XOR Bitwise Operations

XOR is commonly used method for cryptography.

Basic

For XORing, we can use ^ operator.

Here is Python script example to XOR.
Also use the XOR key for xoring a target value.

target = 21
xor_key = 2

print(target ^ xor_key)
# 23

The above operation does the following calculation internally.

  1. Convert the decimal 21 of the target to the binary (10101).
  2. Convert the decimal 2 of the key to the binary (00010).
  3. XOR the bits at each position as below.
10101 # binary for 21
# XOR
00010 # binary for 2

# Result
10111 # binary for 23

By the way, each value can be replaced individually as follows.

a ^ b = c
a ^ c = b
b ^ c = a

In CTF, we may be able to use this principle to calculate the xor key.


XOR Characters

We can also XOR each character.

ord('a') ^ ord('b')
# 3

The above operation does the following calculation internally.

  1. Convert the character ‘a’ to the Unicode 97. It’s 1100001 in binary.
  2. Convert the character ‘b’ to the Unicode 98. It’s 1100010 in binary.
  3. XOR the bits at each position as below.
1100001 # binary for 'a'
# XOR
1100010 # binary for 'b'

# Result
0000011 # binary for 3


XOR Strings

In addition, we can also XOR strings by XORing the bits at each position.

ciphertext = "5d41402abc4b2a76b9719d911017c592"
key = "secret"

# Convert each string to bytes
ciphertext_bytes = bytes.fromhex(ciphertext)
key_bytes = key.encode()

# XOR operation
xored_bytes = bytes(a ^ b for a, b in zip(ciphertext_bytes, key_bytes))

# Convert the result to Hex
xored_hex = xored_bytes.hex()

print("Result:", xored_hex)

The above operation does the following calculation.

  1. Convert the ciphertext to the binary.
  2. Convert the XOR key to the binary.
  3. Loop each byte and XOR each one.
  4. Convert the result bytes to Hex.

  5. Using strxor of PyCryptodome

    We can also use strxor method of pycryptodome module in Python.

    from Crypto.Util.strxor import strxor
    
    print(strxor(b"hello", b"world"))
    # b'\x1f\n\x1e\x00\x0b'
    



XOR with Pwntools

We can easily XOR using the xor module of pwntools.
First off, install pwntools if you don't have.

pip install pwntools

To decrypt the encrypted text with XOR, write Python script such as below.

from pwn import xor

ciphertext = "5d41402abc4b2a76b9719d911017c592"
key = "secret"

xored = xor(bytes.fromhex(ciphertext), key.encode())



Brute Force XOR Key with 0/Null

If we specify 0 or \x00 to the target value, the result is the key as it is.

0 ^ 1 # result: 1
0 ^ 2 # result: 2
...
0 ^ 999 # result: 999

Using the principle, we may be able to get the XOR key by brute forcing.

xor_key = b'secret'

null_payload = b''
for i in range(10):
    null_payload += b'\x00'
    result = bytes([a ^ b for a, b in zip(null_payload, xor_key)])
    print(result.decode())

The output of the above script will be the following:

s
se
sec
secr
secre
secret
secret
secret
secret
secret