# XOR Encryption Lab

Welcome to the XOR Encryption Lab! In this lab, you will learn about XOR operations, how XOR encryption works, and how to break XOR encryption using various numerical analysis techniques. By the end of this lab, you will also solve a CTF challenge to test your understanding and cleverness.

## 1. What is XOR?

XOR (Exclusive OR) is a binary operation that outputs `1` if the inputs are different and `0` if they are the same.

### Truth Table for XOR:
```
A | B | A XOR B
0 | 0 |   0
0 | 1 |   1
1 | 0 |   1
1 | 1 |   0
```

### Properties of XOR:
- `A XOR 0 = A`
- `A XOR A = 0`
- `A XOR B XOR B = A` (used in encryption/decryption)



### Exercise:
Write a Python function to perform XOR
<details>
<summary style="color:green; font-size:small;">Hint! (please try and ask google first on how to perform bit-wise xor in python)</summary>
<span >Bit-wise XOR has its own operator in Python: `^`</span>
</details>

In [2]:
#This function takes two integers a and b, and returns their bitwise XOR.
def xor(a, b):
    pass

print(bin(xor(0b0110, 0b1011)))
print(xor(5, 3))  # Example: 5 XOR 3
print(xor(ord('a'),ord('b')))



None
None


## 2. How Does XOR Encryption Work?

XOR Encryption is an encryption method used to encrypt data and is hard to crack by brute-force method, i.e generating random encryption keys to match with the correct one. The XOR Encryption algorithm is a very effective yet easy to implement method of symmetric encryption. Due to its effectiveness and simplicity, the XOR Encryption is an extremely common component used in more complex encryption algorithms used nowadays. In cryptography, the simple XOR cipher is a type of additive cipher, an encryption algorithm that operates according to the principles of exclusive or operator.

