C1/C2/C3/C4 Packet Encryption/Decryption source code (C++)

[Evolver]

Authors
----------------------------------------------------------
Decryption: wad <wad@inbox.lv>
Decryption reverse engineering: Evolver <ninzya@inbox.lv>



mu_packet.h
----------------------------------------------------------

#ifndef __EVOL_MUAPI_MU_PACKET_H__
#define __EVOL_MUAPI_MU_PACKET_H__

#include <memory.h>

#define MU_PACKET( buf_ptr) (muPacket*)buf_ptr
#define MU_REFPKT( pkt_ptr) (*pkt_ptr)

class muPacket {
public:
// ...
muPacket() {
}
// ...
~muPacket() {
}
public:
// ...
inline unsigned char* packet() {
return ((unsigned char*)this);
}
// ...
inline unsigned char& packet( unsigned short i) {
return ((unsigned char*)this);
}
// ...
inline void packet( void* out_buf, unsigned short offset, unsigned short bytes) {
memcpy( out_buf, &this->packet()[offset], bytes);
}
// ...
inline unsigned char hdr() {
return this->packet()[0];
}
// ...
unsigned short size() {
unsigned char* buf =(unsigned char*)this;
if( buf[0] ==0xC1 || buf[0] ==0xC3)
return (unsigned short)buf[1];
else if( buf[0] ==0xC2 || buf[0] ==0xC4)
return (((unsigned short)buf[1] << 8) | (unsigned short)buf[2]);
// shouldn't occur
return 0;
}
// ...
inline unsigned char *contents() {
return &(this->packet()[this->hdrSize()]);
}
// ...
inline unsigned char& contents( unsigned short i) {
return this->packet()[this->hdrSize()+i];
}
// ...
inline void contents( void* out_buf, unsigned short offset, unsigned short bytes) {
memcpy( out_buf, &(this->contents()[offset]), bytes);
}
// ...
inline unsigned short contentSize() {
return( this->size() -this->hdrSize());
}
// ...
inline unsigned char opc() {
return( this->operator()( 0));
}
// ...
unsigned char hdrSize() {
unsigned char* buf =(unsigned char*)this;
if( buf[0] ==0xC1 || buf[0] ==0xC3)
return 2;
else if( buf[0] ==0xC2 || buf[0] ==0xC4)
return 3;
// shouldn't occur
return 0;
}
public:// operators
// iterates whole packet
inline unsigned char& operator[]( unsigned short i) {
return this->packet();
}
// iterates contents
inline unsigned char& operator()( unsigned short i) {
return this->packet()[i +this->hdrSize()];
}
// returns pointer to packet
inline operator unsigned char*() {
return this->packet();
}
};

// checks whether the given packet is valid
bool IsMuPacketValid( unsigned char *ptr, unsigned short len);

#endif


mu_packet.cpp
---------------------------------------------------------------------

#include "mu_packet.h"

// checks whether the given packet is valid
bool IsMuPacketValid( unsigned char *ptr, unsigned short len) {
if( len < 3) return false;
if( ptr[0] == 0xC1 || ptr[0] == 0xC3)
return ( ptr[1] == len);
else if (ptr[0] == 0xC2 || ptr[0] == 0xC4) {
unsigned short inlen =(unsigned short)ptr[1] << 8 | (unsigned short)ptr[2];
return ( inlen == len);
} else
return false;
}

mu_encdec.h
----------------------------------------------------------

/*
* Mu Protocol Decryption algorythm fetched from gs by wad. Special thanks.
* Author: Evolver
* Modifications:
* Integrated encryption algorhythm basing on decryption algorhythm by wad. (Evolver)
* Prepared and tested code (Evolver)
*/

#ifndef __EVOL_MUAPI_MU_ENCDEC_H__
#define __EVOL_MUAPI_MU_ENCDEC_H__

#include "mu_packet.h"

enum MuReadEncfileResult_t {
MuReadEncfile_InvalidPath =0,
MuReadEncfile_FileCorrupted =1,
MuReadEncfile_Success =2
};

// this algorythm uses dec data in this order:
// enc client->server (Dec1.dat)
// dec client->server (Dec1.dat)
// enc server->client (Dec2.dat)
// dec server->client (Dec2.dat)

