cyberchef 10.24.0 → 11.1.0

package/src/core/operations/AESEncrypt.mjs

@@ -8,6 +8,7 @@ import Operation from "../Operation.mjs";
 import Utils from "../Utils.mjs";
 import forge from "node-forge";
 import OperationError from "../errors/OperationError.mjs";
+import { toHexFast } from "../lib/Hex.mjs";
 
 /**
  * AES Encrypt operation
@@ -92,6 +93,11 @@ class AESEncrypt extends Operation {
                 "type": "toggleString",
                 "value": "",
                 "toggleValues": ["Hex", "UTF8", "Latin1", "Base64"]
+            },
+            {
+                "name": "Include IV in output",
+                "type": "option",
+                "value": ["Off", "Prepend", "Append"]
             }
         ];
     }
@@ -107,10 +113,11 @@ class AESEncrypt extends Operation {
         const key = Utils.convertToByteString(args[0].string, args[0].option),
             iv = Utils.convertToByteString(args[1].string, args[1].option),
             mode = args[2].split("/")[0],
-            noPadding =  args[2].endsWith("NoPadding"),
+            noPadding = args[2].endsWith("NoPadding"),
             inputType = args[3],
             outputType = args[4],
-            aad = Utils.convertToByteString(args[5].string, args[5].option);
+            aad = Utils.convertToByteString(args[5].string, args[5].option),
+            includeIV = args[6];
 
         if ([16, 24, 32].indexOf(key.length) < 0) {
             throw new OperationError(`Invalid key length: ${key.length} bytes
@@ -133,26 +140,34 @@ The following algorithms will be used based on the size of the key:
             additionalData: mode === "GCM" ? aad : undefined
         });
         if (noPadding) {
-            cipher.mode.pad = function(output, options) {
+            cipher.mode.pad = function (output, options) {
                 return true;
             };
         }
         cipher.update(forge.util.createBuffer(input));
         cipher.finish();
 
+        let output = cipher.output.getBytes();
+
+        if (includeIV === "Prepend") {
+            output = iv + output;
+        } else if (includeIV === "Append") {
+            output = output + iv;
+        }
+
         if (outputType === "Hex") {
+            output = toHexFast(Utils.strToByteArray(output));
+
             if (mode === "GCM") {
-                return cipher.output.toHex() + "\n\n" +
+                return output + "\n\n" +
                     "Tag: " + cipher.mode.tag.toHex();
             }
-            return cipher.output.toHex();
-        } else {
-            if (mode === "GCM") {
-                return cipher.output.getBytes() + "\n\n" +
-                    "Tag: " + cipher.mode.tag.getBytes();
-            }
-            return cipher.output.getBytes();
+        } else if (mode === "GCM") {
+            return output + "\n\n" +
+                "Tag: " + cipher.mode.tag.getBytes();
         }
+
+        return output;
     }
 
 }

package/src/core/operations/BLAKE3.mjs

@@ -6,7 +6,10 @@
 
 import Operation from "../Operation.mjs";
 import OperationError from "../errors/OperationError.mjs";
-import { blake3 } from "hash-wasm";
+import Utils from "../Utils.mjs";
+import { blake3 } from "@noble/hashes/blake3.js";
+import { bytesToHex } from "@noble/hashes/utils.js";
+
 /**
  * BLAKE3 operation
  */
@@ -44,13 +47,16 @@ class BLAKE3 extends Operation {
     run(input, args) {
         const key = args[1];
         const size = args[0];
-        // Check if the user want a key hash or not
-        if (key === "") {
-            return blake3(input, size*8);
-        } if (key.length !== 32) {
-            throw new OperationError("The key must be exactly 32 bytes long");
+        const opts = { dkLen: size };
+        const inputBytes = new Uint8Array(Utils.strToArrayBuffer(input));
+        if (key !== "") {
+            const keyBytes = new Uint8Array(Utils.strToArrayBuffer(key));
+            if (keyBytes.length !== 32) {
+                throw new OperationError("The key must be exactly 32 bytes long");
+            }
+            opts.key = keyBytes;
         }
-        return blake3(input, size*8, key);
+        return bytesToHex(blake3(inputBytes, opts));
     }
 
 }

package/src/core/operations/BSONDeserialise.mjs

@@ -5,7 +5,7 @@
  */
 
 import Operation from "../Operation.mjs";
-import bson from "bson";
+import { deserialize } from "bson";
 import OperationError from "../errors/OperationError.mjs";
 
