6.4.1

.eslintrc.json

@@ -28,11 +28,7 @@
         // modify rules from base configurations
         "no-unused-vars": ["error", {
             "args": "none",
-            "vars": "local",
-            // Allow vars that start with a capital letter to be unused.
-            // This is mainly for exported module names which are useful to indicate
-            // the name of the module and may be used to refer to itself in future.
-            "varsIgnorePattern": "^[A-Z]"
+            "vars": "all"
         }],
         "no-empty": ["error", {
             "allowEmptyCatch": true

README.md

@@ -2,7 +2,6 @@
 
 [![Build Status](https://travis-ci.org/gchq/CyberChef.svg?branch=master)](https://travis-ci.org/gchq/CyberChef)
 [![dependencies Status](https://david-dm.org/gchq/CyberChef/status.svg)](https://david-dm.org/gchq/CyberChef)
-[![devDependencies Status](https://david-dm.org/gchq/CyberChef/dev-status.svg)](https://david-dm.org/gchq/CyberChef?type=dev)
 [![npm](http://img.shields.io/npm/v/cyberchef.svg)](https://www.npmjs.com/package/cyberchef)
 ![](https://reposs.herokuapp.com/?path=gchq/CyberChef&color=blue)
 [![](https://img.shields.io/badge/license-Apache%202.0-blue.svg)](https://github.com/gchq/CyberChef/blob/master/LICENSE)
@@ -37,9 +36,10 @@ You can use as many operations as you like in simple or complex ways. Some examp
  - [Convert a date and time to a different time zone][3]
  - [Parse a Teredo IPv6 address][4]
  - [Convert data from a hexdump, then decompress][5]
- - [Display multiple timestamps as full dates][6]
- - [Carry out different operations on data of different types][7]
- - [Use parts of the input as arguments to operations][8]
+ - [Decrypt and disassemble shellcode][6]
+ - [Display multiple timestamps as full dates][7]
+ - [Carry out different operations on data of different types][8]
+ - [Use parts of the input as arguments to operations][9]
 
