XOR is a very simple method of symmetric key encryption in which you just “XOR” all the bits with the key - that means, if a bit is set in the key, you flip that bit in the data. To decrypt it, use the same key to flip those same bits again.
If the data is longer than the key, you just repeat the key over and over, until you run out of data.
So if you had this:
DATA: 0001 1010 0110 1001
KEY: 1101 1001 1010
And you wanted to encrypt it, you’d do this (just flip the bits):
0001 1010 0110 1001 # Data
1101 1001 1010 1101 # Key (looping)
1100 0011 1100 0100 # Encrypted!
To decrypt it, just do the same thing again - flip the same bits back:
1100 0011 1100 0100 # Encrypted data
1101 1001 1010 1101 # Key
0001 1010 0110 1001 # Original data!
However! This method has a glaring weakness.
If you know the original data, and the encrypted data, and you XOR them together…
1100 0011 1100 0100 # Encrypted data
0001 1010 0110 1001 # Original data
1101 1001 1010 1101 # WHOOPS
…you just extracted the key! The data itself is typically several times longer than the key, which makes it very easy to tell where it starts repeating.
This is called a known-plaintext attack, because you use the “plaintext” (unencrypted) version to derive information about encryption secrets - in this case, you end up with the whole thing landing in your lap.
The way past KEY games have been compromised is from KEY licensing the engine to another company, who make a game with it, but don’t encrypt their files.
REALLIVE leaves a lot of work to data files, but a lot of it is plain boilerplate (setup stuff that isn’t very interesting to change)… which means people could find a game made with the same engine, find an unencrypted file with nothing changed in it, and XOR it together with the encrypted equivalent from the target game, and voila, encryption key.
Another option is to use a debugger to extract the key from the game itself… but that requires a lot of knowledge about how assembly works, and also takes a whole lot of time (not to mention not making for a nearly as good post).
If someone else already extracted the key from the game you want to work with, try just asking them. If possible, it’s probably easier than doing all the work yourself.
