Cryptanalysis with a Known-Plaintext Attack

In order to make this demonstration a bit more easy, the encryption algorithm is known and very simple.

Unkown Key Length
Key is longer than known-plaintext sample
Location of plaintext unkown
Ciphertext will be relatively long in length

So we know that somewhere in the plaintext is the word "radical" - that's what makes this a known plaintext attack.

function encrypt(key, msg) {
	var ciphertext = '';
	for (var i = 0; i < msg.length; i++) {
		ciphertext += toHex(msg.charCodeAt(i) ^ key.charCodeAt(i % key.length));
	}
	return ciphertext;
}

Cipher Text:

212F4C1122566D19225403610E003E44280B29111C2909452841220F2352093218166A5C2B4E650358714E452B5D294E650358704E496A47250B67460D231F0C3E566D082843483504006A7D281967680733074828523E0B23111A20080C2952214E0A441B2D05086A5C3F09265F013B0D11235C234E15541E2E00103E5A2200677C1D32000C27133D0134450D254C042413280033431161180D2B476D072952043408002E132C4E30501A2F050B2D13390167521A240D1125413E4E17501A2A09176A52230A67621C2E02006A47250F33111C29091C6A41241D2C540C611A0C255F280033111A2418172351381A2E5E06610A0A3813390622581A6108003A5A2E1A2E5E06324C0A2C13001B2F50052C0D016413190622110D2F181733133E1A26450D254C112252394E33590D384C473D5A210267411A2E0E04285F344E305806254C103A1321072C544815040025133B0F29112F2E0B0D6A55221C67500133050B2D1339062E424832040A3D1D6F4E115006612B0A2D5B6D19264248204C03235F2003265A0D334C12225C6D192642482C19172E563F0B23110A384C046A5E2C00675F092C09016A7E2206265C05240845085C381722430161050B6A017D5E73110E2E1E4527522607295648204C16225C3F1A6755072219082F5D390F3548482E02453C5A2202225F0B244C042D5224003445483603082F5D6D0729111B2E01006A7A3E02265C01224C162550240B33580D3242451E5B284E375E1B35050B2D133D1C2847012509016A47250B67500C251E003940281D674507612F0A2756291767720D2F18172B5F6D07291126241B45135C3F05675006254C1122566D1E355E0C340F11235C234E245E05310D0B33132400677D07324C242454280222424661380D2F132C1B335907334C0A2C1339062211182E1F116613170F2459093315450B572C03677200241F162F41614E345001254C0C3E133A0F341105240D0B3E13390167420D331A006A523E4E26111F201E0B235D2A4E335E48110D1721563F4E265F0C613F11255D2842675F07354C046A47251C22501C6D4C0424576D1A2F501C611C172545240A2E5F0F61180D2F132C0A23430D321F0039133A0F341105240D0B3E1339016756013709453A56221E2B54483504006A5C3D1E28431C34020C3E4A6D1A2811183303112F4039404D3B3C2909452F5D391C3E11012F0F093F57280A67501D25050A6A5021073742482E0A452B133E0B355C072F4C0733132C026A60092408046A5A200F2A11292F1B0438132C026A701F2D0D0E23132E0F2B5D012F0B452C5C3F4E33590D610D1639523E1D2E5F0935050A2413220867500638030B2F133A06281100201F452E562B0F2A540C61211022522003265544611F04335A23096B114A090D17275A23096770042D0D0D6A52230A675901324C082F403E0B29560D334C0C39132C4E35540932030B6A47224E225F0B2E19172B54284E0A441B2D050839133901675A012D00453D5B220B31541A61080A2F406D1A2F501C6F4E4519462F1D22401D240211264A614E33590D611B002840241A22110E2E1E453E5B284E28430F20020C30523907285F48360D166A5B2C0D2C540C6D4C112F5E3D0135501A28001C6A41280A2E430D22180C24546D19225348351E042C55240D6745076105082B54281D675E0E613C172543250B331125340404275E2C0A6746013504452B132F012A53482E0245225A3E4E2F5409254C0424576D0F2911072D08003813001B345D012C4C082B5D6D052E421B2802026A526D17284406264C07254A6D1E26421B28030B2B4728023E1F624B2E002C5C3F0B67135A715D476A52241C22554461180D2F13030B3011312E1E0E6A70241A3E11382E000C29566D2A2241093318082F5D394E2E5F0B3309043956294E34540B341E0C3E4A6D0F33111C290945095C200B23484802090B3E412C0267590D2008143F523F1A22431B61050B6A57241C22521C611E00394