Encoding Capabilities

Prompt Attack features an advanced encoding module that enables users to encode adversarial prompts in various formats. Encoding is an essential tool in adversarial testing, allowing security teams to simulate obfuscated inputs often used in real-world attacks. These encodings help evaluate an LLM’s ability to decode and process manipulated data without exposing vulnerabilities or generating unsafe outputs.

This guide outlines the supported encoding methods, their applications in adversarial testing, and the distinction between free and paid features.

Why Encoding Matters in Adversarial Testing

Encoding is a common technique used in real-world attacks to obfuscate malicious intent. Attackers often encode inputs to bypass security measures such as content filtering, validation, or detection mechanisms. For example, malicious code could be Base64-encoded to evade detection or URL-encoded to manipulate web queries. Testing how an LLM handles such encodings ensures robust defenses against adversarial inputs.

Prompt Attack allows users to simulate these scenarios and analyze an LLM’s ability to:

• Process Encoded Inputs Safely: Ensure the model doesn’t inadvertently decode and act on harmful instructions.

• Resist Obfuscation Techniques: Validate that the LLM can reject obfuscated data or respond safely.

• Assess Decoding Logic: Identify vulnerabilities in how encoded inputs are handled.

Available Encoding Methods

Prompt Attack supports a wide range of encoding formats, categorized into free and paid options. Below is a detailed list of each encoding method, its purpose, and its applications in security testing.

Free Encodings

These encoding methods are available to all users at no additional cost:

1. Base2 (Binary) Represents each character as binary code (e.g., “A” becomes “01000001”). This tests the model’s ability to process binary data safely and reject unauthorized requests encoded in binary form.

2. Base8 (Octal) Converts characters into octal (Base8) representation, commonly used in low-level data encoding. Example: “A” becomes “101”. This ensures the LLM can resist attacks that encode prompts in less common numerical systems.

3. Braille Converts text into Braille Unicode characters (e.g., “hello” becomes ⠓⠑⠇⠇⠕). While primarily a representation for visually impaired communication, Braille encoding tests the model’s ability to process text in alternative symbolic systems.

4. Diacritics Obfuscates text using diacritical marks (e.g., accents, tildes) to resemble standard characters. Example: “hello” becomes “h́èl̃l̇ö”. This evaluates the LLM’s resilience to altered text representations often used for evading detection.

5. MD5 Hash Generates an MD5 hash of the input. Example: “hello” becomes “5d41402abc4b2a76b9719d911017c592”. Although irreversible, testing with MD5 hashes ensures the model does not improperly interpret or process cryptographic data.

6. Reverse Reverses the input text. Example: “hello” becomes “olleh”. This tests the LLM’s ability to handle reversed instructions or detect maliciously obfuscated input.

7. Rot5 Rotates numerical digits (0–9) by 5 places. Example: “12345” becomes “67890”. This helps test how numerical obfuscation affects the model’s ability to decode and respond correctly.

8. Rot13 A common text rotation technique that shifts each letter (A–Z, a–z) by 13 places in the alphabet. Example: “hello” becomes “uryyb”. This encoding tests the LLM’s handling of basic textual transformations.

9. Rot25 Similar to Rot13 but rotates letters by 25 places. Example: “A” becomes “Z”. This evaluates how the LLM processes variations in text rotations.

Paid Encodings

These advanced encodings are available exclusively for premium users:

1. Base16 (Hexadecimal) Encodes input in hexadecimal format, often used for debugging, cryptographic keys, and binary data representation. Example: “A” becomes “41”. This is crucial for assessing how the model handles hex-encoded inputs, which are frequently used in malware or obfuscation.

2. Base32 Encodes text using a 32-character set. Example: “hello” becomes “NBSWY3DP”. Often used in data integrity and URL-safe encoding, this ensures the LLM can handle Base32-encoded inputs securely.

3. Base64 A widely used encoding scheme for transmitting data in email and web APIs. Example: “hello” becomes “aGVsbG8=”. Testing with Base64 ensures the LLM can handle encoded data without exposing vulnerabilities.

4. Base85 A compact encoding scheme offering higher data density than Base64. Example: “hello” becomes “BOu!rD”. This encoding is commonly used in secure communications and tests the model’s robustness against high-density encoded inputs.

5. Morse Code Converts text into Morse code dots and dashes. Example: “SOS” becomes “… — …”. This encoding tests how the LLM handles symbolic inputs in alternate communication formats.

6. NATO Phonetic Alphabet Encodes each letter into its NATO phonetic equivalent. Example: “A” becomes “Alpha”. This tests the LLM’s ability to interpret obfuscated instructions using phonetics.

7. Rot18 Combines Rot5 for numbers and Rot13 for letters into a single transformation. This tests the model’s response to dual-layer obfuscation.

8. Rot25 Rotates letters by 25 places, providing another variation of alphabetic rotation testing.

9. Rot32 Applies a 32-character rotation, combining shifts across letters, numbers, and special characters. This is useful for testing nonstandard obfuscation techniques.

10. Rot47 Rotates across the entire printable ASCII range, including symbols. Example: “hello” becomes “%96==@”. This encoding tests the model’s handling of highly obfuscated ASCII inputs.

11. URL Encode Encodes text into a URL-safe format, replacing characters like spaces with %20. Example: “hello world” becomes “hello%20world”. Testing URL-encoded prompts evaluates how well the LLM resists query manipulation attacks.

Applications of Encoded Prompts

Encoded prompts serve as critical tools in adversarial testing, enabling the simulation of real-world attack scenarios. Common applications include:

• Bypassing Input Validation: Test whether the LLM can detect and reject maliciously encoded inputs.

• Obfuscation Testing: Simulate obfuscated attacks to ensure the LLM doesn’t inadvertently decode harmful instructions.

• Robustness Validation: Evaluate the model’s ability to process complex encodings safely without unintended behavior.

Workflow for Encoding Prompts

1. Open the Prompt Attack module.

2. Select an encoding method (free or paid) from the list.

3. Use the encoded prompt to test the LLM and observe its behavior.

Conclusion

Prompt Attack’s Encoding Module is a powerful tool for testing LLMs against obfuscated adversarial inputs. By providing a wide array of encodings—from basic text transformations to advanced cryptographic representations—users can simulate real-world attack scenarios and assess their LLM’s resilience. With both free and paid options available, this module supports comprehensive security testing for modern AI systems.

🚀Create your very own customised adversarial prompt now