add base64 unpacker

[0xricksanchez]

Currently there is no unpacker for base64 encoded data streams

[0xricksanchez]

Base64 has no special delimiter symbol. Also there are multiple possible and valid B64 encodings as listed in: https://en.wikipedia.org/wiki/Base64#Variants_summary_table

Unpacking b64 is trivial. However determining if a string sequence is really b64 encoded has no reliable measure. The following has to always hold true for potential b64 match:

• Always present Character set: A-Za-z0-9=
  • Depending on b64 specification: +/_:.,~-
    • Default for most: +/
    • Default for safe URL encodings: -_
• string length % 4 == 0

A regex to determine whether a string may be b64 encoded could look like this:

^([A-Za-z0-9+/]{4})*([A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{2}==)?$

This checks whether the character sequence has zero or more valid b64 blocks of size 4 (because even the empty string is encoded to 4 ASCII characters). If the final sequence block has not length 4 it is checked for padding (either 1 or 2 "=").

Important Note: This still matches things like "aaaa" as it could be valid b64.

In the context of firmware unpacking, decoded strings could be either valid ASCII sequences or byte patterns, hence there is no trivial means for validation for decoded sequences.