// reads encryption file
MuReadEncfileResult_t MuReadEncfile( char *file, unsigned int* out_dat );
// decrypts login/passwod, and also used to decrypt login and password,
// Terrain*.att files in client-side Data/World*/, bmd files
void MuXor3Byte( unsigned char* ptr, unsigned int len);
// encode c1/c2 packet
extern void MU_EncodeC1C2( muPacket* packet);
// decode c1/c2 packet
extern void MU_DecodeC1C2( muPacket* packet);
// encode c3/c4 packet
bool MU_EncodeC3C4( unsigned char* outbuf, muPacket* pkt, unsigned int* dec_dat, unsigned char enc_key);
// decode c3/c4 packet
bool MU_DecodeC3C4( unsigned char* outbuf, muPacket* pkt, unsigned int* dec_dat, unsigned char* dec_key);
// returns space in bytes, required to fit the encrypted packet to c3/c4
extern unsigned short MuPacketEncSpace( muPacket* pkt);
// returns space in bytes, required to fit the decrypted packet from c3/c4
extern unsigned short MuPacketDecSpace( muPacket* pkt);

#endif




mu_encdec.cpp
----------------------------------------------------------

/*
* Mu Protocol Decryption algorythm fetched from gs by wad. Special thanks.
* Author: Evolver
* Modifications:
* Integrated encryption algorhythm basing on decryption algorhythm by wad. (Evolver)
* Prepared and tested code (Evolver)
*/

#include "mu_encdec.h"
#include "mu_packet.h"
#include <memory.h>
#include <cstdio>

