Questions tagged [unicode]
39 questions
1
vote
0 answers
gpg 2.0 command line option to create UTF-8 data
With echo text | gpg2 --sign --textmode -a I can create messages with a one pass signature containing a Literal Data packet in TEXT ('t') format.
If I skip the --textmode option it will generate BINARY ('b') mode.
However according to RFC 4880 Sec…
eckes
- 962
- 8
- 19
0
votes
0 answers
Cracking UTF encoded hash using hashcat
I'm conducting tests using hashcat and find it very difficult if the hash is encoded.
See the below function which takes the plain text, converts that to the bytes, creates the SHA512 hash and then encode to string.
static string…
Brian Smith
- 1
- 1
0
votes
1 answer
TOTP code with unicode character?
I was signing up for an app for a credit card I have and I encountered an SMS 2FA format I had never seen before. The code was 47⅗ - that is two digits then capital Phi then the fraction three-fifths. To input there were on-screen buttons, 0 to 9…
Ken Y-N
- 101
- 4
0
votes
0 answers
Are "Pop Directional Formatting" and "Left-to-Right Override" unicode characters a possible exploit on NodeJS?
In a database table, I was running some phone number validations and I noticed that some unicode characters were inserted in a phone number field.
The characters are:
(U+202C): Pop Directional Formatting
(U+202D): Left-to-Right Override
The…
0
votes
0 answers
Floss and many tools not detecting cyrillic strings in binary
I am practicing some malware detection basics and it has caught my attention that the Cyrillic alphabet is not detected by practically any traditional string detection tool.
Source Code
while (strcmp(password, user_input) != 0)
{
…
Underd0g
- 1
0
votes
1 answer
What are best practices for handling user Unicode in a web application?
Lately, the security community has been asking interesting questions around surprising side effects of raw Unicode formatting characters in source code. That got me thinking about input validation and display in web apps. Normally, I rely on a…
mrdecemberist
- 123
- 7
0
votes
0 answers
Zero width character causing Javascript runtime error
On a particular page in this application, we have a form which allows for a very select few to input data into it, because at the end of the day (and, well, event loop) we end up wrappping that input in to an eval which we highly sanitize and…
ruevaughn
- 123
- 4
0
votes
0 answers
Is there a list of Unicode symbols that matches ASCII when lowercased (in java)?
Say we have a server-side code does a whitelist validation of allowed file extensions when user uploads a file:
// Java code
if (allowedExtensionsInLowercase.contains(fileExtension.toLowerCase())) {
// File allowed
} else {
// Booh, bad file
}
I…
Xenos
- 1,331
- 8
- 16
0
votes
1 answer
Recover UTF16 Strings from Slack Space
Using the disk image provided by the CFReDS project here, we are tasked with recovering deleted text, much in Russian, some in English, in UTF16BE. In the allocated space, this goes relatively quickly using fls and icat.
However, some data seems to…
d-cubed
- 105
- 5