Breaking Substitution-Permutation cipher - cryptography

I have a ciphertext encrypted with a substitution-permutation cipher. I want to know how can I break this cipher and decrypt it into usual English text. Here is the ciphertext:
telipcs lp wwax drqx pzfq ii qpzprpr pd nic ephryxb ntrplx lcmxxrzd cx vmp qdpw. pd wvezm, zee ezxs mswe fn telipdcm xvq prpbx dw qmc rage pd nic uqjp xleses. brd cpwclx xa pcs degj epq ex mrfref nwnc xdz. msyx egd cpefx vaed zmcq qfcx wnp qcw cwy ya pcs dxrje. pq yfcwp tgze gew n yxavexqw, me mdcr prse meuwce! sl ld wvcrdyw, vctpb ere pdbzlfrw:

Related

Text data extraction between keywords in a string

I have text data that looks like the following after extracting from a file and cleaning. I want to put the data into a pandas dataframe where the columns are ('EXAMINATION', 'TECHNIQUE', 'COMPARISON', 'FINDINGS', 'IMPRESSION'), and each cell in each row contains the extracted data related to the column name (i.e. the keyword).
'FINAL REPORT EXAMINATION: CHEST PA AND LAT INDICATION: F with new onset ascites eval for infection TECHNIQUE: Chest PA and lateral COMPARISON: None FINDINGS: There is no focal consolidation pleural effusion or pneumothorax Bilateral nodular opacities that most likely represent nipple shadows The cardiomediastinal silhouette is normal Clips project over the left lung potentially within the breast The imaged upper abdomen is unremarkable Chronic deformity of the posterior left sixth and seventh ribs are noted IMPRESSION: No acute cardiopulmonary process'
For example, under the column TECHNIQUE there should be a cell containing "Chest PA and lateral", and under the column IMPRESSION, there should be a cell containing "No acute cardiopulmonary process".
Solution as follows, please note the following assumptions:
Keywords as presented are located in that order within the sample text.
The keywords are not contained within the text to be extracted.
Each keyword is followed by a ": " (the colon and whitespace is removed).
Solution
import pandas as pd
sample = "FINAL REPORT EXAMINATION: CHEST PA AND LAT INDICATION: F with new onset ascites eval for infection TECHNIQUE: Chest PA and lateral COMPARISON: None FINDINGS: There is no focal consolidation pleural effusion or pneumothorax Bilateral nodular opacities that most likely represent nipple shadows The cardiomediastinal silhouette is normal Clips project over the left lung potentially within the breast The imaged upper abdomen is unremarkable Chronic deformity of the posterior left sixth and seventh ribs are noted IMPRESSION: No acute cardiopulmonary process"
keywords = ["EXAMINATION", "TECHNIQUE", "COMPARISON", "FINDINGS", "IMPRESSION"]
# Create function to extract text between each of the keywords
def extract_text_using_keywords(clean_text, keyword_list):
extracted_texts = []
for prev_kw, current_kw in zip(keyword_list, keyword_list[1:]):
prev_kw_index = clean_text.index(prev_kw)
current_kw_index = clean_text.index(current_kw)
extracted_texts.append(clean_text[prev_kw_index + len(prev_kw) + 2:current_kw_index])
# Extract the text after the final keyword in keyword_list (i.e. "IMPRESSION")
if current_kw == keyword_list[-1]:
extracted_texts.append(clean_text[current_kw_index + len(current_kw) + 2:len(clean_text)])
return extracted_texts
# Extract text
result = extract_text_using_keywords(sample, keywords)
# Create pandas dataframe
df = pd.DataFrame([result], columns=keywords)
print(df)
# To append future results to the end of the pandas df you can use
# df.loc[len(df)] = result
Output
EXAMINATION TECHNIQUE COMPARISON FINDINGS IMPRESSION
0 CHEST PA AND LAT INDICATION: F with new onset ... Chest PA and lateral None There is no focal consolidation pleural effusi... No acute cardiopulmonary process
It looks like the input is organized such that EXAMINATION, TECHNIQUE, etc. occur in that order.
One approach is to iterate over pairs of strings and use .split() to select content between them. Here is one approach:
import pandas as pd
data = 'FINAL REPORT EXAMINATION: CHEST PA AND LAT INDICATION: F with new onset ascites eval for infection TECHNIQUE: Chest PA and lateral COMPARISON: None FINDINGS: There is no focal consolidation pleural effusion or pneumothorax Bilateral nodular opacities that most likely represent nipple shadows The cardiomediastinal silhouette is normal Clips project over the left lung potentially within the breast The imaged upper abdomen is unremarkable Chronic deformity of the posterior left sixth and seventh ribs are noted IMPRESSION: No acute cardiopulmonary process'
strings = ('EXAMINATION','TECHNIQUE', 'COMPARISON','FINDINGS', 'IMPRESSION', '')
out = {}
for s1, s2 in zip(strings, strings[1:]):
if not s2:
text = data.split(s1)[1]
else:
text = data.split(s1)[1].split(s2)[0]
out[s1] = [text]
print(pd.DataFrame(out))
Which results in:
EXAMINATION TECHNIQUE COMPARISON FINDINGS IMPRESSION
0 : CHEST PA AND LAT INDICATION: F with new onse... : Chest PA and lateral : None : There is no focal consolidation pleural effu... : No acute cardiopulmonary process

