Converter v0.7 Released

Malicious Java applets have been making news for awhile so I thought I would update Converter to include some new features to help with deobfuscating them.

This is a list of changes made to this version:
+ Replaced Binary-to/from-Text with Binary-to/from-Hex to make it more useful
+ Added Filter > “Keep Hex” to only keep hex characters
+ Added Format > “Mixed Octal to Hex” to convert a mixture of text and octal to hex
+ Added Format > “Sort Text” to sort a string
+ Added Format > “Hex Format – CSV” separates hex values with a comma
+ Added Tools > “String Builder” to keep values between quotes
+ Modified “Dec-to-Hex” and “Dec-to-Octal” to handle negative integers
+ Added “copy output to input” option to Secret Decoder Ring
+ Added ability to import first KB (or all) of data to Key Search/Convert
+ Eliminated extra fields in Key Search/Convert screen
+ Made expression capability in Key Search/Convert and Convert Binary File a little more robust (added Extra > “Expressions Help”)

Here’s a look at some of the features in action…

This applet used binary strings to hide its actions:

2013-03-16_01

Just paste it in and the Binary-to-Hex feature will split on every eight characters and convert them to hex. You can choose the Output Format using the dropdown at the bottom.

2013-03-16_02

Here we see an applet concatenating several variables together before it deobfuscates it:

2013-03-16_03

Using the “String Builder” feature…

2013-03-16_04

Just paste the section in and Converter will concatenate everything between the quotes together. Make sure the beginning and ending quotes are present.

2013-03-16_05

This applet is using a mix of text and octal characters:

2013-03-16_06

The “Mixed Octal to Hex” feature…

2013-03-16_07

Will convert the string (including escaped characters) to hex.

2013-03-16_08

This applet is using an array of positive and negative integers:

2013-03-16_09

Converter now converts decimal to hex properly.

2013-03-16_10

This particular applet takes this concatenated string and deobfuscates it by running through a decoder routine three times:

2013-03-16_11

The Secret Decoder Ring now allows you to copy the output to the input field so you can decode it any number of times without having to manually copy/paste each time.

2013-03-16_12

Finally, you can see the changes made to the Key Search/Convert screen. I tried to make the expressions as flexible as possible.

2013-03-16_13

You can download Converter from here. Enjoy!

This entry was posted in Tools and tagged . Bookmark the permalink.