![]() ![]() So when we know one of the two keys, we can calculate the other one.ĭid I forget to mention Webzen didn't even try hard to hide these keys? The game client has two files with them in it's data folder, Enc1.dat and Dec2.dat - of course this files are encrypted by another weak XOR-Encryption :-) Example: ![]() With this knowledge we can build the following formula: ![]() One requirement, that this encryption can work like this at all, is that k and m are always coprime - which is the case for all our example key values. This encryption is based on modular multiplicative inverses. This.CryptBuffer = (ushort)(keys ^ ((this.RingBuffer * keys) % keys) ^ (this.RingBuffer & 0xFFFF)) įor the sake of simplification, we can ignore the xor-key as it plays no role, because it's the same for both:Įncrypt(input dec ) -> input dec * k enc (mod m)ĭecrypt(input enc ) -> input enc * k dec (mod m) The decryption code looks similar: this.CryptBuffer = (ushort)(keys ^ ((this.RingBuffer * keys) % keys)) Because each encryption key uses at most only 16 bits, there are 4 chained 16-bit encryptions, which looks like it's easy to break just with a bruteforce attack. What you can see here is, that the index of 8-11 is used for a XOR-Operation (so we call it XOR-Key x), the index 4-7 is used for a multiplication (Encryption-Key k) and the first index of 0-3 is used for a modulus operation (Modulus-Key m). This.RingBuffer = ((keys ^ (this.CryptBuffer ^ (this.RingBuffer & 0xFFFF))) * keys) % keys So, I had a closer look at the encryption code which uses one of these keys: this.RingBuffer = ((keys ^ this.CryptBuffer) * keys) % keys So it's some kind of a private/public key pair. One of these keys is used by the server to encrypt outgoing network packets, and the other is used by the client to decrypt incoming network packets. Additionally these keys use almost only 16 bits - only the first 4 numbers are actually over it. What can you see is, that the first and the last 4 integers are identical for the encryption and decryption key. These keys are consisting of twelve 32-bit integers. So I tried to dig a bit in the SimpleModulus algorithm and the usage of these keys. In the past days I wondered why some parts of the encryption and decryption keys for the network packet encryption (aka SimpleModulus) are actually the same. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |