[S.U.N Online] Encryption Algorithm

Page 1 of 2 12 LastLast
Results 1 to 15 of 17
  1. #1
    Hardcore Member Ashime is offline
    MemberRank
    Oct 2013 Join Date
    USALocation
    127Posts

    [S.U.N Online] Encryption Algorithm

    I am currently trying to figure out S.U.N's encryption algorithm, so I can decode the packets. I believe I have figured out some important information to help crack the algorithm, but I would like to have some help.

    The information below is how the server and client interact up to the point of login:

    Spoiler:
    1. Three-way Handshake
    2. Client sends RST, ACK packet to Server
    3. Three-way Handshake

    4. Server to Client (hello packet)
    TCP 44405 -> (client port - random #) Size: 72 bytes

    5. Client to Server (ip packet)
    TCP (client port) -> 44405 Size: 39 bytes (size can vary)

    6. Server to Client (accept packet)
    TCP 44405 -> (client port) Size: 5 bytes

    7. Client to Server (login packet)
    TCP (client port) -> 44405 Size: 83 bytes

    I have been studying the retail server's packets. The only thing that changes is the "hello packet" (4th step) and the login packet (7th step).
    Here is the five connection trials from the retail server for the "hello packet":

    Spoiler:
    Test 1:

    ASCII:
    F 3 :.

    Hex:
    0x46, 0x00, 0x33, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x3a, 0x0f, 0x00, 0x00


    Test 2:

    ASCII:
    F 3 <.

    Hex:
    0x46, 0x00, 0x33, 0x00, 0x00, 0x00, 0x00, 0x00,0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,0x00, 0x00, 0x00, 0x00, 0x3c, 0x0f, 0x00, 0x00


    Test 3:

    ASCII:
    F 3 =.

    Hex:
    0x46, 0x00, 0x33, 0x00, 0x00, 0x00, 0x00, 0x00,0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,0x00, 0x00, 0x00, 0x00, 0x3d, 0x0f, 0x00, 0x00


    Test 4:

    ASCII:
    F 3 >.

    Hex:
    0x46, 0x00, 0x33, 0x00, 0x00, 0x00, 0x00, 0x00,0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,0x00, 0x00, 0x00, 0x00, 0x3e, 0x0f, 0x00, 0x00


    Test 5:

    ASCII:
    F 3 ?.

    Hex:
    0x46, 0x00, 0x33, 0x00, 0x00, 0x00, 0x00, 0x00,0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,0x00, 0x00, 0x00, 0x00, 0x3f, 0x0f, 0x00, 0x00

    I noticed that the tail end of the "hello" packet changes very slightly every time you connect to the retail server. I believe it is a key of some sort, whether its an initialization vector, one key pair, and etc. Every time the key changes the login packets change dramatically, so instead, I made that "key" static on my server end to try and figure out the algorithm.

    The information below is from my own server.

    Interaction between my server and the client up to the point of login:

    Spoiler:
    1. Three-way Handshake
    2. Client sends RST, ACK packet to Server
    3. Three-way Handshake

    4. Server to Client (hello packet)
    TCP 44405 -> (client port - random #) Size: 72 bytes

    ASCII:
    F 3 $H

    Hex:
    0x46, 0x00, 0x33, 0x00, 0x00, 0x00, 0x00, 0x00,0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,0x00, 0x00, 0x00, 0x00, 0x24, 0x48, 0x00, 0x00

    5. Client to Server (ip packet)
    TCP (client port) -> 44405 Size: 39 bytes

    6. Server to Client (accept packet)
    TCP 44405 -> (client port) Size: 5 bytes

    7. Client to Server (login packet)
    TCP (client port) -> 44405 Size: 83 bytes

    I kept the "key" on the "hello" packet to $H, so this is what the login packets look like:

    Spoiler:
    Test 1:

    Username: test
    Password: test

    ASCII:
    Q 3. TEST .{. ..y .|. @.. 8.....w.......u...%@.. 8...-...ZK... .1neu...._..t

