So I wrote a quickie to take a string, massage it to the right byte order, and slap it to STDOUT, which the analyst can then redirect to a file or whatever. If there is a much easier way to do this, I’m all ears.
#!/usr/bin/python import binascii import sys import re # print usage if args wrong if len(sys.argv) > 2 or len(sys.argv) < 2: print "Usage: " + sys.argv + " <string to decode>" print "where string is something like '%u30CC%u4560'" print "Keep in mind this only works for unicode 16-bit" print "which means 2 bytes (four hexadecimal chars with %u" print "in front of them)." sys.exit() # convert string to upper since we don't care string = sys.argv.upper() # clean up the string for processing, do some rudimentary input validation if re.findall(r'[^UA-F0-9\\%]', string): print "invalid string submitted\nonly the following chars are allowed:" print ''' % \ u U A-F a-f 0-9 ' " ''' sys.exit() string = string.strip('"').strip("'") string = re.sub(r'(%|\\)[U]', '', string) # check one last time that we have only hex if re.findall(r'[^A-F0-9]', string): print "invalid string submitted\nonly the following chars are allowed:" print ''' % \ u U A-F a-f 0-9 ' " ''' sys.exit() # split up the string, do our stuff with hex a =  for i in string: a.append(i) if len(a) % 4 != 0: print "you are missing some characters, must be in groups of 4" print "did your copy mess up?" sys.exit() b = "" while len(a) > 0: b1 = a.pop(0) + a.pop(0) b2 = a.pop(0) + a.pop(0) b = b + b2 + b1 result = binascii.a2b_hex(b) sys.stdout.write(result)