 
 ## Features
@@ -60,7 +60,7 @@ You can use as many operations as you like in simple or complex ways. Some examp
  - Search
      - If you know the name of the operation you want or a word associated with it, start typing it into the search field and any matching operations will immediately be shown.
  - Highlighting
-     - When you highlight text in the input or output, the offset and length values will be displayed and, if possible, the corresponding data will be highlighted in the output or input respectively (example: [highlight the word 'question' in the input to see where it appears in the output][9]).
+     - When you highlight text in the input or output, the offset and length values will be displayed and, if possible, the corresponding data will be highlighted in the output or input respectively (example: [highlight the word 'question' in the input to see where it appears in the output][10]).
  - Save to file and load from file
      - You can save the output to a file at any time or load a file by dragging and dropping it into the input field (note that files larger than about 500kb may cause your browser to hang or even crash due to the way that browsers handle large amounts of textual data).
  - CyberChef is entirely client-side
@@ -96,7 +96,8 @@ CyberChef is released under the [Apache 2.0 Licence](https://www.apache.org/lice
   [3]: https://gchq.github.io/CyberChef/#recipe=Translate_DateTime_Format('Standard%20date%20and%20time','DD/MM/YYYY%20HH:mm:ss','UTC','dddd%20Do%20MMMM%20YYYY%20HH:mm:ss%20Z%20z','Australia/Queensland')&input=MTUvMDYvMjAxNSAyMDo0NTowMA
   [4]: https://gchq.github.io/CyberChef/#recipe=Parse_IPv6_address()&input=MjAwMTowMDAwOjQxMzY6ZTM3ODo4MDAwOjYzYmY6M2ZmZjpmZGQy
   [5]: https://gchq.github.io/CyberChef/#recipe=From_Hexdump()Gunzip()&input=MDAwMDAwMDAgIDFmIDhiIDA4IDAwIDEyIGJjIGYzIDU3IDAwIGZmIDBkIGM3IGMxIDA5IDAwIDIwICB8Li4uLi6881cu/y7HwS4uIHwKMDAwMDAwMTAgIDA4IDA1IGQwIDU1IGZlIDA0IDJkIGQzIDA0IDFmIGNhIDhjIDQ0IDIxIDViIGZmICB8Li7QVf4uLdMuLsouRCFb/3wKMDAwMDAwMjAgIDYwIGM3IGQ3IDAzIDE2IGJlIDQwIDFmIDc4IDRhIDNmIDA5IDg5IDBiIDlhIDdkICB8YMfXLi6%2BQC54Sj8uLi4ufXwKMDAwMDAwMzAgIDRlIGM4IDRlIDZkIDA1IDFlIDAxIDhiIDRjIDI0IDAwIDAwIDAwICAgICAgICAgICB8TshObS4uLi5MJC4uLnw
-  [6]: https://gchq.github.io/CyberChef/#recipe=Fork('%5C%5Cn','%5C%5Cn',false)From_UNIX_Timestamp('Seconds%20(s)')&input=OTc4MzQ2ODAwCjEwMTI2NTEyMDAKMTA0NjY5NjQwMAoxMDgxMDg3MjAwCjExMTUzMDUyMDAKMTE0OTYwOTYwMA
-  [7]: https://gchq.github.io/CyberChef/#recipe=Fork('%5C%5Cn','%5C%5Cn',false)Conditional_Jump('1',2,10)To_Hex('Space')Return()To_Base64('A-Za-z0-9%2B/%3D')&input=U29tZSBkYXRhIHdpdGggYSAxIGluIGl0ClNvbWUgZGF0YSB3aXRoIGEgMiBpbiBpdA
-  [8]: https://gchq.github.io/CyberChef/#recipe=Register('key%3D(%5B%5C%5Cda-f%5D*)',true,false)Find_/_Replace(%7B'option':'Regex','string':'.*data%3D(.*)'%7D,'$1',true,false,true)RC4(%7B'option':'Hex','string':'$R0'%7D,'Hex','Latin1')&input=aHR0cDovL21hbHdhcmV6LmJpei9iZWFjb24ucGhwP2tleT0wZTkzMmE1YyZkYXRhPThkYjdkNWViZTM4NjYzYTU0ZWNiYjMzNGUzZGIxMQ
-  [9]: https://gchq.github.io/CyberChef/#recipe=XOR(%7B'option':'Hex','string':'3a'%7D,'',false)To_Hexdump(16,false,false)&input=VGhlIGFuc3dlciB0byB0aGUgdWx0aW1hdGUgcXVlc3Rpb24gb2YgbGlmZSwgdGhlIFVuaXZlcnNlLCBhbmQgZXZlcnl0aGluZyBpcyA0Mi4
+  [6]: https://gchq.github.io/CyberChef/#recipe=RC4(%7B'option':'UTF8','string':'secret'%7D,'Hex','Hex')Disassemble_x86('64','Full%20x86%20architecture',16,0,true,true)&input=MjFkZGQyNTQwMTYwZWU2NWZlMDc3NzEwM2YyYTM5ZmJlNWJjYjZhYTBhYWJkNDE0ZjkwYzZjYWY1MzEyNzU0YWY3NzRiNzZiM2JiY2QxOTNjYjNkZGZkYmM1YTI2NTMzYTY4NmI1OWI4ZmVkNGQzODBkNDc0NDIwMWFlYzIwNDA1MDcxMzhlMmZlMmIzOTUwNDQ2ZGIzMWQyYmM2MjliZTRkM2YyZWIwMDQzYzI5M2Q3YTVkMjk2MmMwMGZlNmRhMzAwNzJkOGM1YTZiNGZlN2Q4NTlhMDQwZWVhZjI5OTczMzYzMDJmNWEwZWMxOQ
+  [7]: https://gchq.github.io/CyberChef/#recipe=Fork('%5C%5Cn','%5C%5Cn',false)From_UNIX_Timestamp('Seconds%20(s)')&input=OTc4MzQ2ODAwCjEwMTI2NTEyMDAKMTA0NjY5NjQwMAoxMDgxMDg3MjAwCjExMTUzMDUyMDAKMTE0OTYwOTYwMA
+  [8]: https://gchq.github.io/CyberChef/#recipe=Fork('%5C%5Cn','%5C%5Cn',false)Conditional_Jump('1',2,10)To_Hex('Space')Return()To_Base64('A-Za-z0-9%2B/%3D')&input=U29tZSBkYXRhIHdpdGggYSAxIGluIGl0ClNvbWUgZGF0YSB3aXRoIGEgMiBpbiBpdA
+  [9]: https://gchq.github.io/CyberChef/#recipe=Register('key%3D(%5B%5C%5Cda-f%5D*)',true,false)Find_/_Replace(%7B'option':'Regex','string':'.*data%3D(.*)'%7D,'$1',true,false,true)RC4(%7B'option':'Hex','string':'$R0'%7D,'Hex','Latin1')&input=aHR0cDovL21hbHdhcmV6LmJpei9iZWFjb24ucGhwP2tleT0wZTkzMmE1YyZkYXRhPThkYjdkNWViZTM4NjYzYTU0ZWNiYjMzNGUzZGIxMQ
+  [10]: https://gchq.github.io/CyberChef/#recipe=XOR(%7B'option':'Hex','string':'3a'%7D,'',false)To_Hexdump(16,false,false)&input=VGhlIGFuc3dlciB0byB0aGUgdWx0aW1hdGUgcXVlc3Rpb24gb2YgbGlmZSwgdGhlIFVuaXZlcnNlLCBhbmQgZXZlcnl0aGluZyBpcyA0Mi4

