Decrypting a XOR encrypted file

Question

I'm trying to decrypt a XOR encrypted file, after running the key length test using xortool I got this key: "fallen"..

# python xortool.py -c 00 /cygdrive/c/Users/Me/Desktop/ch3.bmp
The most probable key lengths:
   1:   10.6%
   3:   11.6%
   6:   18.5%
   9:   8.8%
  12:   13.8%
  15:   6.6%
  18:   10.4%
  24:   8.1%
  30:   6.4%
  36:   5.2%
Key-length can be 3*n
1 possible key(s) of length 6:
fallen

Whatever is there a way to decipher the file (a bmp file) and get the original one, using tools like openssl or gpg?? Do they have a XOR operation?

Answer 1

Neither OpenSSL nor GPG have such XOR functionality that I'm aware of, however writing a program to do it yourself should be trivial.

Given that you know that the file is a .bmp, you should be able to use this fact to decrypt the file quite easily, especially given that .bmp files have a well defined structure. For example, the first two bytes when decrypted should be 0x42, 0x4D (that's ASCII BM), and the following 4 bytes are the (big-endian) size of the entire file in bytes, so you should be able to get at least 6 bytes of the key immediately.

Answer 2

Since you already have xortool, just use xortool-xor from the xortool distribution:

python xortool/xortool-xor -s fallen /cygdrive/c/Users/Me/Desktop/ch3.bmp > decoded.bmp

Also note that xortool itself saves the decoded output in the xortool_out folder, so after using xortool to find the key, you could just do:

mv xortool_out/0_fallen decoded.bmp