By looking at the source code we knew the key was going to be 20 bytes long.

We could then use xortool to guess the used key:
```
xortool -l 20 -c 20 flag.enc
```

This gave us a nearly correct key, the wrong bytes had to be check manually.

Original writeup (https://gist.github.com/GeoffreyVDB/7706e80fd6a9d14f9e3dfe29256e5d38).