    Hex:
    0x51, 0x00, 0x33, 0x03, 0x00, 0x00, 0x00, 0x00,0x54, 0x45, 0x53, 0x54, 0x00, 0x00, 0xd4, 0x7b,0x19, 0x00, 0xe0, 0x8a, 0x79, 0x00, 0x04, 0x7c,0x19, 0x00, 0x40, 0x80, 0x19, 0x00, 0x38, 0xe4,0x15, 0x0a, 0xe9, 0x9c, 0xdb, 0x77, 0xfa, 0xff,0xff, 0x7f, 0x1f, 0x11, 0x8d, 0x75, 0x97, 0xe4,0xa7, 0x25, 0x40, 0x80, 0x19, 0x00, 0x38, 0xe4,0x15, 0x0a, 0x13, 0x2d, 0xc0, 0xa8, 0xd5, 0x5a,0x4b, 0x02, 0x0e, 0xf4, 0x09, 0xb4, 0x31, 0x6e,0x65, 0x75, 0x7f, 0x1d, 0x83, 0xd6, 0x5f, 0xca,0x06, 0x74, 0x0a


    Test 2:

    Username: test
    Password: test

    ASCII:
    Q 3. TEST .{. ..y .|. @.. .( ....w.......u....@.. .( .2n...|.`......A....._..t

    Hex:
    0x51, 0x00, 0x33, 0x03, 0x00, 0x00, 0x00, 0x00,0x54, 0x45, 0x53, 0x54, 0x00, 0x00, 0xd4, 0x7b,0x19, 0x00, 0xe0, 0x8a, 0x79, 0x00, 0x04, 0x7c,0x19, 0x00, 0x40, 0x80, 0x19, 0x00, 0xd8, 0x28,0x00, 0x17, 0xe9, 0x9c, 0xdb, 0x77, 0xfa, 0xff,0xff, 0x7f, 0x1f, 0x11, 0x8d, 0x75, 0xad, 0xe6,0xfe, 0xaa, 0x40, 0x80, 0x19, 0x00, 0xd8, 0x28,0x00, 0x17, 0x32, 0x6e, 0x1f, 0xc4, 0xf8, 0x7c,0x87, 0x60, 0xc8, 0xc2, 0xbb, 0x87, 0x88, 0xc0,0x41, 0xbc, 0xf7, 0x1d, 0x83, 0xd6, 0x5f, 0xca,0x06, 0x74, 0x0a


    Test 3:

    Username: test
    Password: test

    ASCII:
    Q 3. TEST .{. ..y .|. @.. .......w.......u.8..@.. .......1..~.UD.....Q,..._..t

    Hex:
    0x51, 0x00, 0x33, 0x03, 0x00, 0x00, 0x00, 0x00,0x54, 0x45, 0x53, 0x54, 0x00, 0x00, 0xd4, 0x7b,0x19, 0x00, 0xe0, 0x8a, 0x79, 0x00, 0x04, 0x7c,0x19, 0x00, 0x40, 0x80, 0x19, 0x00, 0x10, 0xaa,0x11, 0x16, 0xe9, 0x9c, 0xdb, 0x77, 0xfa, 0xff,0xff, 0x7f, 0x1f, 0x11, 0x8d, 0x75, 0xc5, 0x38,0xb2, 0xba, 0x40, 0x80, 0x19, 0x00, 0x10, 0xaa,0x11, 0x16, 0xab, 0x83, 0xcf, 0x31, 0xe1, 0xc3,0x7e, 0x99, 0x55, 0x44, 0x99, 0xd3, 0xc5, 0x9d,0x18, 0x51, 0x2c, 0x1d, 0x83, 0xd6, 0x5f, 0xca,0x06, 0x74, 0x0a


    Test 4:
    Username: test
    Password: test

    ASCII:
    Q 3. TEST .{. ..y .|. @.. .y.....w.......uxT(.@.. .y....s.5o.Rdr...V|....._..t

