Encoding, encrypting and converting data formats, open source and collected under one roof inside the browser and all thanks to GCHQ - yes, a government intelligence agency.

Are all government agencies falling in love with GHitHub and open sourcing their tools? Of course the recent and hottest headlines belong to NSA's release of its reverse engineering tool Ghidra,but this latest offering from the UK's Government Communications Headquarters (GCHQ) should not go unnoticed or be underestimated.

That offering is CyberChef, a general purpose tool, therefore more useful than the specialized and niche Ghidra.It's a tool that provides functionality that every developer needs for their day-to-day workload. That range of functionality is staggeringly large, ranging from the popular toBase64/fromBase64 and URL encode/decode, to encryption with AES/DES/Blowfish and JWT, to Arithmetic and Logic with calc and bitwise operations, up to Language and Charset conversions.

As such, CyberChef is a tool that can be used in popular scenarios like:

Decode a Base64-encoded string

Convert a date and time to a different time zone

Parse a IPv6 address

Convert data from a hexdump, then decompress

Decrypt and disassemble shellcode

Display multiple timestamps as full dates

Carry out different operations on data of different types

Use parts of the input as arguments to operations

Perform AES decryption, extracting the IV from the beginning of the cipher stream

Automatically detect several layers of nested encoding

It would be particulary handy when taking part in Hacking CTF competitions.

And that's just the tip of the iceberg.The complete list of categories is:

Data format

Encryption / Encoding

Public Key

Arithmetic / Logic

Networking

Language

Utils

Date / Time

Compression

Hashing

Code tidy

Forensics

Multimedia

Flow control

Other

while from those categories an incomplete list of operations is:

HexdumpFrom

HexdumpTo

HexFrom

HexTo

CharcodeFrom

CharcodeTo

DecimalFrom

DecimalTo

BinaryFrom

BinaryTo





EncryptAES

DecryptBlowfish

EncryptBlowfish

DecryptDES

EncryptDES

DecryptTriple

EncryptTriple

DecryptRC2

EncryptRC2

DecryptRC4RC4





BeautifyJavaScript

ParserJavaScript

BeautifyJavaScript

MinifyJSON

BeautifyJSON

MinifyXML

BeautifyXML

MinifySQL

BeautifySQL

MinifyCSS





StringsExtract

IPaddressesExtract

emailaddressesExtract

MACaddressesExtract

URLsExtract

domainsExtract

filepathsExtract

expressionXPath

expressionJPath

EXIFExtract

On top of that you can run operations on files too (you can load files up to 2GB) like compressing and decompressing them, calculating their hashes and checksums.

Until this point you could just consider CyberChef as a beefed up but yet another data format converter.However, CyberChef takes it one step further in allowing you to combine operations into pipes where the output of the previous operation acts as input to the next one. In the following example I first Base64 encode a string and then AES encrypt it:





I can save this two-step operation as a Recipe which can be recalled at any time. As such, instead of keeping collections of snippets which you manually apply step by step onto your input, you can now automate the process similar to using macros.

CyberChef runs exclusively on the client's browser without any server initiated interaction.Therefore even if you use the live playground version hosted on GCHQ's Github repo, the secret agents won't have access to any of the data you submit (for a change!).

As a matter of fact CyberChef can be downloaded as a single bundle from:

https://gchq.github.io/CyberChef/CyberChef_v9.7.1.zip

and be carried around on a USB stick or any other media, handy when there's no network connection and that Hex to Octal conversion just cannot wait. Saying that, there's also a CyberChef server version for those preferring to self-host and provide an API for clients to send CyberChef recipes to be baked. All that available under the Apache 2.0 Licence and also covered by Crown Copyright.

More Information

CyberChef on GitHub

CyberChef live playground version

CyberChef single bundle

Related Articles

A MIT Crash Course On Hacker Tools

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on, Twitter, Facebook or Linkedin.







Comments



Make a Comment or View Existing Comments Using Disqus





or email your comment to: comments@i-programmer.info