9.50.1

This situation occurs because the dependancy (zlibjs/bin/rawinflate.min.js) doesn't do a sanity check on distances going back farther than the current buffer.

For example:
DEFLATE data of '123' and then a length of 9 going back a distance of 6
ASCIIHEX: 333432869300

! infgen 3.0 output
!
last			! 1
fixed			! 01
literal '1		! 10000110
literal '2		! 01000110
literal '3		! 11000110
match 9 6		! 1 00100 1110000
infgen warning: distance too far back (6/3)
end			! 0000000
			! 0

We only have 3 characters, we shouldn't be able to seek 6 characters back. But rawinflate.min.js doesn't check for this like the infgen debug tool (and others) would. So CyberChef would happily provide this as the result:
123...123...
Where the dots are just nulls of likley empty memory preceding the actual buffer

So with the example in this source
// e.g. Input data of [8b, 1d, dc, 44]

last			! 1
fixed			! 01
literal ']		! 10110001
match 158 5		! 0 00100 11011 10000011
infgen warning: distance too far back (5/1)

This means we have a literal ']' and then we are asking for 158 more characters and to find them a distance of 5 back. This explains why the ']', why it repeats every 5, and why it is a length > 158.

This code should just be removed; it isn't justified. Being that this issue is a lack of sanity checking in a dependancy, and that this routine only catches the symptom of one of the nearly unlimited edge cases like this, AND it could filter out correct inputs, such as a recipe of this as input to RAWDEFLATE
]OMG[]HAX[]OMG[]HAX[]OMG[]HAX[]OMG[]HAX[]OMG[]HAX[]OMG[]HAX[]OMG[]HAX[]OMG[]HAX[]OMG[]HAX[]OMG[]HAX[]OMG[]HAX[]OMG[]HAX[]OMG[]HAX[]OMG[]HAX[]OMG[]HAX[]OMG[]HAX
Then getting an error with the INFLATE even though the input is actually valid.

.github/workflows/codeql.yml

@@ -22,12 +22,12 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
 
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
+      uses: github/codeql-action/init@v2
       with:
         languages: ${{ matrix.language }}
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      uses: github/codeql-action/analyze@v2

.github/workflows/master.yml

@@ -10,10 +10,10 @@ jobs:
   main:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
 
     - name: Set node version
-      uses: actions/setup-node@v1
+      uses: actions/setup-node@v3
       with:
         node-version: '18.x'
 
@@ -47,7 +47,7 @@ jobs:
 
     - name: Deploy to GitHub Pages
       if: success() && github.ref == 'refs/heads/master'
-      uses: crazy-max/ghaction-github-pages@v2
+      uses: crazy-max/ghaction-github-pages@v3
       with:
         target_branch: gh-pages
         build_dir: ./build/prod

.github/workflows/pull_requests.yml

@@ -9,10 +9,10 @@ jobs:
   main:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
 
     - name: Set node version
-      uses: actions/setup-node@v1
+      uses: actions/setup-node@v3
       with:
         node-version: '18.x'
 

.github/workflows/releases.yml

@@ -10,10 +10,10 @@ jobs:
   main:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
 
     - name: Set node version
-      uses: actions/setup-node@v1
+      uses: actions/setup-node@v3
       with:
         node-version: '18.x'
 

CHANGELOG.md

@@ -13,6 +13,15 @@ All major and minor version changes will be documented in this file. Details of
 
 ## Details
 
+### [9.50.0] - 2022-11-25
+- Added 'Shuffle' operation [@mikecat] | [#1472]
+
+### [9.49.0] - 2022-11-11
+- Added 'LZ4 Compress' and 'LZ4 Decompress' operations [@n1474335] | [31a7f83]
+
+### [9.48.0] - 2022-10-14
+- Added 'LM Hash' and 'NT Hash' operations [@n1474335] [@brun0ne] | [#1427]
+
 ### [9.47.0] - 2022-10-14
 - Added 'LZMA Decompress' and 'LZMA Compress' operations [@mattnotmitt] | [#1421]
 
@@ -318,6 +327,9 @@ All major and minor version changes will be documented in this file. Details of
 
 
 
+[9.50.0]: https://github.com/gchq/CyberChef/releases/tag/v9.50.0
+[9.49.0]: https://github.com/gchq/CyberChef/releases/tag/v9.49.0
+[9.48.0]: https://github.com/gchq/CyberChef/releases/tag/v9.48.0
 [9.47.0]: https://github.com/gchq/CyberChef/releases/tag/v9.47.0
 [9.46.0]: https://github.com/gchq/CyberChef/releases/tag/v9.46.0
 [9.45.0]: https://github.com/gchq/CyberChef/releases/tag/v9.45.0
@@ -454,6 +466,7 @@ All major and minor version changes will be documented in this file. Details of
 [@crespyl]: https://github.com/crespyl
 [@thomasleplus]: https://github.com/thomasleplus
 [@valdelaseras]: https://github.com/valdelaseras
+[@brun0ne]: https://github.com/brun0ne
 
