Tools

XOR Cipher Encrypt and Decrypt Online

XOR cipher is symmetric: the same operation encrypts and decrypts. Apply the same key to reverse the output.

Input

Key

Output Format

Output

Loading XOR Cipher...

XOR encrypt or decrypt any text or binary data with a repeating key. Supports hex, Base64, and UTF-8 text input and output. Pure client-side - nothing is uploaded.

What is XOR-CIPHER?

XOR (exclusive OR) is the simplest and most fundamental cipher in cryptography and computer science. Each byte of the plaintext is XORed with the corresponding byte of the key. When the key is shorter than the data, it repeats cyclically. XOR is its own inverse, meaning encrypting twice with the same key returns the original data. This makes XOR symmetric - the same key and operation both encrypts and decrypts. XOR is widely used in CTF (Capture The Flag) challenges, malware obfuscation, simple data scrambling, and as a building block inside more complex ciphers like AES and ChaCha20.

Example

Input:

Input: Hello
Key: secret
Input format: Text
Key format: Text
Output format: Hex

Output:

3a0c1b484b

FAQ

Why is XOR used in so many CTF challenges?
XOR is a common obfuscation technique used in CTF challenges and malware because it is trivial to implement, reversible with the same key, and leaves no obvious fingerprint in the binary. Beginners can brute-force single-byte XOR keys by trying all 256 possible values and checking for readable output. Multi-byte keys require frequency analysis or known-plaintext attacks.
Is XOR cipher secure?
No. XOR with a short, repeating key is not secure. It is vulnerable to frequency analysis and known-plaintext attacks. The only provably secure form is the one-time pad, where the key is as long as the message, truly random, and never reused. XOR with a repeating key provides obfuscation only, not real encryption.
How do I use this tool to decrypt XOR-obfuscated malware payloads?
Set the input format to Hex or Base64, paste the ciphertext, enter the known or guessed XOR key, set the output format to Text (for readable output) or Hex (to see raw bytes), and click XOR. If you do not know the key, try single-byte keys from 0x00 to 0xFF. If the key is multi-byte, look for repeating patterns in the ciphertext.
What input formats are supported?
The tool supports three formats for both input and key: plain UTF-8 text, lowercase hexadecimal (e.g. deadbeef), and Base64. The output can be hex, Base64, or UTF-8 text. Choose hex or Base64 for binary-safe output.