Modsecurity finds no geo data for IP

I want to block every country except mine, so I downloaded the GeoLite2 database and added it in the crs-setup.conf file. Under -=[ Block Countries ]=- I also added every country code for testing.
This did not work and after trying multiple alternative "country blocking" rules I looked into the debug log and saw that the rule itself was working, but it wasn't finding any geo data for the IP:
Recipe: Invoking rule 72bef6b0; [file "/etc/modsecurity/rules/REQUEST-910-IP-REPUTATION.conf"] [line "75"] [id "910100"].
Rule 72bef6b0: SecRule "TX:HIGH_RISK_COUNTRY_CODES" "!#rx ^$" "phase:2,log,auditlog,id:910100,drop,t:none,msg:'Client IP is from a HIGH Risk Country Location',logdata:%{MATCHED_VAR},tag:application-multi,tag:language-multi,tag:platform-multi,tag:attack-reputation-ip,tag:paranoia-level/1,tag:OWASP_CRS,ver:OWASP_CRS/3.3.2,severity:CRITICAL,chain"
Transformation completed in 8 usec.
Executing operator "!rx" with param "^$" against TX:high_risk_country_codes.
Target value: "AD AE AF AG AI AL AM AO AQ AR AS AT AU AW AX AZ BA BB BD BE BF BG BH BI BJ BL BM BN BO BQ BR BS BT BV BW BY BZ CA CC CD CF CG CH CI CK CL CM CN CO CR CU CV CW CX CY CZ DE DJ DK DM DO DZ EC EE EG EH ER ES ET FI FJ FK FM FO FR GA GB GD GE GF GG GH GI GL GM GN GP GQ GR GS GT GU GW GY HK HM HN HR HT HU ID IE IL IM IN IO IQ IR IS IT JE JM JO JP KE KG KH KI KM KN KP KR KW KY KZ LA LB LC LI LK LR LS LT LU LV LY MA MC MD ME MF MG MH MK ML MM MN MO MP MQ MR MS MT MU MV MW MX MY MZ NA NC NE NF NG NI NL NO NP NR NU NZ OM PA PE PF PG PH PK PL PM PN PR PS PT PW PY QA RE RO RS RU RW SA SB SC SD SE SG SH SI SJ SK SL SM SN SO SR SS ST SV SX SY SZ TC TD TF TG TH TJ TK TL TM TN TO TR TT TV TW TZ UA UG UM US UY UZ VA VC VE VG VI VN VU WF WS YE YT ZA ZM ZW"
Operator completed in 20 usec.
Rule returned 1.
Match -> mode NEXT_RULE.
Recipe: Invoking rule 72eb4298; [file "/etc/modsecurity/rules/REQUEST-910-IP-REPUTATION.conf"] [line "77"].
Rule 72eb4298: SecRule "TX:REAL_IP" "#geoLookup " "chain"
Transformation completed in 2 usec.
Executing operator "geoLookup" with param "" against TX:real_ip.
Target value: "###.##.#.###"
GEO: Looking up "###.##.#.###".
GEO: Using address "###.##.#.###" (0x########). ##########
No geo data for "###.##.#.###" (country -4431872).
Operator completed in 10205 usec.
Rule returned 0.
However the IP is in the database as I checked it with geoip2 in Python and it returned the correct country for said IP.
Is there anything obvious I missed?
ModSecurity does NOT support new GeoIP2 format of GeoIP database so old, legacy, format need to be used.

