Assembly Language for Beginners

(Jeff_L) #1

5.4. STRINGS


Base64 is often used when binary data needs to be stored in XML. “Armored” (i.e., in text form) PGP keys
and signatures are encoded using base64.


Somepeopletriestousebase64toobfuscatestrings:http://blog.sec-consult.com/2016/01/deliberately-hidden-backdoor-account-in.
html^10.


Thereareutilitiesforscanninganarbitrarybinaryfilesforbase64strings. Onesuchutilityisbase64scanner^11.


Another encoding system which was much more popular in UseNet and FidoNet is Uuencoding. Binary
files are still encoded in Uuencode format in Phrack magazine. It offers mostly the same features, but is
different from base64 in the sense that file name is also stored in header.


By the way: there is also close sibling to base64: base32, alphabet of which has 10 digits and 26 Latin
characters. One well-known usage of it is onion addresses^12 , like:http://3g2upl4pq6kufc4m.onion/.
URLcan’t have mixed-case Latin characters, so apparently, this is why Tor developers used base32.


5.4.2 Finding strings in binary


Actually, the best form of Unix
documentation is frequently running the
stringscommand over a program’s object
code. Usingstrings, you can get a complete
list of the program’s hard-coded file name,
environment variables, undocumented
options, obscure error messages, and so
forth.

The Unix-Haters Handbook

The standard UNIXstringsutility is quick-n-dirty way to see strings in file. For example, these are some
strings from OpenSSH 7.2 sshd executable file:


...
0123
0123456789
0123456789abcdefABCDEF.:/
%02x
...
%.100s, line %lu: Bad permitopen specification <%.100s>
%.100s, line %lu: invalid criteria
%.100s, line %lu: invalid tun device
...
%.200s/.ssh/environment
...
2886173b9c9b6fdbdeda7a247cd636db38deaa.debug
$2a$06$r3.juUaHZDlIbQaO2dS9FuYxL1W9M81R1Tc92PoSNmzvpEqLkLGrK
...
3des-cbc
...
Bind to port %s on %s.
Bind to port %s on %s failed: %.200s.
/bin/login
/bin/sh
/bin/sh /etc/ssh/sshrc
...
D$4PQWR1
D$4PUj
D$4PV
D$4PVj
D$4PW
D$4PWj
D$4X
D$4XZj
D$4Y
...
diffie-hellman-group-exchange-sha1


(^10) http://archive.is/nDCas
(^11) https://github.com/DennisYurichev/base64scanner
(^12) https://trac.torproject.org/projects/tor/wiki/doc/HiddenServiceNames

Free download pdf