Psure you can just uhh, use Diamondo's getKey tool.
Or just as easy:
1. Open up your version in IDA and locate the CClientSocket funcs, for example ManupulatePacket Will do
2: With that func (and most others) you can super easily locate the decode related functions:
- CInpPacket::CInPacket (Inpacket buffer)
- CInPacket:
ecryptData (AES decrypt)
- CInPacket::InnoHash (IV Shuffle)
- CInPacket:
rocessPacket (Packet Handler)
And with these you ofc wanna go to the DecryptData func since we're looking for the AES key.
Again.. Pretty straightforward. Now in versions 185+ or something you will have 2 decrypts (as shown in the image, i didn't give the new one a name yet) but in v176 just open CAESCipher:
ecrypt (after naming/locating it ofc).
3: Open the first func mentioned in the sub
And see this:
Which is the userkey.
PHP:
UserKeyTemp[0] = 41;
UserKeyTemp[1] = 179;
UserKeyTemp[2] = 136;
UserKeyTemp[3] = 32;
UserKeyTemp[4] = 246;
UserKeyTemp[5] = 191;
UserKeyTemp[6] = 2;
UserKeyTemp[7] = 72;
UserKeyTemp[8] = 24;
UserKeyTemp[9] = 91;
UserKeyTemp[10] = 118;
UserKeyTemp[11] = 16;
UserKeyTemp[12] = 94;
UserKeyTemp[13] = 218;
UserKeyTemp[14] = 15;
UserKeyTemp[15] = 135;
UserKeyTemp[16] = 202;
UserKeyTemp[17] = 94;
UserKeyTemp[18] = 205;
UserKeyTemp[19] = 159;
UserKeyTemp[20] = 90;
UserKeyTemp[21] = 12;
UserKeyTemp[22] = 245;
UserKeyTemp[23] = 41;
UserKeyTemp[24] = 64;
UserKeyTemp[25] = 213;
UserKeyTemp[26] = 156;
UserKeyTemp[27] = 126;
UserKeyTemp[28] = 97;
UserKeyTemp[29] = 47;
UserKeyTemp[30] = 48;
UserKeyTemp[31] = 40;
Since you have the key as an array of integers, you can go ahead and turn it into any format key as desired.
oh btw, that one is for v188. The key in mapleshark format would be:
PHP:
29B38820F6BF0248185B76105EDA0F87CA5ECD9F5A0CF52940D59C7E612F3028
and in odin format:
PHP:
new byte[]{
(byte)0x29,(byte)0x00,(byte)0x00,
(byte)0x00,(byte)0xF6,(byte)0x00,
(byte)0x00,(byte)0x00,(byte)0x18,
(byte)0x00,(byte)0x00,(byte)0x00,
(byte)0x5E,(byte)0x00,(byte)0x00,
(byte)0x00,(byte)0xCA,(byte)0x00,
(byte)0x00,(byte)0x00,(byte)0x5A,
(byte)0x00,(byte)0x00,(byte)0x00,
(byte)0x40,(byte)0x00,(byte)0x00,
(byte)0x00,(byte)0x61,(byte)0x00,
(byte)0x00,(byte)0x00
}
but since you are doing v176, here's that one:
PHP:
new byte[] { (byte) 0xB3, 0x00, 0x00, 0x00, 0x2C, 0x00, 0x00, 0x00, (byte) 0x96, 0x00, 0x00, 0x00, 0x65, 0x00, 0x00, 0x00, (byte) 0x99, 0x00, 0x00, 0x00, 0x32, 0x00, 0x00, 0x00, (byte) 0xD0, 0x00, 0x00, 0x00, 0x41, 0x00, 0x00, 0x00 }