 [8ad18b]: https://github.com/gchq/CyberChef/commit/8ad18bc7db6d9ff184ba3518686293a7685bf7b7
 [9a33498]: https://github.com/gchq/CyberChef/commit/9a33498fed26a8df9c9f35f39a78a174bf50a513
@@ -461,6 +474,7 @@ All major and minor version changes will be documented in this file. Details of
 [e9ca4dc]: https://github.com/gchq/CyberChef/commit/e9ca4dc9caf98f33fd986431cd400c88082a42b8
 [dd18e52]: https://github.com/gchq/CyberChef/commit/dd18e529939078b89867297b181a584e8b2cc7da
 [a895d1d]: https://github.com/gchq/CyberChef/commit/a895d1d82a2f92d440a0c5eca2bc7c898107b737
+[31a7f83]: https://github.com/gchq/CyberChef/commit/31a7f83b82e78927f89689f323fcb9185144d6ff
 
 [#95]: https://github.com/gchq/CyberChef/pull/299
 [#173]: https://github.com/gchq/CyberChef/pull/173
@@ -557,4 +571,6 @@ All major and minor version changes will be documented in this file. Details of
 [#1250]: https://github.com/gchq/CyberChef/pull/1250
 [#1308]: https://github.com/gchq/CyberChef/pull/1308
 [#1421]: https://github.com/gchq/CyberChef/pull/1421
+[#1427]: https://github.com/gchq/CyberChef/pull/1427
+[#1472]: https://github.com/gchq/CyberChef/pull/1472
 

package-lock.json

@@ -1,12 +1,12 @@
 {
   "name": "cyberchef",
-  "version": "9.47.2",
+  "version": "9.50.1",
   "lockfileVersion": 2,
   "requires": true,
   "packages": {
     "": {
       "name": "cyberchef",
-      "version": "9.47.2",
+      "version": "9.50.1",
       "hasInstallScript": true,
       "license": "Apache-2.0",
       "dependencies": {
@@ -58,6 +58,7 @@
         "loglevel": "^1.8.0",
         "loglevel-message-prefix": "^3.0.0",
         "lz-string": "^1.4.4",
+        "lz4js": "^0.2.0",
         "markdown-it": "^13.0.1",
         "moment": "^2.29.3",
         "moment-timezone": "^0.5.34",
@@ -66,6 +67,7 @@
         "node-md6": "^0.1.0",
         "nodom": "^2.4.0",
         "notepack.io": "^3.0.1",
+        "ntlm": "^0.1.3",
         "nwmatcher": "^1.4.4",
         "otp": "0.1.3",
         "path": "^0.12.7",
@@ -9607,6 +9609,11 @@
         "lz-string": "bin/bin.js"
       }
     },
+    "node_modules/lz4js": {
+      "version": "0.2.0",
+      "resolved": "https://registry.npmjs.org/lz4js/-/lz4js-0.2.0.tgz",
+      "integrity": "sha512-gY2Ia9Lm7Ep8qMiuGRhvUq0Q7qUereeldZPP1PMEJxPtEWHJLqw9pgX68oHajBH0nzJK4MaZEA/YNV3jT8u8Bg=="
+    },
     "node_modules/make-dir": {
       "version": "3.1.0",
       "resolved": "https://registry.npmjs.org/make-dir/-/make-dir-3.1.0.tgz",
@@ -10537,6 +10544,14 @@
         "url": "https://github.com/fb55/nth-check?sponsor=1"
       }
     },
+    "node_modules/ntlm": {
+      "version": "0.1.3",
+      "resolved": "https://registry.npmjs.org/ntlm/-/ntlm-0.1.3.tgz",
+      "integrity": "sha512-pPlHxhAegZP4QAaOYd51vRd6VXTGfF7VLKJwuwN0iEB1aIi3SnqXYuS/bH/6wWBOq+Ehdil49mHm1Nseon085w==",
+      "engines": [
+        "node"
+      ]
+    },
     "node_modules/nwmatcher": {
       "version": "1.4.4",
       "resolved": "https://registry.npmjs.org/nwmatcher/-/nwmatcher-1.4.4.tgz",
@@ -21600,6 +21615,11 @@
       "resolved": "https://registry.npmjs.org/lz-string/-/lz-string-1.4.4.tgz",
       "integrity": "sha512-0ckx7ZHRPqb0oUm8zNr+90mtf9DQB60H1wMCjBtfi62Kl3a7JbHob6gA2bC+xRvZoOL+1hzUK8jeuEIQE8svEQ=="
     },
+    "lz4js": {
+      "version": "0.2.0",
+      "resolved": "https://registry.npmjs.org/lz4js/-/lz4js-0.2.0.tgz",
+      "integrity": "sha512-gY2Ia9Lm7Ep8qMiuGRhvUq0Q7qUereeldZPP1PMEJxPtEWHJLqw9pgX68oHajBH0nzJK4MaZEA/YNV3jT8u8Bg=="
+    },
     "make-dir": {
       "version": "3.1.0",
       "resolved": "https://registry.npmjs.org/make-dir/-/make-dir-3.1.0.tgz",
@@ -22304,6 +22324,11 @@
         "boolbase": "^1.0.0"
       }
     },
+    "ntlm": {
+      "version": "0.1.3",
+      "resolved": "https://registry.npmjs.org/ntlm/-/ntlm-0.1.3.tgz",
+      "integrity": "sha512-pPlHxhAegZP4QAaOYd51vRd6VXTGfF7VLKJwuwN0iEB1aIi3SnqXYuS/bH/6wWBOq+Ehdil49mHm1Nseon085w=="
+    },
     "nwmatcher": {
       "version": "1.4.4",
       "resolved": "https://registry.npmjs.org/nwmatcher/-/nwmatcher-1.4.4.tgz",

package.json

@@ -1,6 +1,6 @@
 {
   "name": "cyberchef",
-  "version": "9.47.2",
+  "version": "9.50.1",
   "description": "The Cyber Swiss Army Knife for encryption, encoding, compression and data analysis.",
   "author": "n1474335 <n1474335@gmail.com>",
   "homepage": "https://gchq.github.io/CyberChef",
@@ -134,6 +134,7 @@
     "loglevel": "^1.8.0",
     "loglevel-message-prefix": "^3.0.0",
     "lz-string": "^1.4.4",
+    "lz4js": "^0.2.0",
     "markdown-it": "^13.0.1",
     "moment": "^2.29.3",
     "moment-timezone": "^0.5.34",
@@ -142,6 +143,7 @@
     "node-md6": "^0.1.0",
     "nodom": "^2.4.0",
     "notepack.io": "^3.0.1",
+    "ntlm": "^0.1.3",
     "nwmatcher": "^1.4.4",
     "otp": "0.1.3",
     "path": "^0.12.7",
@@ -170,7 +172,7 @@
     "build": "npx grunt prod",
     "node": "npx grunt node",
     "repl": "node --experimental-modules --experimental-json-modules --experimental-specifier-resolution=node --no-warnings src/node/repl.mjs",
-    "test": "npx grunt configTests && node --experimental-modules --experimental-json-modules --no-warnings --no-deprecation tests/node/index.mjs && node --experimental-modules --experimental-json-modules --no-warnings --no-deprecation tests/operations/index.mjs",
+    "test": "npx grunt configTests && node --experimental-modules --experimental-json-modules --no-warnings --no-deprecation --openssl-legacy-provider tests/node/index.mjs && node --experimental-modules --experimental-json-modules --no-warnings --no-deprecation --openssl-legacy-provider tests/operations/index.mjs",
     "testnodeconsumer": "npx grunt testnodeconsumer",
     "testui": "npx grunt testui",
     "testuidev": "npx nightwatch --env=dev",

src/core/Utils.mjs

@@ -206,7 +206,7 @@ class Utils {
      * Utils.parseEscapedChars("\\n");
      */
     static parseEscapedChars(str) {
-        return str.replace(/\\([bfnrtv'"]|[0-3][0-7]{2}|[0-7]{1,2}|x[\da-fA-F]{2}|u[\da-fA-F]{4}|u\{[\da-fA-F]{1,6}\}|\\)/g, function(m, a) {
+        return str.replace(/\\([abfnrtv'"]|[0-3][0-7]{2}|[0-7]{1,2}|x[\da-fA-F]{2}|u[\da-fA-F]{4}|u\{[\da-fA-F]{1,6}\}|\\)/g, function(m, a) {
             switch (a[0]) {
                 case "\\":
                     return "\\";
@@ -219,6 +219,8 @@ class Utils {
                 case "6":
                 case "7":
                     return String.fromCharCode(parseInt(a, 8));
+                case "a":
+                    return String.fromCharCode(7);
                 case "b":
                     return "\b";
                 case "t":

src/core/config/Categories.json

@@ -249,6 +249,7 @@
             "To Table",
             "Reverse",
             "Sort",
+            "Shuffle",
             "Unique",
             "Split",
             "Filter",
@@ -333,7 +334,9 @@
             "LZString Decompress",
             "LZString Compress",
             "LZMA Decompress",
-            "LZMA Compress"
+            "LZMA Compress",
+            "LZ4 Decompress",
+            "LZ4 Compress"
         ]
     },
     {
@@ -369,6 +372,8 @@
             "Bcrypt compare",
             "Bcrypt parse",
             "Scrypt",
+            "NT Hash",
+            "LM Hash",
             "Fletcher-8 Checksum",
             "Fletcher-16 Checksum",
             "Fletcher-32 Checksum",

src/core/config/scripts/newMinorVersion.mjs

@@ -136,7 +136,7 @@ const getFeature = function() {
 
             fs.writeFileSync(path.join(process.cwd(), "CHANGELOG.md"), changelogData);
 
-            console.log("Written CHANGELOG.md");
+            console.log("Written CHANGELOG.md\nCommit changes and then run `npm version minor`.");
         }
     });
 };

src/core/operations/GenerateAllHashes.mjs

@@ -34,6 +34,8 @@ import BLAKE2b from "./BLAKE2b.mjs";
 import BLAKE2s from "./BLAKE2s.mjs";
 import Streebog from "./Streebog.mjs";
 import GOSTHash from "./GOSTHash.mjs";
+import LMHash from "./LMHash.mjs";
+import NTHash from "./NTHash.mjs";
 import OperationError from "../errors/OperationError.mjs";
 
 /**
@@ -107,6 +109,8 @@ class GenerateAllHashes extends Operation {
             {name: "Streebog-256", algo: (new Streebog), inputType: "arrayBuffer", params: ["256"]},
             {name: "Streebog-512", algo: (new Streebog), inputType: "arrayBuffer", params: ["512"]},
             {name: "GOST", algo: (new GOSTHash), inputType: "arrayBuffer", params: ["D-A"]},
+            {name: "LM Hash", algo: (new LMHash), inputType: "str", params: []},
+            {name: "NT Hash", algo: (new NTHash), inputType: "str", params: []},
             {name: "SSDEEP", algo: (new SSDEEP()), inputType: "str"},
             {name: "CTPH", algo: (new CTPH()), inputType: "str"}
         ];

src/core/operations/JWTDecode.mjs

@@ -26,6 +26,13 @@ class JWTDecode extends Operation {
         this.inputType = "string";
         this.outputType = "JSON";
         this.args = [];
+        this.checks = [
+            {
+                pattern: "^ey([A-Za-z0-9_-]+)\\.ey([A-Za-z0-9_-]+)\\.([A-Za-z0-9_-]+)$",
+                flags: "",
+                args: []
+            },
+        ];
     }
 
     /**

src/core/operations/LMHash.mjs

@@ -0,0 +1,41 @@
+/**
+ * @author n1474335 [n1474335@gmail.com]
+ * @copyright Crown Copyright 2022
+ * @license Apache-2.0
+ */
+
+import Operation from "../Operation.mjs";
+import {smbhash} from "ntlm";
+
+/**
+ * LM Hash operation
+ */
+class LMHash extends Operation {
+
+    /**
+     * LMHash constructor
+     */
+    constructor() {
+        super();
+
+        this.name = "LM Hash";
+        this.module = "Crypto";
+        this.description = "An LM Hash, or LAN Manager Hash, is a deprecated way of storing passwords on old Microsoft operating systems. It is particularly weak and can be cracked in seconds on modern hardware using rainbow tables.";
+        this.infoURL = "https://wikipedia.org/wiki/LAN_Manager#Password_hashing_algorithm";
+        this.inputType = "string";
+        this.outputType = "string";
+        this.args = [];
+    }
+
+    /**
+     * @param {string} input
+     * @param {Object[]} args
+     * @returns {string}
+     */
+    run(input, args) {
+        return smbhash.lmhash(input);
+    }
+
+}
+
+export default LMHash;

src/core/operations/LZ4Compress.mjs

@@ -0,0 +1,43 @@
+/**
+ * @author n1474335 [n1474335@gmail.com]
+ * @copyright Crown Copyright 2022
+ * @license Apache-2.0
+ */
+
+import Operation from "../Operation.mjs";
+import lz4 from "lz4js";
+
+/**
+ * LZ4 Compress operation
+ */
+class LZ4Compress extends Operation {
+
+    /**
+     * LZ4Compress constructor
+     */
+    constructor() {
+        super();
+
+        this.name = "LZ4 Compress";
+        this.module = "Compression";
+        this.description = "LZ4 is a lossless data compression algorithm that is focused on compression and decompression speed. It belongs to the LZ77 family of byte-oriented compression schemes.";
+        this.infoURL = "https://wikipedia.org/wiki/LZ4_(compression_algorithm)";
+        this.inputType = "ArrayBuffer";
+        this.outputType = "ArrayBuffer";
+        this.args = [];
+    }
+
+    /**
+     * @param {ArrayBuffer} input
+     * @param {Object[]} args
+     * @returns {ArrayBuffer}
+     */
+    run(input, args) {
+        const inBuf = new Uint8Array(input);
+        const compressed = lz4.compress(inBuf);
+        return compressed.buffer;
+    }
+
+}
+
+export default LZ4Compress;

src/core/operations/LZ4Decompress.mjs

@@ -0,0 +1,43 @@
+/**
+ * @author n1474335 [n1474335@gmail.com]
+ * @copyright Crown Copyright 2022
+ * @license Apache-2.0
+ */
+
+import Operation from "../Operation.mjs";
+import lz4 from "lz4js";
+
+/**
+ * LZ4 Decompress operation
+ */
+class LZ4Decompress extends Operation {
+
+    /**
+     * LZ4Decompress constructor
+     */
+    constructor() {
+        super();
+
+        this.name = "LZ4 Decompress";
+        this.module = "Compression";
+        this.description = "LZ4 is a lossless data compression algorithm that is focused on compression and decompression speed. It belongs to the LZ77 family of byte-oriented compression schemes.";
+        this.infoURL = "https://wikipedia.org/wiki/LZ4_(compression_algorithm)";
+        this.inputType = "ArrayBuffer";
+        this.outputType = "ArrayBuffer";
+        this.args = [];
+    }
+
+    /**
+     * @param {ArrayBuffer} input
+     * @param {Object[]} args
+     * @returns {ArrayBuffer}
+     */
+    run(input, args) {
+        const inBuf = new Uint8Array(input);
+        const decompressed = lz4.decompress(inBuf);
+        return decompressed.buffer;
+    }
+
+}
+
+export default LZ4Decompress;

src/core/operations/NTHash.mjs

@@ -0,0 +1,46 @@
+/**
+ * @author brun0ne [brunonblok@gmail.com]
+ * @copyright Crown Copyright 2022
+ * @license Apache-2.0
+ */
+
+import Operation from "../Operation.mjs";
+
+import cptable from "codepage";
+import {runHash} from "../lib/Hash.mjs";
+
+/**
+ * NT Hash operation
+ */
+class NTHash extends Operation {
+
+    /**
+     * NTHash constructor
+     */
+    constructor() {
+        super();
+
+        this.name = "NT Hash";
+        this.module = "Crypto";
+        this.description = "An NT Hash, sometimes referred to as an NTLM hash, is a method of storing passwords on Windows systems. It works by running MD4 on UTF-16LE encoded input. NTLM hashes are considered weak because they can be brute-forced very easily with modern hardware.";
+        this.infoURL = "https://wikipedia.org/wiki/NT_LAN_Manager";
+        this.inputType = "string";
+        this.outputType = "string";
+        this.args = [];
+    }
+
+    /**
+     * @param {string} input
+     * @param {Object[]} args
+     * @returns {string}
+     */
+    run(input, args) {
+        const format = 1200; // UTF-16LE
+        const encoded = cptable.utils.encode(format, input);
+        const hashed = runHash("md4", encoded);
+
+        return hashed.toUpperCase();
+    }
+}
+
+export default NTHash;

src/core/operations/ParseASN1HexString.mjs

@@ -45,7 +45,7 @@ class ParseASN1HexString extends Operation {
      */
     run(input, args) {
         const [index, truncateLen] = args;
-        return r.ASN1HEX.dump(input.replace(/\s/g, ""), {
+        return r.ASN1HEX.dump(input.replace(/\s/g, "").toLowerCase(), {
             "ommitLongOctet": truncateLen
         }, index);
     }

src/core/operations/ParseX509Certificate.mjs

@@ -59,7 +59,7 @@ class ParseX509Certificate extends Operation {
 
         switch (inputFormat) {
             case "DER Hex":
-                input = input.replace(/\s/g, "");
+                input = input.replace(/\s/g, "").toLowerCase();
                 cert.readCertHex(input);
                 break;
             case "PEM":

src/core/operations/PseudoRandomNumberGenerator.mjs

@@ -52,8 +52,12 @@ class PseudoRandomNumberGenerator extends Operation {
         let bytes;
 
         if (isWorkerEnvironment() && self.crypto) {
-            bytes = self.crypto.getRandomValues(new Uint8Array(numBytes));
-            bytes = Utils.arrayBufferToStr(bytes.buffer);
+            bytes = new ArrayBuffer(numBytes);
+            const CHUNK_SIZE = 65536;
+            for (let i = 0; i < numBytes; i += CHUNK_SIZE) {
+                self.crypto.getRandomValues(new Uint8Array(bytes, i, Math.min(numBytes - i, CHUNK_SIZE)));
+            }
+            bytes = Utils.arrayBufferToStr(bytes);
         } else {
             bytes = forge.random.getBytesSync(numBytes);
         }