322003454483503453E5B284E33591A240D11391D6D2226464824020325412E0B2A5406354C0A2C55240D2E5004324C162B5A294E15541E2E00103E5A2200677C1D32000C2713241A345404274C122B406D4C265D0461180426586F4E265F0C6104042E13230B31541A61090B2D522A0B2311012F4C04244A6D0F24451D2000453C5A2202225F0B244C073F476D1A2F5411611B0038566D0D285F0B241E0B2F576D1A2F501C61180D2F133A0B2542013509453A5C3E1A6752073400016A5A231D37581A244C13235C210B29520D610A17255E6D0133590D331F4B4039091B355806264C1122566D0135580F28020426132F1C28500C220D163E13220867135A715D476A5C234E06411A2800457802614E7501597140452B5F214E35540E241E002450281D6745076121102252200326554F324C0B2B5E284E30541A244C0A28402E1B35540C610E1C6A52380A2E5E482300002F433E4067620D3709172B5F6D0133590D334C1525413907285F1B6103036A57240F2B5E0F3409453D563F0B6750043203452956231D28430D254045235D2E023255012F0B452B5F20013445483504006A56231A2E430D35154525556D1A2F430D244C06255D3E0B24441C281A006A5E2200285D0726190039133E1E285A0D2F4C07331306172B544461260039463E4E265F0C613F0424472C4E045D09341F452B476D1A2F54482402016A41280926430C2802026A47250B675C07330D096A5C2B4E33590D6109152340220A221F480C190D2B5E200F23161B61020427566D0F37410D201E002E132400674500244C1538563B0728441B6109152340220A221D48635E557A11614E30581C2903103E132C003E111B340F0D6A502800345E1A32040C3A1D6D2C2845006109152340220A2242482E0E1629463F0B2311092D0045235E2C092242482E0A453D5B2C1A674609324C043A432C1C225F1C2D15450746250F2A5C09254C122347254E26110A2D0D0621136F2D027F3B0E3E200E116D0C2849466125082756290726450D2D15452B55390B35111C2909452F43241D28550D614E577A026F4E26581A2408496A47250B67420D33050039133A0B254201350945195C381A2F1138201E0E6A60391B235807324C152540390B23110961020A3E5A2E0B6745002018453952240A6772072C090133130E0B29451A2000452252294E2E5F1B241E112F576D4C294405241E0A3F406D0F23550135050A2452214E255D0D241C166A47251C28440F2903103E13390622110D3105162557284C67500E3509176A632C1C2C541A610D0B2E131E1A285F0D611F10285E241A33540C61180D2F5A3F4E2158062000452946394E335E483504006A5D281A305E1A2A42451E5B284E29541C3603172113210F33541A610F0A2455241C2A540C61180D2F4A6D1922430D611E003943220034580A2D09452C5C3F4E33590D610D102E5A224E245406320317395B241E693B620A15092F096D372844483209006613044E2B54093302002E133E012A541C29050B2D1339012350116F4C312241221B2059073418453E5B241D6746002E00006A5C3F0A225004611B006D45284E265D04611B042447280A674507611F0D25446D1A2F5806261F453E5B2C1A67460D611B00385623493311092D000A3D56294E335E4832040A3D1D6D2C3245482818453D523E006045482309062B463E0B675E0E611F0A27566D03265601224C02255C614E2E4548360D166A51280D26441B244C0A2C133906221105200B0C2952214E375E1F241E4525556D4C33591A240D112F5D240020111824031526566D192E4500611A0C255F2800245446634C3122523949341107231A0C25463E023E111C290945255D211767451A3409453A5C3A0B351F48080A453E5B281C22161B610D0B334725072956483609452B5F214E2B54093302002E13241A6042483504043E13390B35430733051F235D2A4E3754073100006A44221C2C42464B260039463E5467650020184239133F0720591C6F4C21255D6A1A674807344C162F566D092E5F0F241E1675130408674807344C01255D6A1A6746092F18453E5C6D0C2211052008006A553800675E0E610D0B335E221C221D482000096A4A221B675F0D2408452B41284E204406324C0424576D0C285C0A324C1125132A0B33111824031526566D1A28111B35031564391E0F294509612F092B463E5467650020184239133F0720591C610A172356230A341F480000096A4A221B675F0D2408453E5C6D0A281101324C0C244039072B5D4827090438132C0023110A244C12235F210729564835034522463F1A67410D2E1C092F132C002311112E19452952234E20541C611B0D2B4728182243483803106A442C00331F481504006A5C23023E111C3319006A432219224348281F453C5A2202225F0B24426F

