Add payment cryptography emulation operations, recipes, and validation guardrails#2334
Open
J8k3 wants to merge 119 commits into
Open
Add payment cryptography emulation operations, recipes, and validation guardrails#2334J8k3 wants to merge 119 commits into
J8k3 wants to merge 119 commits into
Conversation
Added a section for Payment Cryptography Extensions detailing the scope, future extensions, non-goals, and organization of custom operations.
|
|
Merged into a broader workflow that also does builds.
Added steps to install brotli and decompress build files.
Updated links and descriptions for CyberChef Payments.
Revise README for CyberChef Payments updates
- Fix operations path: payment-crypto/ subdirectory never existed; ops live in src/core/operations/ - Fix UI category name: "Payment Cryptography" -> "Payments" - Replace stale future-extensions list with accurate current coverage (DUKPT, PIN blocks, MAC/KCV, EMV, card validation, PAN tools all implemented) - Keep only genuine remaining future work: TR-31 KBPK decryption and AES DUKPT Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…tyle rule to AGENTS.md Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Updated links for PIN and EMV generation recipes.
Updated the README to reflect the focus on payment cryptography operations, clarified the development status, and modified section headings.
Corrected typos and improved clarity in the README.
- EMV Build ARQC Data: assembles 10-field CDOL1 preimage from args; outputs hex (chainable into EMV Generate ARQC), JSON, or annotated TLV - EMV Parse ARQC Data: inverse; parses flat 33-byte CDOL1 hex back into named fields - Parse EMV TLV: BER-TLV parser with 102-entry EMV tag dictionary; handles constructed/nested tags, 1- and 2-byte tags, long-form lengths; dictionary mode lists all known tags - Shared libs: EmvCdol.mjs (CDOL1 field defs), EmvTlv.mjs (parser), EmvTlvDictionary.mjs (tag dict) - 12 new tests in Payment.mjs covering all three operations Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- EMV Build ARPC Data: assembles ARPC preimage from named fields; Method 1 (Visa/Amex/Discover: ARQC+ARC, 10 bytes) and Method 2 (Mastercard: ARQC+CSU+optional PAD, 12-20 bytes); outputs hex (chainable into EMV Generate ARPC), JSON, or annotated - EMV Parse ARPC Data: inverse; parses hex preimage back into named fields by method - Shared lib EmvArpc.mjs with build/parse/format functions - 6 new tests in Payment.mjs Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Also fixes expectedError test format (OperationErrors surface as result strings, not result.error) and updates PAYMENT_RECIPES.md docs. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The one-way rule (CyberChef gaps → GitHub issue) didn't cover the return path. New paragraph: discoveries from CyberChef sessions (PCI rules, algorithm edge cases, HSM commands) must be written back into the MCP server in the same session. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…nebreak 11 ESLint errors across 6 files introduced in the ARQC/ARPC/TLV/Script ops. Also document the constructor-JSDoc and operator-linebreak rules in AGENTS.md to prevent recurrence. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
eslint:tests catches Payment.mjs too — document that npx grunt eslint runs all five targets, not just eslint:core. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Updated EMV-related recipes in the README.
