CyberChef Payment Cryptography Extensions

Update, May 2026: After completing a deeper review of the CyberChef Payments work, I split the project into a small ecosystem. The CyberChef fork remains the implementation/runtime layer, while CyberChef-Payments is now the workflow library and discovery surface.

——

I built a set of payment cryptography extensions for CyberChef using Codex. The fork is at github.com/J8k3/CyberChef and there's a hosted instance running at cyberchef.jacobmarks.com.

CyberChef is a browser-based data transformation and analysis tool from GCHQ. It's useful for a wide range of encoding, crypto, and parsing tasks, and the recipe model, where you chain operations together and run them in sequence, makes it well-suited for the kind of multi-step payment cryptography work that's otherwise done across several disconnected tools or scripts. In particular CyberChef is entierly browser based and you can freely download and run it locally making is a great tool for testing and prototyping without shipping your data off to a remote host.

The extensions add a Payments category to the operations panel. That includes encrypt, decrypt, and re-encrypt for AES and TDES profiles; MAC generation and verification across HMAC, AES-CMAC, TDES-CMAC, ISO 9797-1, AS2805, and DUKPT variants; EMV ARQC and ARPC; issuer-script MAC and PIN-change MAC; card validation data for CVV, CVV2, and iCVV; PIN block build, parse, and translate for ISO 9564 formats 0, 1, and 3; IBM 3624 PIN offset and VISA PVV; DUKPT and ECDH key derivation; KCV calculation; AS2805 KEK validation; and TR-31 and TR-34 B9 parsing.

This is software emulation, not a replacement for an HSM or HSM backed service. The intent is regression testing, interoperability work, and lab-level inspection of payment crypto flows without needing a cloud account or a hardware device in the loop. Each operation documents what it covers, what assumptions it makes, and where the implementation is an emulation helper rather than a full standards implementation.

The CyberChef-Payments repository now serves as the workflow catalog for the project. It includes recipe links, screenshots, validation notes, and common chaining patterns for DUKPT MACs, ECDH key wrap, PIN block translation, EMV ARQC and ARPC, card validation data, and HSM command inspection. The validation audit documents how operations were reviewed, what each maps to, and where behavior was compared against standards, reference vectors, or AWS Payment Cryptography behavior where comparable APIs were available.

If you work in payments and find a gap in coverage, an operation that behaves differently against your hardware or spec, or a recipe pattern worth adding, open an issue or submit a PR.

Labels: , , , , , , ,

Author’s Note: This article reflects my personal professional experience and opinions. While my insights are informed by my professional history, these views are my own and do not represent the official position of my former employer.

About the Author: Jacob Marks is an engineering leader with over 20 years of experience, including a decade at Amazon Web Services (AWS) where he led teams in EC2 Core Platform and the development of the AWS Payment Cryptography service.

Labels

.NET .NET 10 .NET 3.5 Active Directory AD DS Adoption AI AI coding AI Ethics AI Hype AI-assisted development Alerts Amazon Cognito Amazon DLM Amazon Q Anthropic AppDomain Architecture Artificial Intelligence Asia Pacific Sydney ASP.net ASPxGridView Audit Readiness Auto Recovery Automation AWS AWS Certified AWS Lambda AWS Payment Cryptography AWS SDK AWS Security Specialty Azure Azure DevOps Server Backup BIG-IP C# Career Growth Cartes Bancaires CB Certificate Bundle Certification ChatGPT Claude Cloud Cloud Certification Cloud Hosting cloud migration Cloud Security CloudWatch CLR Content Query Cost Optimization Credentials CyberChef Database Defense Industry Deloitte Developer Tools Developers DevEx DevExpress DevOps DISA Disk Space DISM Distributed Systems DoD DoD CC SRG DUKPT EBS EC2 Engineering Engineering Leadership Engineering Management EnPasFltV2 Enterprise Event Receiver Exam F5 Federal IT FedRAMP Fintech FISMA GAC Generative AI GitHub gMSA GovCloud Government Compliance GridView Hardware Security Modules HSM IAM Identity Management IIS Infra Infrastructure as Code IT Tools Jacob Marks JavaScript jQuery Lambda Leadership Linqpad LLM lsass.exe LTM MCP Memory Optimization Mentorship Microsoft Migration Multi-Region Keys NACL Native AOT Network Architecture Networking NIST ODBC Open Source Payment Cryptography Payments PCI PCI Compliance Performance Platform Platform Architecture Power Tools PowerShell Python Python (if you reference CLI tooling) re:Invent Reachability Analyzer Redshift Relationships List Replace Root Volume Rust SAA-C00 SAP-C00 Security Security Group Serverless SES SharePoint SharePoint 2010 Site Reliability SMTP Snapshot Software Engineering Solutions Architect Solutions Architect Professional SP 2007 SPAWAR SSL STIG Storage Strategy Sydney SysAdmin Team Foundation Server Team Utilities Tech Industry Technical Depth Technology TFS Tools Troubleshooting Upgrade Visual Studio VPC VPC Flow Logs Web Development WebPart WinDirStat Windows Server Windows Server 2025 WinForms