Initiate Mage
- Joined
- Feb 11, 2008
- Messages
- 3
- Reaction score
- 1
(Oopsie, perhaps this was suppose to be in the tutorial section, feel free to move if needed)
Well, looks like nobody supplied me with that sniffer.
anyway.
Here we go, worked on this the other day.
This is the encryption/decryption routine, this is in C.
This will decrypt without the header, it starts at [4]
To further explain LaTale's *laughs* encryption(Maple Story, you really killed me with that AES block)
a) Let's take a look at a sample header and decrypt it.
char crypt[] = {0x0A, 0x00, 0x00, 0x00, 0x64, 0x00, 0x00, 0x00, 0x00, 0x01};
or simply
[ INT32 ][ CHAR8 ] [Char[]]
[ HEADER ][PACKET ID] [DATA]
0A 00 00 00 64 00 00 00 00 01 (HEX)
0x0A is the LENGTH of the packet and is not needed in the decryption process.
This is an INT, little-endian and uses the first 4 bytes to find how long the TOTAL length is.
0x0A = 10 in decimal, the length of this packet is indeed 10.
ENF NOTE: Packet headers are NOT encrypted.
1.b) Let's step through the encryption.
We skip to the packet id, and xor it with 0x76(magic #).
This reveals the packet ID, so in this case:
64 XOR 0x76 = 12 You can use a sci calculator if you want, these are accurate results as I have checked them with Bravo's posts. (I assume he used traitor's sniffer or w.e, I'll be releasing my own soon with a GUI)
After the header, we have a for loop:
It starts at 5, as we are finished with the header and the packet id.
This is just some xor swap logic.
Grab the first byte,
xor it with k, which is packet id(init)
make new k value, the data we just produced
repeat for entire routine and we produce:
tada.
Reverse for encrypt.
Grats, Infinity Tale starting soon .
Updates:
Infinity Tale dat file repacker started.
Infinity Architect started.
Infinity Sniffer->Complete->Releasing soon.
Well, looks like nobody supplied me with that sniffer.
anyway.
Here we go, worked on this the other day.
This is the encryption/decryption routine, this is in C.
// Written by Sai
#ifndef _INFINITY_TALE_CRYPT_
#define _INFINITY_TALE_CRYPT_
#include <string.h>
int laEncrypt(char* data, int length)
{
int size = length;
data[4] ^= 0x76;
for(int i = 5; i < size; i++)
data ^= data[i-1];
return 1;
}
int laDecrypt(char* data, int length)
{
int size = length;
char k = data[4];
char j = 0;
data[4] ^= 0x76;
for(int i = 5; i < size; i++)
{
j = data;
data ^= k;
k = j;
}
return 1;
}
#endif
This will decrypt without the header, it starts at [4]
To further explain LaTale's *laughs* encryption(Maple Story, you really killed me with that AES block)
a) Let's take a look at a sample header and decrypt it.
char crypt[] = {0x0A, 0x00, 0x00, 0x00, 0x64, 0x00, 0x00, 0x00, 0x00, 0x01};
or simply
[ INT32 ][ CHAR8 ] [Char[]]
[ HEADER ][PACKET ID] [DATA]
0A 00 00 00 64 00 00 00 00 01 (HEX)
0x0A is the LENGTH of the packet and is not needed in the decryption process.
This is an INT, little-endian and uses the first 4 bytes to find how long the TOTAL length is.
0x0A = 10 in decimal, the length of this packet is indeed 10.
ENF NOTE: Packet headers are NOT encrypted.
1.b) Let's step through the encryption.
data[4] ^= 0x76;
We skip to the packet id, and xor it with 0x76(magic #).
This reveals the packet ID, so in this case:
64 XOR 0x76 = 12 You can use a sci calculator if you want, these are accurate results as I have checked them with Bravo's posts. (I assume he used traitor's sniffer or w.e, I'll be releasing my own soon with a GUI)
After the header, we have a for loop:
data ^= data[i-1];
It starts at 5, as we are finished with the header and the packet id.
This is just some xor swap logic.
Grab the first byte,
j = data;
xor it with k, which is packet id(init)
j = data ^= k;
make new k value, the data we just produced
k = j;
repeat for entire routine and we produce:
12 64 00 00 00 01
tada.
Reverse for encrypt.
Grats, Infinity Tale starting soon .
Updates:
Infinity Tale dat file repacker started.
Infinity Architect started.
Infinity Sniffer->Complete->Releasing soon.
Last edited: