Is it possible to decode this?

Menticy
2014-03-20
2014-03-30
  • Menticy

    Menticy - 2014-03-20

    Hi, when I edit stuff with notepad++ it comes up all encrypted mainly with the word "NULL" so I was wondering how to decode it somehow

     
  • Andreas Jonsson

    Andreas Jonsson - 2014-03-21

    Well, what stuff are you editing? It seems like you are trying to edit something other than text files.

     
  • cchris

    cchris - 2014-03-22

    Can you share the offending file? Most likely it is binary, and N++ won't be at its best editing it.
    If dealing with a binary file, try frhed perhaps. It's a good, free, no-install hex editor.

    CChris

     
  • THEVENOT Guy

    THEVENOT Guy - 2014-03-30

    Hello Menticy and All,

    Just for fun, I propose that we search to extract pertinent strings/phrases, which are included in the executable file Notepad++.exe !. Well, but we should NOT forget that, in such a file :

    • Some of these strings are coded in ANSI. For example, the word Program will be coded, with the 7 bytes :

    50 72 6F 67 72 61 6d

    • Some others are coded in UCS-2 Little Endian ( UNICODE ). This time, the word Program, for example, xill be coded with the 14 bytes :

    50 00 72 00 6F 00 67 00 72 00 61 00 6d 00

    Moreover, the \x0A, \x0D and the two characters \x0A\x0D, in an executable file, don't mean, generally, the classical EOL ( End of Line ), as in a text file, so it'll be preferable to make all these EOL uniform

    In addition, as the % character is often used as an format indicator, like, for example, in the UNICODE string :

    52 00 65 00 6C 00 6F 00 61 00 64 00 00 00 00 00 25 00 73 00 ( Reload %s )

    we would rather NOT split the two parts of this kind of phrase ( before and after the % format symbol )

    Finally, some Internet addresses, embedded in the code, should rather begin a new line


    So, the general method used, will be :

    • A) Recopy the executable file Notepad++.exe ( version 6.5.5 ), with, for example, the name Test.exe

    • B) Open the Test.exe file, with Notepad++.exe

    • C) Make uniform any pseudo EOL to \x0A ( Unix/Osd EOL ) => Future regexes will be more simple to build !

    • D) Delete any CONTROL character, different from \x00 and \x0A

    • E) Delete any sequence of two, or more, NUL characters, when immediately followed with \x0A

    • F) Replace any sequence of two, or more, NUL characters, when immediately followed by a % symbol, with a SINGLE SPACE

    • G) Change any sequence of two, or more, NUL characters by an \x0A EOL character

    Now, the alone \x00 characters, which remain, may be part of code OR part of an UNICODE encoding of strings and can be deleted.

    • H) Delete any NUL character, remaining in the file

    • I) Remove any empty line of Test.exe

    • J) Finally, insert an EOL character ( \n ) before any Internet address, which doesn't begin a line


    Practically, the steps C) to J) can be achieved with Searches/Replacements :

    • Go back to the FIRST position of the file Test.exe ( CTRL + Org ) IMPORTANT

    • Open the Replace dialog ( CTRL + H )

    • Set the Regular expression search mode

    • Leave all the other options UNCHECKED

    • Type in the Find what and Replace with options, as described below

    • Click on the Replace All button

    The original file Test.exe contents 1744896 bytes, in 6895 lines

    C)

    SEARCH : \r\n?

    REPLACE : \n

    => 3872 Replacements. Now, the Test.exe file contents 1744823 bytes in 6895 lines

    NOTES :

    You can, either, use the option Edit - EOL conversion - UNIX/OSX Format for step C), but it's a bit longer !?

    From now on, all the pseudo EOL, of the Test.exe file, are of the form \n

    D)

    SEARCH : [\x01-\x09\x0B-\x1F]+

    REPLACE : Nothing

    => 155654 Replacements. Now, the Test.exe file contents 1563084 bytes in 6895 lines

    E)

    SEARCH : \x00{2,}(?=\n)

    REPLACE : Nothing

    => 193 Replacements. Now, the Test.exe file contents 1559814 bytes in 6895 lines

    F)

    SEARCH : \x00{2,}(?=%)

    REPLACE : \x20 ( A usual SPACE )

    => 134 Replacements. Now, the Test.exe file contents 1559600 bytes in 6895 lines

    G)

    SEARCH : \x00{2,}

    REPLACE : \n

    => 55618 Replacements. Now, the Test.exe file contents 1273126 bytes in 62513 lines

    NOTE : This search/replacement is quite LONG and take several minutes ! Be patient ! About 11 mn on my old XP computer with 1MB of RAM, only :-(

    H)

    SEARCH : \x00

    REPLACE : Nothing

    => 102960 Replacements. Now, the Test.exe file contents 1170166 bytes in 62513 lines

    I)

    SEARCH : \n\n+

    REPLACE : \n

    => 1861 Replacements. Now, the Test.exe file contents 1168036 bytes in 60383 lines

    NOTE : You can either use the option Edit - Line Operations - Remove Empty Lines for step I), but it's a bit longer !?

    J)

    SEARCH (?<!\n)(http:)

    REPLACE : \n\1

    => 3 Replacements. Finally, the Test.exe file contents 1168039 bytes in 60386 lines


    In this transformed file Test.exe ( ex-file Notepad++.exe ), many strings still represent only code, without signification But, two zones are of some interest :

    • The first zone lays between the lines 35825 and 38330

    NOTE :

    Look, particularly, at text, between line 36212 and line 36559. Quite funny, isn't it :-). A single phrase may be split in several ones !

    • The second zone lays between the lines 57480 and 60354

    For example, if you would like to translate, in your mother language, all the text of the GNU General Public Licence, when you hit the F1 key ( lines 35827, 35828 and 35829 of the Test.exe file ) :

    Just change, in the Notepad++.exe file, any byte, different of the NUL character, between the two addresses \x0EF7F0 ( 980976 ) and \x0EFD1F ( 982303 ), for the 6.5.5 version, with the appropriate text, in your mother language !

    VERY IMPORTANT :

    If you do some changes in Notepad++.exe, as explained above, you MUST NOT change its total length ! So, if your translated text is shorter than the original English text, just fill in with some additional NUL characters, at the end of your translated text !

    Cheers,

    guy038

    P.S. :

    Certainly, it's not the unique way to extract pertinent strings from an executable !

     
    Last edit: THEVENOT Guy 2014-03-30

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks