From bba1dbb62bbb19469c7a1470600c8def6ecb1acc Mon Sep 17 00:00:00 2001
From: Oliver Creighton <oliver.creighton@bmw.de>
Date: Mon, 6 Feb 2023 15:28:56 -0500
Subject: [PATCH] added hexdump package dependency instead of method that
 didn't work for me

---
 decode-spam-headers.py | 69 +++++++++++++++++++++---------------------
 requirements.txt       |  3 +-
 2 files changed, 37 insertions(+), 35 deletions(-)

diff --git a/decode-spam-headers.py b/decode-spam-headers.py
index e74b1eb..3d2d2c2 100644
--- a/decode-spam-headers.py
+++ b/decode-spam-headers.py
@@ -134,6 +134,7 @@ from html import escape
 from email import header as emailheader
 from datetime import *
 from dateutil.tz import *
+from hexdump import hexdump
 
 try:
     from dateutil import parser
@@ -2399,34 +2400,34 @@ Results will be unsound. Make sure you have pasted your headers with correct spa
                 break
         return chr(sum(ord(c) for c in pair) - key - offset)
 
-    @staticmethod
-    def hexdump(data, addr = 0, num = 0):
-        s = ''
-        n = 0
-        lines = []
-        if num == 0: num = len(data)
-
-        if len(data) == 0:
-            return '<empty>'
-
-        for i in range(0, num, 16):
-            line = ''
-            line += '%04x | ' % (addr + i)
-            n += 16
-
-            for j in range(n-16, n):
-                if j >= len(data): break
-                line += '%02x ' % (data[j] & 0xff)
-
-            line += ' ' * (3 * 16 + 7 - len(line)) + ' | '
-
-            for j in range(n-16, n):
-                if j >= len(data): break
-                c = data[j] if not (data[j] < 0x20 or data[j] > 0x7e) else '.'
-                line += '%c' % c
-
-            lines.append(line)
-        return '\n'.join(lines)
+    # @staticmethod
+    # def hexdump(data, addr = 0, num = 0):
+    #     s = ''
+    #     n = 0
+    #     lines = []
+    #     if num == 0: num = len(data)
+    #
+    #     if len(data) == 0:
+    #         return '<empty>'
+    #
+    #     for i in range(0, num, 16):
+    #         line = ''
+    #         line += '%04x | ' % (addr + i)
+    #         n += 16
+    #
+    #         for j in range(n-16, n):
+    #             if j >= len(data): break
+    #             line += '%02x ' % (data[j] & 0xff)
+    #
+    #         line += ' ' * (3 * 16 + 7 - len(line)) + ' | '
+    #
+    #         for j in range(n-16, n):
+    #             if j >= len(data): break
+    #             c = data[j] if not (data[j] < 0x20 or data[j] > 0x7e) else '.'
+    #             line += '%c' % c
+    #
+    #         lines.append(line)
+    #     return '\n'.join(lines)
 
     def testEmailIntelligence(self):
         service = []
@@ -3629,7 +3630,7 @@ Results will be unsound. Make sure you have pasted your headers with correct spa
                             if self.decode_all:
                                 try:
                                     dec = SMTPHeadersAnalysis.safeBase64Decode(b[:30])
-                                    hd = SMTPHeadersAnalysis.hexdump(dec.encode())
+                                    hd = hexdump(dec.encode(), result='return')
                                     a1 += f'\n\t\t\t{hd} ...\n'
 
                                 except:
@@ -4001,7 +4002,7 @@ Results will be unsound. Make sure you have pasted your headers with correct spa
         self.addSecurityAppliance('Cisco IronPort / Email Security Appliance (ESA)')
         
         if self.decode_all:
-            dumped = SMTPHeadersAnalysis.hexdump(SMTPHeadersAnalysis.safeBase64Decode(value))
+            dumped = hexdump(SMTPHeadersAnalysis.safeBase64Decode(value).encode('utf-8'), result='return')
 
             result = f'- Cisco IronPort Data encrypted blob:\n\n'
             result += dumped + '\n'
@@ -4023,7 +4024,7 @@ Results will be unsound. Make sure you have pasted your headers with correct spa
         self.addSecurityAppliance('Cisco IronPort / Email Security Appliance (ESA)')
 
         if self.decode_all:
-            dumped = SMTPHeadersAnalysis.hexdump(SMTPHeadersAnalysis.safeBase64Decode(value))
+            dumped = hexdump(SMTPHeadersAnalysis.safeBase64Decode(value).encode('utf-8'), result='return')
 
             result = f'- Cisco IronPort Data encrypted blob:\n\n'
             result += dumped + '\n'
@@ -4278,7 +4279,7 @@ Src: https://www.cisco.com/c/en/us/td/docs/security/esa/esa11-1/user_guide/b_ESA
 
         self.addSecurityAppliance('Cisco IronPort / Email Security Appliance (ESA)')
         if self.decode_all:
-            dumped = SMTPHeadersAnalysis.hexdump(SMTPHeadersAnalysis.safeBase64Decode(value))
+            dumped = hexdump(SMTPHeadersAnalysis.safeBase64Decode(value).encode('utf-8'), result='return')
 
             result = f'- Cisco IronPort Anti-Spam result encrypted blob:\n\n'
             result += dumped + '\n'
@@ -5728,7 +5729,7 @@ Src: https://www.cisco.com/c/en/us/td/docs/security/esa/esa11-1/user_guide/b_ESA
                 tmp += value_decoded + '\n\n'
 
                 try:
-                    x = SMTPHeadersAnalysis.hexdump(base64.b64decode(value_decoded.encode()))
+                    x = hexdump(base64.b64decode(value_decoded.encode()), result='return')
                     tmp += f'\t     Base64 decoded Hexdump:\n\n'
                     tmp += x
                     tmp += '\n\n\n'
@@ -5767,7 +5768,7 @@ Src: https://www.cisco.com/c/en/us/td/docs/security/esa/esa11-1/user_guide/b_ESA
 
         if self.decode_all:
             tmp += f'\n\n\t- Base64 decoded Hexdump:\n\n'
-            tmp += SMTPHeadersAnalysis.hexdump(base64.b64decode(value))
+            tmp += hexdump(base64.b64decode(value), result='return')
             tmp += '\n\n\n'
         else:
             tmp += '\n\n\t- Use --decode-all to print its hexdump.'
diff --git a/requirements.txt b/requirements.txt
index 5551899..bb9c394 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -3,4 +3,5 @@ tldextract
 packaging
 dnspython
 requests
-colorama
\ No newline at end of file
+colorama
+hexdump