    Hex:
    0x51, 0x00, 0x33, 0x03, 0x00, 0x00, 0x00, 0x00,0x54, 0x45, 0x53, 0x54, 0x00, 0x00, 0xd4, 0x7b,0x19, 0x00, 0xe0, 0x8a, 0x79, 0x00, 0x04, 0x7c,0x19, 0x00, 0x40, 0x80, 0x19, 0x00, 0xd8, 0x79,0x13, 0x16, 0xe9, 0x9c, 0xdb, 0x77, 0xfa, 0xff,0xff, 0x7f, 0x1f, 0x11, 0x8d, 0x75, 0x78, 0x54,0x28, 0x83, 0x40, 0x80, 0x19, 0x00, 0xd8, 0x79,0x13, 0x16, 0xae, 0x88, 0x73, 0xf8, 0x35, 0x6f,0x9e, 0x52, 0x64, 0x72, 0x08, 0xa2, 0xe6, 0x56,0x7c, 0x0f, 0xed, 0x1d, 0x83, 0xd6, 0x5f, 0xca,0x06, 0x74, 0x0a


    Test 5:

    Username: test
    Password: test

    ASCII:
    Q 3. TEST .{. ..y .|. @.. ..{....w.......u...H@.. ..{.dq....i.,. .Z...f..._..t

    Hex:
    0x51, 0x00, 0x33, 0x03, 0x00, 0x00, 0x00, 0x00,0x54, 0x45, 0x53, 0x54, 0x00, 0x00, 0xd4, 0x7b,0x19, 0x00, 0xe0, 0x8a, 0x79, 0x00, 0x04, 0x7c,0x19, 0x00, 0x40, 0x80, 0x19, 0x00, 0xe0, 0xe6,0x7b, 0x16, 0xe9, 0x9c, 0xdb, 0x77, 0xfa, 0xff,0xff, 0x7f, 0x1f, 0x11, 0x8d, 0x75, 0xa7, 0xda,0x82, 0x48, 0x40, 0x80, 0x19, 0x00, 0xe0, 0xe6,0x7b, 0x16, 0x64, 0x71, 0xe4, 0x91, 0xda, 0xab,0x69, 0xb3, 0x2c, 0xa9, 0x00, 0xe2, 0x5a, 0xe8,0x11, 0x1a, 0x66, 0x1d, 0x83, 0xd6, 0x5f, 0xca,0x06, 0x74, 0x0a

    All the older C++ S.U.N files use TEA (tiny encryption algorithm), Base64, MD5, and SHA1. I know this is not a hash algorithm because I wouldn't be able to reverse it. Then I noticed some of the other Webzen games have custom algorithms, so I am a bit confused.

    Any help would be greatly appreciated.


  2. #2
    Hardcore Member Ashime is offline
    MemberRank
    Oct 2013 Join Date
    USALocation
    127Posts

    Re: [S.U.N Online] Encryption Algorithm

    I decided to run some more tests in the same session (which I didn't do before) with the same server key ("$H"). There is a lot of static information between all of the tests.

    This is just my guess from what I have observed so far...

    It looks like the algorithm's block size is 5 bytes or 40 bits...because a password from two ~ seven characters look the same. There is a special hex value (test 1 - 0xfd) separates all repetitive code and corresponds to something. I thought it corresponds to the character count from combining the server key and the password and subtract it from 255, but the hex value is slightly off.

    Spoiler:
    Test 1
    Username: test
    Password: 0

    ASCII
    Q 3. TEST .{. ..y .|. @.. PB.....w.......t..L.@.. PB. @.....Y;.....~ C..._..t

    HEX
    0x51, 0x00, 0x33, 0x03, 0x00, 0x00, 0x00, 0x00, 0x54, 0x45, 0x53, 0x54, 0x00, 0x00, 0xd4, 0x7b, 0x19, 0x00, 0xe0, 0x8a, 0x79, 0x00, 0x04, 0x7c, 0x19, 0x00, 0x40, 0x80, 0x19, 0x00, 0x50, 0x42, 0xdf, 0x18, 0xe9, 0x9c, 0x84, 0x77, 0xfd, 0xff, 0xff, 0x7f, 0x1f, 0x11, 0x80, 0x74, 0xf1, 0xff, 0x4c, 0xab, 0x40, 0x80, 0x19, 0x00, 0x50, 0x42, 0xdf, 0x18, 0x40, 0x8e, 0x0e, 0x02, 0x17, 0xd5, 0x59, 0x0a, 0x3b, 0xa8, 0xbe, 0xb3, 0xc4, 0x1d, 0x7e, 0x0c, 0x43, 0x1d, 0x83, 0xd6, 0x5f, 0xca, 0x06, 0x74, 0x0a



    Test 2
    Username: test
    Password: 00

    ASCII
    Q 3. TEST .{. ..y .|. @.. PB.....w.......t..L.@.. PB..@.].k*m..A...\.JMzF. ....

    HEX
    0x51, 0x00, 0x33, 0x03, 0x00, 0x00, 0x00, 0x00, 0x54, 0x45, 0x53, 0x54, 0x00, 0x00, 0xd4, 0x7b, 0x19, 0x00, 0xe0, 0x8a, 0x79, 0x00, 0x04, 0x7c, 0x19, 0x00, 0x40, 0x80, 0x19, 0x00, 0x50, 0x42, 0xdf, 0x18, 0xe9, 0x9c, 0x84, 0x77, 0xfc, 0xff, 0xff, 0x7f, 0x1f, 0x11, 0x80, 0x74, 0xf1, 0xff, 0x4c, 0xab, 0x40, 0x80, 0x19, 0x00, 0x50, 0x42, 0xdf, 0x18, 0x40, 0xc8, 0x5d, 0xad, 0x6b, 0x2a, 0x6d, 0x84, 0xbd, 0x41, 0x1d, 0x02, 0xd8, 0x5c, 0x12, 0x4a, 0x4d, 0x7a, 0x46, 0xb4, 0x0c, 0xb9, 0xcd, 0xbc, 0xab



    Test 3
    Username: test
    Password: 000

    ASCII
    Q 3. TEST .{. ..y .|. @.. PB.....w.......t..L.@.. PB..@.r3.%.(.A...\.JMzF. ....

    HEX
    0x51, 0x00, 0x33, 0x03, 0x00, 0x00, 0x00, 0x00, 0x54, 0x45, 0x53, 0x54, 0x00, 0x00, 0xd4, 0x7b, 0x19, 0x00, 0xe0, 0x8a, 0x79, 0x00, 0x04, 0x7c, 0x19, 0x00, 0x40, 0x80, 0x19, 0x00, 0x50, 0x42, 0xdf, 0x18, 0xe9, 0x9c, 0x84, 0x77, 0xfb, 0xff, 0xff, 0x7f, 0x1f, 0x11, 0x80, 0x74, 0xf1, 0xff, 0x4c, 0xab, 0x40, 0x80, 0x19, 0x00, 0x50, 0x42, 0xdf, 0x18, 0x40, 0x90, 0x72, 0x33, 0xcf, 0x25, 0xd8, 0x28, 0x15, 0x41, 0x1d, 0x02, 0xd8, 0x5c, 0x12, 0x4a, 0x4d, 0x7a, 0x46, 0xb4, 0x0c, 0xb9, 0xcd, 0xbc, 0xab



    Test 4
    Username: test
    Password: 0000

    ASCII
    Q 3. TEST .{. ..y .|. @.. PB.....w.......t..L.@.. PB..@..&.....A...\.JMzF. ....

    HEX
    0x51, 0x00, 0x33, 0x03, 0x00, 0x00, 0x00, 0x00, 0x54, 0x45, 0x53, 0x54, 0x00, 0x00, 0xd4, 0x7b, 0x19, 0x00, 0xe0, 0x8a, 0x79, 0x00, 0x04, 0x7c, 0x19, 0x00, 0x40, 0x80, 0x19, 0x00, 0x50, 0x42, 0xdf, 0x18, 0xe9, 0x9c, 0x84, 0x77, 0xfa, 0xff, 0xff, 0x7f, 0x1f, 0x11, 0x80, 0x74, 0xf1, 0xff, 0x4c, 0xab, 0x40, 0x80, 0x19, 0x00, 0x50, 0x42, 0xdf, 0x18, 0x40, 0xd0, 0x17, 0x26, 0xff, 0x0b, 0x80, 0xef, 0xf5, 0x41, 0x1d, 0x02, 0xd8, 0x5c, 0x12, 0x4a, 0x4d, 0x7a, 0x46, 0xb4, 0x0c, 0xb9, 0xcd, 0xbc, 0xab



    Test 5
    Username: test
    Password: 00000

    ASCII
    Q 3. TEST .{. ..y .|. @.. PB.....w.......t..L.@.. PB..@..Z.a...A...\.JMzF. ....

    HEX
    0x51, 0x00, 0x33, 0x03, 0x00, 0x00, 0x00, 0x00, 0x54, 0x45, 0x53, 0x54, 0x00, 0x00, 0xd4, 0x7b, 0x19, 0x00, 0xe0, 0x8a, 0x79, 0x00, 0x04, 0x7c, 0x19, 0x00, 0x40, 0x80, 0x19, 0x00, 0x50, 0x42, 0xdf, 0x18, 0xe9, 0x9c, 0x84, 0x77, 0xf9, 0xff, 0xff, 0x7f, 0x1f, 0x11, 0x80, 0x74, 0xf1, 0xff, 0x4c, 0xab, 0x40, 0x80, 0x19, 0x00, 0x50, 0x42, 0xdf, 0x18, 0x40, 0xdb, 0x14, 0x5a, 0xfc, 0x61, 0xc9, 0x8d, 0xec, 0x41, 0x1d, 0x02, 0xd8, 0x5c, 0x12, 0x4a, 0x4d, 0x7a, 0x46, 0xb4, 0x0c, 0xb9, 0xcd, 0xbc, 0xab



    Test 6
    Username: test
    Password: 000000

    ASCII
    Q 3. TEST .{. ..y .|. @.. PB.....w.......t..L.@.. PB..@@..V..q.A...\.JMzF. ....

    HEX
    0x51, 0x00, 0x33, 0x03, 0x00, 0x00, 0x00, 0x00, 0x54, 0x45, 0x53, 0x54, 0x00, 0x00, 0xd4, 0x7b, 0x19, 0x00, 0xe0, 0x8a, 0x79, 0x00, 0x04, 0x7c, 0x19, 0x00, 0x40, 0x80, 0x19, 0x00, 0x50, 0x42, 0xdf, 0x18, 0xe9, 0x9c, 0x84, 0x77, 0xf8, 0xff, 0xff, 0x7f, 0x1f, 0x11, 0x80, 0x74, 0xf1, 0xff, 0x4c, 0xab, 0x40, 0x80, 0x19, 0x00, 0x50, 0x42, 0xdf, 0x18, 0x40, 0x40, 0xf0, 0x1c, 0x56, 0xff, 0x8e, 0x71, 0xe2, 0x41, 0x1d, 0x02, 0xd8, 0x5c, 0x12, 0x4a, 0x4d, 0x7a, 0x46, 0xb4, 0x0c, 0xb9, 0xcd, 0xbc, 0xab



    Test 7
    Username: test
    Password: 0000000

    ASCII
    Q 3. TEST .{. ..y .|. @.. PB.....w.......t..L.@.. PB..@.U.7.'.[A...\.JMzF. ....

