| Register | Members | Blogs | Chat |
| Kal Development Discuss, [DEV] CryptKalOnline for C++ at Kal Online forum; Original Post: [Only Registered and Activated Users Can See Links. Click Here To Register... ] Here is my first release ... |
 |
| Thread Tools |
|
is stupid :(
Rank: Alpha Member
 |
Quote: Originally Posted by DennisDee
Or maybe if is possible to write program wich convert from somehow clientside to working server side... Idk, maybe this is stupid what im talking now (i belive it is xD), but its just an idea...
|
|
|||
| permalink | |||||
|
Teh only Linux Kal Dev :P
Rank: Member
|
Quote: Originally Posted by Nuklear
People, if you post binaries of this, I will severe your head.
|
|
|||
| permalink | |||||
|
Monster Member
Rank: New Blood
|
Quote: Originally Posted by Nuklear
People, if you post binaries of this, I will severe your head.
I know we all have the skill set capable of solving these problems and I credit those that share their knowledge and time even though it goes against us. So I will take a leap and help my fellow developer. Bakabug, from what I understand, you're having trouble with encryption? You're probably the only one of few people that deserves this because I admire your work. The source extracted from shortcrypt aka swordcrypt2. DAT/Packet: Encrypt = Old: Shift + New: 128 AES/XOR, Decrypt = New: 128 AES/XOR + Old: Shift Encrypt Key = Decrypt Key (16 bytes) Packet Key != DAT Key Encrypt Round Key != Decrypt Round Key something16 = etbl0 something15 = etbl1 something14 = etbl2 something13 = etbl3 something20 = esub0 something19 = esub1 somethign18 = esub2 something17 = esub3 something1 = dtbl0 somethine2 = dtbl1 something3 = dtbl2 something4 = dtbl3 something5 = dsub0 something6 = dsub1 something7 = dsub2 something8 = dsub3 Code:
#define AES_128_KEY_ROUND_MAX 10
static const unsigned long rcon[11] = {
0x01000000, 0x02000000, 0x04000000, 0x08000000,
0x10000000, 0x20000000, 0x40000000, 0x80000000,
0x1B000000, 0x36000000, 0x00000000
};
static const unsigned long *dtbls[] = {
dtbl0, dtbl1, dtbl2, dtbl3, dsub0, dsub1, dsub2, dsub3
};
static const unsigned long *etbls[] = {
etbl0, etbl1, etbl2, etbl3, esub0, esub1, esub2, esub3
};
/* generate encryption round key */
void _cipher_128_aes_encrypt_key(const char key[16], unsigned long rk[12][4])
{
unsigned int idx = 0;
unsigned long tmp = 0L;
memcpy(&rk[0], key, 16);
do {
tmp = rk[idx][3];
rk[idx + 1][0] = rk[idx][0] ^ \
(etbl2[(tmp >> 16) & 0xff] & 0xff000000) ^ \
(etbl3[(tmp >> 8) & 0xff] & 0x00ff0000) ^ \
(etbl0[tmp & 0xff] & 0x0000ff00) ^ \
(etbl1[tmp >> 24] & 0x000000ff) ^ \
rcon[idx];
rk[idx + 1][1] = rk[idx][1] ^ rk[idx + 1][0];
rk[idx + 1][2] = rk[idx][2] ^ rk[idx + 1][1];
rk[idx + 1][3] = rk[idx][3] ^ rk[idx + 1][2];
} while (AES_128_KEY_ROUND_MAX > idx++);
}
/* generate decryption round key */
void _cipher_128_aes_decrypt_key(const char key[16], unsigned long rk[12][4])
{
unsigned int idx = 0;
if (memcmp(key, &rk[0], 16)) {
_cipher_128_aes_encrypt_key(key, rk);
