___ _ __ _ _ " - print "| | | |/ _ \ / _` | |/ / | _| | | | | _/ _` |/ __| __/ _ \| '__| | | |" - print "| \__/\ | |_| | |_| | <| | | | |_| | | || |_| | |__| || |_| | | | |_| |" - print " \____/_|\___/ \__,_|_|\_\_|_| \__, | \_| \__,_|\___|\__\___/|_| \__, |" - print " __/ | __/ |" - print " |___/ |___/ " - print "" - print " \"Hide & Exfiltrate Any Filetype in Plain Sight\"" - print "" - print " Written by TryCatchHCF" - print " https://github.com/TryCatchHCF" - print " (\~---." - print " / (\-`-/)" - print " ( ' ' ) data.xls image.jpg \\ List of emoji, IP addresses," - print " \ ( \_Y_/\\ ImADolphin.exe backup.zip --> sports teams, desserts," - print " \"\"\ \___// LoadMe.war file.doc / beers, anything you imagine" - print " `w \"" + print(" ____ _ _ _ __ ______ _ ") + print(" / __ \ | | | |_|/ _| | ___| | | ") + print("| / \/ | ___ __ _| | ___| |_ _ _ | |_ __ _ ___| |_ ___ _ __ _ _ ") + print("| | | |/ _ \ / _` | |/ / | _| | | | | _/ _` |/ __| __/ _ \| '__| | | |") + print("| \__/\ | |_| | |_| | <| | | | |_| | | || |_| | |__| || |_| | | | |_| |") + print(" \____/_|\___/ \__,_|_|\_\_|_| \__, | \_| \__,_|\___|\__\___/|_| \__, |") + print(" __/ | __/ |") + print(" |___/ |___/ ") + print("") + print(" \"Hide & Exfiltrate Any Filetype in Plain Sight\"") + print("") + print(" Written by TryCatchHCF") + print(" https://github.com/TryCatchHCF") + print(" (\~---.") + print(" / (\-`-/)") + print(" ( ' ' ) data.xls image.jpg \\ List of emoji, IP addresses,") + print(" \ ( \_Y_/\\ ImADolphin.exe backup.zip --> sports teams, desserts,") + print(" \"\"\ \___// LoadMe.war file.doc / beers, anything you imagine") + print(" `w \"" ) selectionErrorMsg = "1-7 are your options. Try again." notDone = 1 while ( notDone ): - print "" - print "==== Cloakify Factory Main Menu ====" - print "" - print "1) Cloakify a File" - print "2) Decloakify a File" - print "3) Browse Ciphers" - print "4) Browse Noise Generators" - print "5) Help / Basic Usage" - print "6) About Cloakify Factory" - print "7) Exit" - print "" + print("") + print("==== Cloakify Factory Main Menu ====") + print("") + print("1) Cloakify a File") + print("2) Decloakify a File") + print("3) Browse Ciphers") + print("4) Browse Noise Generators") + print("5) Help / Basic Usage") + print("6) About Cloakify Factory") + print("7) Exit") + print("") invalidSelection = 1 while ( invalidSelection ): try: - choice = int( raw_input( "Selection: " )) + choice = int( input( "Selection: " )) if ( choice > 0 and choice < 8 ): invalidSelection = 0 else: - print selectionErrorMsg + print( selectionErrorMsg) except ValueError: - print selectionErrorMsg + print( selectionErrorMsg) if choice == 1: CloakifyFile() @@ -485,13 +488,13 @@ def MainMenu(): elif choice == 7: notDone = 0 else: - print selectionErrorMsg + print (selectionErrorMsg) byeArray = ("Bye!", "Ciao!", "Adios!", "Aloha!", "Hei hei!", "Bless bless!", "Hej da!", "Tschuss!", "Adieu!", "Cheers!") - print "" - print random.choice( byeArray ) - print "" + print("") + print( random.choice( byeArray )) + print("") # ============================== Main Loop ================================ # From 84153bbeedcb249dd3ce4f1ee9c22caa46275258 Mon Sep 17 00:00:00 2001 From: John Aho Date: Sun, 9 Jul 2017 20:23:00 -0700 Subject: [PATCH 03/12] Update to Python3 --- cloakify.py | 28 +++++++++++++++------------- 1 file changed, 15 insertions(+), 13 deletions(-) diff --git a/cloakify.py b/cloakify.py index 93edc32..ea9f191 100644 --- a/cloakify.py +++ b/cloakify.py @@ -2,7 +2,7 @@ # # Filename: cloakify.py # -# Version: 1.1.0 +# Version: 1.1.1 # # Author: Joe Gervais (TryCatchHCF) # @@ -39,6 +39,7 @@ # # $ ./cloakify.py payload.txt ciphers/desserts > exfiltrate.txt # +# Updated to Python3 by John Aho import os, sys, getopt, base64 @@ -48,36 +49,37 @@ def Cloakify( arg1, arg2, arg3 ): payloadFile = open( arg1, 'rb' ) payloadRaw = payloadFile.read() - payloadB64 = base64.encodestring( payloadRaw ) + payloadB64 = base64.encodebytes( payloadRaw) try: with open( arg2 ) as file: cipherArray = file.readlines() except: - print "" - print "!!! Oh noes! Problem reading cipher '", arg2, "'" - print "!!! Verify the location of the cipher file" - print "" + print("") + print("!!! Oh noes! Problem reading cipher '", arg2, "'") + print("!!! Verify the location of the cipher file" ) + print("") if ( arg3 != "" ): try: with open( arg3, "w+" ) as outFile: - for char in payloadB64: + for char2 in payloadB64: + char = chr(char2) if char != '\n': outFile.write( cipherArray[ array64.index(char) ] ) - except: - print "" - print "!!! Oh noes! Problem opening or writing to file '", arg3, "'" - print "" + except Exception as ex: + print("") + print("!!! Oh noes! Problem opening or writing to file '", arg3, "'", ex) + print("") else: for char in payloadB64: if char != '\n': - print cipherArray[ array64.index(char) ], + print( cipherArray[ array64.index(char) ],) if __name__ == "__main__": if ( len(sys.argv) != 3 ): - print "usage: cloakify.py " + print("usage: cloakify.py ") exit else: From 1311c8c3ede0a12cdfdf12d2c9b87762ac7726b2 Mon Sep 17 00:00:00 2001 From: John Aho Date: Sun, 9 Jul 2017 20:23:43 -0700 Subject: [PATCH 04/12] Updated to Python3 --- decloakify.py | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/decloakify.py b/decloakify.py index 8cb895d..4870588 100644 --- a/decloakify.py +++ b/decloakify.py @@ -25,7 +25,7 @@ # Example: # # $ ./decloakify.py cloakedPayload.txt ciphers/desserts.ciph - +# Updated to Python3 by John Aho import sys, getopt, base64 @@ -45,17 +45,17 @@ def Decloakify( arg1, arg2, arg3 ): clear64 += array64[ arrayCipher.index(word) ] if ( arg3 != "" ): - with open( arg3, "w" ) as outFile: + with open( arg3, "wb" ) as outFile: outFile.write( base64.b64decode( clear64 )) else: - print base64.b64decode( clear64 ), + print( base64.b64decode( clear64 ),) if __name__ == "__main__": - if (len(sys.argv) != 3): - print "usage: decloakify.py " - exit - else: - Decloakify( sys.argv[1], sys.argv[2], "" ) + if (len(sys.argv) != 3): + print("usage: decloakify.py ") + exit + else: + Decloakify( sys.argv[1], sys.argv[2], "" ) From 427b05fbcec00d8c63876e2f5b1a488ee4bef03a Mon Sep 17 00:00:00 2001 From: John Aho Date: Sun, 9 Jul 2017 20:24:31 -0700 Subject: [PATCH 05/12] Updated to Python3 --- removeNoise.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/removeNoise.py b/removeNoise.py index 2d8fc63..979a9ad 100644 --- a/removeNoise.py +++ b/removeNoise.py @@ -20,8 +20,8 @@ import os, sys, getopt if ( len(sys.argv) != 4 ): - print "usage: removeNoise.py " - print + print("usage: removeNoise.py ") + print() exit else: From 0ab6aee010d32b17ec5d99b342980ad6f6466de6 Mon Sep 17 00:00:00 2001 From: John Aho Date: Sun, 9 Jul 2017 20:25:19 -0700 Subject: [PATCH 06/12] Updated to Python3 --- noiseTools/prependEmoji.py | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/noiseTools/prependEmoji.py b/noiseTools/prependEmoji.py index d19b89d..962edca 100644 --- a/noiseTools/prependEmoji.py +++ b/noiseTools/prependEmoji.py @@ -19,14 +19,15 @@ # $ ./prependEmoji.py exfiltrate.txt > exfiltrateNew.txt # # Remove prepended emoji before trying to decloak the file +# Updated to Python3 by John Aho import os, sys, getopt, random if ( len(sys.argv) > 2 ): - print "usage: prependEmoji.py " - print - print "Strip leading emoji prior to decloaking the cloaked file." - print + print("usage: prependEmoji.py ") + print() + print("Strip leading emoji prior to decloaking the cloaked file.") + print() exit else: From 8778249af6e37ab7bff6b94aa67b04c42b428b0e Mon Sep 17 00:00:00 2001 From: John Aho Date: Sun, 9 Jul 2017 20:25:51 -0700 Subject: [PATCH 07/12] Updated to Python3 --- noiseTools/prependID.py | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/noiseTools/prependID.py b/noiseTools/prependID.py index 9179ca4..27263ec 100644 --- a/noiseTools/prependID.py +++ b/noiseTools/prependID.py @@ -22,16 +22,17 @@ # Remove tag before trying to decloak the file # # $ cat exfiltrateMe.txt | cut -d" " -f 2- > cloaked.txt +# Updated to Python3 by John Aho import os, sys, getopt, codecs, random arrayCode = list ("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789") if ( len(sys.argv) > 2 ): - print "usage: prepend4digitID.py " - print - print "Strip tag prior to