XOR Cipher
Apply a repeating-key XOR to text or bytes.
Overview
The XOR cipher tool applies a repeating-key XOR to any text or byte input. Type a plaintext (or ciphertext) and a key; the tool XORs them byte-by-byte, cycling the key if it is shorter than the input, and produces the result as hex, base64, or escaped text.
It is built for CTF players reversing simple malware obfuscation, embedded engineers debugging XOR'd firmware blobs, and cryptography students working through the building blocks of stream ciphers. Repeating-key XOR is famously weak — known as the Vigenère cipher applied to bytes — but it is everywhere in real-world artefacts because it is fast and easy to implement.
How it works
XOR (exclusive-or) is the bitwise operation that returns 1 only when its two inputs differ. The cipher applies XOR byte-by-byte: C[i] = P[i] XOR K[i mod keylen]. Because A XOR B XOR B = A, decryption is identical to encryption — feed the ciphertext and the same key, get the plaintext back. With a key as long as the message and used only once, XOR is the unbreakable one-time pad. With a repeating short key, the cipher leaks structure: the same plaintext byte at positions i and i + keylen produces the same ciphertext byte, which is exactly the toehold Kasiski analysis exploits.
The tool accepts the key as text, hex, or base64. Non-ASCII bytes round-trip cleanly.
Examples
Plaintext: HELLO
Key: KEY
Output (hex): 03 00 35 27 06
(H^K, E^E, L^Y, L^K, O^E)
Ciphertext (hex): 03 00 35 27 06
Key: KEY
Output: HELLO
Plaintext: This is a longer message that wraps the key
Key: ABC
Output: repeating-XOR ciphertext — same key cycles through the entire stream
Plaintext: A
Key: (single byte 0xFF)
Output: 0xBE (0x41 XOR 0xFF = 0xBE)
FAQ
Is XOR with a long random key secure?
Yes — a single-use, fully random, message-length XOR key is the one-time pad, which is information-theoretically secure. The catch is that the key must be exactly that: as long as the message, fully random, and used only once.
How is repeating-key XOR broken?
Step 1: estimate the key length using the index of coincidence or counting repeated substrings (Kasiski). Step 2: every keylen-th byte is encrypted with the same single-byte key, so split the ciphertext into keylen streams and brute-force each byte (256 candidates per stream). Step 3: read the recovered key off the columns.
Why is XOR everywhere despite being weak?
It is one CPU instruction, trivial to implement in C or assembly, and "good enough" for casual obfuscation. Malware, save-game scramblers, and firmware "anti-tamper" routines routinely lean on it.
Can I XOR two ciphertexts together?
Yes, and that is a classic attack against reused-key OTP: C1 XOR C2 = P1 XOR P2. Once you have the XOR of two plaintexts, language-statistics will recover both. Never reuse a key.