package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "cyberchef",
-  "version": "6.3.2",
+  "version": "6.4.1",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {
@@ -8445,21 +8445,14 @@
       }
     },
     "url-loader": {
-      "version": "0.5.9",
-      "resolved": "https://registry.npmjs.org/url-loader/-/url-loader-0.5.9.tgz",
-      "integrity": "sha512-B7QYFyvv+fOBqBVeefsxv6koWWtjmHaMFT6KZWti4KRw8YUD/hOU+3AECvXuzyVawIBx3z7zQRejXCDSO5kk1Q==",
+      "version": "0.6.2",
+      "resolved": "https://registry.npmjs.org/url-loader/-/url-loader-0.6.2.tgz",
+      "integrity": "sha512-h3qf9TNn53BpuXTTcpC+UehiRrl0Cv45Yr/xWayApjw6G8Bg2dGke7rIwDQ39piciWCWrC+WiqLjOh3SUp9n0Q==",
       "dev": true,
       "requires": {
         "loader-utils": "1.1.0",
-        "mime": "1.3.6"
-      },
-      "dependencies": {
-        "mime": {
-          "version": "1.3.6",
-          "resolved": "https://registry.npmjs.org/mime/-/mime-1.3.6.tgz",
-          "integrity": "sha1-WR2E02U6awtKO5343lqoEI5y5eA=",
-          "dev": true
-        }
+        "mime": "1.4.1",
+        "schema-utils": "0.3.0"
       }
     },
     "url-parse": {

package.json

@@ -1,6 +1,6 @@
 {
   "name": "cyberchef",
-  "version": "6.3.2",
+  "version": "6.4.1",
   "description": "The Cyber Swiss Army Knife for encryption, encoding, compression and data analysis.",
   "author": "n1474335 <n1474335@gmail.com>",
   "homepage": "https://gchq.github.io/CyberChef",
@@ -58,7 +58,7 @@
     "postcss-import": "^11.0.0",
     "postcss-loader": "^2.0.6",
     "style-loader": "^0.19.0",
-    "url-loader": "^0.5.9",
+    "url-loader": "^0.6.2",
     "val-loader": "^1.0.2",
     "web-resource-inliner": "^4.2.0",
     "webpack": "^3.6.0",

src/core/ChefWorker.js

@@ -92,7 +92,7 @@ async function bake(data) {
     } catch (err) {
         self.postMessage({
             action: "bakeError",
-            data: err.message.split(":").slice(1).join(":").slice(1) // Cut off worker blurb
+            data: err
         });
     }
 }