decloaking the cloaked file." - print + print("usage: prepend4digitID.py ") + print() + print("Strip tag prior to decloaking the cloaked file.") + print() exit else: From 4a02bd3efbdbd83d1dd1aebfda4d7cc74b146ac6 Mon Sep 17 00:00:00 2001 From: John Aho Date: Sun, 9 Jul 2017 20:26:21 -0700 Subject: [PATCH 08/12] Updated to Python3 --- noiseTools/prependLatLonCoords.py | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/noiseTools/prependLatLonCoords.py b/noiseTools/prependLatLonCoords.py index 52de70c..5b3d913 100644 --- a/noiseTools/prependLatLonCoords.py +++ b/noiseTools/prependLatLonCoords.py @@ -23,15 +23,16 @@ # Remove coordinate pairs before trying to decloak the file # # $ cat exfiltrateMe.txt | cut -d" " -f 3- > cloaked.txt +# Updated to Python3 by John Aho import os, sys, getopt, random if ( len(sys.argv) > 2 ): - print "usage: prependLatLonCoords.py " - print - print "Strip the coordinates prior to decloaking the cloaked file." - print + print("usage: prependLatLonCoords.py ") + print() + print("Strip the coordinates prior to decloaking the cloaked file.") + print() exit else: From fd1a5d8e5e315d852a4f290335324e217634c8f6 Mon Sep 17 00:00:00 2001 From: John Aho Date: Sun, 9 Jul 2017 20:27:13 -0700 Subject: [PATCH 09/12] Updated to Python3 --- noiseTools/prependTimestamps.py | 1 + 1 file changed, 1 insertion(+) diff --git a/noiseTools/prependTimestamps.py b/noiseTools/prependTimestamps.py index c966ddb..11bc6f6 100644 --- a/noiseTools/prependTimestamps.py +++ b/noiseTools/prependTimestamps.py @@ -24,6 +24,7 @@ # Remove timestamps before trying to decloak the file # # $ cat exfiltrateMe.txt | cut -d" " -f 3- > cloaked.txt +# Updated to Python3 by John Aho import os, sys, getopt, datetime, random From ec9f1e904471040cd66630de802383b4b83eb86e Mon Sep 17 00:00:00 2001 From: John Aho Date: Tue, 11 Jul 2017 22:52:07 -0700 Subject: [PATCH 10/12] Fix to remove noise Fix to remove noise. Tested working on mac osx. Some of the prepend / remove noise stuff doesn't seem to run well on windows currently --- noiseTools/prependEmoji.py | 0 noiseTools/prependID.py | 0 noiseTools/prependLatLonCoords.py | 0 noiseTools/prependTimestamps.py | 0 removeNoise.py | 2 +- 5 files changed, 1 insertion(+), 1 deletion(-) mode change 100644 => 100755 noiseTools/prependEmoji.py mode change 100644 => 100755 noiseTools/prependID.py mode change 100644 => 100755 noiseTools/prependLatLonCoords.py mode change 100644 => 100755 noiseTools/prependTimestamps.py mode change 100644 => 100755 removeNoise.py diff --git a/noiseTools/prependEmoji.py b/noiseTools/prependEmoji.py old mode 100644 new mode 100755 diff --git a/noiseTools/prependID.py b/noiseTools/prependID.py old mode 100644 new mode 100755 diff --git a/noiseTools/prependLatLonCoords.py b/noiseTools/prependLatLonCoords.py old mode 100644 new mode 100755 diff --git a/noiseTools/prependTimestamps.py b/noiseTools/prependTimestamps.py old mode 100644 new mode 100755 diff --git a/removeNoise.py b/removeNoise.py old mode 100644 new mode 100755 index 979a9ad..b353893 --- a/removeNoise.py +++ b/removeNoise.py @@ -28,7 +28,7 @@ numberOfColumnsToStrip = int( sys.argv[1] ) with open( sys.argv[2] ) as file: - noisyFile = file.readlines() + noisyFile = file.readlines() file.close() with open( sys.argv[3], "w" ) as file: From b01aff2d45ede63e024e37348b9efcfe30550919 Mon Sep 17 00:00:00 2001 From: John Aho Date: Tue, 11 Jul 2017 22:55:51 -0700 Subject: [PATCH 11/12] Update README.md --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index e2c5fac..98af522 100644 --- a/README.md +++ b/README.md @@ -99,3 +99,5 @@ Or of course: $ cat cloakedAndNoisy.txt | cut -d" " -f3- > cloakedNoiseStripped. + +# Updated to python3 by John Aho From 263becf401d0774ee625f657b4e6176835a2cae0 Mon Sep 17 00:00:00 2001 From: John Aho Date: Tue, 11 Jul 2017 22:56:15 -0700 Subject: [PATCH 12/12] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 98af522..74eb327 100644 --- a/README.md +++ b/README.md @@ -100,4 +100,4 @@ Or of course: $ cat cloakedAndNoisy.txt | cut -d" " -f3- > cloakedNoiseStripped. -# Updated to python3 by John Aho +* Updated to python3 by John Aho