    HEX
    0x51, 0x00, 0x33, 0x03, 0x00, 0x00, 0x00, 0x00, 0x54, 0x45, 0x53, 0x54, 0x00, 0x00, 0xd4, 0x7b, 0x19, 0x00, 0xe0, 0x8a, 0x79, 0x00, 0x04, 0x7c, 0x19, 0x00, 0x40, 0x80, 0x19, 0x00, 0x50, 0x42, 0xdf, 0x18, 0xe9, 0x9c, 0x84, 0x77, 0xf7, 0xff, 0xff, 0x7f, 0x1f, 0x11, 0x80, 0x74, 0xf1, 0xff, 0x4c, 0xab, 0x40, 0x80, 0x19, 0x00, 0x50, 0x42, 0xdf, 0x18, 0x40, 0xac, 0x55, 0xb9, 0x37, 0xc3, 0x27, 0xdd, 0x5b, 0x41, 0x1d, 0x02, 0xd8, 0x5c, 0x12, 0x4a, 0x4d, 0x7a, 0x46, 0xb4, 0x0c, 0xb9, 0xcd, 0xbc, 0xab



    Test 8
    Username: test
    Password: 00000000

    ASCII
    Q 3. TEST .{. ..y .|. @.. PB.....w.......t..L.@.. PB..@E6... .^...&.M..zF. ....

    HEX
    0x51, 0x00, 0x33, 0x03, 0x00, 0x00, 0x00, 0x00, 0x54, 0x45, 0x53, 0x54, 0x00, 0x00, 0xd4, 0x7b, 0x19, 0x00, 0xe0, 0x8a, 0x79, 0x00, 0x04, 0x7c, 0x19, 0x00, 0x40, 0x80, 0x19, 0x00, 0x50, 0x42, 0xdf, 0x18, 0xe9, 0x9c, 0x84, 0x77, 0xf6, 0xff, 0xff, 0x7f, 0x1f, 0x11, 0x80, 0x74, 0xf1, 0xff, 0x4c, 0xab, 0x40, 0x80, 0x19, 0x00, 0x50, 0x42, 0xdf, 0x18, 0x40, 0x45, 0x36, 0xa5, 0x97, 0xae, 0x0c, 0x12, 0x5e, 0xb5, 0xae, 0xff, 0x26, 0xcb, 0x4d, 0x0e, 0xbc, 0x7a, 0x46, 0xb4, 0x0c, 0xb9, 0xcd, 0xbc, 0xab



    Test 9
    Username: test
    Password: 000000000

    ASCII
    Q 3. TEST .{. ..y .|. @.. PB.....w.......t..L.@.. PB..@E6... .^{....._.zF. ....

    HEX
    0x51, 0x00, 0x33, 0x03, 0x00, 0x00, 0x00, 0x00, 0x54, 0x45, 0x53, 0x54, 0x00, 0x00, 0xd4, 0x7b, 0x19, 0x00, 0xe0, 0x8a, 0x79, 0x00, 0x04, 0x7c, 0x19, 0x00, 0x40, 0x80, 0x19, 0x00, 0x50, 0x42, 0xdf, 0x18, 0xe9, 0x9c, 0x84, 0x77, 0xf5, 0xff, 0xff, 0x7f, 0x1f, 0x11, 0x80, 0x74, 0xf1, 0xff, 0x4c, 0xab, 0x40, 0x80, 0x19, 0x00, 0x50, 0x42, 0xdf, 0x18, 0x40, 0x45, 0x36, 0xa5, 0x97, 0xae, 0x0c, 0x12, 0x5e, 0x7b, 0xa0, 0xe3, 0xcd, 0xcc, 0xec, 0x5f, 0xd1, 0x7a, 0x46, 0xb4, 0x0c, 0xb9, 0xcd, 0xbc, 0xab



    Test 10
    Username: test
    Password: 0000000000

    ASCII
    Q 3. TEST .{. ..y .|. @.. PB.....w.......t..L.@.. PB..@E6... .^6N......zF. ....