src/core/config/Categories.js

@@ -303,6 +303,7 @@ const Categories = [
             "Frequency distribution",
             "Detect File Type",
             "Scan for Embedded Files",
+            "Disassemble x86",
             "Generate UUID",
             "Generate TOTP",
             "Generate HOTP",

src/core/config/OperationConfig.js

@@ -5,7 +5,6 @@ import BCD from "../operations/BCD.js";
 import BitwiseOp from "../operations/BitwiseOp.js";
 import ByteRepr from "../operations/ByteRepr.js";
 import CharEnc from "../operations/CharEnc.js";
-import Checksum from "../operations/Checksum.js";
 import Cipher from "../operations/Cipher.js";
 import Code from "../operations/Code.js";
 import Compress from "../operations/Compress.js";
@@ -26,21 +25,16 @@ import IP from "../operations/IP.js";
 import JS from "../operations/JS.js";
 import MAC from "../operations/MAC.js";
 import MorseCode from "../operations/MorseCode.js";
-import MS from "../operations/MS.js";
 import NetBIOS from "../operations/NetBIOS.js";
-import Numberwang from "../operations/Numberwang.js";
-import OS from "../operations/OS.js";
-import OTP from "../operations/OTP.js";
 import PublicKey from "../operations/PublicKey.js";
 import Punycode from "../operations/Punycode.js";
-import QuotedPrintable from "../operations/QuotedPrintable.js";
 import Rotate from "../operations/Rotate.js";
 import SeqUtils from "../operations/SeqUtils.js";
+import Shellcode from "../operations/Shellcode.js";
 import StrUtils from "../operations/StrUtils.js";
 import Tidy from "../operations/Tidy.js";
 import Unicode from "../operations/Unicode.js";
 import URL_ from "../operations/URL.js";
-import UUID from "../operations/UUID.js";
 
 
 /**
@@ -320,6 +314,44 @@ const OperationConfig = {
             }
         ]
     },
+    "Disassemble x86": {
+        module: "Shellcode",
+        description: "Disassembly is the process of translating machine language into assembly language.<br><br>This operation supports 64-bit, 32-bit and 16-bit code written for Intel or AMD x86 processors. It is particularly useful for reverse engineering shellcode.<br><br>Input should be in hexadecimal.",
+        inputType: "string",
+        outputType: "string",
+        args: [
+            {
+                name: "Bit mode",
+                type: "option",
+                value: Shellcode.MODE
+            },
+            {
+                name: "Compatibility",
+                type: "option",
+                value: Shellcode.COMPATIBILITY
+            },
+            {
+                name: "Code Segment (CS)",
+                type: "number",
+                value: 16
+            },
+            {
+                name: "Offset (IP)",
+                type: "number",
+                value: 0
+            },
+            {
+                name: "Show instruction hex",
+                type: "boolean",
+                value: true
+            },
+            {
+                name: "Show instruction position",
+                type: "boolean",
+                value: true
+            }
+        ]
+    },
     "XOR": {
         module: "Default",
         description: "XOR the input with the given key.<br>e.g. <code>fe023da5</code><br><br><strong>Options</strong><br><u>Null preserving:</u> If the current byte is 0x00 or the same as the key, skip it.<br><br><u>Scheme:</u><ul><li>Standard - key is unchanged after each round</li><li>Input differential - key is set to the value of the previous unprocessed byte</li><li>Output differential - key is set to the value of the previous processed byte</li></ul>",
@@ -3831,3 +3863,5 @@ function valExport() {
 }
 
 export default valExport;
+
+export { OperationConfig };

src/core/config/modules/OpModules.js

@@ -18,6 +18,7 @@ import HTTPModule from "./HTTP.js";
 import ImageModule from "./Image.js";
 import JSBNModule from "./JSBN.js";
 import PublicKeyModule from "./PublicKey.js";
+import ShellcodeModule from "./Shellcode.js";
 