}
idx = 1;
do { /* Use the decryption and encryption tables to get the mix table,
reducing the profile of the library. Sword Online statically
defines the mix table as 0x00000000, 0x00000000, 0x00000000, ... */
rk[idx][0] = dtbl0[etbl1[rk[idx][0] >> 24] & 0xff] ^
dtbl1[etbl1[(rk[idx][0] >> 16) & 0xff] & 0xff] ^
dtbl2[etbl1[(rk[idx][0] >> 8) & 0xff] & 0xff] ^
dtbl3[etbl1[rk[idx][0] & 0xff] & 0xff];
rk[idx][1] = dtbl0[etbl1[rk[idx][1] >> 24] & 0xff] ^
dtbl1[etbl1[(rk[idx][1] >> 16) & 0xff] & 0xff] ^
dtbl2[etbl1[(rk[idx][1] >> 8) & 0xff] & 0xff] ^
dtbl3[etbl1[rk[idx][1] & 0xff] & 0xff];
rk[idx][2] = dtbl0[etbl1[rk[idx][2] >> 24] & 0xff] ^
dtbl1[etbl1[(rk[idx][2] >> 16) & 0xff] & 0xff] ^
dtbl2[etbl1[(rk[idx][2] >> 8) & 0xff] & 0xff] ^
dtbl3[etbl1[rk[idx][2] & 0xff] & 0xff];
rk[idx][3] = dtbl0[etbl1[rk[idx][3] >> 24] & 0xff] ^
dtbl1[etbl1[(rk[idx][3] >> 16) & 0xff] & 0xff] ^
dtbl2[etbl1[(rk[idx][3] >> 8) & 0xff] & 0xff] ^
dtbl3[etbl1[rk[idx][3] & 0xff] & 0xff];
} while (AES_128_KEY_ROUND_MAX - 1 > idx++);
}
void _cipher_128_aes_encrypt_round(const unsigned long *tbls[],
const unsigned long *key/*[4]*/, unsigned long *st8/*[4]*/)
{
unsigned long tmp[4];
tmp[0] = tbls[0][st8[0] >> 24] ^ \
tbls[1][(st8[1] >> 16) & 0xff] ^ \
tbls[2][(st8[2] >> 8) & 0xff] ^ \
tbls[3][st8[3] & 0xff];
tmp[1] = tbls[0][st8[1] >> 24] ^ \
tbls[1][(st8[2] >> 16) & 0xff] ^ \
tbls[2][(st8[3] >> 8) & 0xff] ^ \
tbls[3][st8[0] & 0xff];
tmp[2] = tbls[0][st8[2] >> 24] ^ \
tbls[1][(st8[3] >> 16) & 0xff] ^ \
tbls[2][(st8[0] >> 8) & 0xff] ^ \
tbls[3][st8[1] & 0xff];
tmp[3] = tbls[0][st8[3] >> 24] ^ \
tbls[1][(st8[0] >> 16) & 0xff] ^ \
tbls[2][(st8[1] >> 8) & 0xff] ^ \
tbls[3][st8[2] & 0xff];
st8[0] = tmp[0] ^ key[0];
st8[1] = tmp[1] ^ key[1];
st8[2] = tmp[2] ^ key[2];
st8[3] = tmp[3] ^ key[3];
}
void _cipher_128_aes_decrypt_round(const unsigned long *tbls[],
const unsigned long *key/*[4]*/, unsigned long *st8/*[4]*/)
{
unsigned long tmp[4];
tmp[0] = tbls[0][st8[0] >> 24] ^ \
tbls[1][(st8[3] >> 16) & 0xff] ^ \
tbls[2][(st8[2] >> 8) & 0xff] ^ \
tbls[3][st8[1] & 0xff];
tmp[1] = tbls[0][st8[1] >> 24] ^ \
tbls[1][(st8[0] >> 16) & 0xff] ^ \
tbls[2][(st8[3] >> 8) & 0xff] ^ \
tbls[3][st8[2] & 0xff];
tmp[2] = tbls[0][st8[2] >> 24] ^ \
tbls[1][(st8[1] >> 16) & 0xff] ^ \
tbls[2][(st8[0] >> 8) & 0xff] ^ \
tbls[3][st8[3] & 0xff];
tmp[3] = tbls[0][st8[3] >> 24] ^ \
tbls[1][(st8[2] >> 16) & 0xff] ^ \
tbls[2][(st8[1] >> 8) & 0xff] ^ \
tbls[3][st8[0] & 0xff];
st8[0] = tmp[0] ^ key[0];
st8[1] = tmp[1] ^ key[1];
st8[2] = tmp[2] ^ key[2];
st8[3] = tmp[3] ^ key[3];
}
void _cipher_128_aes_encrypt(const unsigned long rk[12][4],
const unsigned char pt[16], unsigned char ct[16])
{
unsigned long st8[4];
st8[0] = *((unsigned long *)&pt[0]) ^ rk[0][0];
st8[1] = *((unsigned long *)&pt[4]) ^ rk[0][1];
st8[2] = *((unsigned long *)&pt[8]) ^ rk[0][2];
st8[3] = *((unsigned long *)&pt[12]) ^ rk[0][3];
_cipher_128_aes_encrypt_round(etbls, rk[1], st8);
_cipher_128_aes_encrypt_round(etbls, rk[2], st8);
