How to Use an XOR Cipher to Encode and Decode Text
To use an XOR cipher, enter a key, type your text, and the tool combines every byte of your text with the repeating key to produce an encoded hex or Base64 string; feeding that string and the same key back in decodes it to the original. Because XOR is its own inverse, one key both scrambles and restores your message, and it all runs locally in your browser.
This guide covers exactly how to encode, how to decode, and why the output looks the way it does — useful whether you are learning bitwise ciphers or hiding a flag in a CTF challenge.
What an XOR cipher actually does
XOR (exclusive-or) compares two bits and returns 1 only when they differ. The cipher applies this bit by bit between your text's bytes and the bytes of a key that repeats across the whole message. Apply the key once and the text scrambles; apply the same key to the scrambled result and you get the original back. That symmetry is the whole trick — encoding and decoding are the same operation with the same key.
Step-by-step: encoding text
- Choose Encode to go from text to an encoded string.
- Enter your key. This is the secret that scrambles the data; you will need the exact same key to decode.
- Type or paste your text into the input.
- Pick an output format — hexadecimal or Base64 — for the encoded result.
- Read and copy the result shown below.
Step-by-step: decoding a string
- Switch to Decode.
- Enter the exact same key used during encoding — a wrong key yields unreadable output.
- Paste the hex or Base64 string.
- Read the recovered text. The tool converts the string back to bytes, XORs with your key, and shows the UTF-8 result.
Why the output is hex or Base64
XORing text almost always produces bytes that are not printable characters. If shown raw, they would appear as garbage or break when pasted into another app. Encoding the result as hexadecimal or Base64 wraps those raw bytes in safe, copyable characters that survive being emailed, pasted, or stored anywhere. Here is how the two formats compare:
| Format | Character set | Best for |
|---|---|---|
| Hexadecimal | 0-9, a-f | Debugging, seeing byte values clearly |
| Base64 | A-Z, a-z, 0-9, +, / | Compact strings, embedding in text |
An important caveat and the privacy angle
This is obfuscation, not encryption. A repeating-key XOR is easy to break if the key is short or reused, so never trust it with genuinely sensitive data — for that, use a proper AES tool. What it is excellent at is learning, puzzles, and lightweight scrambling. On privacy, all the XOR maths runs on UTF-8 bytes locally in your browser, so nothing you type is uploaded or stored, and the tool works offline once loaded.
Try the XOR Cipher Encoder & Decoder — free and 100% in your browser.
FAQ
Do I use the same key to encode and decode?
Yes. XOR is symmetric, so the identical key both scrambles and restores the message. Keep the key safe and share it separately from the encoded string, or nobody can decode.
Should I choose hex or Base64 when encoding?
Pick hex when you want to inspect the raw byte values or paste into something that expects hex; pick Base64 when you want a shorter, denser string to embed in text. Both decode back to the same original with the right key.
What happens if I enter the wrong key when decoding?
You get unreadable output. XOR does not error on a wrong key — it simply produces different bytes — so garbled text is the signal that the key does not match.
Can I XOR non-English text and emoji?
Yes. The tool works on full UTF-8 byte sequences, so accented characters, non-Latin scripts and emoji all encode and decode correctly as long as the key matches.
Related free tools
- Text to Hex Converter — see the byte values behind your text.
- Hex to Text Converter — turn hex strings back into readable text.
- Base64 Encoder — encode any data as Base64.
- AES Text Encrypter — real encryption for sensitive data.
Built by ByteVancer
ByteTools is a free product of ByteVancer, a software and web development studio building web apps, SaaS and custom software. If you need real security engineering or custom developer tooling, explore what ByteVancer can build for you.
Recommended reading
XOR Cipher Tips: Keys, Security, and Common Mistakes
Pro tips and common mistakes for the repeating-key XOR cipher: key length, reuse pitfalls, format choices, and when to switch to real encryption.
XOR Cipher Use Cases: CTFs, Learning, and Puzzles
Real use cases for the XOR cipher, from CTF challenges and teaching bitwise logic to lightweight obfuscation, with concrete worked examples.
When to Convert XML to JSON: Real Use Cases
Real-world use cases for an XML to JSON converter, from modernising legacy APIs to parsing RSS feeds and SOAP responses, with worked examples.
XML to JSON: Pro Tips and Pitfalls to Avoid
Best practices and common pitfalls when converting XML to JSON, including attribute handling, arrays, namespaces, and fixing parse errors.