Looking for an ASM coder

[Phant0m]

I have an algorithm, to unpack something, and it's in ASM language...
I am looking for an ASM coder that is able to understand ASM fully, and can do a good job.
I need an application that is able to decrypt and encrypt back all the information of the files.

I will pay if needed.


Regards,
Alan

---------- Post added at 08:30 PM ---------- Previous post was at 08:21 PM ----------

_declspec( naked ) DWORD  FileDecr(DWORD buf,DWORD inlen)
{
	_asm
	{
       push ebp
       //*OMITTED FOR POSTING*//
addr0056E4B4:
	   mov ecx,esi
       mov edx,esi
       and ecx,0xFFFFFFFE
       sub edx,ecx
       shr esi,1
       test edx,edx
       je short addr0056E4D8
       test bl,bl
       je short addr0056E4CD
       mov ecx,dword ptr ss:[ebp+edi-0x80]
       jmp short addr0056E4D4
addr0056E4CD:
	   mov ecx,dword ptr ss:[ebp+edi-0x100]
addr0056E4D4:
	   shl edx,cl
       add eax,edx
addr0056E4D8:
	   add edi,4
       test esi,esi
       ja short addr0056E4B4
addr0056E4DF:
	   pop edi
       pop esi
       pop ebx
       mov esp,ebp
       pop ebp
       retn
	}
}

This is part of the code...

 

[jMerliN]

How much money and what is it?

 

[Phant0m]

The algorithm decrypts a 'Vital' file from the client of a game...
About the price, how about you give me an estimate... I don't think ti will be hard to make, if you are an experienced ASP coder. I only need an application that is able to Decrypt the file into readable form, and then encrypt it again.

 

[jMerliN]

The algorithm decrypts a 'Vital' file from the client of a game...
About the price, how about you give me an estimate... I don't think ti will be hard to make, if you are an experienced ASP coder. I only need an application that is able to Decrypt the file into readable form, and then encrypt it again.

Which game? An estimate like that depends on a lot of things. Some encryption can be broken in minutes, some takes hours, depending on how obfuscated their code is (and thusly bad), and what kind of encryption it is.

Also, which file?

 

[Phant0m]

Which game? An estimate like that depends on a lot of things. Some encryption can be broken in minutes, some takes hours, depending on how obfuscated their code is (and thusly bad), and what kind of encryption it is.

Also, which file?

The game is called Yulgang. The file it decrypts is 'YBi.cfg' and it contains all the item names and descriptions.
As far as I know that code above is the complete algorithm, it only needs to be implemented into an application, to decrypt and encrypt.

The encryption makes the text look gibberish, which means its not something like SHA, it's more like DES...

 

[jMerliN]

The game is called Yulgang. The file it decrypts is 'YBi.cfg' and it contains all the item names and descriptions.
As far as I know that code above is the complete algorithm, it only needs to be implemented into an application, to decrypt and encrypt.

The encryption makes the text look gibberish, which means its not something like SHA, it's more like DES...

I truly hope not, because from a fast glance at the code above without analysis because important information is omitted (either intentionally or not, because calling context is important with optimized code dealing with ABI-protected registers used to pass information), because that code is not implementing anything that is cryptographically strong. At most it looks like some kind of shift-based encryption, potentially something like ROT(N).

 

[Phant0m]

I truly hope not, because from a fast glance at the code above without analysis because important information is omitted (either intentionally or not, because calling context is important with optimized code dealing with ABI-protected registers used to pass information), because that code is not implementing anything that is cryptographically strong. At most it looks like some kind of shift-based encryption, potentially something like ROT(N).

If you add me on MSN, I can give you the full code, and you could take a look at it.
I really need to get this thing done...
Thanks.

PS: My MSN: adm_breaker@hotmail.com

 

[jMerliN]

Reversing the basic file structure, I'll let you know if it's difficult to warrant payment. Tell me your file version. Download XVI32 and open the YBi.cfg file you have, the first 8 bytes is the version and sub version, for instance mine is:

50 12 00 00 | 6A 04 00 00

Since this is in big endian, you reverse those bytes to get 00001250 as the version which is 4688 decimal and 0000046A as the minor version, which is 1130 decimal. If these are the same version the reversal I write will be able to decrypt/encrypt both of them, otherwise I'll have to get the latest binary from you and see what changed.

This code seems to support both minor version 0x46A and 0x460.


Also, the function you posted above is not the decryption function.

When I found it, I realized it was of sufficient complexity to most likely be a common strong algorithm, didn't look like blowfish either. The good news is that it's AES, which is symmetric, so extracting the key from the client is fairly simple and will allow both encryption and decryption of the file. So yeah.

 

[Phant0m]

Reversing the basic file structure, I'll let you know if it's difficult to warrant payment. Tell me your file version. Download XVI32 and open the YBi.cfg file you have, the first 8 bytes is the version and sub version, for instance mine is:

50 12 00 00 | 6A 04 00 00

Since this is in big endian, you reverse those bytes to get 00001250 as the version which is 4688 decimal and 0000046A as the minor version, which is 1130 decimal. If these are the same version the reversal I write will be able to decrypt/encrypt both of them, otherwise I'll have to get the latest binary from you and see what changed.

This code seems to support both minor version 0x46A and 0x460.


Also, the function you posted above is not the decryption function.

When I found it, I realized it was of sufficient complexity to most likely be a common strong algorithm, didn't look like blowfish either. The good news is that it's AES, which is symmetric, so extracting the key from the client is fairly simple and will allow both encryption and decryption of the file. So yeah.

jMerlin, I need to have your contact, to talk in a more private state.
I can give you all the information, but I'd rather go private.
I will give you all the information you need through MSN, if you rather not talk over MSN, I guess it will be fine to use this forum.

My MSN: adm_breaker@hotmail.com


Thanks,
Alan

---------- Post added at 10:05 PM ---------- Previous post was at 09:26 PM ----------

My YBi has the same Version and SubVersion.

00000000h: 50 12 00 00 6A 04 00 00                         ; P...j...