 /**
@@ -37,7 +37,7 @@ class BSONDeserialise extends Operation {
         if (!input.byteLength) return "";
 
         try {
-            const data = bson.deserialize(new Buffer(input));
+            const data = deserialize(new Uint8Array(input));
             return JSON.stringify(data, null, 2);
         } catch (err) {
             throw new OperationError(err.toString());

package/src/core/operations/BSONSerialise.mjs

@@ -5,7 +5,7 @@
  */
 
 import Operation from "../Operation.mjs";
-import bson from "bson";
+import { serialize } from "bson";
 import OperationError from "../errors/OperationError.mjs";
 
 /**
@@ -38,7 +38,8 @@ class BSONSerialise extends Operation {
 
         try {
             const data = JSON.parse(input);
-            return bson.serialize(data).buffer;
+            const result = serialize(data);
+            return result.buffer.slice(result.byteOffset, result.byteOffset + result.byteLength);
         } catch (err) {
             throw new OperationError(err.toString());
         }

package/src/core/operations/Bcrypt.mjs

@@ -43,7 +43,7 @@ class Bcrypt extends Operation {
         const rounds = args[0];
         const salt = await bcrypt.genSalt(rounds);
 
-        return await bcrypt.hash(input, salt, null, p => {
+        return await bcrypt.hash(input, salt, undefined, p => {
             // Progress callback
             if (isWorkerEnvironment())
                 self.sendStatusMessage(`Progress: ${(p * 100).toFixed(0)}%`);

package/src/core/operations/BcryptCompare.mjs

@@ -43,7 +43,7 @@ class BcryptCompare extends Operation {
     async run(input, args) {
         const hash = args[0];
 
-        const match = await bcrypt.compare(input, hash, null, p => {
+        const match = await bcrypt.compare(input, hash, undefined, p => {
             // Progress callback
             if (isWorkerEnvironment())
                 self.sendStatusMessage(`Progress: ${(p * 100).toFixed(0)}%`);

package/src/core/operations/DecodeText.mjs

@@ -5,6 +5,7 @@
  */
 
 import Operation from "../Operation.mjs";
+import OperationError from "../errors/OperationError.mjs";
 import cptable from "codepage";
 import {CHR_ENC_CODE_PAGES} from "../lib/ChrEnc.mjs";
 
@@ -48,6 +49,9 @@ class DecodeText extends Operation {
      */
     run(input, args) {
         const format = CHR_ENC_CODE_PAGES[args[0]];
+        if (!format) {
+            throw new OperationError("Invalid encoding");
+        }
         return cptable.utils.decode(format, new Uint8Array(input));
     }
 

package/src/core/operations/EncodeText.mjs

@@ -5,6 +5,7 @@
  */
 
 import Operation from "../Operation.mjs";
+import OperationError from "../errors/OperationError.mjs";
 import cptable from "codepage";
 import {CHR_ENC_CODE_PAGES} from "../lib/ChrEnc.mjs";
 
@@ -48,6 +49,9 @@ class EncodeText extends Operation {
      */
     run(input, args) {
         const format = CHR_ENC_CODE_PAGES[args[0]];
+        if (!format) {
+            throw new OperationError("Invalid encoding");
+        }
         const encoded = cptable.utils.encode(format, input);
         return new Uint8Array(encoded).buffer;
     }

package/src/core/operations/EscapeSmartCharacters.mjs

@@ -0,0 +1,129 @@
+/**
+ * @author HarelKatz [github.com/HarelKatz]
+ * @copyright Crown Copyright 2026
+ * @license Apache-2.0
+ */
+
+import Operation from "../Operation.mjs";
+
+/**
+ * Escape Smart Characters operation
+ */
+class EscapeSmartCharacters extends Operation {
+
+    /**
+     * EscapeSmartCharacters constructor
+     */
+    constructor() {
+        super();
+
+        this.name = "Escape Smart Characters";
+        this.module = "Default";
+        this.description = "Converts smart (typographic) Unicode characters — e.g. smart quotes, em/en dashes, ellipses, ©, ®, ™, arrows — into their plain ASCII equivalents.<br><br>Characters with no ASCII mapping (e.g. <code>☣</code>) are handled according to the 'Unmappable characters' option.<br><br>e.g. <code>“Hello” — world…</code> becomes <code>\"Hello\" -- world...</code>";
+        this.infoURL = "";
+        this.inputType = "string";
+        this.outputType = "string";
+        this.args = [
+            {
+                name: "Unmappable characters",
+                type: "option",
+                value: ["Include", "Remove", "Replace with '.'"]
+            }
+        ];
+    }
+
+    /**
+     * @param {string} input
+     * @param {Object[]} args
+     * @returns {string}
+     */
+    run(input, args) {
+        const [unmappable] = args;
+        let result = "";
+        for (const ch of input) {
+            if (ch.codePointAt(0) < 128) {
+                result += ch;
+            } else if (Object.prototype.hasOwnProperty.call(SMART_MAP, ch)) {
+                result += SMART_MAP[ch];
+            } else {
+                switch (unmappable) {
+                    case "Remove":
+                        break;
+                    case "Replace with '.'":
+                        result += ".";
+                        break;
+                    case "Include":
+                    default:
+                        result += ch;
+                        break;
+                }
+            }
+        }
+        return result;
+    }
+
+}
+
+const SMART_MAP = {
+    // Smart double quotes
+    "“": "\"",   // “ left double quotation mark
+    "”": "\"",   // ” right double quotation mark
+    "„": "\"",   // „ double low-9 quotation mark
+    "‟": "\"",   // ‟ double high-reversed-9 quotation mark
+    "″": "\"",   // ″ double prime
+
+    // Smart single quotes / apostrophes
+    "‘": "'",    // ‘ left single quotation mark
+    "’": "'",    // ’ right single quotation mark / apostrophe
+    "‚": "'",    // ‚ single low-9 quotation mark
+    "‛": "'",    // ‛ single high-reversed-9 quotation mark
+    "′": "'",    // ′ prime
+
+    // Dashes & hyphens
+    "‐": "-",    // ‐ hyphen
+    "‑": "-",    // ‑ non-breaking hyphen
+    "‒": "-",    // ‒ figure dash
+    "–": "-",    // – en dash
+    "—": "--",   // — em dash
+    "―": "--",   // ― horizontal bar
+
+    // Ellipsis
+    "…": "...",  // …
+
+    // Trademark / copyright symbols
+    "©": "(c)",  // ©
+    "®": "(r)",  // ®
+    "™": "(tm)", // ™
+
+    // Arrows
+    "←": "<--",  // ←
+    "→": "-->",  // →
+    "↑": "^",    // ↑
+    "↓": "v",    // ↓
+    "↔": "<->",  // ↔
+    "⇐": "<==",  // ⇐
+    "⇒": "==>",  // ⇒
+    "⇔": "<=>",  // ⇔
+
+    // Guillemets
+    "«": "<<",   // «
+    "»": ">>",   // »
+    "‹": "<",    // ‹
+    "›": ">",    // ›
+
+    // Math & misc symbols
+    "×": "x",    // ×
+    "÷": "/",    // ÷
+    "±": "+/-",  // ±
+    "•": "*",    // •
+    "·": ".",    // ·
+
+    // Non-ASCII spaces
+    "\u00A0": " ",    // NBSP
+    "\u2002": " ",    // en space
+    "\u2003": " ",    // em space
+    "\u2009": " ",    // thin space
+    "\u200A": " "     // hair space
+};
+
+export default EscapeSmartCharacters;

package/src/core/operations/FromPunycode.mjs

@@ -5,7 +5,7 @@
  */
 
 import Operation from "../Operation.mjs";
-import punycode from "punycode";
+import punycode from "punycode.js";
 
 /**
  * From Punycode operation

package/src/core/operations/GenerateLoremIpsum.mjs

@@ -8,6 +8,10 @@ import Operation from "../Operation.mjs";
 import OperationError from "../errors/OperationError.mjs";
 import { GenerateParagraphs, GenerateSentences, GenerateWords, GenerateBytes } from "../lib/LoremIpsum.mjs";
 
+// arbitrary limits set to avoid DoS by requesting ridiculous amounts of data
+const maxLoremWords = 100_000; // same limit also used for paragraphs/sentences
+const maxLoremCharacters = 1_000_000;
+
 /**
  * Generate Lorem Ipsum operation
  */
@@ -47,9 +51,7 @@ class GenerateLoremIpsum extends Operation {
      */
     run(input, args) {
         const [length, lengthType] = args;
-        if (length < 1) {
-            throw new OperationError("Length must be greater than 0");
-        }
+        checkLimits(lengthType, length);
         switch (lengthType) {
             case "Paragraphs":
                 return GenerateParagraphs(length);
@@ -68,3 +70,32 @@ class GenerateLoremIpsum extends Operation {
 }
 
