Skip to content

Cyberchef

Cyberchef is a simple, intuitive web app for carrying out all manner of "cyber" operations within a web browser. These operations include simple encoding like XOR and Base64, more complex encryption like AES, DES and Blowfish, creating binary and hexdumps, compression and decompression of data, calculating hashes and checksums, ..., changing character encodings, and much more (from the Github sources).

How Cyberchef works

Open the web app. There are many "recipes" (i.e., predefined computations) available on the left part.

One can select a recipe by double-clicking on it or by drag-and-drop. Each recipe takes an input and, when executed, it produces an output. Deselect the "auto-bake" checkbox in the bottom-center part. This way, recipes will not run automatically but only when clicking the "bake" button. This configuration is simpler to handle, I think.

Each recipe also has a set of parameters. For example, recipes for encryption have the key as a parameter; the input is the cleartext while the output is the ciphertext.

Recipes can be chained together so that the output of one is the input of the next one and so on.

Simple application: Base conversion

Conversion between different bases (binary, decimal, hex) can be done with recipes To Base / From Base. For example, To Base (radix 2) with input 7 will output 111.

Do not use To Hex, To Octal, To Binary and alike: those recipes operate on the internal representation of characters, not on characters considered as digits in a specified base of representation. For example, To Decimal with input 7 will output 55, i.e., the ASCII encoding of that characters. Simialrly, To Binary with input 7 will output 00110111, i.e., the binary representation of 55.

URL Encoding (FORM data)

This encoding format is such that the (encoded) output contains only characters that can be part of an URL (for example, spaces cannot be part of an URL).

It is widely used in the web. In particular, data inserted in an HTML form and sent in an HTTP request is URL encoded.

Take a moment to realize the countless applications of HTML forms. For example, if you write an email on a webapp, the text of the email is part of an HTML form thus your text will be sent to the server URL encoded. If you buy something online, your home address for delivery is part of an HTML form thus it will be sent to the server URL encoded. Lots of data that your browser sends are URL encoded.

You may URL encode and URL decode with Cyberchef:

  • Select the 'URL encoding' recipe.
  • Write some text in the input field and have a look at the encoding. This is how the input data would be sent by a browser.
  • Copy the encoding and save it somewhere.
  • Discard the recipe and select the 'URL decoding' recipe.
  • Insert the previously saved encoding as input and verify that the output is the expected one.

Base64

This encoding format is such that the (encoded) output consists of ASCII data. It is widely used, in particular, when binary data have to be used in contexts where text data is expected. Important examples are given below: HTTP Basic Authentication credentials and Email attachments.

Base64 encoding represents every sequence of 6 bits as an ASCII character (thus the encoded form will be longer than the original: you need 8 bits for encoding 6 bits). The encoding table is a standard that be found in many places, e.g., on Wikipedia. Certain predefined padding rules allow encoding byte sequences whose length is not a multiple of 6 bits.

You may Base64 encode and Base64 decode with Cyberchef:

  • Select the 'To Base64' recipe.
  • Encode an hypothetical username or mail address or password and have a look at the encoding.
  • Copy the encoding and save it somewhere.
  • Discard the recipe and select the 'From Base64' recipe.
  • Insert the previously saved encoding as input and verify that the output is the expected one.

HTTP Basic Authentication Credentials

Username and password in HTTP Basic authentication are separated by a colon (:) and sent Base64-encoded. Search basic auth header generator: you will find several web sites that take an username and password as input and output the corresponding HTTP Authorization header (of course, do not insert your real credentials in any such site!).

Once you have the Base64 encoding of some credentials, try to decode them with Cyberchef:

  • Select a "From Base64" recipe.
  • Insert the saved credentials as input.
  • Verify that the output has the expected content, i.e., username:password.

Important observation: given a Base64-encoded snippet, the corresponding decoding is a mechanic operation that does not require the knowledge of any secret. In other words, anyone that observes a Base64-encoded snippet is able to reverse the encoding and obtain the original snippet. Encoding has thus nothing to do with "encryption".

Email attachments

This topic is out of scope, i.e., it is not part of the course.

Files sent as email attachments are Base64-encoded before sending and inserted in the body of the email.

The email must contain some information for: - enabling the receiver to realize that (part of) the email body is Base64-encoded, i.e., that it has to be Base64-decoded before being presented to the receiving user; - indicating the filename of the corresponding part; - indicating how the email body is to be split between attachments and normal text.

Such information is usually provided by means of dedicated email headers.