CyberChef Quick Reference
=========================

CyberChef is an encoding/decoding/analysis Swiss army knife.
Online: https://gchq.github.io/CyberChef/
CLI: npm install -g cyberchef-cli

COMMON ENCODINGS
  Base64 Encode/Decode
  Base32 Encode/Decode
  Hex Encode/Decode
  URL Encode/Decode
  HTML Entity Encode/Decode
  Decimal (from/to)
  Binary (from/to)
  Octal (from/to)

CRYPTO OPERATIONS
  AES Encrypt/Decrypt
  DES Encrypt/Decrypt
  XOR (with key)
  ROT13 / ROT47
  Vigenère Encode/Decode
  Caesar Cipher
  Atbash Cipher
  Rail Fence Cipher
  Substitution Cipher

HASHING
  MD5 / SHA1 / SHA256 / SHA512
  HMAC
  CRC-16 / CRC-32

DATA FORMAT
  From/To Hex
  From/To Base64
  From/To Binary
  Parse IP / URL
  Parse JSON / XML / CSV

ANALYSIS
  Frequency Analysis
  Entropy
  Magic (auto-detect encoding)
  Strings
  Disassemble

USEFUL RECIPES (for CTF)

  # Multi-layer decode
  Base64 → Hex → XOR

  # ROT13
  ROT13("Uryyb") → "Hello"

  # XOR brute force
  XOR Brute Force (key length 1)

  # Magic (auto-detect)
  Drag data → "Magic" operation → auto-detects encoding

  # Extract strings
  "Strings" operation with min length

COMMAND LINE (cyberchef-cli)
  echo "SGVsbG8=" | cyberchef "from_base64"
  echo "48656c6c6f" | cyberchef "from_hex"
  echo "Hello" | cyberchef "to_base64"
  echo "data" | cyberchef "xor({'key':'secret'})"

COMMON CTF WORKFLOW
  1. Paste unknown data into CyberChef
  2. Use "Magic" to auto-detect encoding
  3. Chain operations (drag & drop)
  4. Common chains:
     - Base64 → Gunzip → output
     - Hex → From Hex → XOR → output
     - URL Decode → Base64 → output