 export default GenerateLoremIpsum;
+
+/**
+ * check combined validity of lengthType and length arguments
+ * @param {string} lengthType
+ * @param {number} length
+ * @throws {OperationError}
+ */
+function checkLimits(lengthType, length) {
+    if (length < 1) {
+        throw new OperationError("Length must be greater than 0");
+    }
+
+    switch (lengthType) {
+        case "Paragraphs":
+        case "Sentences":
+        case "Words":
+            if (length > maxLoremWords) {
+                throw new OperationError("Length must be less than " + maxLoremWords);
+            }
+            break;
+        case "Bytes":
+            if (length > maxLoremCharacters) {
+                throw new OperationError("Length must be less than " + maxLoremCharacters);
+            }
+            break;
+        default:
+            throw new OperationError("Invalid length type");
+    }
+}

package/src/core/operations/GeneratePGPKeyPair.mjs

@@ -12,6 +12,7 @@ import { getSubkeySize, ASP } from "../lib/PGP.mjs";
 import { cryptNotice } from "../lib/Crypt.mjs";
 import * as es6promisify from "es6-promisify";
 const promisify = es6promisify.default ? es6promisify.default.promisify : es6promisify.promisify;
+const KEY_FLAGS = kbpgp.const.openpgp.key_flags;
 
 
 /**
@@ -73,11 +74,11 @@ class GeneratePGPKeyPair extends Operation {
         if (name) userIdentifier += name;
         if (email) userIdentifier += ` <${email}>`;
 
-        let flags = kbpgp.const.openpgp.certify_keys;
-        flags |= kbpgp.const.openpgp.sign_data;
-        flags |= kbpgp.const.openpgp.auth;
-        flags |= kbpgp.const.openpgp.encrypt_comm;
-        flags |= kbpgp.const.openpgp.encrypt_storage;
+        let flags = KEY_FLAGS.certify_keys;
+        flags |= KEY_FLAGS.sign_data;
+        flags |= KEY_FLAGS.auth;
+        flags |= KEY_FLAGS.encrypt_comm;
+        flags |= KEY_FLAGS.encrypt_storage;
 
         const keyGenerationOptions = {
             userid: userIdentifier,
@@ -89,11 +90,11 @@ class GeneratePGPKeyPair extends Operation {
             },
             subkeys: [{
                 "nbits": getSubkeySize(keySize),
-                "flags": kbpgp.const.openpgp.sign_data,
+                "flags": KEY_FLAGS.sign_data,
                 "expire_in": 86400 * 365 * 8
             }, {
                 "nbits": getSubkeySize(keySize),
-                "flags": kbpgp.const.openpgp.encrypt_comm | kbpgp.const.openpgp.encrypt_storage,
+                "flags": KEY_FLAGS.encrypt_comm | KEY_FLAGS.encrypt_storage,
                 "expire_in": 86400 * 365 * 2
             }],
             asp: ASP

package/src/core/operations/PGPSign.mjs

@@ -0,0 +1,83 @@
+/**
+ * @author GCHQDeveloper581
+ * @copyright Crown Copyright 2026
+ * @license Apache-2.0
+ */
+
+import Operation from "../Operation.mjs";
+import kbpgp from "kbpgp";
+import { ASP, importPrivateKey } from "../lib/PGP.mjs";
+import OperationError from "../errors/OperationError.mjs";
+import * as es6promisify from "es6-promisify";
+const promisify = es6promisify.default ? es6promisify.default.promisify : es6promisify.promisify;
+
+/**
+ * PGP Sign operation
+ */
+class PGPSign extends Operation {
+
+    /**
+     * PGPSign constructor
+     */
+    constructor() {
+        super();
+
+        this.name = "PGP Sign";
+        this.module = "PGP";
+        this.description = [
+            "Input: the message you want to sign",
+            "<br><br>",
+            "Arguments: the ASCII-armoured PGP private key of the sender.",
+            "<br><br>",
+            "Pretty Good Privacy is an encryption standard (OpenPGP) used for encrypting, decrypting, and signing messages.",
+            "<br><br>",
+            "This function uses the Keybase implementation of PGP.",
+        ].join("\n");
+        this.infoURL = "https://wikipedia.org/wiki/Pretty_Good_Privacy"; // Usually a Wikipedia link. Remember to remove localisation (i.e. https://wikipedia.org/etc rather than https://en.wikipedia.org/etc)
+        this.inputType = "string";
+        this.outputType = "string";
+        this.args = [
+            {
+                "name": "Private key of signer",
+                "type": "text",
+                "value": ""
+            },
+            {
+                "name": "Private key passphrase (optional)",
+                "type": "string",
+                "value": ""
+            }
+        ];
+    }
+
+    /**
+     * @param {string} input
+     * @param {Object[]} args
+     * @returns {string}
+     *
+     * @throws {OperationError} if failed private key import or failed encryption
+     */
+    async run(input, args) {
+        const message = input,
+            [privateKey, passphrase] = args;
+        let signedMessage;
+
+        if (!privateKey) throw new OperationError("Enter the private key of the signer.");
+        const privKey = await importPrivateKey(privateKey, passphrase);
+
+        try {
+            signedMessage = await promisify(kbpgp.box)({
+                "msg": message,
+                "sign_with": privKey,
+                "asp": ASP
+            });
+        } catch (err) {
+            throw new OperationError(`Couldn't sign message: ${err}`);
+        }
+
+        return signedMessage;
+    }
+
+}
+
+export default PGPSign;

