diff --git a/src/core/lib/Magic.mjs b/src/core/lib/Magic.mjs
index b4d5a7b..640979c 100644
--- a/src/core/lib/Magic.mjs
+++ b/src/core/lib/Magic.mjs
@@ -265,9 +265,10 @@ class Magic {
* performance)
* @param {Object[]} [recipeConfig=[]] - The recipe configuration up to this point
* @param {boolean} [useful=false] - Whether the current recipe should be scored highly
+ * @param {string} [filter=null] - The regex crib provided by the user, to filter the operation output
* @returns {Object[]} - A sorted list of the recipes most likely to result in correct decoding
*/
- async speculativeExecution(depth=0, extLang=false, intensive=false, recipeConfig=[], useful=false) {
+ async speculativeExecution(depth=0, extLang=false, intensive=false, recipeConfig=[], useful=false, filter=null) {
if (depth < 0) return [];
// Find any operations that can be run on this data
@@ -276,17 +277,20 @@ class Magic {
let results = [];
// Record the properties of the current data
- results.push({
- recipe: recipeConfig,
- data: this.inputStr.slice(0, 100),
- languageScores: this.detectLanguage(extLang),
- fileType: this.detectFileType(),
- isUTF8: this.isUTF8(),
- entropy: this.calcEntropy(),
- matchingOps: matchingOps,
- useful: useful
- });
-
+ // Only if there either wasn't a filter provided,
+ // or the filter matches in the data
+ if (filter == null || new RegExp(filter).test(this.inputStr)){
+ results.push({
+ recipe: recipeConfig,
+ data: this.inputStr.slice(0, 100),
+ languageScores: this.detectLanguage(extLang),
+ fileType: this.detectFileType(),
+ isUTF8: this.isUTF8(),
+ entropy: this.calcEntropy(),
+ matchingOps: matchingOps,
+ useful: useful
+ });
+ }
const prevOp = recipeConfig[recipeConfig.length - 1];
// Execute each of the matching operations, then recursively call the speculativeExecution()
@@ -305,7 +309,7 @@ class Magic {
const magic = new Magic(output, this.opPatterns),
speculativeResults = await magic.speculativeExecution(
- depth-1, extLang, intensive, [...recipeConfig, opConfig], op.useful);
+ depth-1, extLang, intensive, [...recipeConfig, opConfig], op.useful, filter);
results = results.concat(speculativeResults);
}));
@@ -317,7 +321,7 @@ class Magic {
await Promise.all(bfEncodings.map(async enc => {
const magic = new Magic(enc.data, this.opPatterns),
bfResults = await magic.speculativeExecution(
- depth-1, extLang, false, [...recipeConfig, enc.conf]);
+ depth-1, extLang, false, [...recipeConfig, enc.conf], useful, filter);
results = results.concat(bfResults);
}));
diff --git a/src/core/operations/Magic.mjs b/src/core/operations/Magic.mjs
index b3e15e6..8bfdb06 100644
--- a/src/core/operations/Magic.mjs
+++ b/src/core/operations/Magic.mjs
@@ -23,7 +23,7 @@ class Magic extends Operation {
this.name = "Magic";
this.flowControl = true;
this.module = "Default";
- this.description = "The Magic operation attempts to detect various properties of the input data and suggests which operations could help to make more sense of it.
Options
Depth: If an operation appears to match the data, it will be run and the result will be analysed further. This argument controls the maximum number of levels of recursion.
Intensive mode: When this is turned on, various operations like XOR, bit rotates, and character encodings are brute-forced to attempt to detect valid data underneath. To improve performance, only the first 100 bytes of the data is brute-forced.
Extensive language support: At each stage, the relative byte frequencies of the data will be compared to average frequencies for a number of languages. The default set consists of ~40 of the most commonly used languages on the Internet. The extensive list consists of 284 languages and can result in many languages matching the data if their byte frequencies are similar.";
+ this.description = "The Magic operation attempts to detect various properties of the input data and suggests which operations could help to make more sense of it.
Options
Depth: If an operation appears to match the data, it will be run and the result will be analysed further. This argument controls the maximum number of levels of recursion.
Intensive mode: When this is turned on, various operations like XOR, bit rotates, and character encodings are brute-forced to attempt to detect valid data underneath. To improve performance, only the first 100 bytes of the data is brute-forced.
Extensive language support: At each stage, the relative byte frequencies of the data will be compared to average frequencies for a number of languages. The default set consists of ~40 of the most commonly used languages on the Internet. The extensive list consists of 284 languages and can result in many languages matching the data if their byte frequencies are similar.
Optionally enter a regular expression to match a string you expect to find to filter results (crib)";
this.infoURL = "https://github.com/gchq/CyberChef/wiki/Automatic-detection-of-encoded-data-using-CyberChef-Magic";
this.inputType = "ArrayBuffer";
this.outputType = "JSON";
@@ -43,6 +43,11 @@ class Magic extends Operation {
"name": "Extensive language support",
"type": "boolean",
"value": false
+ },
+ {
+ "name": "Crib (known plaintext string or regex)",
+ "type": "string",
+ "value": ""
}
];
}
@@ -56,10 +61,10 @@ class Magic extends Operation {
*/
async run(state) {
const ings = state.opList[state.progress].ingValues,
- [depth, intensive, extLang] = ings,
+ [depth, intensive, extLang, filter] = ings,
dish = state.dish,
magic = new MagicLib(await dish.get(Dish.ARRAY_BUFFER)),
- options = await magic.speculativeExecution(depth, extLang, intensive);
+ options = await magic.speculativeExecution(depth, extLang, intensive, [], false, filter);
// Record the current state for use when presenting
this.state = state;