src/core/operations/RawInflate.mjs

@@ -7,7 +7,6 @@
 import Operation from "../Operation.mjs";
 import {INFLATE_BUFFER_TYPE} from "../lib/Zlib.mjs";
 import rawinflate from "zlibjs/bin/rawinflate.min.js";
-import OperationError from "../errors/OperationError.mjs";
 
 const Zlib = rawinflate.Zlib;
 
@@ -83,25 +82,6 @@ class RawInflate extends Operation {
             }),
             result = new Uint8Array(inflate.decompress());
 
-        // Raw Inflate sometimes messes up and returns nonsense like this:
-        // ]....]....]....]....]....]....]....]....]....]....]....]....]....]...
-        // e.g. Input data of [8b, 1d, dc, 44]
-        // Look for the first two square brackets:
-        if (result.length > 158 && result[0] === 93 && result[5] === 93) {
-            // If the first two square brackets are there, check that the others
-            // are also there. If they are, throw an error. If not, continue.
-            let valid = false;
-            for (let i = 0; i < 155; i += 5) {
-                if (result[i] !== 93) {
-                    valid = true;
-                }
-            }
-
-            if (!valid) {
-                throw new OperationError("Error: Unable to inflate data");
-            }
-        }
-        // This seems to be the easiest way...
         return result.buffer;
     }
 

src/core/operations/Shuffle.mjs

@@ -0,0 +1,78 @@
+/**
+ * @author mikecat
+ * @copyright Crown Copyright 2022
+ * @license Apache-2.0
+ */
+
+import Operation from "../Operation.mjs";
+import Utils from "../Utils.mjs";
+import {INPUT_DELIM_OPTIONS} from "../lib/Delim.mjs";
+
+/**
+ * Shuffle operation
+ */
+class Shuffle extends Operation {
+
+    /**
+     * Shuffle constructor
+     */
+    constructor() {
+        super();
+
+        this.name = "Shuffle";
+        this.module = "Default";
+        this.description = "Randomly reorders input elements.";
+        this.infoURL = "https://wikipedia.org/wiki/Shuffling";
+        this.inputType = "string";
+        this.outputType = "string";
+        this.args = [
+            {
+                name: "Delimiter",
+                type: "option",
+                value: INPUT_DELIM_OPTIONS
+            }
+        ];
+    }
+
+    /**
+     * @param {string} input
+     * @param {Object[]} args
+     * @returns {string}
+     */
+    run(input, args) {
+        const delim = Utils.charRep(args[0]);
+        if (input.length === 0) return input;
+
+        // return a random number in [0, 1)
+        const rng = (typeof crypto) !== "undefined" && crypto.getRandomValues ? (function() {
+            const buf = new Uint32Array(2);
+            return function() {
+                // generate 53-bit random integer: 21 + 32 bits
+                crypto.getRandomValues(buf);
+                const value = (buf[0] >>> (32 - 21)) * ((1 << 30) * 4) + buf[1];
+                return value / ((1 << 23) * (1 << 30));
+            };
+        })() : Math.random;
+
+        // return a random integer in [0, max)
+        const randint = function(max) {
+            return Math.floor(rng() * max);
+        };
+
+        // Split input into shuffleable sections
+        const toShuffle = input.split(delim);
+
+        // shuffle elements
+        for (let i = toShuffle.length - 1; i > 0; i--) {
+            const idx = randint(i + 1);
+            const tmp = toShuffle[idx];
+            toShuffle[idx] = toShuffle[i];
+            toShuffle[i] = tmp;
+        }
+
+        return toShuffle.join(delim);
+    }
+
+}
+
+export default Shuffle;

src/core/operations/Substitute.mjs

@@ -34,10 +34,50 @@ class Substitute extends Operation {
                 "name": "Ciphertext",
                 "type": "binaryString",
                 "value": "XYZABCDEFGHIJKLMNOPQRSTUVW"
+            },
+            {
+                "name": "Ignore case",
+                "type": "boolean",
+                "value": false
             }
         ];
     }
 