 Object.assign(
     OpModules,
@@ -31,7 +32,8 @@ Object.assign(
     HTTPModule,
     ImageModule,
     JSBNModule,
-    PublicKeyModule
+    PublicKeyModule,
+    ShellcodeModule
 );
 
 export default OpModules;

src/core/config/modules/Shellcode.js

@@ -0,0 +1,20 @@
+import Shellcode from "../../operations/Shellcode.js";
+
+
+/**
+ * Shellcode module.
+ *
+ * Libraries:
+ *  - DisassembleX86-64.js
+ *
+ * @author n1474335 [n1474335@gmail.com]
+ * @copyright Crown Copyright 2017
+ * @license Apache-2.0
+ */
+let OpModules = typeof self === "undefined" ? {} : self.OpModules || {};
+
+OpModules.Shellcode = {
+    "Disassemble x86": Shellcode.runDisassemble,
+};
+
+export default OpModules;

src/core/operations/ByteRepr.js

@@ -1,4 +1,3 @@
-/* globals app */
 import Utils from "../Utils.js";
 
 

src/core/operations/CharEnc.js

@@ -1,6 +1,4 @@
 import cptable from "../lib/js-codepage/cptable.js";
-import Utils from "../Utils.js";
-import CryptoJS from "crypto-js";
 
 
 /**

src/core/operations/Hash.js

@@ -16,6 +16,22 @@ import Checksum from "./Checksum.js";
  */
 const Hash = {
 
+    /**
+     * Generic hash function.
+     *
+     * @param {string} name
+     * @param {string} input
+     * @returns {string}
+     */
+    runHash: function(name, input) {
+        const hasher = CryptoApi.hasher(name);
+        hasher.state.message = input;
+        hasher.state.length += input.length;
+        hasher.process();
+        return hasher.finalize().stringify("hex");
+    },
+
+
     /**
      * MD2 operation.
      *
@@ -24,7 +40,7 @@ const Hash = {
      * @returns {string}
      */
     runMD2: function (input, args) {
-        return CryptoApi.hash("md2", input, {}).stringify("hex");
+        return Hash.runHash("md2", input);
     },
 
 
@@ -36,7 +52,7 @@ const Hash = {
      * @returns {string}
      */
     runMD4: function (input, args) {
-        return CryptoApi.hash("md4", input, {}).stringify("hex");
+        return Hash.runHash("md4", input);
     },
 
 
@@ -48,7 +64,7 @@ const Hash = {
      * @returns {string}
      */
     runMD5: function (input, args) {
-        return CryptoApi.hash("md5", input, {}).stringify("hex");
+        return Hash.runHash("md5", input);
     },
 
 
@@ -92,7 +108,7 @@ const Hash = {
      * @returns {string}
      */
     runSHA0: function (input, args) {
-        return CryptoApi.hash("sha0", input, {}).stringify("hex");
+        return Hash.runHash("sha0", input);
     },
 
 
@@ -104,7 +120,7 @@ const Hash = {
      * @returns {string}
      */
     runSHA1: function (input, args) {
-        return CryptoApi.hash("sha1", input, {}).stringify("hex");
+        return Hash.runHash("sha1", input);
     },
 
 
@@ -123,7 +139,7 @@ const Hash = {
      */
     runSHA2: function (input, args) {
         const size = args[0];
-        return CryptoApi.hash("sha" + size, input, {}).stringify("hex");
+        return Hash.runHash("sha" + size, input);
     },
 
 
@@ -259,7 +275,7 @@ const Hash = {
      */
     runRIPEMD: function (input, args) {
         const size = args[0];
-        return CryptoApi.hash("ripemd" + size, input, {}).stringify("hex");
+        return Hash.runHash("ripemd" + size, input);
     },
 
 
@@ -271,7 +287,7 @@ const Hash = {
      * @returns {string}
      */
     runHAS: function (input, args) {
-        return CryptoApi.hash("has160", input, {}).stringify("hex");
+        return Hash.runHash("has160", input);
     },
 