package/src/core/operations/ParseEthernetFrame.mjs

@@ -92,7 +92,7 @@ class ParseEthernetFrame extends Operation {
         const packetData = input.slice(offset);
 
         if (outputFormat === "Packet data") {
-            return Utils.byteArrayToChars(packetData);
+            return Utils.escapeHtml(Utils.byteArrayToChars(packetData));
         } else if (outputFormat === "Packet data (hex)") {
             return toHex(packetData);
         } else if (outputFormat === "Text output") {

package/src/core/operations/ParseIPv4Header.mjs

@@ -138,7 +138,7 @@ class ParseIPv4Header extends Operation {
         } else if (outputFormat === "Data (hex)") {
             return toHex(data);
         } else if (outputFormat === "Data (raw)") {
-            return Utils.byteArrayToChars(data);
+            return Utils.escapeHtml(Utils.byteArrayToChars(data));
         }
     }
 

package/src/core/operations/ParseObjectIDTimestamp.mjs

@@ -6,7 +6,7 @@
 
 import Operation from "../Operation.mjs";
 import OperationError from "../errors/OperationError.mjs";
-import BSON from "bson";
+import { ObjectId } from "bson";
 
 /**
  * Parse ObjectID timestamp operation
@@ -35,7 +35,7 @@ class ParseObjectIDTimestamp extends Operation {
      */
     run(input, args) {
         try {
-            const objectId = new BSON.ObjectID(input);
+            const objectId = new ObjectId(input);
             return objectId.getTimestamp().toISOString();
         } catch (err) {
             throw new OperationError(err);

package/src/core/operations/ParseUserAgent.mjs

@@ -5,7 +5,7 @@
  */
 
 import Operation from "../Operation.mjs";
-import UAParser from "ua-parser-js";
+import { UAParser } from "ua-parser-js";
 
 /**
  * Parse User Agent operation

package/src/core/operations/ROR13.mjs

@@ -0,0 +1,83 @@
+/**
+ * ROR13 Hash operation (Windows API hashing convention)
+ * @author fufu_btw
+ * @license Apache-2.0
+ */
+
+import Operation from "../Operation.mjs";
+
+/**
+ * Implements a ROR13 hash used for API name hashing techniques.
+ */
+class ROR13 extends Operation {
+
+    /**
+     * Constructor
+     */
+    constructor() {
+        super();
+
+        this.name = "ROR13";
+        this.module = "Default";
+        this.description = "Computes a ROR13 hash used in API hashing techniques.";
+        this.infoURL = "";
+        this.inputType = "byteArray";
+        this.outputType = "string";
+
+        this.args = [];
+    }
+
+    /**
+     * Rotate right (32-bit)
+     *
+     * @param {number} value - input value
+     * @param {number} bits - rotation bits
+     * @returns {number} rotated value
+     */
+    ror(value, bits) {
+        return ((value >>> bits) | (value << (32 - bits))) >>> 0;
+    }
+
+    /**
+     * Execute ROR13 hash
+     *
+     * @param {byteArray} input - input bytes
+     * @param {Object[]} args - operation arguments
+     * @returns {string} hex hash
+     */
+    run(input, args) {
+        let hash = 0;
+
+        for (let i = 0; i < input.length; i++) {
+            const chr = input[i] & 0xFF;
+            hash = this.ror(hash, 13);
+            hash = (hash + chr) >>> 0;
+        }
+
+        return "0x" + hash.toString(16).padStart(8, "0").toUpperCase();
+    }
+
+    /**
+     * Highlight input
+     *
+     * @param {Object[]} pos
+     * @param {Object[]} args
+     * @returns {Object[]}
+     */
+    highlight(pos, args) {
+        return pos;
+    }
+
+    /**
+     * Reverse highlight
+     *
+     * @param {Object[]} pos
+     * @param {Object[]} args
+     * @returns {Object[]}
+     */
+    highlightReverse(pos, args) {
+        return pos;
+    }
+}
+
+export default ROR13;