// MuError.log
const static unsigned int xor_tab_muerror[4] = {
0x9F81BD7C, 0x56E2933D, 0x3ED2732A, 0xBF9583F2
};
// used to decrypt login and password, Terrain*.att files in
// client-side Data/World*/
const static unsigned char xor_table_3byte[3] = {
0xFC, 0xCF, 0xAB
};
// used to decrypt client-side Data/Enc1.dat and Data/Dec2.Dat
const unsigned int xor_tab_datfile[4] = {
0x3F08A79B, 0xE25CC287, 0x93D27AB9, 0x20DEA7BF
};
// used to decrypt C1/C2 packets
const unsigned char xor_tab_C1C2[32] = {
0xE7, 0x6D, 0x3A, 0x89, 0xBC, 0xB2, 0x9F, 0x73,
0x23, 0xA8, 0xFE, 0xB6, 0x49, 0x5D, 0x39, 0x5D,
0x8A, 0xCB, 0x63, 0x8D, 0xEA, 0x7D, 0x2B, 0x5F,
0xC3, 0xB1, 0xE9, 0x83, 0x29, 0x51, 0xE8, 0x56
};
// decrypts login/passwod, and also used to decrypt login and password,
// Terrain*.att files in client-side Data/World*/
void MuXor3Byte( unsigned char* ptr, unsigned int len) {
for( unsigned int i = 0; i < len; ++i)
ptr ^= xor_table_3byte[i%3];
}
// ...
void ShiftRight(unsigned char* ptr, unsigned int len, unsigned int shift) {
if (shift == 0) return;
for( unsigned int i = 1; i < len; ++i) {
*ptr = (*ptr << shift) | (*(ptr+1) >> (8 - shift));
++ptr;
}
*ptr <<= shift;
}
// ...
void ShiftLeft(unsigned char* ptr, unsigned int len, unsigned int shift) {
if (shift == 0) return;
ptr +=len -1;
for( unsigned int i = 1; i < len; ++i) {
*ptr = (*ptr >> shift) | (*(ptr-1) << (8 - shift));
--ptr;
}
*ptr >>= shift;
}
// ...
unsigned int ShiftBytes(unsigned char* buf, unsigned int arg_4, unsigned char* pkt, unsigned int arg_C, unsigned int arg_10) {
unsigned int size_ = ((((arg_10 + arg_C) - 1) / 8) + (1 - (arg_C / 8)));
unsigned char tmp1[20] ={ 0 };
memcpy( tmp1, &pkt[arg_C /8], size_);
unsigned int var_4 = (arg_10 + arg_C) & 0x7;
if (var_4) tmp1[size_ - 1] &= 0xFF << (8 - var_4);
arg_C &= 0x7;
ShiftRight(tmp1, size_, arg_C);
ShiftLeft(tmp1, size_ + 1, arg_4 & 0x7);
if ((arg_4 & 0x7) > arg_C)
++size_;
if(size_)
for( unsigned int i =0; i < size_; ++i)
buf[i+(arg_4/8)] |=tmp1;
return arg_10 + arg_4;
}
// ...
void Encode8BytesTo11Bytes( unsigned char* outbuf, unsigned char* pktptr, unsigned int num_bytes, unsigned int* dec_dat) {
unsigned char finale[2];
finale[0] =(unsigned char)num_bytes;
finale[0] ^= 0x3D;
finale[1] =0xF8;
for (int k = 0; k < 8; ++k)
finale[1] ^= pktptr[k];
finale[0] ^= finale[1];
ShiftBytes( outbuf, 0x48, finale, 0x00, 0x10);
unsigned int ring[4] ={ 0x000000000, 0x00000000, 0x00000000, 0x00000000 };
unsigned short* cryptbuf =(unsigned short*)pktptr;
ring[0] =((dec_dat[ 8] ^(cryptbuf[0])) *dec_dat[ 4]) %dec_dat[ 0];
ring[1] =((dec_dat[ 9] ^(cryptbuf[1] ^(ring[0] &0xFFFF))) *dec_dat[ 5]) %dec_dat[ 1];
ring[2] =((dec_dat[10] ^(cryptbuf[2] ^(ring[1] &0xFFFF))) *dec_dat[ 6]) %dec_dat[ 2];
ring[3] =((dec_dat[11] ^(cryptbuf[3] ^(ring[2] &0xFFFF))) *dec_dat[ 7]) %dec_dat[ 3];
unsigned int ring_backup[4] ={ ring[0], ring[1], ring[2], ring[3] };
ring[2] =ring[2] ^dec_dat[10] ^(ring_backup[3] &0xFFFF);
ring[1] =ring[1] ^dec_dat[ 9] ^(ring_backup[2] &0xFFFF);
ring[0] =ring[0] ^dec_dat[ 8] ^(ring_backup[1] &0xFFFF);
ShiftBytes( outbuf, 0x00, (unsigned char*)(&ring[0]), 0x00, 0x10);