 
@@ -290,7 +306,7 @@ const Hash = {
      */
     runWhirlpool: function (input, args) {
         const variant = args[0].toLowerCase();
-        return CryptoApi.hash(variant, input, {}).stringify("hex");
+        return Hash.runHash(variant, input);
     },
 
 
@@ -315,7 +331,7 @@ const Hash = {
     runSnefru: function (input, args) {
         const rounds = args[0],
             size = args[1];
-        return CryptoApi.hash(`snefru-${rounds}-${size}`, input, {}).stringify("hex");
+        return Hash.runHash(`snefru-${rounds}-${size}`, input);
     },
 
 

src/core/operations/Hexdump.js

@@ -1,4 +1,3 @@
-/* globals app */
 import Utils from "../Utils.js";
 
 

src/core/operations/Shellcode.js

@@ -0,0 +1,96 @@
+import disassemble from "../lib/DisassembleX86-64.js";
+
+
+/**
+ * Shellcode operations.
+ *
+ * @author n1474335 [n1474335@gmail.com]
+ * @copyright Crown Copyright 2017
+ * @license Apache-2.0
+ *
+ * @namespace
+ */
+const Shellcode = {
+
+    /**
+     * @constant
+     * @default
+     */
+    MODE: ["64", "32", "16"],
+    /**
+     * @constant
+     * @default
+     */
+    COMPATIBILITY: [
+        "Full x86 architecture",
+        "Knights Corner",
+        "Larrabee",
+        "Cyrix",
+        "Geode",
+        "Centaur",
+        "X86/486"
+    ],
+
+    /**
+     * Disassemble x86 operation.
+     *
+     * @param {string} input
+     * @param {Object[]} args
+     * @returns {string}
+     */
+    runDisassemble: function(input, args) {
+        const mode = args[0],
+            compatibility = args[1],
+            codeSegment = args[2],
+            offset = args[3],
+            showInstructionHex = args[4],
+            showInstructionPos = args[5];
+
+        switch (mode) {
+            case "64":
+                disassemble.setBitMode(2);
+                break;
+            case "32":
+                disassemble.setBitMode(1);
+                break;
+            case "16":
+                disassemble.setBitMode(0);
+                break;
+            default:
+                throw "Invalid mode value";
+        }
+
+        switch (compatibility) {
+            case "Full x86 architecture":
+                disassemble.CompatibilityMode(0);
+                break;
+            case "Knights Corner":
+                disassemble.CompatibilityMode(1);
+                break;
+            case "Larrabee":
+                disassemble.CompatibilityMode(2);
+                break;
+            case "Cyrix":
+                disassemble.CompatibilityMode(3);
+                break;
+            case "Geode":
+                disassemble.CompatibilityMode(4);
+                break;
+            case "Centaur":
+                disassemble.CompatibilityMode(5);
+                break;
+            case "X86/486":
+                disassemble.CompatibilityMode(6);
+                break;
+        }
+
+        disassemble.SetBasePosition(codeSegment + ":" + offset);
+        disassemble.setShowInstructionHex(showInstructionHex);
+        disassemble.setShowInstructionPos(showInstructionPos);
+        disassemble.LoadBinCode(input.replace(/\s/g, ""));
+        return disassemble.LDisassemble();
+    },
+
+};
+
+export default Shellcode;

src/node/index.js

@@ -9,7 +9,7 @@ require("babel-polyfill");
 
 const Chef = require("../core/Chef.js").default;
 
-const CyberChef = module.exports = {
+const CyberChef = {
 
     bake: function(input, recipeConfig) {
         this.chef = new Chef();
@@ -23,3 +23,5 @@ const CyberChef = module.exports = {
     }
 
