Skip to content

Instantly share code, notes, and snippets.

@jatrost

jatrost/base64_regex.py

Created September 22, 2017 14:45
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save jatrost/4d5273b149f5cc28647f4388a8e9cd87 to your computer and use it in GitHub Desktop.
Save jatrost/4d5273b149f5cc28647f4388a8e9cd87 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
base64_regex.py
import re
import base64
import sys
def remove_padding(b):
b = b.rstrip('\n')
m = re.search(r'(=+)', b)
if m:
padding_amt = len(m.group(1)) + 1
return b[:len(b)-padding_amt]
return b
if __name__ == '__main__':
value = sys.argv[1]
byte_values = [value, value.encode('utf-16be')]
base64_sequences = []
for b in byte_values:
base64_sequences.append(remove_padding(base64.encodestring(b)))
base64_sequences.append(remove_padding(base64.encodestring('\x00'+b)[2:]))
base64_sequences.append(remove_padding(base64.encodestring('\x00\x00'+b)[4:]))
base64_sequences = sorted(set(base64_sequences))
print '({})'.format('|'.join(base64_sequences))
Raw
example.md

Generate the regex

$ python base64_regex.py "this is a test"
(AHQAaABpAHMAIABpAHMAIABhACAAdABlAHMAd|B0AGgAaQBzACAAaQBzACAAYQAgAHQAZQBzAH|RoaXMgaXMgYSB0ZXN0|aGlzIGlzIGEgdGVzd|dABoAGkAcwAgAGkAcwAgAGEAIAB0AGUAcwB0|dGhpcyBpcyBhIHRlc3)

Test and show that it matches regardless of position of the target string.

$ echo "this is a test" | base64 | grep -E '(AHQAaABpAHMAIABpAHMAIABhACAAdABlAHMAd|B0AGgAaQBzACAAaQBzACAAYQAgAHQAZQBzAH|RoaXMgaXMgYSB0ZXN0|aGlzIGlzIGEgdGVzd|dABoAGkAcwAgAGkAcwAgAGEAIAB0AGUAcwB0|dGhpcyBpcyBhIHRlc3)'
dGhpcyBpcyBhIHRlc3QK
$ echo "1this is a test" | base64 | grep -E '(AHQAaABpAHMAIABpAHMAIABhACAAdABlAHMAd|B0AGgAaQBzACAAaQBzACAAYQAgAHQAZQBzAH|RoaXMgaXMgYSB0ZXN0|aGlzIGlzIGEgdGVzd|dABoAGkAcwAgAGkAcwAgAGEAIAB0AGUAcwB0|dGhpcyBpcyBhIHRlc3)'
MXRoaXMgaXMgYSB0ZXN0Cg==
$ echo "12this is a test" | base64 | grep -E '(AHQAaABpAHMAIABpAHMAIABhACAAdABlAHMAd|B0AGgAaQBzACAAaQBzACAAYQAgAHQAZQBzAH|RoaXMgaXMgYSB0ZXN0|aGlzIGlzIGEgdGVzd|dABoAGkAcwAgAGkAcwAgAGEAIAB0AGUAcwB0|dGhpcyBpcyBhIHRlc3)'
MTJ0aGlzIGlzIGEgdGVzdAo=
$ echo "123this is a test" | base64 | grep -E '(AHQAaABpAHMAIABpAHMAIABhACAAdABlAHMAd|B0AGgAaQBzACAAaQBzACAAYQAgAHQAZQBzAH|RoaXMgaXMgYSB0ZXN0|aGlzIGlzIGEgdGVzd|dABoAGkAcwAgAGkAcwAgAGEAIAB0AGUAcwB0|dGhpcyBpcyBhIHRlc3)'
MTIzdGhpcyBpcyBhIHRlc3QK
$ echo "1234this is a test" | base64 | grep -E '(AHQAaABpAHMAIABpAHMAIABhACAAdABlAHMAd|B0AGgAaQBzACAAaQBzACAAYQAgAHQAZQBzAH|RoaXMgaXMgYSB0ZXN0|aGlzIGlzIGEgdGVzd|dABoAGkAcwAgAGkAcwAgAGEAIAB0AGUAcwB0|dGhpcyBpcyBhIHRlc3)'
MTIzNHRoaXMgaXMgYSB0ZXN0Cg==
$ echo "this is a test1" | base64 | grep -E '(AHQAaABpAHMAIABpAHMAIABhACAAdABlAHMAd|B0AGgAaQBzACAAaQBzACAAYQAgAHQAZQBzAH|RoaXMgaXMgYSB0ZXN0|aGlzIGlzIGEgdGVzd|dABoAGkAcwAgAGkAcwAgAGEAIAB0AGUAcwB0|dGhpcyBpcyBhIHRlc3)'
dGhpcyBpcyBhIHRlc3QxCg==
$ echo "this is a test2" | base64 | grep -E '(AHQAaABpAHMAIABpAHMAIABhACAAdABlAHMAd|B0AGgAaQBzACAAaQBzACAAYQAgAHQAZQBzAH|RoaXMgaXMgYSB0ZXN0|aGlzIGlzIGEgdGVzd|dABoAGkAcwAgAGkAcwAgAGEAIAB0AGUAcwB0|dGhpcyBpcyBhIHRlc3)'
dGhpcyBpcyBhIHRlc3QyCg==
$ echo "this is a test12" | base64 | grep -E '(AHQAaABpAHMAIABpAHMAIABhACAAdABlAHMAd|B0AGgAaQBzACAAaQBzACAAYQAgAHQAZQBzAH|RoaXMgaXMgYSB0ZXN0|aGlzIGlzIGEgdGVzd|dABoAGkAcwAgAGkAcwAgAGEAIAB0AGUAcwB0|dGhpcyBpcyBhIHRlc3)'
dGhpcyBpcyBhIHRlc3QxMgo=
$ echo "this is a test123" | base64 | grep -E '(AHQAaABpAHMAIABpAHMAIABhACAAdABlAHMAd|B0AGgAaQBzACAAaQBzACAAYQAgAHQAZQBzAH|RoaXMgaXMgYSB0ZXN0|aGlzIGlzIGEgdGVzd|dABoAGkAcwAgAGkAcwAgAGEAIAB0AGUAcwB0|dGhpcyBpcyBhIHRlc3)'
dGhpcyBpcyBhIHRlc3QxMjMK
$ echo "this is a test1234" | base64 | grep -E '(AHQAaABpAHMAIABpAHMAIABhACAAdABlAHMAd|B0AGgAaQBzACAAaQBzACAAYQAgAHQAZQBzAH|RoaXMgaXMgYSB0ZXN0|aGlzIGlzIGEgdGVzd|dABoAGkAcwAgAGkAcwAgAGEAIAB0AGUAcwB0|dGhpcyBpcyBhIHRlc3)'
dGhpcyBpcyBhIHRlc3QxMjM0Cg==
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment