# xorxorxor

```python
challenge.py
#!/usr/bin/python3
import os
flag = open('flag.txt', 'r').read().strip().encode()

class XOR:
    def __init__(self):
        self.key = os.urandom(4)
    def encrypt(self, data: bytes) -> bytes:
        xored = b''
        for i in range(len(data)):
            xored += bytes([data[i] ^ self.key[i % len(self.key)]])
        return xored
    def decrypt(self, data: bytes) -> bytes:
        return self.encrypt(data)

def main():
    global flag
    crypto = XOR()
    print ('Flag:', crypto.encrypt(flag).hex())

if __name__ == '__main__':
    main()
```

as you can see the length of the key is very small sadly its the size of the flag format in the challenge this is a classic xor encryption vulnerability where we can extract the key then decrypt the cipher text to get the flag

```python
solve.py
flag = '134af6e1297bc4a96f6a87fe046684e8047084ee046d84c5282dd7ef292dc9'

byte = bytes.fromhex(flag)

key = b'HTB{'

keys = bytes([byte[i] ^ key[i] for i in range(len(key))])

res = bytes([byte[i] ^ keys[i % len(keys)] for i in range(len(byte))])

print(res)
```

<figure><img src="https://2781327171-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FMuMceEGBvWN37BjlZKgv%2Fuploads%2F3VRcIdGlpYW5KxYECPVM%2Fimage.png?alt=media&#x26;token=c79b271b-f8ed-46c3-bce4-bc3b6cd06289" alt=""><figcaption></figcaption></figure>