ShiftBytes( outbuf, 0x10, (unsigned char*)(&ring[0]), 0x16, 0x02);
ShiftBytes( outbuf, 0x12, (unsigned char*)(&ring[1]), 0x00, 0x10);
ShiftBytes( outbuf, 0x22, (unsigned char*)(&ring[1]), 0x16, 0x02);
ShiftBytes( outbuf, 0x24, (unsigned char*)(&ring[2]), 0x00, 0x10);
ShiftBytes( outbuf, 0x34, (unsigned char*)(&ring[2]), 0x16, 0x02);
ShiftBytes( outbuf, 0x36, (unsigned char*)(&ring[3]), 0x00, 0x10);
ShiftBytes( outbuf, 0x46, (unsigned char*)(&ring[3]), 0x16, 0x02);
}
// ...
int Decode11BytesTo8Bytes( unsigned char* outbuf, unsigned char* pktptr, unsigned int* dec_dat) {
unsigned int ring[4] ={ 0x00000000, 0x00000000, 0x00000000, 0x00000000 };
ShiftBytes((unsigned char*)&ring[0], 0x00, pktptr, 0x00, 0x10);
ShiftBytes((unsigned char*)&ring[0], 0x16, pktptr, 0x10, 0x02);
ShiftBytes((unsigned char*)&ring[1], 0x00, pktptr, 0x12, 0x10);
ShiftBytes((unsigned char*)&ring[1], 0x16, pktptr, 0x22, 0x02);
ShiftBytes((unsigned char*)&ring[2], 0x00, pktptr, 0x24, 0x10);
ShiftBytes((unsigned char*)&ring[2], 0x16, pktptr, 0x34, 0x02);
ShiftBytes((unsigned char*)&ring[3], 0x00, pktptr, 0x36, 0x10);
ShiftBytes((unsigned char*)&ring[3], 0x16, pktptr, 0x46, 0x02);
ring[2] =ring[2] ^dec_dat[10] ^(ring[3] &0xFFFF);
ring[1] =ring[1] ^dec_dat[ 9] ^(ring[2] &0xFFFF);
ring[0] =ring[0] ^dec_dat[ 8] ^(ring[1] &0xFFFF);
unsigned short* cryptbuf =(unsigned short*)outbuf;
cryptbuf[0] =dec_dat[ 8] ^((ring[0] *dec_dat[ 4]) %dec_dat[0]);
cryptbuf[1] =dec_dat[ 9] ^((ring[1] *dec_dat[ 5]) %dec_dat[1]) ^(ring[0] &0xFFFF);
cryptbuf[2] =dec_dat[10] ^((ring[2] *dec_dat[ 6]) %dec_dat[2]) ^(ring[1] &0xFFFF);
cryptbuf[3] =dec_dat[11] ^((ring[3] *dec_dat[ 7]) %dec_dat[3]) ^(ring[2] &0xFFFF);
unsigned char finale[2] ={ 0x00, 0x00 };
ShiftBytes(finale, 0, pktptr, 0x48, 0x10);
finale[0] ^= finale[1];
finale[0] ^= 0x3D;
unsigned char m = 0xF8;
for( int k = 0; k < 8; ++k)
m ^= outbuf[k];
if( m ==finale[1])
return finale[0];
return -1;
}
// ...
inline unsigned short MuPacketEncSpace( muPacket* pkt) {
return((( pkt->contentSize() /8) +(((pkt->contentSize() %8) >0) ? 1 : 0)) *11) +pkt->hdrSize();
}
// ...
inline unsigned short MuPacketDecSpace( muPacket* pkt) {
return(( pkt->contentSize() /11) *8) +pkt->hdrSize() -1;
}
// (if C1, offset = 2), (if C2, offset = 3)
void MU_ForceEncodeC1C2( unsigned char* buf, unsigned short len, unsigned short offset =2) {
for( unsigned short p =1; p < len; ++p)
buf[p] ^= buf[p-1] ^ xor_tab_C1C2[(p+offset) %32];
}
// (if C1, offset = 2), (if C2, offset = 3)
void MU_ForceDecodeC1C2( unsigned char* buf, unsigned short len, unsigned short offset =2) {
--len;
for( unsigned short p =len; p > 0; --p)
buf[p] ^= buf[p-1] ^ xor_tab_C1C2[(p+offset) %32];
}
// encode c1/c2 packet
inline void MU_EncodeC1C2( muPacket* packet) {
MU_ForceEncodeC1C2( packet->contents(), packet->contentSize(), packet->hdrSize());
}
// decode c1/c2 packet
inline void MU_DecodeC1C2( muPacket* packet) {
MU_ForceDecodeC1C2( packet->contents(), packet->contentSize(), packet->hdrSize());
}
// encode c3/c4 packet
bool MU_ForceEncodeC3C4( unsigned char* outbuf, unsigned short* outlen, unsigned char* inbuf, unsigned short len, unsigned int* dec_dat) {
*outlen =0;
unsigned int offset =0;
