[HN Gopher] CyberChef from GCHQ: Cyber Swiss Army Knife
___________________________________________________________________
CyberChef from GCHQ: Cyber Swiss Army Knife
Author : _xerces_
Score : 117 points
Date : 2024-02-01 19:01 UTC (3 hours ago)
(HTM) web link (gchq.github.io)
(TXT) w3m dump (gchq.github.io)
| saagarjha wrote:
| CyberChef is really useful, and it runs locally, so you never
| have to send your sensitive data to some random server anymore.
| The "recipes" feature is quite powerful, too, but I think my
| favorite thing about it is that I can often just paste random
| data in and run the "Magic" script and it'll try to guess the
| data format for me.
| nailer wrote:
| > you never have to send your sensitive data to some random
| server anymore
|
| If you live in the UK you are already sending one entire month
| of your full personal communications, and three months of your
| communications metadata, to this government organisation.
| Pardon the off-topic rant.
| meowface wrote:
| Do we have decent reason to believe this is no longer the
| case for US citizens and the NSA, post-Snowden?
| LelouBil wrote:
| I never realized it was a UK governemnt agency developing this !
| seanhunter wrote:
| Yes. GCHQ is the signals intelligence agency that grew out of
| the work at Bletchley Park on code breaking in WW2. So the UK's
| version of the NSA.
|
| https://www.gchq.gov.uk/ <- this is their website.[1]
|
| [1] If you click on it they will be able to track you down via
| your IP address and super seekret cyberspy-fu. Just kidding.
| .... or am I? Actually I really am. I have no way of knowing
| either way. Or do I? I mean, how would you know? I really don't
| though. At least as far as you know.
| mindcrime wrote:
| _If you click on it they will be able to track you down via
| your IP address and super seekret cyberspy-fu. Just kidding.
| .... or am I? Actually I really am. I have no way of knowing
| either way. Or do I? I mean, how would you know? I really don
| 't though. At least as far as you know._
|
| Only if they know Visual Basic.
| function_seven wrote:
| Well, this _is_ a GUI, so it stands to reason that they 're
| experts in Visual Basic.
| airblade wrote:
| Actually the NSA is the US's version of GCHQ.
| JetSetIlly wrote:
| GCHQ was the cover name for Bletchley Park but the
| organisation's name at the time was GC&CS which was
| established in 1919. So very old and surprisingly predates
| WW2
| RobinL wrote:
| Yes. This is actually (as far as I know) by far the most
| popular UK gov repo on GitHub in terms of number of stars -
| kudos to the devs!
| Havoc wrote:
| I had always assumed it's just a username too
| _xerces_ wrote:
| I love how you can build complex operations from each of the
| simple primitives like From Hex->Uppercase->XOR->Remove NULL->To
| Hex and save them as a recipe. It reminds me of the Linux command
| line where each program is simple but you can pipe the output of
| one into another to create a chain that can perform complex data
| processing.
| mindcrime wrote:
| How did I not know about this until just now? VERY cool. I'll
| definitely be using this going forward!
| spydum wrote:
| Literally one of my favorite tools for years. The recipe idea
| and chaining, plus the crazy list of ingredients is super
| useful if anybody does CTFs.. much faster than throwing
| together some bits of Python
| declaredapple wrote:
| What use cases are you using it for?
|
| I haven't used it a ton, but I've found the UI to be clunkly
| and somewhat difficult to figure out compared to using the
| shell with jq
| _xerces_ wrote:
| I use it for deobfuscation, decryption, base64 en/decode
| and and sometimes just for converting hex to readable
| strings or vice versa via copy paste and no effort. It can
| switch up endianness, sort out network packet data, etc.
|
| For even less effort there is a MAGIC function where you
| just dump some bytes (sometimes with a from/to hex block
| first) and it tries to make sense of them for you.
|
| It saves me writing custom C or Python scripts every time I
| want to manipulate or analyze some data.
| pbhjpbhj wrote:
| I use it for parsing/formatting out text data instead of
| Excel because I don't have access to a shell and my
| JavaScript is rusty enough that it is quicker to put
| regexes in CyberChef than use jsfiddle. Before I found it I
| was using an online regex tool for that; simple dedupe, and
| line counting made it worthwhile shifting.
| EvanAnderson wrote:
| Same here. I did a CTF last year and spent much of it just
| sitting in CyberChef.
| signalblur wrote:
| Don't forget to turn on Geocities mode (Settings > Theme >
| Geocities)
| 2024throwaway wrote:
| And don't forget to turn it immediately off.
| EvanAnderson wrote:
| I find CyberChef immensely when I'm doing RE work that for things
| that I'd otherwise have to write little snippets of code to do. I
| can get a lot of the simple text manipulation stuff done w/
| hexdump, cut, tr, sed, etc. I find CyberChef easier to use when
| I'm doing operations on binary blobs.
|
| I particularly like easily doing encryption and decryption.
| Lately I seem to find many "secrets" (database connection
| strings, API keys, etc) in software I'm RE'ing stored as
| base64-encoded AES-encrypted blobs w/ the key sitting right
| beside them as a base64-encoded blob.
| dang wrote:
| Related. Others?
|
| _UK GCHQ 's CyberChef_ -
| https://news.ycombinator.com/item?id=38790631 - Dec 2023 (2
| comments)
|
| _CyberChef 10_ - https://news.ycombinator.com/item?id=35265228 -
| March 2023 (2 comments)
|
| _CyberChef - The Cyber Swiss Army Knife_ -
| https://news.ycombinator.com/item?id=32699420 - Sept 2022 (24
| comments)
|
| _CyberChef - The Cyber Swiss Army Knife_ -
| https://news.ycombinator.com/item?id=29982286 - Jan 2022 (54
| comments)
|
| _CyberChef - Cyber Swiss Army Knife_ -
| https://news.ycombinator.com/item?id=20767183 - Aug 2019 (59
| comments)
|
| _CyberChef - The Cyber Swiss Army Knife_ -
| https://news.ycombinator.com/item?id=20543810 - July 2019 (1
| comment)
|
| _CyberChef - The Cyber Swiss Army Knife_ -
| https://news.ycombinator.com/item?id=13099687 - Dec 2016 (1
| comment)
|
| _CyberChef - A Cyber Swiss Army Knife_ -
| https://news.ycombinator.com/item?id=13056254 - Nov 2016 (139
| comments)
| softblush wrote:
| Too bad there hasn't been any development at all since July 2023
| 2024throwaway wrote:
| Is there a feature you're missing?
| mianm wrote:
| It's always useful to be able to use the operation it can provide
| to check if your data is a Numberwang.
| billy99k wrote:
| I use this a lot. Especially for base64 and urlencoding.
| baconhigh wrote:
| From the last time;
|
| protip: Open the JS console (F12 / inspect) and start the
| CyberChef challenges!
|
| 43 6f 6e 67 72 61 74 75 6c 61 74 69 6f 6e 73 2c 20 79 6f 75 20 68
| 61 76 65 20 63 6f 6d 70 6c 65 74 65 64 20 43 79 62 65 72 43 68 65
| 66 20 63 68 61 6c 6c 65 6e 67 65 20 23 31 21 0a 0a 54 68 69 73 20
| 63 68 61 6c 6c 65 6e 67 65 20 65 78 70 6c 6f 72 65 64 20 68 65 78
| 61 64 65 63 69 6d 61 6c 20 65 6e 63 6f 64 69 6e 67 2e 20 54 6f 20
| 6c 65 61 72 6e 20 6d 6f 72 65 2c 20 76 69 73 69 74 20 77 69 6b 69
| 70 65 64 69 61 2e 6f 72 67 2f 77 69 6b 69 2f 48 65 78 61 64 65 63
| 69 6d 61 6c 2e 0a 0a 54 68 65 20 63 6f 64 65 20 66 6f 72 20 74 68
| 69 73 20 63 68 61 6c 6c 65 6e 67 65 20 69 73 20 39 64 34 63 62 63
| 65 66 2d 62 65 35 32 2d 34 37 35 31 2d 61 32 62 32 2d 38 33 33 38
| 65 36 34 30 39 34 31 36 20 28 6b 65 65 70 20 74 68 69 73 20 70 72
| 69 76 61 74 65 29 2e 0a 0a 54 68 65 20 6e 65 78 74 20 63 68 61 6c
| 6c 65 6e 67 65 20 63 61 6e 20 62 65 20 66 6f 75 6e 64 20 61 74 20
| 68 74 74 70 73 3a 2f 2f 70 61 73 74 65 62 69 6e 2e 63 6f 6d 2f 47
| 53 6e 54 41 6d 6b 56 2e
| edm0nd wrote:
| I keep this open for usage during CTFs.
|
| Its freaking awesome!
| tamimio wrote:
| I use Ciphey instead in any reverse engineering stuff, far
| better.
|
| https://github.com/ciphey/ciphey
| markus_zhang wrote:
| Thinking about write one but for native. There are a lot of web
| based ones already.
___________________________________________________________________
(page generated 2024-02-01 23:01 UTC)