+    /**
+     * Convert a single character using the dictionary, if ignoreCase is true then
+     * check in the dictionary for both upper and lower case versions of the character.
+     * In output the input character case is preserved.
+     * @param {string} char
+     * @param {Object} dict
+     * @param {boolean} ignoreCase
+     * @returns {string}
+     */
+    cipherSingleChar(char, dict, ignoreCase) {
+        if (!ignoreCase)
+            return dict[char] || char;
+
+        const isUpperCase = char === char.toUpperCase();
+
+        // convert using the dictionary keeping the case of the input character
+
+        if (dict[char] !== undefined) {
+            // if the character is in the dictionary return the value with the input case
+            return isUpperCase ? dict[char].toUpperCase() : dict[char].toLowerCase();
+        }
+
+        // check for the other case, if it is in the dictionary return the value with the right case
+        if (isUpperCase) {
+            if (dict[char.toLowerCase()] !== undefined)
+                return dict[char.toLowerCase()].toUpperCase();
+        } else {
+            if (dict[char.toUpperCase()] !== undefined)
+                return dict[char.toUpperCase()].toLowerCase();
+        }
+
+        return char;
+    }
+
+
     /**
      * @param {string} input
      * @param {Object[]} args
@@ -45,17 +85,23 @@ class Substitute extends Operation {
      */
     run(input, args) {
         const plaintext = Utils.expandAlphRange([...args[0]]),
-            ciphertext = Utils.expandAlphRange([...args[1]]);
-        let output = "",
-            index = -1;
+            ciphertext = Utils.expandAlphRange([...args[1]]),
+            ignoreCase = args[2];
+        let output = "";
 
         if (plaintext.length !== ciphertext.length) {
             output = "Warning: Plaintext and Ciphertext lengths differ\n\n";
         }
 
+        // create dictionary for conversion
+        const dict = {};
+        for (let i = 0; i < Math.min(ciphertext.length, plaintext.length); i++) {
+            dict[plaintext[i]] = ciphertext[i];
+        }
+
+        // map every letter with the conversion function
         for (const character of input) {
-            index = plaintext.indexOf(character);
-            output += index > -1 && index < ciphertext.length ? ciphertext[index] : character;
+            output += this.cipherSingleChar(character, dict, ignoreCase);
         }
 
         return output;

tests/operations/index.mjs

@@ -120,9 +120,11 @@ import "./tests/SIGABA.mjs";
 import "./tests/ELFInfo.mjs";
 import "./tests/Subsection.mjs";
 import "./tests/CaesarBoxCipher.mjs";
+import "./tests/UnescapeString.mjs";
 import "./tests/LS47.mjs";
 import "./tests/LZString.mjs";
-
+import "./tests/NTLM.mjs";
+import "./tests/Shuffle.mjs";
 
 // Cannot test operations that use the File type yet
 // import "./tests/SplitColourChannels.mjs";

tests/operations/tests/Compress.mjs

@@ -75,4 +75,34 @@ TestRegister.addTests([
             }
         ],
     },
+    {
+        name: "LZ4 Compress",
+        input: "The cat sat on the mat.",
+        expectedOutput: "04224d184070df170000805468652063617420736174206f6e20746865206d61742e00000000",
+        recipeConfig: [
+            {
+                "op": "LZ4 Compress",
+                "args": []
+            },
+            {
+                "op": "To Hex",
+                "args": ["None", 0]
+            }
+        ],
+    },
+    {
+        name: "LZ4 Decompress",
+        input: "04224d184070df170000805468652063617420736174206f6e20746865206d61742e00000000",
+        expectedOutput: "The cat sat on the mat.",
+        recipeConfig: [
+            {
+                "op": "From Hex",
+                "args": ["None"]
+            },
+            {
+                "op": "LZ4 Decompress",
+                "args": []
+            }
+        ],
+    },
 ]);

tests/operations/tests/GenerateAllHashes.mjs

@@ -50,6 +50,8 @@ BLAKE2s-256:  f308fc02ce9172ad02a7d75800ecfc027109bc67987ea32aba9b8dcc7b10150e
 Streebog-256: 12a50838191b5504f1e5f2fd078714cf6b592b9d29af99d0b10d8d02881c3857
 Streebog-512: 7200bf5dea560f0d7960d07fdc8874ad9f3b86ece2e45f5502ae2e176f2c928e0e581152281f5aee818318bed7cbe6aa69999589234723ceb33175598365b5c8
 GOST:         ee67303696d205ddd2b2363e8e01b4b7199a80957d94d7678eaad3fc834c5a27
+LM Hash:      01FC5A6BE7BC6929AAD3B435B51404EE
+NT Hash:      0CB6948805F797BF2A82807973B89537
 SSDEEP:       3:Hn:Hn
 CTPH:         A:E:E
 