_cipher_128_aes_encrypt_round(etbls, rk[3], st8);
_cipher_128_aes_encrypt_round(etbls, rk[4], st8);
_cipher_128_aes_encrypt_round(etbls, rk[5], st8);
_cipher_128_aes_encrypt_round(etbls, rk[6], st8);
_cipher_128_aes_encrypt_round(etbls, rk[7], st8);
_cipher_128_aes_encrypt_round(etbls, rk[8], st8);
_cipher_128_aes_encrypt_round(etbls, rk[9], st8);
_cipher_128_aes_encrypt_round(&etbls[4], rk[10], st8);
*((unsigned long *)&ct[0]) = st8[0];
*((unsigned long *)&ct[4]) = st8[1];
*((unsigned long *)&ct[8]) = st8[2];
*((unsigned long *)&ct[12]) = st8[3];
}
void _cipher_128_aes_decrypt(const unsigned long rk[12][4],
const unsigned char ct[16], unsigned char pt[16])
{
unsigned long st8[4];
st8[0] = *((unsigned long *)&ct[0]) ^ rk[10][0];
st8[1] = *((unsigned long *)&ct[4]) ^ rk[10][1];
st8[2] = *((unsigned long *)&ct[8]) ^ rk[10][2];
st8[3] = *((unsigned long *)&ct[12]) ^ rk[10][3];
_cipher_128_aes_decrypt_round(dtbls, rk[9], st8);
_cipher_128_aes_decrypt_round(dtbls, rk[8], st8);
_cipher_128_aes_decrypt_round(dtbls, rk[7], st8);
_cipher_128_aes_decrypt_round(dtbls, rk[6], st8);
_cipher_128_aes_decrypt_round(dtbls, rk[5], st8);
_cipher_128_aes_decrypt_round(dtbls, rk[4], st8);
_cipher_128_aes_decrypt_round(dtbls, rk[3], st8);
_cipher_128_aes_decrypt_round(dtbls, rk[2], st8);
_cipher_128_aes_decrypt_round(dtbls, rk[1], st8);
_cipher_128_aes_decrypt_round(&dtbls[4], rk[0], st8);
*((unsigned long *)&pt[0]) = st8[0];
*((unsigned long *)&pt[4]) = st8[1];
*((unsigned long *)&pt[8]) = st8[2];
*((unsigned long *)&pt[12]) = st8[3];
}
static const unsigned char xtbl[16] = { 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x*** 0x10, 0x0f, 0x1e, 0x2d, 0x3c, 0x4b, 0x5a, 0x69, 0x78 };
void _cipher_xor_crypt(unsigned char *buf, unsigned int sz)
{
while (sz-- >= 0) {
buf[sz] ^= xtbl[sz % 16];
}
}
Code:
int main(unsigned int argc, const char *argv[]) {
const char key[16] = NULL; /* Did you really think I would give it to the public? */
unsigned long rk[12][4];
FILE *fpi;
FILE *fpo;
unsigned char in[16];
unsigned char out[16];
cipher_mode_e mode = DECRYPT;
int size = 0;
int i;
fpi = fopen("input_file.dat", "rb");
if (fpi == NULL) {
printf("Aborting... Failed to open input file");
return -1;
}
fpo = fopen("output_file.dat", "wb");
if (fpo == NULL) {
printf("Aborting... Failed to open output file");
return -1;
}
if (mode == DECRYPT) {
_cipher_128_aes_decrypt_key(key, rk);
} else {
_cipher_128_aes_encrypt_key(key, rk);
}
while (size = fread(in, 1, 16, fpi)) {
if (size == 16) {
if (mode == DECRYPT) {
_cipher_128_aes_decrypt(rk, in, out);
} else {
_cipher_128_aes_encrypt(rk, in, out);
}
fwrite(out, 1, 16, fpo);
} else {
_cipher_xor_crypt(in, size);
fwrite(in, 1, size, fpo);
}
}
fclose(fpo);
fclose(fpi);
return 0;
}
Last edited by Phantom*; 04-12-2008 at 05:09 PM. Reason: Because I can! |
|
|||
| permalink | |||||
|
Monster Member
Rank: New Blood
|
Quote: Originally Posted by BakaBug
Anyways .. thx Phantom* xD
