功能描述

Base65536 file encoding and decoding tool. Encodes arbitrary binary files into Unicode text using Base65536 encoding, supports gzip compression, original fil...

使用说明 (SKILL.md)

Base65536 File Encoding and Decoding Tool

Name: cipher65536
Author: turinfohlen

Overview

Base65536 is an encoding scheme using Unicode characters that converts arbitrary binary data into printable text strings. This tool adds the following enhancements:

gzip Compression: Reduces transmission size
True Random Key Generation: Collects physical entropy based on local loopback network jitter
Byte-Level XOR Encryption: Protects content confidentiality
Metadata Concealment: Filename, size, etc., are hidden in encryption mode

Quick Start

Install Dependencies

pip install base65536

Basic Usage

# Standard encoding (no encryption)
python skill.py encode document.pdf -o encoded.txt

# Decoding
python skill.py decode encoded.txt -o restored.pdf

Encryption Mode (Auto-generate Key)

# Encrypt and encode (key saved to file, not displayed in terminal)
python skill.py encode secret.zip --scramble -o encrypted.txt
# Output:
#   🌐 Collecting true random entropy from local network jitter...
#   🔑 Key saved to: encrypted.key
#   🔒 File permissions locked to 600 (read/write for current user only)
#   ✓ Encoded: encrypted.txt

# Decrypt (reading key from file)
python skill.py decode encrypted.txt --key $(cat encrypted.key)

Encryption Mode (Using Specified Key)

# Encrypt using an existing key
python skill.py encode secret.zip --scramble --key 108544482569932551567348223456789012... -o encrypted.txt

# Decrypt
python skill.py decode encrypted.txt --key 108544482569932551567348223456789012...

Command-Line Arguments

encode Subcommand

Argument Description input Input file path (Required) -o, --output Output file path (Default: input_filename.b65536.txt) --no-compress Disable gzip compression --scramble Enable encryption mode --key Use specified key (integer); auto-generated if not provided --key-file Key output file path (Default: output_filename.key)

decode Subcommand

Argument Description input Input file path (Required) -o, --output Output file path (Default: use original filename) --key Decryption key (integer; required for encrypted mode)

Workflow

Encoding Process

Read the original binary file.
Optionally: Compress data using gzip (default enabled, level 9).
Encode to Unicode text using Base65536.
If encryption mode is enabled: · Generate or use the specified 256-bit key. · Perform XOR encryption on the UTF-8 bytes of the Base65536 text. · Encrypt real metadata and replace with dummy metadata.
Prepend the #METADATA: header.
Save as a text file.

Decoding Process

Read the encoded text file.
Parse the #METADATA: header.
If encrypted mode: · Decrypt the real metadata using the key. · Decrypt the main body data using XOR.
Decode the data to binary using Base65536.
Automatically detect and decompress gzip-compressed data.
Save the file using the original filename.

File Format

Standard Mode

#METADATA:{"original_name": "original_filename", "compressed": true, "original_size": 12345, "scrambled": false}
[Base65536 encoded data...]

Encryption Mode

#METADATA:{"original_name": "encrypted_file", "compressed": true, "original_size": 0, "scrambled": true, "note": "This file is encrypted. Use key to decrypt."}
[XOR encrypted Base65536 data...]
###ENCRYPTED_META### [Encrypted real metadata]

Security Principles

A file steganography tool based on information theory and cryptographic principles. It folds data redundancy using gzip entropy densification and uses true random entropy seeded from local loopback network jitter to generate a 256-bit key space for byte-level XOR perturbation. The ciphertext exhibits chaotic distribution over the finite manifold of Unicode defined by Base65536, effectively resisting known-plaintext attacks, ciphertext-only attacks, and phase-space reconstruction analysis.

True Random Key Generation: Generates an unpredictable 256-bit key by measuring local loopback (localhost) network latency jitter to collect physical entropy, combined with system entropy from os.urandom.
Secure Key Storage: Automatically generated keys are saved to a .key file with 600 permissions and are never displayed in the terminal.
Metadata Concealment: The actual filename, size, and other information are encrypted and stored; dummy data is displayed externally.

