Tools / XOR Cipher
XOR Cipher Tool
Paste ciphertext as hex or raw text, enter the XOR key (text or hex), and see the decrypted output as both ASCII and hex. The key repeats cyclically. If you don't know the key, enable single-byte brute force to rank all 256 candidates by how printable the output is.
The key repeats cyclically if shorter than the ciphertext.
Paste ciphertext above to get started.
How XOR encryption works
XOR (exclusive OR) is a bitwise operation that returns 1 only when its two input bits differ. Applying XOR twice with the same key restores the original value: (A ⊕ K) ⊕ K = A. This makes XOR both encryption and decryption with the same key.
In CTF challenges, XOR is often combined with a single repeating byte key or a short text key. If the plaintext starts with a known prefix like picoCTF{, you can recover part of the key directly by XOR-ing those known bytes against the ciphertext.
Challenges solved with this tool: picoCTF 2025 - Quantum Scrambler, picoCTF 2025 - ChaCha Slide.
The single-byte brute-force mode works because English text has a predictable character distribution. The tool XORs the ciphertext against all 256 possible byte values (0x00 through 0xFF) and scores each result by counting printable ASCII characters. The key that produces the most printable output is the top candidate. For challenges where the flag format is known (e.g., starts with picoCTF{), you can additionally verify the top candidate by checking whether the output contains those specific characters.
Multi-byte repeating XOR keys - often called a Vigenère XOR - are harder to brute-force directly, but the same divide-and-conquer strategy applies: first determine the key length (using Hamming distance or index of coincidence over the raw bytes), then crack each byte of the key independently as a single-byte XOR problem. This is the core technique behind breaking the classic Matasano / Cryptopals challenge set.
XOR is also widely used in file-format obfuscation and simple packing. Some CTF binaries store their flag in a data section XORed against a single constant byte to prevent it from appearing in a plain strings scan. Running the strings command and finding garbled output near the expected flag location is a strong hint that single-byte XOR obfuscation is in play. Paste the hex bytes here and run the brute-force mode to recover the key and the plaintext flag.
Use the ASCII Table to look up individual byte values when analyzing XOR output, or the Number Base Converter to convert between hex and decimal while working through the key recovery.