    HEX
    0x51, 0x00, 0x33, 0x03, 0x00, 0x00, 0x00, 0x00, 0x54, 0x45, 0x53, 0x54, 0x00, 0x00, 0xd4, 0x7b, 0x19, 0x00, 0xe0, 0x8a, 0x79, 0x00, 0x04, 0x7c, 0x19, 0x00, 0x40, 0x80, 0x19, 0x00, 0x50, 0x42, 0xdf, 0x18, 0xe9, 0x9c, 0x84, 0x77, 0xf4, 0xff, 0xff, 0x7f, 0x1f, 0x11, 0x80, 0x74, 0xf1, 0xff, 0x4c, 0xab, 0x40, 0x80, 0x19, 0x00, 0x50, 0x42, 0xdf, 0x18, 0x40, 0x45, 0x36, 0xa5, 0x97, 0xae, 0x0c, 0x12, 0x5e, 0x36, 0x4e, 0x9c, 0xc7, 0x1b, 0xb1, 0xf3, 0xc5, 0x7a, 0x46, 0xb4, 0x0c, 0xb9, 0xcd, 0xbc, 0xab



    Test 11
    Username: test
    Password: 00000000000

    ASCII
    Q 3. TEST .{. ..y .|. @.. PB.....w.......t..L.@.. PB..@E6... .^f.[g..t.zF. ....

    HEX
    0x51, 0x00, 0x33, 0x03, 0x00, 0x00, 0x00, 0x00, 0x54, 0x45, 0x53, 0x54, 0x00, 0x00, 0xd4, 0x7b, 0x19, 0x00, 0xe0, 0x8a, 0x79, 0x00, 0x04, 0x7c, 0x19, 0x00, 0x40, 0x80, 0x19, 0x00, 0x50, 0x42, 0xdf, 0x18, 0xe9, 0x9c, 0x84, 0x77, 0xf3, 0xff, 0xff, 0x7f, 0x1f, 0x11, 0x80, 0x74, 0xf1, 0xff, 0x4c, 0xab, 0x40, 0x80, 0x19, 0x00, 0x50, 0x42, 0xdf, 0x18, 0x40, 0x45, 0x36, 0xa5, 0x97, 0xae, 0x0c, 0x12, 0x5e, 0x66, 0x97, 0x5b, 0x67, 0xe2, 0x96, 0x74, 0xca, 0x7a, 0x46, 0xb4, 0x0c, 0xb9, 0xcd, 0xbc, 0xab



    Test 12
    Username: test
    Password: 000000000000

    ASCII
    Q 3. TEST .{. ..y .|. @.. PB.....w.......t..L.@.. PB..@E6... .^..m4....zF. ....

    HEX
    0x51, 0x00, 0x33, 0x03, 0x00, 0x00, 0x00, 0x00, 0x54, 0x45, 0x53, 0x54, 0x00, 0x00, 0xd4, 0x7b, 0x19, 0x00, 0xe0, 0x8a, 0x79, 0x00, 0x04, 0x7c, 0x19, 0x00, 0x40, 0x80, 0x19, 0x00, 0x50, 0x42, 0xdf, 0x18, 0xe9, 0x9c, 0x84, 0x77, 0xf2, 0xff, 0xff, 0x7f, 0x1f, 0x11, 0x80, 0x74, 0xf1, 0xff, 0x4c, 0xab, 0x40, 0x80, 0x19, 0x00, 0x50, 0x42, 0xdf, 0x18, 0x40, 0x45, 0x36, 0xa5, 0x97, 0xae, 0x0c, 0x12, 0x5e, 0xe1, 0xe2, 0x6d, 0x34, 0xde, 0x8f, 0xf5, 0xe0, 0x7a, 0x46, 0xb4, 0x0c, 0xb9, 0xcd, 0xbc, 0xab

    I will have to say, I have never reversed engineered an encryption algorithm like I am trying to, so I will gladly accept any feedback or advise. Thank you!

  3. #3
    Ultimate Member 0x90 is offline
    MemberRank
    Dec 2008 Join Date
    KERNEL32Location
    192Posts

    Re: [S.U.N Online] Encryption Algorithm

    What I can recommend is to start organizing your stuff, and if you understand some parts of your packets identify then in some kind of grammar.

    I'm working on a game and I'm logging the login server packets as well, and I'm trying to identify everything as I can... so this is what I've got so far, when the GameServer sends me the servers info. this is how I have identified them.




    this way i can easily identify them when I write them to emulate the game server...


