From 09c0fbe9760ff7a927f2e7bee97ee64ad9cba477 Mon Sep 17 00:00:00 2001
From: Kevin Shen <kshen@mitre.org>
Date: Fri, 30 Sep 2022 12:18:48 -0400
Subject: [PATCH] fix caesar cipher issues, briefly tested locally on ubuntu
 and windows 10

---
 app/obfuscators/caesar_cipher.py | 25 ++++++++++++++++---------
 1 file changed, 16 insertions(+), 9 deletions(-)

diff --git a/app/obfuscators/caesar_cipher.py b/app/obfuscators/caesar_cipher.py
index 0a65c08a..b0802b72 100644
--- a/app/obfuscators/caesar_cipher.py
+++ b/app/obfuscators/caesar_cipher.py
@@ -18,18 +18,24 @@ def supported_platforms(self):
     def psh(self, link):
         decrypted = self.decode_bytes(link.command)
         encrypted, shift = self._apply_cipher(decrypted)
-        return '$encrypted = "' + encrypted + '"; $cmd = "''"; $encrypted = $encrypted.toCharArray(); ' \
-               'foreach ($letter in $encrypted) {$letter = [char](([int][char]$letter) - ' + str(shift) + '); ' \
-               '$cmd += $letter;} write-output $cmd;'
+        return "$encrypted = '" + encrypted.replace("'","''") + "'; $cmd = ''; $encrypted = $encrypted.toCharArray(); " \
+               'foreach ($letter in $encrypted) {Switch ([Byte]$letter) {' \
+               '{$_ -ge 65 -and $_ -le 90} {$cmd += [char](([int][char]$letter - ' + str(65 - shift) + ') % 26 + 65)}' \
+               '{$_ -ge 97 -and $_ -le 122} {$cmd += [char](([int][char]$letter - ' + str(97 - shift) + ') % 26 + 97)}' \
+               'Default {$cmd += $letter}}} powershell $cmd;'
 
     def sh(self, link):
         decrypted = self.decode_bytes(link.command)
         encrypted, shift = self._apply_cipher(decrypted)
-        return 'cmd=""; chr (){ [ "$1" -lt 256 ] || return 1; printf "\\\\$(printf \'%03o\' "$1")";};' \
-               'ord (){ LC_CTYPE=C printf \'%d\' "\'$1";return $LC_CTYPE; }; ' \
-               'st="' + encrypted + '"; for i in $(seq 1 ${#st}); do x=$(ord "${st:i-1:1}"); ' \
-               'if [[ "$x" =~ [^a-zA-Z] ]]; then x=$((x+ ' + str(-shift) + ')); fi; ' \
-               'cmd+="$(echo $(chr $x))";done;echo $cmd;'
+        return 'cmd=""; st="' + encrypted.replace('`','\\`').replace('\\','\\\\').replace('"','\\"') + \
+               '"; for i in $(seq 1 ${#st}); ' \
+               'do temp=$(printf %d\\\\n \\\'"$(expr substr "$st" $i 1)";); ' \
+               'if [ $temp -ge 65 ] && [ $temp -le 90 ]; ' \
+               'then temp=$((($temp - ' + str(65 - shift) + ') % 26 + 65)); fi; ' \
+               'if [ $temp -ge 97 ] && [ $temp -le 122 ]; ' \
+               'then temp=$((($temp - ' + str(97 - shift) + ') % 26 + 97)); fi; ' \
+               'cmd="${cmd}$(printf \\\\$(printf \'%03o\' $temp))";done;eval $cmd;'
+                
 
     """ PRIVATE """
 
@@ -42,4 +48,5 @@ def _apply_cipher(s, bounds=26):
         :return: a tuple containing the encoded command and the shift value
         """
         shift = randint(1, bounds)
-        return ''.join([chr(ord(c) + shift) if c.isalpha() else c for c in s]), shift
+        return ''.join([chr((ord(c) - 65 - shift) % 26 + 65) if (65 <= ord(c) <= 90) else 
+                       (chr((ord(c) - 97 - shift) % 26 + 97) if (97 <= ord(c) <= 122) else c) for c in s]), shift