Aug-17-2020, 07:28 PM
(Aug-17-2020, 07:04 PM)bowlofred Wrote: base64 encoding and "visible in a hex editor" seem like completely different things. If you're just looking for a string that has a particular hex representation, that's not base64 encoding.
This looks like its binary data. As such identifying a particular "string" seems odd to me. How do you identify the beginning and the end of the string? By newlines or something else?
Sorry, I probably should have explained it better. When I say hex editor I mean basically an extended text editor which shows hex values and line numbers. It also has the function to change encoding, endianness and whatnot. I am using HexFiend
If I open up the Mach-O file with an encoding of ASCII, I will be able to find full base64 encoded strings like
dGhpc2lzYmFzZTY0. The hex editor is there purely so I can view these strings. The same can be done in a disassembler like Binary Ninja.The reason I need to look for this string is so I can replace it with my own. At the moment, I need to only replace 1 string but in the future I want to be able to replace any string with any other string. I thought the easiest way to do this would be to search through the file for the string, to make sure it is there, and also so I can get the index of the string, so I can use it later. The reason I can't just use
replace() is because some of those string are base64 encoded and some are not.The way I identify it is by looking for that whole string in the text. Take:
The quick brown fox jumps over the lazy dog. If I want the word 'fox' I can just search for it in the string (using index()). The same can be applied for searching for a base64 string in the ASCII data I have.Here's a paste bin of the ASCII encoded data. This I what I have in python since I open the file file with an encoding of ASCII. The exact string I'm searching for is:
aHR0cDovL3d3dy5ib29tbGluZ3MuY29tL2RhdGFiYXNlL2Rvd25sb2FkR0pMZXZlbDIyLnBocA==