Merge branch 'master' of https://github.com/j433866/CyberChef into j433866-master

src/core/lib/Magic.mjs

@@ -265,9 +265,10 @@ class Magic {
      *                                      performance)
      * @param {Object[]} [recipeConfig=[]] - The recipe configuration up to this point
      * @param {boolean} [useful=false] - Whether the current recipe should be scored highly
+     * @param {string} [filter=null] - The regex crib provided by the user, to filter the operation output
      * @returns {Object[]} - A sorted list of the recipes most likely to result in correct decoding
      */
-    async speculativeExecution(depth=0, extLang=false, intensive=false, recipeConfig=[], useful=false) {
+    async speculativeExecution(depth=0, extLang=false, intensive=false, recipeConfig=[], useful=false, filter=null) {
         if (depth < 0) return [];
 
         // Find any operations that can be run on this data
@@ -276,17 +277,20 @@ class Magic {
         let results = [];
 
         // Record the properties of the current data
-        results.push({
-            recipe: recipeConfig,
-            data: this.inputStr.slice(0, 100),
-            languageScores: this.detectLanguage(extLang),
-            fileType: this.detectFileType(),
-            isUTF8: this.isUTF8(),
-            entropy: this.calcEntropy(),
-            matchingOps: matchingOps,
-            useful: useful
-        });
-
+        // Only if there either wasn't a filter provided,
+        // or the filter matches in the data
+        if (filter == null || new RegExp(filter).test(this.inputStr)){
+            results.push({
+                recipe: recipeConfig,
+                data: this.inputStr.slice(0, 100),
+                languageScores: this.detectLanguage(extLang),
+                fileType: this.detectFileType(),
+                isUTF8: this.isUTF8(),
+                entropy: this.calcEntropy(),
+                matchingOps: matchingOps,
+                useful: useful
+            });
+        }
         const prevOp = recipeConfig[recipeConfig.length - 1];
 
         // Execute each of the matching operations, then recursively call the speculativeExecution()
@@ -305,7 +309,7 @@ class Magic {
 
             const magic = new Magic(output, this.opPatterns),
                 speculativeResults = await magic.speculativeExecution(
-                    depth-1, extLang, intensive, [...recipeConfig, opConfig], op.useful);
+                    depth-1, extLang, intensive, [...recipeConfig, opConfig], op.useful, filter);
 
             results = results.concat(speculativeResults);
         }));
@@ -317,7 +321,7 @@ class Magic {
             await Promise.all(bfEncodings.map(async enc => {
                 const magic = new Magic(enc.data, this.opPatterns),
                     bfResults = await magic.speculativeExecution(
-                        depth-1, extLang, false, [...recipeConfig, enc.conf]);
+                        depth-1, extLang, false, [...recipeConfig, enc.conf], useful, filter);
 
                 results = results.concat(bfResults);
             }));

src/core/operations/Magic.mjs

@@ -23,7 +23,7 @@ class Magic extends Operation {
         this.name = "Magic";
         this.flowControl = true;
         this.module = "Default";
-        this.description = "The Magic operation attempts to detect various properties of the input data and suggests which operations could help to make more sense of it.<br><br><b>Options</b><br><u>Depth:</u> If an operation appears to match the data, it will be run and the result will be analysed further. This argument controls the maximum number of levels of recursion.<br><br><u>Intensive mode:</u> When this is turned on, various operations like XOR, bit rotates, and character encodings are brute-forced to attempt to detect valid data underneath. To improve performance, only the first 100 bytes of the data is brute-forced.<br><br><u>Extensive language support:</u> At each stage, the relative byte frequencies of the data will be compared to average frequencies for a number of languages. The default set consists of ~40 of the most commonly used languages on the Internet. The extensive list consists of 284 languages and can result in many languages matching the data if their byte frequencies are similar.";
+        this.description = "The Magic operation attempts to detect various properties of the input data and suggests which operations could help to make more sense of it.<br><br><b>Options</b><br><u>Depth:</u> If an operation appears to match the data, it will be run and the result will be analysed further. This argument controls the maximum number of levels of recursion.<br><br><u>Intensive mode:</u> When this is turned on, various operations like XOR, bit rotates, and character encodings are brute-forced to attempt to detect valid data underneath. To improve performance, only the first 100 bytes of the data is brute-forced.<br><br><u>Extensive language support:</u> At each stage, the relative byte frequencies of the data will be compared to average frequencies for a number of languages. The default set consists of ~40 of the most commonly used languages on the Internet. The extensive list consists of 284 languages and can result in many languages matching the data if their byte frequencies are similar.<br><br>Optionally enter a regular expression to match a string you expect to find to filter results (crib)";
         this.infoURL = "https://github.com/gchq/CyberChef/wiki/Automatic-detection-of-encoded-data-using-CyberChef-Magic";
         this.inputType = "ArrayBuffer";
         this.outputType = "JSON";
@@ -43,6 +43,11 @@ class Magic extends Operation {
                 "name": "Extensive language support",
                 "type": "boolean",
                 "value": false
+            },
+            {
+                "name": "Crib (known plaintext string or regex)",
+                "type": "string",
+                "value": ""
             }
         ];
     }
@@ -56,10 +61,10 @@ class Magic extends Operation {
      */
     async run(state) {
         const ings = state.opList[state.progress].ingValues,
-            [depth, intensive, extLang] = ings,
+            [depth, intensive, extLang, filter] = ings,
             dish = state.dish,
             magic = new MagicLib(await dish.get(Dish.ARRAY_BUFFER)),
-            options = await magic.speculativeExecution(depth, extLang, intensive);
+            options = await magic.speculativeExecution(depth, extLang, intensive, [], false, filter);
 
         // Record the current state for use when presenting
         this.state = state;