### Theory:
- **Plaintext**: `P`
- **Key**: `K`
- **Ciphertext**: `C = P XOR K`
- **Decryption**: `P = C XOR K`

### Example:

<img src="Screenshot 2025-05-13 at 01-49-32 How to break a repeating key XOR encryption.png" alt="alt text" width="1000"/>
```

**Why the weird output?**  
Before performing the XOR operation, the input is converted to its binary representation, and the operation is performed byte by byte. The result is then converted from byte form to characters (printable or non-printable).


### Exercise:
Encrypt and decrypt a message using XOR:


In [1]:

def XOR_repeating(input_string: bytes, key: bytes) -> bytes:
    #TODO 1
    #Declare the output list
    #TODO 2
    #Iterate through the input string
    # and XOR each byte with the corresponding byte in the key
    # The key is repeated as necessary to match the length of the input string
    #TODO 3
    # Return the result as a bytes object
    pass

# Example usage
plaintext = b"HELLO"
key = b"KEY"
ciphertext = XOR_repeating(plaintext, key)
print("Ciphertext:", ciphertext)

decrypted_text = XOR_repeating(ciphertext, key)
print("Decrypted Text:", decrypted_text)

Ciphertext: None
Decrypted Text: None


## 3. CTF Challenge: XOR Decryption
### Task:
Recover the plaintext (flag) from the `xored` list, you can use the function implemented above.
- The flag format is `ctf{sha256}`.

In [None]:
xored = ['\x00', '\x00', '\x00', '\x18', 'C', '_', '\x05', 'E', 'V', 'T', 'F', 'U', 'R', 'B', '_', 'U', 'G', '_', 'V', '\x17', 'V', 'S', '@', '\x03', '[', 'C', '\x02', '\x07', 'C', 'Q', 'S', 'M', '\x02', 'P', 'M', '_', 'S', '\x12', 'V', '\x07', 'B', 'V', 'Q', '\x15', 'S', 'T', '\x11', '_', '\x05', 'A', 'P', '\x02', '\x17', 'R', 'Q', 'L', '\x04', 'P', 'E', 'W', 'P', 'L', '\x04', '\x07', '\x15', 'T', 'V', 'L', '\x1b']
s1 = ""
s2 = ""
# ['\x00', '\x00', '\x00'] at start of xored is the best hint you get!
print(s2)


## 4. Breaking XOR encyption using numerical analysis
### Methodology

We'll assume that the text is written in English, and will use letter frequency to break the XOR encryption.
To crack repeating key XOR encryption, we must understand how breaking a single byte key XOR encryption works.

### A. How to break a single byte key xor encryption
<img src="Screenshot 2025-05-13 at 01-56-36 How to break a single byte key XOR encryption-1.png" alt="alt text" width="800"/>


### Step 1
Since the key is one byte in length, it can be represented in 256 possibilities $2^8$.Therefore, brute force is an efficient and easy method to use here.



In [None]:
ciphertext = b'Y\x15/\x0e2\x03-\x0f*\x032\x0f4\x11/\x08#\x0e1\x1f(\x083\x002\x0f5\x0f'

### Step 2

XOR each key with the cipher text to generate a decrypted text. In simpler words, 
XOR the ciphertext and with every possible byte.
The resulting binary is then converted to English using ASCII values for every 8 bits, 
assuming the text is written in the English language.

In [None]:
def break_one_byte_xor(ciphertext):
    # create a dictionary to store all decrypted texts

    # TODO 1: use a for loop or a range to generate all the 256 keys and store them in a bytearray.

    # TODO 2: use a for loop to iterate through all the possible keys

        # TODO 3: Convert the key to bytes in order to avoid issues with XORing
        # with integers and bytes

        # TODO 4: XOR the key with the ciphertext

        # TODO 5: Check if the decrypted text contains only printable characters HINT! 32 <= b < 127

            #TODO 6: append the decrypted text, key-pair to the dictionary

    # TODO 7: return the dictionary containing all decrypted texts and their keys
    pass

# TODO 8: Calculate each key and its corresponding decrypted text and store them in valid_decrypts

# TODO 9: print the decrypted texts and their keys
for key, value in valid_decrypts.items():
    pass

('a', b'8tNoSbLnKbSnUpNiBoP~IiRaSnTn')
('b', b';wMlPaOmHaPmVsMjAlS}JjQbPmWm')
('c', b':vLmQ`NlI`QlWrLk@mR|KkPcQlVl')
('d', b'=qKjVgIkNgVkPuKlGjU{LlWdVkQk')
('e', b'<pJkWfHjOfWjQtJmFkTzMmVeWjPj')
('f', b'?sIhTeKiLeTiRwInEhWyNnUfTiSi')
('g', b'>rHiUdJhMdUhSvHoDiVxOoTgUhRh')
('h', b'1}GfZkEgBkZg\\yG`KfYw@`[hZg]g')
('i', b'0|Fg[jDfCj[f]xFaJgXvAaZi[f\\f')
('k', b'2~DeYhFdAhYd_zDcHeZtCcXkYd^d')
('l', b'5yCb^oAcFo^cX}CdOb]sDd_l^cYc')
('m', b'4xBc_n@bGn_bY|BeNc\\rEe^m_bXb')
('o', b'6z@a]lB`El]`[~@gLa^pGg\\o]`Z`')
