Let's break down where you might be going wrong here—XOR decryption with multi-byte keys can trip you up with formatting and endianness if you're not careful. Here are the key steps you probably missed:

1. You're parsing the encrypted data incorrectly #

Your encrypted string is a sequence of 16-bit (2-byte) blocks prefixed with 0x, not a single continuous hex string. When you stripped all the 0x characters and treated it as one long hex value, you merged separate blocks together, which breaks the alignment needed for your 16-bit key 5DAD.

Instead, you need to split the string into individual blocks, convert each to a 16-bit integer, then process each block separately.

2. You might be mishandling the key format #

The key 5DAD is a 16-bit hex value, so it should be treated as a single integer (0x5DAD) rather than splitting it into bytes and repeating it. Since your encrypted data is split into 16-bit blocks, each block should be XORed directly with this full key integer.

3. Byte order (endianness) could be reversed #

When converting the decrypted 16-bit integers back to readable text, you need to consider whether the original encryption used big-endian or little-endian byte order. CTF challenges often use one or the other, so you'll want to test both.

Working Python Script to Fix This #

Here's a script that addresses all these issues:

# Step 1: Split and parse the encrypted blocks into integers
encrypted_str = "0x3bc10x3cca0x26d40x12d80x2e50x3cdb0x18f20x1a9d0x29f20x149a0x7cd0"
# Split on '0x' and ignore the empty first element
encrypted_blocks = encrypted_str.split("0x")[1:]
# Convert each 4-character hex block to a 16-bit integer
encrypted_ints = [int(block, 16) for block in encrypted_blocks]

# Step 2: Define the 16-bit key
key = 0x5DAD

# Step 3: Decrypt each block with XOR
decrypted_ints = [block ^ key for block in encrypted_ints]

# Step 4: Convert decrypted integers to bytes, test both endianness
# Try big-endian first (most significant byte first)
decrypted_big_endian = b''.join([int.to_bytes(num, 2, byteorder='big') for num in decrypted_ints])
print("Big-endian decrypted text:", decrypted_big_endian.decode('ascii', errors='replace'))

# Try little-endian (least significant byte first)
decrypted_little_endian = b''.join([int.to_bytes(num, 2, byteorder='little') for num in decrypted_ints])
print("Little-endian decrypted text:", decrypted_little_endian.decode('ascii', errors='replace'))

What to Expect #

When you run this script, one of the two endianness outputs should give you a readable ASCII flag. The main mistake you made earlier was treating the entire encrypted string as a single hex stream instead of processing each 16-bit block individually. Fixing that alignment with your 16-bit key will get you the right decryption result.

内容的提问来源于stack exchange，提问作者user9855723