PDF's stream seems imcomplete but rendered properly

I made a 3x3 table that all cell is stroked but the outer lines are thick by Excel. Then exported to PDF and got the following stream (decoded from Flate).
q
49.56 728.5 169.25 60.12 re
W* n
/P <</MCID 0>> BDC /GS6 gs
0 g
49.56 729.58 2.88 59.04 re
f*
0.14 w
/GS7 gs
0 G
2 J 1 j
105.68 785.68 m
105.68 732.52 l
S
105.62 732.46 0.96 53.28 re
f*
I don't believe that this stream is complete to draw the table. Is something missed or a kind of interpolation working? Of course table is rendered properly on Acrobat Reader.
The image is just to explain and is not what I made so its size differs.
Update
Please refer to the actual file:
https://drive.google.com/file/d/1We2jri-Y04fBYJcZ96HIs05DPeTSDOIc/view?usp=sharing
Actually the content stream is a bit longer:
q
49.56 728.5 169.25 60.12 re
W*
n
/P <</MCID 0 >> BDC
/GS6 gs
0 g
49.56 729.58 2.88 59.04 re
f*
0.14 w
/GS7 gs
0 G
2 J
1 j
105.68 785.68 m
105.68 732.52 l
S
105.62 732.46 0.96 53.28 re
f*
160.76 785.68 m
160.76 732.52 l
S
160.7 732.46 0.96001 53.28 re
f*
214.85 729.58 2.88 56.16 re
f*
52.44 785.74 165.29 2.88 re
f*
52.5 768.76 m
214.79 768.76 l
S
52.44 767.86 162.41 0.96 re
f*
52.5 750.28 m
214.79 750.28 l
S
52.44 749.38 162.41 0.96 re
f*
52.44 729.58 165.29 2.88 re
f*
Q
EMC
All lines are drawn using filled narrow rectangles. The inner lines additionally are drawn as stroked single-edge paths. Those latter stroked paths are not necessary for the appearance.
You probably should check the code for FLATE decoding the content stream which returned you only a partial result.

CDA Authentication Parameters

For CDA Authentication The EMV terminal a GENERATE AC command like
80 AE P1 00 LC DATA 00
CLA = 80
INS = AE
P1 = ?
P2 = 00
LC = ?
DATA = ?
LE = 00
Where do the parameters P1, LC and Data come from?
P1 defines the type of cryptogram you expect the chip to generate for you. It also has bit to specify the data has to be responded inside a CDA jacket. Refer the below part from EMVCo book 3.
So P1 = 0x00 will mean you expect an AAC,
0x80 for ARQC and
0x40 for TC
Turn on bit 5, and you get the data inside a certificate.
I hope you understand that not always you will get the expected cryptogram type back from Card. It can be in the order TC > ARQC > AC. When requesting TC, you can expect TC, ARQC or AC. When ARQC is requested you can get ARQC or AAC, but not TC. When AAC is requested, it is always AAC and not TC or ARQC.

FASM - Boot sector on USB don't work

in first, sorry for my bad english, i'm french.
At the moment, i learn asm with fasm to test boot sector programming.
I have make a simple boot program, i have compiled it and i write boot.bin in first sector of my usb.
But when i boot on my PC or in virtualbox, drive isn't found....
Boot sector code:
;=======================================================================
; a simpliest 1.44 bootable image by shoorick ;)
;=======================================================================
_bs equ 512
_st equ 18
_hd equ 2
_tr equ 80
;=======================================================================
org 7C00h
jmp start
nop
;=====================================================
db "HE-HE OS"; ; 8
dw _bs ; b/s
db 1 ; s/c
dw 1 ; rs
db 2 ; fats
dw 224 ; rde
dw 2880 ; as
db 0F0h ; media
dw 9 ; s/fat
dw _st ; s/t
dw _hd ; h
dd 0 ; hs
dd 0 ; --
db 0 ; drv
db 0 ; --
db 29h ; ebr
dd 0 ; sn
db "NO NAME "; ; 11
db "FAT12 "; ; 8
;=====================================================
start:
mov ax,cs
mov ds,ax
mov cx,count
mov si,hello
mov bx,7
mov ah,0Eh
##:
lodsb
int 10h
loop #B
xor ah,ah
int 16h
int 19h
hello db "Hi! This is disk-invalid!"
count = $ - hello
;=======================================================================
rb 7E00h-2-$
db 055h,0AAh
;=======================================================================
This code is provide by examples of fasm's website.
there are couple of reasons why a bootloader wont work:
the bootloader is not in the first sector of the USB/Floppy/etc.
the bootloader is not EXACTLY 512 bytes long
you are missing the 0xAA55 signature at the last 2 bytes of the bootloader
in your example i assume you have the wrong bootloader size ( it is not 512 bytes )
try replacing
rb 7E00h-2-$
db 055h,0AAh
with
TIMES 510-($-$$) DB 0
DW 0xAA55
this ensures that your file is exactly 512 bytes long and that is has the required bootloader signature