The challenge#

The hex encoded string:


... has been XOR'd against a single character. Find the key, decrypt the message.

You can do this by hand. But don't: write code to do it for you.

How? Devise some method for "scoring" a piece of English plaintext. Character frequency is a good metric. Evaluate each output and choose the one with the best score.

The solution#

💭A single character is used to XOR the bytes. Even though the bytes get jumbled, they should still have the pattern of the original string.

1b 37 37 33 31 36 3f 78 15 1b 7f 2b 78 34 31 33 3d 78 39 78 28 37 2d 36 3c 78 37 3e 78 3a 39 3b 37 36

The pattern is obvious, but we don't know the message that was encrypted, and the key that was used.

Let's assume the key is something in the a-zA-Z range and write a XORing function to de-XOR it.

XORing jumbles up the bytes. XORing again with the same key undoes everything, resulting back in the original bytes.

💭The encoded message must be in English, we will use letter frequency analysis to determine if the de-XORed string is a valid English text.

Time to write a bruteforce cracker.



  • Took me a couple of hours to get this working. Adding the space character fixed it instantly. Now I now, "space characters are people too".
  • XOR encryption using a single character can be cracked in a web browser in a fraction of a second.
Tweet this | Share on LinkedIn |