This fork extends CyberChef with workflow-oriented payment cryptography tooling for engineering, debugging, interoperability, development, QA, and standards exploration — including for systems built for regulated payment environments. The upstream CyberChef is merged weekly.
cyberchef.jacobmarks.com — live demo
- Full workflow library with screenshots and recipe catalog: J8k3/CyberChef-Payments
- Payment domain knowledge: J8k3/Payments
All payment operations appear in the CyberChef UI under the Payments category. Source: src/core/operations/.
- Pipeline-inspectable workflow tooling for EMV, PIN, DUKPT, MAC, key management, and HSM command parsing
- Operations composable with CyberChef’s full recipe model — chain, breakpoint, share as URL
- Local-first: all computation runs in the browser, no cloud account or HSM needed
- Weekly upstream sync with gchq/CyberChef
Current payment operation coverage:
- EMV ARQC/ARPC generation and verification; issuer-script MAC and PIN change
- PIN block build, parse, and encrypted translation between zone keys (ISO 9564 formats 0, 1, 3)
- DUKPT TDES key derivation (ANSI X9.24-1, 10-byte KSN, IPEK-based)
- DUKPT AES key derivation (ANSI X9.24-3, 12-byte KSN, IK-based, AES-128)
- MAC: AES-CMAC, TDES-CMAC, HMAC, ISO 9797-1, AS2805, DUKPT variants
- Card validation data: CVV/CVC, CVV2/CVC2, iCVV; IBM 3624 PIN offset; VISA PVV
- PAN generation and parsing across major card networks
- Key management: generation, KCV, component split/combine, ECDH, TR-31/TR-34 parsing
- HSM command parsing: Thales payShield and Futurex Excrypt transport-syntax triage
These extensions emulate payment HSM-style workflows and may not model every vendor-specific edge case. Validation focuses on standards alignment, known vectors, and comparison with AWS Payment Cryptography behavior where comparable APIs are available.
Cryptographic operations in CyberChef should not be relied upon to provide security in any situation. No guarantee is offered for their correctness.
- Not a certified HSM or PCI-scoped control
- Not a replacement for production cryptographic infrastructure
- Not intended for use with production keys, real PANs, or live PIN blocks
A small selection — for the full workflow library with walkthroughs, screenshots, and cross-validation notes, see J8k3/CyberChef-Payments.
- EMV: generate ARQC
- EMV: generate ARPC issuer response
- DUKPT TDES: derive IPEK from BDK
- PIN Block Translate Encrypted: re-key between ZPKs
- Card validation: generate CVV2
- HSM: parse Thales payShield command
- TR-31: parse and inspect key block
A live demo can be found at cyberchef.jacobmarks.com
Prerequisites
- Docker
- Docker Desktop must be open and running on your machine
- Build the docker image
docker build --tag cyberchef --ulimit nofile=10000 .- Run the docker container
docker run -it -p 8080:8080 cyberchef- Navigate to
http://localhost:8080in your browser
There are four main areas in CyberChef:
- The input box in the top right, where you can paste, type or drag the text or file you want to operate on.
- The output box in the bottom right, where the outcome of your processing will be displayed.
- The operations list on the far left, where you can find all the operations that CyberChef is capable of in categorised lists, or by searching.
- The recipe area in the middle, where you can drag the operations that you want to use and specify arguments and options.
You can use as many operations as you like in simple or complex ways. Some examples are as follows:
- Decode a Base64-encoded string
- Convert a date and time to a different time zone
- Parse a Teredo IPv6 address
- Convert data from a hexdump, then decompress
- Decrypt and disassemble shellcode
- Display multiple timestamps as full dates
- Carry out different operations on data of different types
- Use parts of the input as arguments to operations
- Perform AES decryption, extracting the IV from the beginning of the cipher stream
- Automagically detect several layers of nested encoding
- Drag and drop
- Operations can be dragged in and out of the recipe list, or reorganised.
- Files up to 2GB can be dragged over the input box to load them directly into the browser.
- Auto Bake
- Whenever you modify the input or the recipe, CyberChef will automatically "bake" for you and produce the output immediately.
- This can be turned off and operated manually if it is affecting performance (if the input is very large, for instance).
- Automated encoding detection
- CyberChef uses a number of techniques to attempt to automatically detect which encodings your data is under. If it finds a suitable operation that make sense of your data, it displays the 'magic' icon in the Output field which you can click to decode your data.
- Breakpoints
- You can set breakpoints on any operation in your recipe to pause execution before running it.
- You can also step through the recipe one operation at a time to see what the data looks like at each stage.
- Save and load recipes
- If you come up with an awesome recipe that you know you’ll want to use again, just click "Save recipe" and add it to your local storage. It'll be waiting for you next time you visit CyberChef.
- You can also copy the URL, which includes your recipe and input, to easily share it with others.
- Search
- If you know the name of the operation you want or a word associated with it, start typing it into the search field and any matching operations will immediately be shown.
- Highlighting
- When you highlight text in the input or output, the offset and length values will be displayed and, if possible, the corresponding data will be highlighted in the output or input respectively (example: highlight the word 'question' in the input to see where it appears in the output).
- Save to file and load from file
- You can save the output to a file at any time or load a file by dragging and dropping it into the input field. Files up to around 2GB are supported (depending on your browser), however, some operations may take a very long time to run over this much data.
- CyberChef is entirely client-side
- It should be noted that none of your recipe configuration or input (either text or files) is ever sent to the CyberChef web server - all processing is carried out within your browser, on your own computer.
- Due to this feature, CyberChef can be downloaded and run locally. You can use the link in the top left corner of the app to download a full copy of CyberChef and drop it into a virtual machine, share it with other people, or host it in a closed network.
By manipulating CyberChef's URL hash, you can change the initial settings with which the page opens.
The format is https://cyberchef.jacobmarks.com/#recipe=Operation()&input=...
Supported arguments are recipe, input (encoded in Base64), and theme.
CyberChef is built to support
- Google Chrome 50+
- Mozilla Firefox 38+
CyberChef is built to fully support Node.js v24. For more information, see the "Node API" wiki page
Contributing a new operation to CyberChef is super easy! The quickstart script will walk you through the process. If you can write basic JavaScript, you can write a CyberChef operation.
An installation walkthrough, how-to guides for adding new operations and themes, descriptions of the repository structure, available data types and coding conventions can all be found in the "Contributing" wiki page.
- Push your changes to your fork.
- Submit a pull request. If you are doing this for the first time, you will be prompted to sign the GCHQ Contributor Licence Agreement via the CLA assistant on the pull request. This will also ask whether you are happy for GCHQ to contact you about a token of thanks for your contribution, or about job opportunities at GCHQ.
CyberChef is released under the Apache 2.0 Licence and is covered by Crown Copyright.