Hex representation of "radical" = 7261646963616C
Cipher-text: 212F4C1122566D | 00100001 00101111 01001100 00010001 00100010 01010110 01101101
Plain-text:  7261646963616C | 01110010 01100001 01100100 01101001 01100011 01100001 01101100
XOR:         534E2878413701 | 01010011 01001110 00101000 01111000 01000001 00110111 00000001

Hex representation of "radical" = 7261646963616C
Cipher-text: 2F4C1122566D19 | 00101111 01001100 00010001 00100010 01010110 01101101 00011001
Plain-text:  7261646963616C | 01110010 01100001 01100100 01101001 01100011 01100001 01101100
XOR:         5D2D754B350C75 | 01011101 00101101 01110101 01001011 00110101 00001100 01110101

Decryption Algorithm

function decrypt(hexkey, msg) {
	var plaintext = '';
	for (var i = 0; i < msg.length; i+=2) {
		plaintext += String.fromCharCode(parseInt(msg.slice(i, i+2), 16) ^ parseInt(hexkey.slice(i%hexkey.length, (i%hexkey.length)+2), 16));
	}
	return plaintext;
}

function genKey(knowntext, ciphertext, index, padding) {
	var key = '';
	var len = knowntext.length;

	var ciphersample = ciphertext.slice(index, len+index);
	for (var i = 0; i < len; i+=2) {
		key += toHex(parseInt(ciphersample.slice(i, i+2), 16) ^ parseInt(knowntext.slice(i, i+2), 16));
	}
	for (var i = 0; i < padding; i++) {
		key = key.concat('00');
	}
	// The key is now a hex string that represents what it takes to turn the ciphertext to the plaintext
	// We need to shuffle it around according to what the index is
	len += (padding*2);
	if (index % len != 0) {
		key = key.slice(-(index % len)) + key.slice(0, len - (index % len));
	}
	return key;
}

Index:

Padding:

Key: Index: 0 Padding: 0

At this point, our best key is 68416C654A334D000000 at index 180 and padding 3. Because we're still using padding, the decrypted message is only partially clear. Our hex key is 20 characters long with padding, meaning the key used was 10 characters. We were able to determine 7 of them because our known-plaintext "radical" was 7 characters long.

So what we try to do next is to infer what the remaining "bad" characters are. If we can guess three from a word we can complete our key. Unfortunately because our output was generated by javascript and displayed in html, unprintable characters were excluded from the output. Normally you'd know what value these unprintable characters had. The first "clearest" output I want to look more closely at is Sub�"@uently,N3Ye websi�"�for theN(Cganizat�(_ was ha�,Td, temp�5Prily re. Looking specifically at the words theN(Cganizat�(_ was I think it might be "the organization was."

So we need to figure out what value turns N(C into or

N(C: 4E2843 | 01001110 00101000 01000011
 or: 206F72 | 00100000 01101111 01110010
key: 6E4731 | 01101110 01000111 00110001

So our complete key is 68416C654A334D6E4731.

decrypt('68416C654A334D6E4731', ciphertext);

And if you care, the ascii representation of the key is hAleJ3MnG1