ClawHub

cipher65536

v1.0.4

Base65536 file encoding and decoding tool. Encodes arbitrary binary files into Unicode text using Base65536 encoding, supports gzip compression, original fil...

0· 78·0 current·0 all-time
by@turinfohlen
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (Base65536 encoding, gzip, optional encryption) match the included files (SKILL.md, README, and scripts/skill.py). The only external dependency listed is base65536, which the tool legitimately needs. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
Runtime instructions are scoped to encoding/decoding, installing the base65536 package, and saving a key file when encryption is used. The SKILL.md and the script direct reading the input file, optional compression, encoding, possible local loopback jitter sampling for entropy, writing output text files and key files. They do not instruct the agent to read unrelated system files or exfiltrate data to external endpoints. Note: SKILL.md and code both perform local network socket operations (binding/listening on 127.0.0.1 ports) to collect entropy — this stays local but is an operational behavior users should be aware of.
Install Mechanism
No install spec in the skill bundle; usage instructs pip install base65536 (a public PyPI package). This is a normal dependency install for a Python tool. There are no downloads from obscure URLs or archive extraction in the skill bundle itself.
Credentials
The skill requests no environment variables, credentials, or external config paths. It writes a .key file to disk when generating a key; that is explained in the docs and is proportionate to the encryption feature.
Persistence & Privilege
The skill does not request always: true and does not attempt to modify other skills or global agent configuration. It persists generated keys to disk (its own output), which is expected behavior for this functionality.
Assessment
This skill appears to do what it says: it encodes/decodes files and optionally generates a local "true random" key by measuring localhost TCP jitter and saving that key to a .key file. Before installing or using it, consider the following: - Operational behavior: The script binds/listens/connects on localhost ports (54321–54325) to collect jitter; this traffic stays on 127.0.0.1 but could interact with or conflict with other local services or be affected by local firewall policies. - Key handling: Generated keys are saved to disk (permissions are set to 600 where possible). Losing a key makes encrypted data unrecoverable. Avoid passing keys on the command line (the README warns about shell-history leakage). - Cryptography posture: The implementation uses XOR with a SHAKE-256-derived keystream. While this is a coherent design for a stream cipher, it is not an authenticated encryption mode (no MAC/AEAD). That means tampering may not be detected reliably beyond causing decode errors; if you require strong authenticated encryption, prefer well-vetted libraries (e.g., libsodium, AES-GCM/ChaCha20-Poly1305). - Supply-chain: The tool depends on the base65536 PyPI package (requirements pin to base65536==0.1.1). If you do not trust that package source, review or vendor-lock the dependency before installing. - Threat model: If the host is already compromised or a malicious local process can influence localhost timing, the jitter-derived entropy could be weakened or observed. Do not rely on this method as the sole entropy source for highly sensitive secrets; the script does mix in os.urandom but be mindful of the threat model. If these caveats are acceptable, the skill is internally consistent and can be used for its stated purposes. If you need stronger guarantees, request or audit an implementation using an established authenticated-encryption primitive and/or avoid custom entropy collection mechanisms.

Like a lobster shell, security has layers — review code before you run it.

latestvk971xhvv4tdmhnpr1yrt5apj8s857hqx
78downloads
0stars
5versions
Updated 8h ago
v1.0.4
MIT-0
@turinfohlen
latest
Download

Base65536 File Encoding and Decoding Tool

Overview

Base65536 is an encoding scheme using Unicode characters that converts arbitrary binary data into printable text strings. This tool adds the following enhancements:

  • gzip Compression: Reduces transmission size
  • True Random Key Generation: Collects physical entropy based on local loopback network jitter
  • Byte-Level XOR Encryption: Protects content confidentiality
  • Metadata Concealment: Filename, size, etc., are hidden in encryption mode

Quick Start

Install Dependencies

pip install base65536

Basic Usage

# Standard encoding (no encryption)
python skill.py encode document.pdf -o encoded.txt

# Decoding
python skill.py decode encoded.txt -o restored.pdf

Encryption Mode (Auto-generate Key)

# Encrypt and encode (key saved to file, not displayed in terminal)
python skill.py encode secret.zip --scramble -o encrypted.txt
# Output:
#   🌐 Collecting true random entropy from local network jitter...
#   🔑 Key saved to: encrypted.key
#   🔒 File permissions locked to 600 (read/write for current user only)
#   ✓ Encoded: encrypted.txt

# Decrypt (reading key from file)
python skill.py decode encrypted.txt --key $(cat encrypted.key)

Encryption Mode (Using Specified Key)

# Encrypt using an existing key
python skill.py encode secret.zip --scramble --key 108544482569932551567348223456789012... -o encrypted.txt

# Decrypt
python skill.py decode encrypted.txt --key 108544482569932551567348223456789012...

Command-Line Arguments

encode Subcommand

Argument Description input Input file path (Required) -o, --output Output file path (Default: input_filename.b65536.txt) --no-compress Disable gzip compression --scramble Enable encryption mode --key Use specified key (integer); auto-generated if not provided --key-file Key output file path (Default: output_filename.key)

decode Subcommand

Argument Description input Input file path (Required) -o, --output Output file path (Default: use original filename) --key Decryption key (integer; required for encrypted mode)

Workflow

Encoding Process

  1. Read the original binary file.
  2. Optionally: Compress data using gzip (default enabled, level 9).
  3. Encode to Unicode text using Base65536.
  4. If encryption mode is enabled: · Generate or use the specified 256-bit key. · Perform XOR encryption on the UTF-8 bytes of the Base65536 text. · Encrypt real metadata and replace with dummy metadata.
  5. Prepend the #METADATA: header.
  6. Save as a text file.

Decoding Process

  1. Read the encoded text file.
  2. Parse the #METADATA: header.
  3. If encrypted mode: · Decrypt the real metadata using the key. · Decrypt the main body data using XOR.
  4. Decode the data to binary using Base65536.
  5. Automatically detect and decompress gzip-compressed data.
  6. Save the file using the original filename.

File Format

Standard Mode

#METADATA:{"original_name": "original_filename", "compressed": true, "original_size": 12345, "scrambled": false}
[Base65536 encoded data...]

Encryption Mode

#METADATA:{"original_name": "encrypted_file", "compressed": true, "original_size": 0, "scrambled": true, "note": "This file is encrypted. Use key to decrypt."}
[XOR encrypted Base65536 data...]
###ENCRYPTED_META### [Encrypted real metadata]

Security Principles

A file steganography tool based on information theory and cryptographic principles. It folds data redundancy using gzip entropy densification and uses true random entropy seeded from local loopback network jitter to generate a 256-bit key space for byte-level XOR perturbation. The ciphertext exhibits chaotic distribution over the finite manifold of Unicode defined by Base65536, effectively resisting known-plaintext attacks, ciphertext-only attacks, and phase-space reconstruction analysis.

  1. True Random Key Generation: Generates an unpredictable 256-bit key by measuring local loopback (localhost) network latency jitter to collect physical entropy, combined with system entropy from os.urandom.
  2. Secure Key Storage: Automatically generated keys are saved to a .key file with 600 permissions and are never displayed in the terminal.
  3. Metadata Concealment: The actual filename, size, and other information are encrypted and stored; dummy data is displayed externally.

Usage Examples

Encoding a PDF File (No Encryption)

python skill.py encode document.pdf -o encoded.txt

Output:

  Compressing: 1,234,567 → 876,543 bytes (71.0%)
  Encoding: 876,543 bytes → 438,271 characters
✓ Encoded: encoded.txt
  Final size: 438,271 characters

Decoding a File (No Encryption)

python skill.py decode encoded.txt

Output:

  Read metadata: {'original_name': 'document.pdf', 'compressed': True, 'original_size': 1234567, 'scrambled': False}
  gzip compression detected, decompressing...
✓ Decoded: document.pdf
  Restored size: 1,234,567 bytes

Use Cases

· Cross-Platform File Transfer: Encoded text can be transferred on any platform supporting text. · High-Security Steganography: Content is completely hidden when using encryption mode. · API Transmission: Transmit binary data through plain-text APIs. · Bypassing Upload Restrictions: Transfer files on platforms that lack file upload support. · Data Backup: Convert binary data to text for backup purposes.

Technical Specifications

Item Specification Encoding Scheme Base65536 Compression Algorithm gzip (zlib, level 9) Encryption Algorithm Byte-level XOR + 256-bit key space Key Generation Local loopback network jitter + os.urandom Metadata Format JSON Python Version 3.6+ External Dependencies base65536

Performance Characteristics

Original Type gzip Compression Effect Base65536 Expansion Rate Combined Effect Text Files 70-80% ~50% 35-40% Images/Videos 90-99% ~50% 45-99% Compressed Files No effect ~50% ~50%

Important Notes

  1. Key Custody: True random keys cannot be reproduced. Files cannot be recovered if the key is lost.
  2. Secure Transmission: Transfer the key file via a channel separate from the ciphertext.
  3. Compressed Files: For files like .zip or .jpg, use --no-compress to avoid size inflation.
  4. Unicode Compatibility: Some platforms may mishandle high-plane Unicode characters. Test transmission beforehand.

Resources

scripts/

· skill.py - Main program containing encode/decode functionality.

references/

· encoding-details.md - Encoding principles and implementation details.

Comments

Loading comments...