 };
+
+module.exports = CyberChef;

src/web/html/index.html

@@ -412,6 +412,7 @@
                                             <li><a href="#recipe=Translate_DateTime_Format('Standard%20date%20and%20time','DD/MM/YYYY%20HH:mm:ss','UTC','dddd%20Do%20MMMM%20YYYY%20HH:mm:ss%20Z%20z','Australia/Queensland')&input=MTUvMDYvMjAxNSAyMDo0NTowMA">Convert a date and time to a different time zone</a></li>
                                             <li><a href="#recipe=Parse_IPv6_address()&input=MjAwMTowMDAwOjQxMzY6ZTM3ODo4MDAwOjYzYmY6M2ZmZjpmZGQy">Parse a Teredo IPv6 address</a></li>
                                             <li><a href="#recipe=From_Hexdump()Gunzip()&input=MDAwMDAwMDAgIDFmIDhiIDA4IDAwIDEyIGJjIGYzIDU3IDAwIGZmIDBkIGM3IGMxIDA5IDAwIDIwICB8Li4uLi6881cu/y7HwS4uIHwKMDAwMDAwMTAgIDA4IDA1IGQwIDU1IGZlIDA0IDJkIGQzIDA0IDFmIGNhIDhjIDQ0IDIxIDViIGZmICB8Li7QVf4uLdMuLsouRCFb/3wKMDAwMDAwMjAgIDYwIGM3IGQ3IDAzIDE2IGJlIDQwIDFmIDc4IDRhIDNmIDA5IDg5IDBiIDlhIDdkICB8YMfXLi6%2BQC54Sj8uLi4ufXwKMDAwMDAwMzAgIDRlIGM4IDRlIDZkIDA1IDFlIDAxIDhiIDRjIDI0IDAwIDAwIDAwICAgICAgICAgICB8TshObS4uLi5MJC4uLnw">Convert data from a hexdump, then decompress</a></li>
+                                            <li><a href="#recipe=RC4(%7B'option':'UTF8','string':'secret'%7D,'Hex','Hex')Disassemble_x86('64','Full%20x86%20architecture',16,0,true,true)&input=MjFkZGQyNTQwMTYwZWU2NWZlMDc3NzEwM2YyYTM5ZmJlNWJjYjZhYTBhYWJkNDE0ZjkwYzZjYWY1MzEyNzU0YWY3NzRiNzZiM2JiY2QxOTNjYjNkZGZkYmM1YTI2NTMzYTY4NmI1OWI4ZmVkNGQzODBkNDc0NDIwMWFlYzIwNDA1MDcxMzhlMmZlMmIzOTUwNDQ2ZGIzMWQyYmM2MjliZTRkM2YyZWIwMDQzYzI5M2Q3YTVkMjk2MmMwMGZlNmRhMzAwNzJkOGM1YTZiNGZlN2Q4NTlhMDQwZWVhZjI5OTczMzYzMDJmNWEwZWMxOQ">Decrypt and disassemble shellcode</a></li>
                                             <li><a href="#recipe=Fork('%5C%5Cn','%5C%5Cn',false)From_UNIX_Timestamp('Seconds%20(s)')&input=OTc4MzQ2ODAwCjEwMTI2NTEyMDAKMTA0NjY5NjQwMAoxMDgxMDg3MjAwCjExMTUzMDUyMDAKMTE0OTYwOTYwMA">Display multiple timestamps as full dates</a></li>
                                             <li><a href="#recipe=Fork('%5C%5Cn','%5C%5Cn',false)Conditional_Jump('1',2,10)To_Hex('Space')Return()To_Base64('A-Za-z0-9%2B/%3D')&input=U29tZSBkYXRhIHdpdGggYSAxIGluIGl0ClNvbWUgZGF0YSB3aXRoIGEgMiBpbiBpdA">Carry out different operations on data of different types</a></li>
                                             <li><a href="#recipe=Register('key%3D(%5B%5C%5Cda-f%5D*)',true,false)Find_/_Replace(%7B'option':'Regex','string':'.*data%3D(.*)'%7D,'$1',true,false,true)RC4(%7B'option':'Hex','string':'$R0'%7D,'Hex','Latin1')&input=aHR0cDovL21hbHdhcmV6LmJpei9iZWFjb24ucGhwP2tleT0wZTkzMmE1YyZkYXRhPThkYjdkNWViZTM4NjYzYTU0ZWNiYjMzNGUzZGIxMQ">Use parts of the input as arguments to operations</a></li>