Usage Examples

Encoding a PDF File (No Encryption)

python skill.py encode document.pdf -o encoded.txt

Output:

  Compressing: 1,234,567 → 876,543 bytes (71.0%)
  Encoding: 876,543 bytes → 438,271 characters
✓ Encoded: encoded.txt
  Final size: 438,271 characters

Decoding a File (No Encryption)

python skill.py decode encoded.txt

Output:

  Read metadata: {'original_name': 'document.pdf', 'compressed': True, 'original_size': 1234567, 'scrambled': False}
  gzip compression detected, decompressing...
✓ Decoded: document.pdf
  Restored size: 1,234,567 bytes

Use Cases

· Cross-Platform File Transfer: Encoded text can be transferred on any platform supporting text. · High-Security Steganography: Content is completely hidden when using encryption mode. · API Transmission: Transmit binary data through plain-text APIs. · Bypassing Upload Restrictions: Transfer files on platforms that lack file upload support. · Data Backup: Convert binary data to text for backup purposes.

Technical Specifications

Item Specification Encoding Scheme Base65536 Compression Algorithm gzip (zlib, level 9) Encryption Algorithm Byte-level XOR + 256-bit key space Key Generation Local loopback network jitter + os.urandom Metadata Format JSON Python Version 3.6+ External Dependencies base65536

Performance Characteristics

Original Type gzip Compression Effect Base65536 Expansion Rate Combined Effect Text Files 70-80% ~50% 35-40% Images/Videos 90-99% ~50% 45-99% Compressed Files No effect ~50% ~50%

Important Notes

Key Custody: True random keys cannot be reproduced. Files cannot be recovered if the key is lost.
Secure Transmission: Transfer the key file via a channel separate from the ciphertext.
Compressed Files: For files like .zip or .jpg, use --no-compress to avoid size inflation.
Unicode Compatibility: Some platforms may mishandle high-plane Unicode characters. Test transmission beforehand.

Resources

scripts/

· skill.py - Main program containing encode/decode functionality.

references/

· encoding-details.md - Encoding principles and implementation details.

安全使用建议

This skill appears to do what it says: it encodes/decodes files and optionally generates a local "true random" key by measuring localhost TCP jitter and saving that key to a .key file. Before installing or using it, consider the following: - Operational behavior: The script binds/listens/connects on localhost ports (54321–54325) to collect jitter; this traffic stays on 127.0.0.1 but could interact with or conflict with other local services or be affected by local firewall policies. - Key handling: Generated keys are saved to disk (permissions are set to 600 where possible). Losing a key makes encrypted data unrecoverable. Avoid passing keys on the command line (the README warns about shell-history leakage). - Cryptography posture: The implementation uses XOR with a SHAKE-256-derived keystream. While this is a coherent design for a stream cipher, it is not an authenticated encryption mode (no MAC/AEAD). That means tampering may not be detected reliably beyond causing decode errors; if you require strong authenticated encryption, prefer well-vetted libraries (e.g., libsodium, AES-GCM/ChaCha20-Poly1305). - Supply-chain: The tool depends on the base65536 PyPI package (requirements pin to base65536==0.1.1). If you do not trust that package source, review or vendor-lock the dependency before installing. - Threat model: If the host is already compromised or a malicious local process can influence localhost timing, the jitter-derived entropy could be weakened or observed. Do not rely on this method as the sole entropy source for highly sensitive secrets; the script does mix in os.urandom but be mindful of the threat model. If these caveats are acceptable, the skill is internally consistent and can be used for its stated purposes. If you need stronger guarantees, request or audit an implementation using an established authenticated-encryption primitive and/or avoid custom entropy collection mechanisms.

功能分析

Type: OpenClaw Skill Name: cipher65536 Version: 1.0.4 The bundle provides a legitimate file encoding and encryption tool using the Base65536 scheme. The primary script, 'scripts/skill.py', implements gzip compression, XOR encryption with SHAKE-256, and a unique entropy collection method involving local loopback network jitter (localhost only). While the use of network sockets for entropy is unconventional, it is well-documented in 'SKILL.md' and 'references/scrambleing-details.md', and no evidence of data exfiltration, malicious execution, or prompt injection was found.

能力评估

✓ Purpose & Capability

The name/description (Base65536 encoding, gzip, optional encryption) match the included files (SKILL.md, README, and scripts/skill.py). The only external dependency listed is base65536, which the tool legitimately needs. No unrelated credentials, binaries, or config paths are requested.

