Prompt: There is a technique called bruteforce. Message: q{vpln’bH_varHuebcrqxetrHOXEj No key! Just brute .. brute .. brute … 😀

The goal is obvious based on the prompt, brute force an XOR’d message. I decided to use my Parrot OS Linux VM for this one. xortool is a python application that is perfect for this problem. From the xortool github page, A tool to do some xor analysis: guess the key length; guess the key. I began by creating a text file called “xor.txt” that contained the encoded message and then ran the following command:

xortool -b xor.txt

This created a directory called “xortool_out” that contained 255 files that could potentially contain the flag. I viewed all the files in the directory by running the following:

cat ./*.out | less

Once in less you can search the results for the flag by typing the following:

/flag

Among the chaos we find the flag.

Flag: flag{y0u_Have_bruteforce_XOR}

Key Takeaway: Xortool is a very strong python app that can bruteforce data that has been modified with XOR.

Word Count: 178