{"id":38317894,"url":"https://github.com/nronzel/xoracle","last_synced_at":"2026-01-17T02:37:35.957Z","repository":{"id":221756537,"uuid":"755298281","full_name":"nronzel/xoracle","owner":"nronzel","description":"Brute force repeating-key XOR cracker.","archived":false,"fork":false,"pushed_at":"2024-02-27T02:47:10.000Z","size":136,"stargazers_count":4,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-06-21T15:17:19.576Z","etag":null,"topics":["cryptography","ctf","golang","repeating-key-vigenere","xor-cipher","xor-decoder"],"latest_commit_sha":null,"homepage":"https://xoracle-uzphfx7uwa-ue.a.run.app/","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nronzel.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-02-09T20:49:44.000Z","updated_at":"2024-03-04T02:01:57.000Z","dependencies_parsed_at":"2024-02-15T20:28:56.804Z","dependency_job_id":"1058110e-7045-4d83-8465-3e1ee8fbd3d4","html_url":"https://github.com/nronzel/xoracle","commit_stats":null,"previous_names":["nronzel/xoracle"],"tags_count":4,"template":false,"template_full_name":null,"purl":"pkg:github/nronzel/xoracle","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nronzel%2Fxoracle","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nronzel%2Fxoracle/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nronzel%2Fxoracle/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nronzel%2Fxoracle/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nronzel","download_url":"https://codeload.github.com/nronzel/xoracle/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nronzel%2Fxoracle/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28492345,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-17T00:50:05.742Z","status":"online","status_checked_at":"2026-01-17T02:00:07.808Z","response_time":85,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cryptography","ctf","golang","repeating-key-vigenere","xor-cipher","xor-decoder"],"created_at":"2026-01-17T02:37:35.820Z","updated_at":"2026-01-17T02:37:35.926Z","avatar_url":"https://github.com/nronzel.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"![ci-status](https://img.shields.io/github/actions/workflow/status/nronzel/xoracle/ci.yml?label=ci)\n![cd-status](https://img.shields.io/github/actions/workflow/status/nronzel/xoracle/cd.yml?label=cd)\n![top-lang](https://img.shields.io/github/languages/top/nronzel/xoracle?logo=go)\n![docker-pulls](https://img.shields.io/docker/pulls/sutats/xoracle?logo=docker)\n![license](https://img.shields.io/github/license/nronzel/xoracle)\n![tag](https://img.shields.io/github/v/tag/nronzel/xoracle)\n\n# XORacle\n\nXORacle is a simple tool aimed at decrypting data that's been encrypted using\na repeating-key XOR cipher. It combines a brute-force approach with transposition\nand frequency analysis to try and figure out the encryption key's size, the\nkey itself, and attempts to decrypt the data with the derived key(s).\n\n\u003e This project is dockerized and gets deployed to Google Cloud Run.\n\u003e\n\u003e [View Hosted Site](https://xoracle-uzphfx7uwa-ue.a.run.app)\n\u003e\n\u003e _See the [Usage](#usage) section for examples to test it out._\n\n## Features\n\n- **Automatic Key Size Detection**: Uses statistical analysis to guess the\n  most probable key sizes.\n- **Frequency Analysis**: Utilizes English language frequency analysis to\n  suggest the most likely keys.\n- **Base64 and Hex support**: Automatically detects and processes input data\n  encoded in Base64 and Hexadecimal formats.\n- **User-Friendly Interface**: Front-end written with HTMX to provide a basic\n  interface.\n\n### Table of Contents\n\n- [Endpoints](#endpoints)\n- [Installation](#installation)\n- [Docker](#docker)\n- [Usage](#usage)\n- [About](#about)\n- [How it Works](#how-it-works)\n- [Testing](#testing)\n- [Contributing](#contributing)\n\n## Endpoints\n\n### Homepage\n\n- **URL:** `/`\n- **Method:** `GET`\n- **Description:** Retrieves the homepage of the Xoracle web application. Includes\n  a form where users can input encoded data for decryption.\n- **Auth Required:** No\n- **Parameters:** None\n- **Success Responses:**\n  - **Code:** `200 OK`\n  - **Content-Type:** `text/html`\n  - **Content:** HTML content of homepage\n\n### Decrypt Data\n\n- **URL:** `/decrypt`\n- **Method:** `POST`\n- **Description:** Accepts encoded (either Base64 or Hex format) via form submission\n  and attempts to decrypt it using various key sizes. Returns the decrypted data\n  alongside the key used for decryption and the key size.\n- **Auth Required:** No\n- **Parameters:**\n  - **inputData** (formData): The encoded data to be decrypted\n- **Success Response:**\n  - **Code:** `200 OK`\n  - **Content-Type:** `text/html`\n  - **Content:** HTML containing the decryption results, including the key size,\n    the key itself, and the decrypted data.\n- **Error Responses:**\n  - **Code: `400 Bad Request`**\n    - **Content-Type:** `text/plain`\n    - **Reason:** Data or key sizes are missing, or the form failed to parse.\n  - **Code: `500 Internal Server Error`**\n    - **Content-Type:** `text/plain`\n    - **Reason:** An error occurred during data decoding or key size guessing.\n\n## Installation\n\n### Prerequisites\n\nGo 1.22\n\n### Steps\n\n**1. Clone the repository:**\n\n```bash\ngit clone https://github.com/nronzel/xoracle.git\n```\n\n**2. Navigate to the project directory:**\n\n```bash\ncd xoracle\n```\n\n**3. Install dependencies:**\n\n- golang.org/x/time\n\nInstall dependencies with the command:\n\n```bash\ngo mod tidy\n```\n\n**4. Build and run the project:**\n\nLinux \u0026 MacOS:\n\n```bash\ngo build -o xoracle \u0026\u0026 ./xoracle\n```\n\nWindows:\n\n```bash\ngo build -o xoracle.exe \u0026\u0026 .\\xoracle.exe\n```\n\n**5. Open your browser and navigate to:**\n\n```bash\nlocalhost:8080/\n```\n\n### Docker\n\nIf you'd like to run this in a Docker container:\n\n**Using docker compose:**\n\n```bash\n# Builds the image and runs the container in the background\ndocker compose up --build -d\n```\n\n#### Alternatively (Build Image Yourself From Dockerfile)\n\nYou can build a docker image with the included Dockerfile yourself, and run\nthe image in a container.\n\nWhile in the root of the project directory:\n\n**Build the image:**\n\n```bash\ndocker build . -t xoracle\n```\n\n**Run the image in a container:**\n\n```bash\ndocker run -p 8080:8080 xoracle\n```\n\nYou should then be able to navigate to `localhost:8080` in your browser to\nsee the hosted Docker application.\n\n## Usage\n\nEnter the encoded text in the input box and click the \"Process\" button. The\nprocessed data will show in the output box, or an error will display on the screen.\n\nFeel free to use the small example below, or the text from the included [example.txt](./example.txt)\nfile in the repository to test it out.\n\n```bash\n# Base64 encoded\nMiciMCQ2YTYkOjViJTclJyQ=\n```\n\nor\n\n```bash\n# Hex encoded\n3227223024366136243a35622537252724\n```\n\n## About\n\nThis project was created while going through the [CryptoPals](https://cryptopals.com/)\nchallenge to get more familiar with cryptography; specifically,\n[Set 1 - Project 6](https://cryptopals.com/sets/1/challenges/6). I had a lot of\nfun making this and saw it as a good chance to make a basic frontend\nto get a little familiar with HTMX. I also learned quite a bit about XOR ciphers.\n\n## How it Works\n\n### Identifying Key Sizes\n\nBegin by identifying potential key sizes. XORacle employs a heuristic based on\nthe Hamming distance (the number of differing bits) between the blocks of\nciphertext. By analyzing the distances between blocks of various sizes, we can\nmake educated guesses about the most probable key sizes. The assumption is that\nthe correct key size will result in the smallest average normalized Hamming\ndistance because correctly sized blocks aligned with the repeating key will have\nmore similar bit patterns.\n\n### Key Size Validation\n\nWith a set of potential key sizes, XORacle then divides the ciphertext into blocks\nof each guessed key size. For each key size, the blocks are transposed to align\nwith the `nth` byte of each block into the new blocks. This effectively groups\ntogether all bytes encrypted with the same byte of the key, turning the problem into\nmultiple single-byte XOR ciphers.\n\nThe chart below helps visualize this transposition.\n\n```mermaid\ngraph TD\n    A[Block 1: byte1, byte2, ..., byteN] --\u003e B((Transpose))\n    C[Block 2: byte1, byte2, ..., byteN] --\u003e B\n    D[Block 3: byte1, byte2, ..., byteN] --\u003e B\n    B --\u003e E[New Block 1: Block1.byte1, Block2.byte1, Block3.byte1, ...]\n    B --\u003e F[New Block 2: Block1.byte2, Block2.byte2, Block3.byte2, ...]\n    B --\u003e G[...]\n    B --\u003e H[New Block N: Block1.byteN, Block2.byteN, Block3.byteN, ...]\n\n    classDef block fill:#fcc7f,stroke:#333,stroke-width:2px;\n    class A,C,D block;\n```\n\n### Frequency Analysis\n\nFor each transposed block, XORacle applies frequncy analysis. Presuming the data\nis in English plaintext, the frequency of characters in these transposed blocks\nis compared against known English language frequency statistics. Each byte in the\nrange of 0x00 and 0xFF (0-255) is tried as the key for the single-byte XOR, and\nthe output is scored based on how closely it matches the expected English text\ncharacter frequencies.\n\n### Determining Best Key\n\nAfter scoring each potential key byte for each position in the key, XORacle combines\nthe highest-scoring bytes to form the keys for each guessed key size. It will then\nattempt to decrypt the ciphertext using these keys and scores the resulting\nplaintexts, using the same frequency analysis function from above. The key\nthat produces output that most closely resembles English is selected as the most\nlikely key used for encryption.\n\n### Limitations\n\nOnly works on English language text. If the ciphertext is numbers, coordinates\nof some kind, or any other language, XORacle will not be able to decrypt the data.\nIf you'd like other languages, feel free to submit a pull request with a frequency\nmap for the language, and a function that can detect the language.\n\n## Testing\n\nRun the included test suite with the following command:\n\n```sh\ngo test ./... -v\n```\n\n## Contributing\n\nContributions to XORacle are welcome! If you have suggestions for improvements\nor bug fixes, please fork this repo and create a pull request.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnronzel%2Fxoracle","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnronzel%2Fxoracle","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnronzel%2Fxoracle/lists"}