Natas 11 -> 12
user: natas11 pass: U82q5TCMMQ9xuFoI3dYX61s7OZD9JKoK OK, this level is a bit tricky. We start out looking at the source code, and we are faced with several functions. xor_encrypt seems to encrypt any text sent to it by xoring the input character by character with the key we want. loadData checks to see if the cookie sent with the data matches the background color, and has the 'showpassword' field in it. If the background color sent with the data and sent in the cookie match, it stores the color and the showpassword boolean - this is probably the key to getting the key. The big trick here is that there's an XOR encryption going on. At first this might seem tricky, but on closer consideration we remember that if xor myword => cypher, then xor cypher => myword. in the function saveData, we wee that the cookie for the website is set with base64-encode, xor_encrypt, and json-encode. Therefore, we start with the cookie. We know we want to base64-decode, so let&