ℹ Instruction Scope

Runtime instructions are scoped to encoding/decoding, installing the base65536 package, and saving a key file when encryption is used. The SKILL.md and the script direct reading the input file, optional compression, encoding, possible local loopback jitter sampling for entropy, writing output text files and key files. They do not instruct the agent to read unrelated system files or exfiltrate data to external endpoints. Note: SKILL.md and code both perform local network socket operations (binding/listening on 127.0.0.1 ports) to collect entropy — this stays local but is an operational behavior users should be aware of.

✓ Install Mechanism

No install spec in the skill bundle; usage instructs pip install base65536 (a public PyPI package). This is a normal dependency install for a Python tool. There are no downloads from obscure URLs or archive extraction in the skill bundle itself.

✓ Credentials

The skill requests no environment variables, credentials, or external config paths. It writes a .key file to disk when generating a key; that is explained in the docs and is proportionate to the encryption feature.

✓ Persistence & Privilege

The skill does not request always: true and does not attempt to modify other skills or global agent configuration. It persists generated keys to disk (its own output), which is expected behavior for this functionality.

版本历史

v1.0.4

Version 1.0.4 - Added _meta.json file for enhanced metadata management. - Added references/scrambleing-details.md providing additional details or documentation.

v1.0.3

changes were detected in this version. - Version number updated to 1.0.3 - 这次可是真的将所有非密码学伪随机函数都移除了，没有用那个 Python自带的梅森旋转。

v1.0.2

**新增：支持高安全级别的本地真随机密钥加密，元数据隐藏。** - 将原本公网网络抖动采集修改为基于本地回环网络抖动采集物理熵的真随机密钥生成（256 位）减少审计风险。 - 新增加密模式，实现字节级异或加密，密钥可自动生成且安全存储为 .key 文件，原文件名与大小等元数据可被伪装和加密隐藏，仅凭密文无法推断信息。 - 命令行参数和工作流程详细说明，增加对手工密钥和密钥文件的支持，不再在命令行上打印密钥，降低审计风险。 - 加密/解密流程与普通编码流程分离，文档细化加密安全原理说明。 - 补充常见应用场景、文件格式、安全运维注意事项。

v1.0.1

- 增强加密说明：加密模式下，密钥采用网络抖动真随机数，不可复现，提升保密性。 - 明确加密实现方式，采用字节级异或加密与网络抖动采样生成密钥。 - 更新作者署名及工具版本信息。 - 技术描述与用法注释更精炼，新增密钥获取须知和网络需求说明。

v1.0.0

Initial release of cipher65536 - Provides a tool to encode and decode arbitrary binary files to Unicode text using Base65536. - Supports gzip compression and original filename preservation in the encoded output. - Optional scramble encryption with SHA-256 key-based character permutation, which hides true metadata for enhanced privacy. - Decoded output auto-detects and decompresses gzip-compressed data, restoring original files. - Includes usage instructions, workflow explanation, and multiple real-world usage scenarios for secure, cross-platform file transmission and data embedding. cipher65536 1.0.0 – 初始发布 - 提供 Base65536 编码与解码工具，将二进制文件转换为 Unicode 文本，可选 gzip 压缩及文件名元数据存储。 - 支持基于密钥的字符级置换加密模式，隐藏真实元数据。 - 解码时可自动检测并解压 gzip 压缩数据，使用元数据恢复原文件名。 - 适用于跨平台文件传输、文件隐写、API 传输二进制数据等场景。 - 附带详细使用示例与性能说明，便于快速上手。

元数据

Slug cipher65536

版本 1.0.4

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 5

常见问题

cipher65536 是什么？

Base65536 file encoding and decoding tool. Encodes arbitrary binary files into Unicode text using Base65536 encoding, supports gzip compression, original fil... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 139 次。

如何安装 cipher65536？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install cipher65536」即可一键安装，无需额外配置。

cipher65536 是免费的吗？

是的，cipher65536 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

cipher65536 支持哪些平台？

cipher65536 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 cipher65536？

由 TurinFohlen（@turinfohlen）开发并维护，当前版本 v1.0.4。

cipher65536