Domain prefix must come first per AGENTS.md convention. All references updated: op file, Categories.json, tests, PAYMENT_RECIPES.md, lib comment. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…berChef-Payments - Update opening: workflow-oriented tooling for engineering, debugging, interoperability, development, QA — replaces narrow regulated-env framing - Add explicit links to CyberChef-Payments (workflow catalog) and Payments (KB) near the top - Replace verbose recipe list (24 entries) with 7 representative examples; redirect to J8k3/CyberChef-Payments for the full catalog and screenshots - Fix typo: "Current coverage includes:h" -> "Current coverage includes:" - Rewrite validation section: remove "unfinished product" and "best validation we can do" — replace with scoped statement on standards, vectors, and APC comparison where APIs are comparable - Restructure: What this fork adds / Scope / Validation / Non-goals / Recipes Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
PAYMENT_RECIPES.md was duplicating content now maintained in J8k3/CyberChef-Payments (recipe catalog, chaining patterns, validation status). Trimmed to: naming conventions, operation registry, raw APC comparison test vectors + results. Added pointer to CyberChef-Payments. AGENTS.md updated: - Pre-commit checklist now says: update PAYMENT_RECIPES.md operation registry + CyberChef-Payments README if op appears in catalog - Added paragraph clarifying the two-file split (dev vs. user-facing) - Naming convention step now explicitly calls out CyberChef-Payments Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…operations AES DUKPT IK JSON was missing ksn, iki, counter; working key was missing ksn. TDES DUKPT IPEK and session key JSON were missing ksn and bdk. Both now mirror the full derivation context, making json=true self-contained for debugging and cross-validation. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…ES cipher profiles
JSON output shape (covering recent ksn/bdk additions):
- DUKPT Derive AES Key: IK JSON output includes ksn, iki, counter
- DUKPT Derive TDES Key: IPEK JSON output includes ksn and bdk
Payment cipher coverage (previously only AES CBC was tested):
- Payment Encrypt/Decrypt Data: TDES ECB (APC cross-validated block 1)
- Payment Encrypt/Decrypt Data: TDES CBC (derived from passing re-encrypt chain)
- Payment Encrypt Data: DUKPT TDES ECB Data variant (ANSI X9.24-1; APC variant
mismatch documented in test comment and PAYMENT_RECIPES.md)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…DES CBC Covers the remaining untested cipher profiles in PaymentEncryptData / PaymentDecryptData. Values are pinned from a clean run against the forge upstream library, catching regressions in mode selection, IV wiring, and padding behaviour without re-deriving cryptographic outputs. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Align wording with the shared standard used across all four repos in this project family. No behavioral change — same rules, consistent text. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Resolved conflicts from the weekly sync that had been failing since 2026-06-08: - README.md: kept fork branding (cyberchef.jacobmarks.com) and the [p01]-[p25] payment-recipe links, while adopting upstream's updated [10] recipe and new [13] entry (rewritten to the fork domain) so the newly-merged body references resolve. - tests/operations/index.mjs: accepted upstream's deletion. It is now auto-generated by generateOpsIndex.mjs during 'grunt configTests' (and gitignored), so the fork's custom-operation tests are still discovered from tests/operations/tests/. - .github/workflows/: restored to the fork's versions, matching the sync_upstream.yml behaviour (preserves build-and-deploy + sync). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…tore The weekly upstream sync hard-failed whenever upstream touched files the fork diverges on (README branding) or removed a now-generated file (tests/operations/index.mjs). It also had a latent bug: the workflow restore ran 'git checkout HEAD -- .github/workflows/' *after* the merge had already auto-committed, so HEAD was the merge commit and the restore was a no-op. - Merge with --no-commit so HEAD stays the pre-merge fork commit, making the workflow restore actually keep the fork's workflows. - Auto-resolve the two recurring conflicts: keep the fork's README, and honour upstream deletions of generated/gitignored files. - Fail loudly (and abort the merge) on any other, unexpected conflict instead of pushing a half-resolved tree. - Exit cleanly when already up to date. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The v11 sync changed the AESEncrypt/AESDecrypt operation argument
layouts (purely additive):
- AESDecrypt inserted 'ivLength' at args[2] and appended 'ivFromInput'
at args[8].
- AESEncrypt appended 'Include IV in output' at args[6].
PaymentDataCipher still passed the old positional layout, so AESDecrypt
read args[7].string off undefined, erroring the 4 Payment Decrypt/
Re-Encrypt tests. Realign both call sites; pass ivFromInput/includeIV
'Off' to preserve the prior behaviour (IV supplied explicitly, never
sliced from or prepended to the data).
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
# Conflicts: # README.md
|
@C85297 and @GCHQDeveloper581 those is the kind of PRs introduce vulns and complexity and bugs and massive attack surface because massive code added and diffucult to review, just one mistake will lead to vulns, it need careful review |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR adds a payment-focused extension surface to CyberChef for software emulation, testing, interoperability work, and education.
It is intentionally documented as software-only tooling rather than a certified HSM or production key-custody surface. AI was used to ensure payment functionality is implemented per specifications or as close to as is possible with publicly available documentation.
What This Adds
Paymentscategory with payment-facing operations for:PAYMENT_RECIPES.mdAWS_PAYMENT_CRYPTOGRAPHY_RECIPES.mdPAYMENT_SIM_RECIPES.mdPAYMENT_VALIDATION_AUDIT.mdValidation / Guardrails
The payment operations are explicitly classified in
PAYMENT_VALIDATION_AUDIT.mdas:That status is also surfaced inline on higher-risk operations so users can see scope and limitations in the recipe UI.
Scope Notes
Verification
tests/operations/tests/Payment.mjs.