('r', b'+g]|@q_}Xq@}Fc]zQ|CmZzAr@}G}')
('s', b'*f\\}Ap^|YpA|Gb\\{P}Bl[{@sA|F|')
('t', b'-a[zFwY{^wF{@e[|WzEk\\|GtF{A{')
('u', b',`Z{GvXz_vGzAdZ}V{Dj]}FuGz@z')
('v', b'/cYxDu[y\\uDyBgY~UxGi^~EvDyCy')
('x', b'!mWvJ{UwR{JwLiWp[vIgPpKxJwMw')
('y', b' lVwKzTvSzKvMhVqZwHfQqJyKvLv')
('z', b'#oUtHyWuPyHuNkUrYtKeRrIzHuOu')
('{', b'"nTuIxVtQxItOjTsXuJdSsH{ItNt')
('}', b'$hRsO~PrW~OrIlRu^sLbUuN}OrHr')
('~', b"'kQpL}SqT}LqJoQv]pOaVvM~LqKq")


Dangnabbit, looks like the text was obfuscated a bit, this is the moment when we introduce letter scoring. Scoring is basically comparing the output to what we expect the output to look like, and is a very important concept in developing what are formally called heuristics; educated guesses/solutions to a problem.

In English, certain letters are significantly more common than any others. 'e' is often quoted as the most frequent letter in English text. A frequency table(or map) of letters allows you to check if a string is likely to be English. In other words, to score any guesses you have when you decrypt the string. For now, we will not be building said map, but addopting one from the internet. https://en.wikipedia.org/wiki/Letter_frequency 

Decrypted text with the highest English score is the original deciphered text, and the key used to generate it is the actual key used in the encryption process earlier.

In [None]:
letterScores = [8.167, 1.492, 2.782,4.253, 12.702, 2.228, 2.015, 6.094, 6.966, 0.153, 0.772, 4.025, 2.406, 6.749, 7.507,1.929, 0.095, 5.987, 6.327, 9.056, 2.758, 0.978, 2.360, 0.150, 1.974, 0.074 ]
# index position 0 = a, 1 = b, 2 = c, etc.
# TODO 7: Create a function to calculate the score of a strin
def calculateScore(string):
    # TODO 8: make sure the string is lowercase, and set the score to 0

    # TODO 9: Iterate through the string and calculate the score, check if the character is a letter or space
    # If the character is a letter, add its score to the total score
    # If the character is a space, add 15 to the score 
    # HINT! (you can subtract the value of 'a' in ASCII from  
    # value of the letter to get the index position of it's score)






    # TODO 10: Return the score
    pass

# TODO 11: Call the function to calculate the score of each decrypted text 
for key, text in valid_decrypts.items():
    # TODO 11: Calculate the score of the decrypted text, make sure to decode it to a string first

    # TODO 12: Print the decrypted text and its score
    
    pass

 Key: a, Decrypted Text: b'8tNoSbLnKbSnUpNiBoP~IiRaSnTn', Score: 143.54
 Key: b, Decrypted Text: b';wMlPaOmHaPmVsMjAlS}JjQbPmWm', Score: 86.77
 Key: c, Decrypted Text: b':vLmQ`NlI`QlWrLk@mR|KkPcQlVl', Score: 66.28
 Key: d, Decrypted Text: b'=qKjVgIkNgVkPuKlGjU{LlWdVkQk', Score: 53.95
 Key: e, Decrypted Text: b'<pJkWfHjOfWjQtJmFkTzMmVeWjPj', Score: 72.86
 Key: f, Decrypted Text: b'?sIhTeKiLeTiRwInEhWyNnUfTiSi', Score: 174.62
 Key: g, Decrypted Text: b'>rHiUdJhMdUhSvHoDiVxOoTgUhRh', Score: 128.09
 Key: h, Decrypted Text: b'1}GfZkEgBkZg\\yG`KfYw@`[hZg]g', Score: 45.68
 Key: i, Decrypted Text: b'0|Fg[jDfCj[f]xFaJgXvAaZi[f\\f', Score: 57.71
 Key: k, Decrypted Text: b'2~DeYhFdAhYd_zDcHeZtCcXkYd^d', Score: 103.99
 Key: l, Decrypted Text: b'5yCb^oAcFo^cX}CdOb]sDd_l^cYc', Score: 79.80
 Key: m, Decrypted Text: b'4xBc_n@bGn_bY|BeNc\\rEe^m_bXb', Score: 85.55
 Key: o, Decrypted Text: b'6z@a]lB`El]`[~@gLa^pGg\\o]`Z`', Score: 58.23
 Key: r, Decrypted Text: b'+g]|@q_}Xq@}Fc]zQ|CmZzAr@}G}', Score: 29.0

### Summary
Breaking a repeating key XOR encryption involves:
1. Determining the key length using Hamming distance.
2. Recovering the key by analyzing transposed blocks.
3. Decrypting the ciphertext using the recovered key.

#### Key Insights:
- XOR encryption is highly vulnerable when the key is reused or too short.
- The Hamming distance provides a reliable method for identifying the key length.
- Transposing ciphertext blocks simplifies the process of recovering the key.

This process demonstrates the importance of using strong, non-repeating keys in cryptography.

## Wrap-Up

In this lab, you learned:
- The basics of XOR and its properties.
- How XOR encryption works.
- How to solve a CTF challenge using XOR decryption.
- Techniques to break XOR encryption using frequency analysis and Hamming distance.

Explore more about cryptography and CTF challenges to deepen your understanding!