View previous topic :: View next topic |
Author |
Message |
souleaper Newbie cheater Reputation: 0
Joined: 08 Jul 2012 Posts: 24
|
Posted: Mon Sep 03, 2018 11:13 am Post subject: Packets Decryption |
|
|
This is a login packet I am trying to decrypt
I managed to get the login id and password, but inbetween it there are bytes that changes according to the packet.
i managed to find the key and used xor every byte. below are my results after xor with key.
if the username is
0 and password is 1 I see it is using ascii 31 to represent 1.
0000000052CC050031
for 687324 and password 111111
DC7C0A006ABF0F00313131313131
for username 687324 in hex is 0A7CDC in reverse order so that straight forward.
for 0 and password 111112
000000008ECB0500313131313131
what i can't figure out is.. the middle area.. 52CC05 and 6ABF0F
It seems to take both username and password together and create some sort of a key. when it changes.. If the same username and password are used.. the middle area hex stays the same.
Did anyone experienced what method does this encryption uses? and point me to some direction.
Thanks Chelvan
|
|
Back to top |
|
|
atom0s Moderator Reputation: 198
Joined: 25 Jan 2006 Posts: 8517 Location: 127.0.0.1
|
Posted: Mon Sep 03, 2018 1:26 pm Post subject: |
|
|
What's the key? Would help to see what the middle layer is before the encryption.
_________________
- Retired. |
|
Back to top |
|
|
souleaper Newbie cheater Reputation: 0
Joined: 08 Jul 2012 Posts: 24
|
Posted: Mon Sep 03, 2018 5:39 pm Post subject: |
|
|
The key is 9F
Xor every byte.
For 0 user name
It is 9f 9f 9f 9f xx xx xx xx ae ae ae ae
Password ae xor with key 9f is 31
The 4 bytes in the center is what I am scratching my head.
|
|
Back to top |
|
|
atom0s Moderator Reputation: 198
Joined: 25 Jan 2006 Posts: 8517 Location: 127.0.0.1
|
Posted: Mon Sep 03, 2018 6:47 pm Post subject: |
|
|
As is, it doesn't seem to hold any relation to the name/pass in the packet. So it could be something else associated with logging in, such as a hardware id, a timestamp of some sort, a session id, some type of hash of the data etc. It's hard to say though without manually debugging the game personally.
Other option would be to check out the exe in a disassembler like IDA and find the function that generates the login packet to find where the middle chunk is generated from to determine what it is.
_________________
- Retired. |
|
Back to top |
|
|
souleaper Newbie cheater Reputation: 0
Joined: 08 Jul 2012 Posts: 24
|
Posted: Mon Sep 03, 2018 7:14 pm Post subject: |
|
|
the middle packet only seems to change if i change anything in the username or in the password.
if i a resent the same username and password, that do not change.
Thanks Chelvan.
|
|
Back to top |
|
|
atom0s Moderator Reputation: 198
Joined: 25 Jan 2006 Posts: 8517 Location: 127.0.0.1
|
Posted: Mon Sep 03, 2018 7:53 pm Post subject: |
|
|
If you would like to pm me the game exe and any dll's it uses I can take a look to see what the value may be. From the sound of it, it seems more like a hash if it only changes if the username/pass are changed.
_________________
- Retired. |
|
Back to top |
|
|
souleaper Newbie cheater Reputation: 0
Joined: 08 Jul 2012 Posts: 24
|
Posted: Mon Sep 03, 2018 8:27 pm Post subject: |
|
|
Sry Atom0s ..
I can't pm yet.. unless you pm me first.
Do u know of any common packet encryption methods or algorithm? I can try my luck..
|
|
Back to top |
|
|
|