@@ -79,6 +81,8 @@ MD5:          098f6bcd4621d373cade4e832627b4f6
 RIPEMD-128:   f1abb5083c9ff8a9dbbca9cd2b11fead
 BLAKE2b-128:  44a8995dd50b6657a037a7839304535b
 BLAKE2s-128:  e9ddd9926b9dcb382e09be39ba403d2c
+LM Hash:      01FC5A6BE7BC6929AAD3B435B51404EE
+NT Hash:      0CB6948805F797BF2A82807973B89537
 `,
         recipeConfig: [
             {

tests/operations/tests/NTLM.mjs

@@ -0,0 +1,34 @@
+/**
+ * NTLM test.
+ *
+ * @author brun0ne [brunonblok@gmail.com]
+ * @copyright Crown Copyright 2022
+ * @license Apache-2.0
+ */
+import TestRegister from "../../lib/TestRegister.mjs";
+
+TestRegister.addTests([
+    {
+        name: "NT Hash",
+        input: "QWERTYUIOPASDFGHJKLZXCVBNM1234567890!@#$%^&*()_+.,?/",
+        expectedOutput: "C5FA1C40E55734A8E528DBFE21766D23",
+        recipeConfig: [
+            {
+                op: "NT Hash",
+                args: [],
+            },
+        ],
+    },
+    {
+        name: "LM Hash",
+        input: "QWERTYUIOPASDFGHJKLZXCVBNM1234567890!@#$%^&*()_+.,?/",
+        expectedOutput: "6D9DF16655336CA75A3C13DD18BA8156",
+        recipeConfig: [
+            {
+                op: "LM Hash",
+                args: [],
+            },
+        ],
+    },
+
+]);

tests/operations/tests/Shuffle.mjs

@@ -0,0 +1,54 @@
+/**
+ * @author mikecat
+ * @copyright Crown Copyright 2022
+ * @license Apache-2.0
+ */
+import TestRegister from "../../lib/TestRegister.mjs";
+
+TestRegister.addTests([
+    {
+        "name": "Shuffle empty",
+        "input": "",
+        "expectedOutput": "",
+        "recipeConfig": [
+            {
+                "op": "Shuffle",
+                "args": ["Comma"]
+            }
+        ]
+    },
+    {
+        "name": "Shuffle bytes",
+        "input": "12345678",
+        "expectedOutput": "31 32 33 34 35 36 37 38",
+        "recipeConfig": [
+            {
+                "op": "Shuffle",
+                "args": ["Nothing (separate chars)"]
+            },
+            {
+                "op": "To Hex",
+                "args": ["Space", 0]
+            },
+            {
+                "op": "Sort",
+                "args": ["Space", false, "Alphabetical (case sensitive)"]
+            }
+        ]
+    },
+    {
+        "name": "Shuffle lines",
+        "input": "1\n2\n3\n4\n5\n6\n7\n8\n9\na\nb\nc\nd\ne\nf\n",
+        "expectedOutput": "\n1\n2\n3\n4\n5\n6\n7\n8\n9\na\nb\nc\nd\ne\nf",
+        "recipeConfig": [
+            {
+                "op": "Shuffle",
+                "args": ["Line feed"]
+            },
+            {
+                "op": "Sort",
+                "args": ["Line feed", false, "Alphabetical (case sensitive)"]
+            }
+        ]
+    }
+]);

tests/operations/tests/UnescapeString.mjs

@@ -0,0 +1,55 @@
+/**
+ * UnescapeString tests.
+ *
+ * @copyright Crown Copyright 2022
+ * @license Apache-2.0
+ */
+import TestRegister from "../../lib/TestRegister.mjs";
+
+TestRegister.addTests([
+    {
+        name: "UnescapeString: escape sequences",
+        input: "\\a\\b\\f\\n\\r\\t\\v\\'\\\"",
+        expectedOutput: String.fromCharCode(0x07, 0x08, 0x0c, 0x0a, 0x0d, 0x09,
+            0x0b, 0x27, 0x22),
+        recipeConfig: [
+            {
+                op: "Unescape string",
+                args: [],
+            },
+        ],
+    },
+    {
+        name: "UnescapeString: octals",
+        input: "\\0\\01\\012\\1\\12",
+        expectedOutput: String.fromCharCode(0, 1, 10, 1, 10),
+        recipeConfig: [
+            {
+                op: "Unescape string",
+                args: [],
+            },
+        ],
+    },
+    {
+        name: "UnescapeString: hexadecimals",
+        input: "\\x00\\xAA\\xaa",
+        expectedOutput: String.fromCharCode(0, 170, 170),
+        recipeConfig: [
+            {
+                op: "Unescape string",
+                args: [],
+            },
+        ],
+    },
+    {
+        name: "UnescapeString: unicode",
+        input: "\\u0061\\u{0062}",
+        expectedOutput: "ab",
+        recipeConfig: [
+            {
+                op: "Unescape string",
+                args: [],
+            },
+        ],
+    },
+]);