Also when i don't understand it yet.. And I am not really interrested in it ~.~ I onyl doing this because I have nothing better to do xD I am already happy that i got it somehow working to decrypt stuff xD Mean my BakaDecoder .. did nothing else than waiting for engine.exe To be able to encrypt dats xD |
|
|||
| permalink | |||||
|
1. KalHacker
Rank: Member
|
Quote: Originally Posted by Phantom*
I hope it helps you with your understanding for your C++ implementation and possibly saving you some time to incorporate into your server or other projects. I'm 100% positive you would've gotten it working in due time as you're definitely capable.
It's such nice programmed.. and I am not able to finish it because of school ~.~ and also when I am releasing the source.. Only I would know how it works.. (It's not such easy system ..) Pending packet system..etc. (multi threaded) bla bla .. Anyways .. what I don't understand on this crypt is .. this When I delete the Part where it adds the AESKey .. with XOR And delete the 5.XOR .. called AESkey2 in my comments Than I can encrypt and decrypt + I understand it why it works.. But when i finaly add the 5.XOR .. everything fuck up.. So I tryed to make 5. XOR static.. every "1" (encrypt) .. and searched in decrypt for the right XOR .. But I found nothing xD I let run a 9h bruteforace attack on 1 dword ... lol I also don't understand it.. HOW IT SHOULD WORK... Mean it's a little crazy too me xD |
|
|||
| permalink | |||||
|
Me iz teh learnin'
Rank: Member
|
Quote: Originally Posted by xymox02
dont know why you relase it
i have my own program, i can decryp now since a few months with it. why???? I dont relase it. |
|
|||
| permalink | |||||
|
1. KalHacker
Rank: Member
|
Quote: Originally Posted by xymox02
dont know why you relase it
i have my own program, i can decryp now since a few months with it. why???? I dont relase it. And what you do ? I don't care ! |
|
|||
| permalink | |||||
|
Administrator of Awesome
Rank: Alpha Member
|
Quote: Originally Posted by xymox02
dont know why you relase it
i have my own program, i can decryp now since a few months with it. why???? I dont relase it. |
|
|||
| permalink | |||||
|
Alpha
Rank: New Blood
|
Quote: Originally Posted by BakaBug
Original Post: [Only Registered and Activated Users Can See Links. Click Here To Register...]
Here is my first release of it .. Full working ! for PacketSystem and for DAT
But Encrypt Key != Decrypt Key You would able to generate a Encrypt Key for the Decrypt Key.. I have a idea how-to .. but i didn't got time yet xD I will re-release it when I have it ^^ INFO: The variable UNKNOW[520] includes the AES-KEY's (when it's really AES) For decrypting Packets , you need to change the key's !!! It's looks like the key for packets are dynamic generated.. I am still looking for it ;) EDIT: Ohe yeah copyrights ?! Use it how you want, do what ever you want But when you don't give credits to me.. I only can say ... hello, big wannabe |
|
||
| permalink | ||||
|
1. KalHacker
Rank: Member
|
