Skip to content
unXOR will search a XORed file and try to guess the key using known-plaintext attacks.
Branch: master
Clone or download
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitignore Edited .gitignore Jun 6, 2013 Updated readme May 27, 2014 Importable as a module Mar 4, 2013 Display fixes & code cleanup Nov 19, 2014


This tool will search through an XOR-encoded file (binary, text-file, whatever) and use known-plaintext attacks to deduce the original keystream. Works on keys half as long as the known-plaintext, in linear complexity.

The code is pretty straightforward

For more details and a short explanation of the theory behind this, please refer to:

Related Work

unXOR is included in Lenny Zeltser's REMnux, along with other great tools such as XORStrings, ex_pe_xor, XORSearch, brutexor/iheartxor, xortool, NoMoreXOR, XORBruteForcer, Balbuzard


unXOR (C) 2014 Thomas Chopitea

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see

You can’t perform that action at this time.