for( offset =0; (offset+8) <= len; offset +=8) {
memset( outbuf, 0, 11);
Encode8BytesTo11Bytes( outbuf, &inbuf[offset], 8, dec_dat);
*outlen += 11;
outbuf += 11;
}
if ( offset < len) {
memset( outbuf, 0, 11);
Encode8BytesTo11Bytes( outbuf, &inbuf[offset], len - offset, dec_dat);
*outlen += 11;
}
return true;
}
// decode c3/c4 packet
bool MU_ForceDecodeC3C4( unsigned char* outbuf, unsigned short* outlen, unsigned char* inbuf, unsigned short len, unsigned int* dec_dat) {
if ((len % 11) != 0)
return false;// invalid size specified
*outlen = 0;
int rez =0;
for( unsigned int offset =0; offset < len; offset +=11) {
rez =Decode11BytesTo8Bytes( outbuf, &inbuf[offset], dec_dat);
if (rez <= 0)
return false;// failed to decrypt
*outlen +=(unsigned int)rez;
outbuf +=8;
}
return true;
}
// decrypt c3/c4 packet
bool MU_DecodeC3C4( unsigned char* outbuf, muPacket* pkt, unsigned int* dec_dat, unsigned char* dec_key) {
unsigned char hdrSize =pkt->hdrSize();
unsigned char hdr =pkt->hdr();
unsigned short dec_size =0;
if( MU_ForceDecodeC3C4( &outbuf[hdrSize -1], &dec_size, pkt->contents(), pkt->contentSize(), dec_dat) ==false)
return false;// decryption fails
dec_size +=hdrSize -1;
*dec_key =outbuf[hdrSize -1];
outbuf[0] =hdr -2;
if( hdrSize ==2)
outbuf[1] =(unsigned char)dec_size;
else {
outbuf[1] =(unsigned char)((dec_size &~0x00FF) >> 8);
outbuf[2] =(unsigned char)(dec_size &~0xFF00);
}
return true;// decrypt success
}
// encrypt c3/c4 packet
bool MU_EncodeC3C4( unsigned char* outbuf, muPacket* pkt, unsigned int* dec_dat, unsigned char enc_key) {
unsigned char hdrSize =pkt->hdrSize();
unsigned char hdr =pkt->hdr();
unsigned short size =pkt->size();
unsigned char tmp =pkt->packet( hdrSize -1);
unsigned short enc_len =0;
pkt->packet( hdrSize -1) =enc_key;
bool rs =MU_ForceEncodeC3C4( &outbuf[hdrSize], &enc_len, &pkt->packet( hdrSize -1), size -hdrSize +1, dec_dat);
pkt->packet( hdrSize -1) =tmp;
if( rs ==true) {
outbuf[0] =hdr +2;
enc_len +=hdrSize;
if( hdrSize ==2)
outbuf[1] =(unsigned char)enc_len;
else {
outbuf[1] =(unsigned char)((enc_len &~0x00FF) >> 8);
outbuf[2] =(unsigned char)(enc_len &~0xFF00);
}
}
return rs;
}
// out_dat element count = 16
MuReadEncfileResult_t MuReadEncfile( char *file, unsigned int* out_dat ) {
FILE* stream =fopen( file, "rb");
if( stream ==0)
return MuReadEncfile_InvalidPath;
fseek( stream, 0, SEEK_END);
long size =ftell( stream);
if( size !=54)
return MuReadEncfile_FileCorrupted;
fseek( stream, 6, SEEK_SET);
unsigned int buf[4];
fread( buf, 4, 4, stream);
out_dat[ 0] = buf[0] ^ xor_tab_datfile[0];
out_dat[ 1] = buf[1] ^ xor_tab_datfile[1];
out_dat[ 2] = buf[2] ^ xor_tab_datfile[2];
out_dat[ 3] = buf[3] ^ xor_tab_datfile[3];
fread( buf, 4, 4, stream);
out_dat[ 4] = buf[0] ^ xor_tab_datfile[0];
out_dat[ 5] = buf[1] ^ xor_tab_datfile[1];
out_dat[ 6] = buf[2] ^ xor_tab_datfile[2];
out_dat[ 7] = buf[3] ^ xor_tab_datfile[3];
fread( buf, 4, 4, stream);
out_dat[ 8] = buf[0] ^ xor_tab_datfile[0];
out_dat[ 9] = buf[1] ^ xor_tab_datfile[1];
out_dat[10] = buf[2] ^ xor_tab_datfile[2];
out_dat[11] = buf[3] ^ xor_tab_datfile[3];
fclose( stream);
return MuReadEncfile_Success;
}

 

[Sartigan]

Really usefull but wrong section and forgot to add the [Guide] Tag

 

[CockMan]

just wow, but didnt that already come along with to sobieh sources?

 

[Lithic]

just wow, but didnt that already come along with to sobieh sources?

Yea I'm pretty sure it did.

Would of been nicer if he had used code tags on it, or saved it as a text instead of this long butt stream.

 

[MuForum.Info]

#1, Authors - -1 ....

P.S. -> Well stolen source __hitman47 and little remade under you and all...

P.S. -> The Credits it is necessary to leave CODER.........

 

[GhostOne]

Re: [Release]C1/C2/C3/C4 Packet Encryption/Decryption source code (C++)

nice

 

[Evolver]

Yea I'm pretty sure it did.

Would of been nicer if he had used code tags on it, or saved it as a text instead of this long butt stream.

Here you go.

It would be nice if a moderator could edit the thread's topic and place a release tag in front.

 

[Evolver]

#1, Authors - -1 ....

P.S. -> Well stolen source __hitman47 and little remade under you and all...

P.S. -> The Credits it is necessary to leave CODER.........

Well, i'm pretty sure my sources are a little remake of webzen sources too, huh?

 

[drakelv]

Re: [Release]C1/C2/C3/C4 Packet Encryption/Decryption source code (C++)

Nice to see some latvian ppl doing something without crying about bugs. Labs darbs xD

 

[Epoc]

Re: [Release]C1/C2/C3/C4 Packet Encryption/Decryption source code (C++)

thanks

 

[pipoulo]

Re: [Release]C1/C2/C3/C4 Packet Encryption/Decryption source code (C++)

Just to clear things up because so many idiots together can create a chain reaction of stupidity. Evolver is a known programmer that had enc/dec routines translated from asm a long time ago before anyone else had (maybe except MG group). He also was known for his excellent documentation on MU protocol.

If i am correct the following is a part of his documented list characters packet:

// not crypted
struct _OPF300
{
	unsigned char op;		// 0xF3
	unsigned char op_2;	// 0x00

	unsigned char unknown1;	// 0x02
	unsigned char unknown2;	// 0x00

	unsigned char num;	// number of character info blocks ( 0x00 < num < 0x06 ) ( 5 characters total )

	//_OPF301_block character_infos[num];	// character info blocks
};

I think that Evolver is the same as the one here. If you don't know him you are >lol<

btw Evolver don't mind the idiots, good job, you are afterall, so i didn't expect less

 

[cosoraro]

Re: [Release] C1/C2/C3/C4 Packet Encryption/Decryption source code (C++)

Thanks for this Evolver, this is great work and incredibly usefull!

quick note, comment in mu_encdec.h should be

// this algorythm uses dec data in this order:
//  enc client->server (enc1.dat)
//  dec client->server (dec1.dat)
//  enc server->client (enc2.dat)
//  dec server->client (dec2.dat)

it took me a while to understand where the problem was

 

[Kudo^]

Re: [Release] C1/C2/C3/C4 Packet Encryption/Decryption source code (C++)

Great job, but would be much better if you give more info such as if it's to hook in gs,or main(xD) & more

 

[mauka]

Re: [Release] C1/C2/C3/C4 Packet Encryption/Decryption source code (C++)

delphi SOurce.. eny1???

 

[=Battle=]

Re: [Release] C1/C2/C3/C4 Packet Encryption/Decryption source code (C++)

Who knows explain in detail for what mu_encdec and mu_packet

 

[sircid]

Re: [Release] C1/C2/C3/C4 Packet Encryption/Decryption source code (C++)

Who knows explain in detail for what mu_encdec and mu_packet

mu_packet contents a class that gives to packet location (unsigned char) commons functions that are usually used (get header, get headersize...).
mu_encdec contents functions to decrypt encrypt these packets.

 

[Evolver]

Re: [Release] C1/C2/C3/C4 Packet Encryption/Decryption source code (C++)

An issue has been found by sircid in MuPacketEncSize function. It incorrectly calculates destination buffer size if pkt->contentSize() %8 ==0, because in the code there wasn't taken in account one byte for enc_key. Here is a fix:

inline unsigned short MuPacketEncSpace( muPacket* pkt) {
unsigned short contentSize =pkt->contentSize() +1;
return((( contentSize /8) +(((contentSize %8) >0) ? 1 : 0)) *11) +pkt->hdrSize();
}

 

[sircid]

Re: [Release] C1/C2/C3/C4 Packet Encryption/Decryption source code (C++)

An issue has been found by sircid in MuPacketEncSize function. It incorrectly calculates destination buffer size if pkt->contentSize() %8 ==0, because in the code there wasn't taken in account one byte for enc_key. Here is a fix:

inline unsigned short MuPacketEncSpace( muPacket* pkt) {
unsigned short contentSize =pkt->contentSize() +1;
return((( contentSize /8) +(((contentSize %8) >0) ? 1 : 0)) *11) +pkt->hdrSize();
}

Now everything works 100% =)!

 

[thiforums]

Re: [Release] C1/C2/C3/C4 Packet Encryption/Decryption source code (C++)

Hey guys, when I need to use MuPacketEncSpace() and MuPacketDecSpace() functions?
Until now, I was able to encrypt and decrypt without them. o_0

 

[sircid]

Re: [Release] C1/C2/C3/C4 Packet Encryption/Decryption source code (C++)

Hey guys, when I need to use MuPacketEncSpace() and MuPacketDecSpace() functions?
Until now, I was able to encrypt and decrypt without them. o_0

You need it coz they give you size of bytes that decrypted/encrypted packet would use. Which size do you set when you create an array :S?