CyberChef Ultimate Toolbox from GCHQ

Encoding, encrypting and converting data formats, open source and collected under one roof inside the browser.

Are all government agencies falling in love with GitHub and open sourcing their tools? Of course the recent and hottest headlines belong to NSA’s release of its reverse engineering tool Ghidra,but this latest offering from the UK’s Government Communications Headquarters (GCHQ) should not go unnoticed or be underestimated.

That offering is CyberChef, a general purpose tool, therefore more useful than the specialized and niche Ghidra.It’s a tool that provides functionality that every developer needs for their day-to-day workload. That range of functionality is staggeringly large, ranging from the popular toBase64/fromBase64 and URL encode/decode, to encryption with AES/DES/Blowfish and JWT, to Arithmetic and Logic with calc and bitwise operations, up to Language and Charset conversions.

As such, CyberChef is a tool that can be used in popular scenarios like:

  • Decode a Base64-encoded string
  • Convert a date and time to a different time zone
  • Parse a IPv6 address
  • Convert data from a hexdump, then decompress
  • Decrypt and disassemble shellcode
  • Display multiple timestamps as full dates
  • Carry out different operations on data of different types
  • Use parts of the input as arguments to operations
  • Perform AES decryption, extracting the IV from the beginning of the cipher stream
  • Automatically detect several layers of nested encoding

It would be particularly handy when taking part in Hacking CTF competitions.

And that’s just the tip of the iceberg.The complete list of categories is: 

  • Data format
  • Encryption / Encoding
  • Public Key
  • Arithmetic / Logic
  • Networking
  • Language
  • Utils
  • Date / Time
  • Compression
  • Hashing
  • Code tidy
  • Forensics
  • Multimedia
  • Flow control
  • Other

while from those categories an incomplete list of operations is:

  • HexdumpFrom
  • HexdumpTo
  • HexFrom
  • HexTo
  • CharcodeFrom
  • CharcodeTo
  • DecimalFrom
  • DecimalTo
  • BinaryFrom
  • BinaryTo

  • EncryptAES
  • DecryptBlowfish
  • EncryptBlowfish
  • DecryptDES
  • EncryptDES
  • DecryptTriple
  • EncryptTriple
  • DecryptRC2
  • EncryptRC2
  • DecryptRC4RC4

  • BeautifyJavaScript
  • ParserJavaScript
  • BeautifyJavaScript
  • MinifyJSON
  • BeautifyJSON
  • MinifyXML
  • BeautifyXML
  • MinifySQL
  • BeautifySQL
  • MinifyCSS

  • StringsExtract
  • IPaddressesExtract
  • emailaddressesExtract
  • MACaddressesExtract
  • URLsExtract
  • domainsExtract
  • filepathsExtract
  • expressionXPath
  • expressionJPath
  • EXIFExtract

On top of that you can run operations on files too (you can load files up to 2GB) like compressing and decompressing them, calculating their hashes and checksums.

Until this point you could just consider CyberChef as a beefed up but yet another data format converter.However, CyberChef takes it one step further in allowing you to combine operations into pipes where the output of the previous operation acts as input to the next one. In the following example I first Base64 encode a string and then AES encrypt it.

I can save this two-step operation as a Recipe which can be recalled at any time. As such, instead of keeping collections of snippets which you manually apply step by step onto your input, you can now automate the process similar to using macros.

CyberChef runs exclusively on the client’s browser without any server initiated interaction.Therefore even if you use the live playground version hosted on GCHQ’s Github repo, the secret agents won’t have access to any of the data you submit (for a change!).

More Information ℹ

Inspiring readers to expound the possibilities of the unfolding World