  4. #4
    Hardcore Member Ashime is offline
    MemberRank
    Oct 2013 Join Date
    USALocation
    127Posts

    Re: [S.U.N Online] Encryption Algorithm

    I know about packet identification and etc. because the older server files have that and I understand how certain parts correspond to the incoming packets. The older C++ files have category and op codes...then packet structures from and to the client. My issue is that I am working in Java and don't have access to the header information unless I download a 3rd party library. Another thing to mention is that I'm trying to figure out the encryption algorithm. Where I am at in this process is where the client sends the username and encrypted password. None of the older C++ projects have .cpp files for any of the encryption/decryption algorithms.

    Truthfully, the body has the category and op code, the category is based on the first letter and the following number is the op code for the corresponding server. The authentication server is 3, where as game server is 2, and chat server is 1. I realize that the username comes after that and then its all encrypted.

  5. #5
    Ultimate Member 0x90 is offline
    MemberRank
    Dec 2008 Join Date
    KERNEL32Location
    192Posts

    Re: [S.U.N Online] Encryption Algorithm

    I tried helping but the client is protected with Themida, and it's also protected with XIGNCODE, I don't know how to continue any further with those two in play. My reverse engineering skills are extremely rusty on native, because I went from native to managed reversing a long time ago... and now I can barely do nothing xD


  6. #6
    Hardcore Member Ashime is offline
    MemberRank
    Oct 2013 Join Date
    USALocation
    127Posts

    Re: [S.U.N Online] Encryption Algorithm

    The client is protected with XIGNCODE and Themida? Which client are you talking about? The one Im working on is protected with GameGuard (some version of it, have to look again), then again, Im working on an Episode 1 version of the game. Anyway, thank you for your help.

  7. #7
    Newbie jaasonbourne is offline
    MemberRank
    Jul 2013 Join Date
    3Posts

    Re: [S.U.N Online] Encryption Algorithm

    Quote Originally Posted by 0x90 View Post
    What I can recommend is to start organizing your stuff, and if you understand some parts of your packets identify then in some kind of grammar.

    I'm working on a game and I'm logging the login server packets as well, and I'm trying to identify everything as I can... so this is what I've got so far, when the GameServer sends me the servers info. this is how I have identified them.




    this way i can easily identify them when I write them to emulate the game server...
    You coded the program of the first screenshot for the specific game you're working on or is a public one?

    -- Edit

    I searched and found it: 010 Editor.
    Last edited by jaasonbourne; 06-03-18 at 03:29 PM.

  8. #8
    Ultimate Member 0x90 is offline
    MemberRank
    Dec 2008 Join Date
    KERNEL32Location
    192Posts

    Re: [S.U.N Online] Encryption Algorithm

    Quote Originally Posted by Ashime View Post
    The client is protected with XIGNCODE and Themida? Which client are you talking about? The one Im working on is protected with GameGuard (some version of it, have to look again), then again, Im working on an Episode 1 version of the game. Anyway, thank you for your help.
    SUN Online-Home ?


  9. #9
    Hardcore Member Ashime is offline
    MemberRank
    Oct 2013 Join Date
    USALocation
    127Posts

    Re: [S.U.N Online] Encryption Algorithm

    @0x90

    Nexon.to or amzsun.com are private servers and use Episode 2 clients. I am currently working on an Episode 1 client from Zhaouc (奇迹世界(SUN)官方网站|奇迹世界1(SUN1)官方网站) the official Chinese server.

  10. #10
    Account Upgraded | Title Enabled! jonnybravo is offline
    True MemberRank
    Sep 2006 Join Date
    730Posts

    Re: [S.U.N Online] Encryption Algorithm

    Post the .exe so we can dissemble it and look at the asm...

  11. #11
    Hardcore Member Ashime is offline
    MemberRank
    Oct 2013 Join Date
    USALocation
    127Posts

    Re: [S.U.N Online] Encryption Algorithm

    @jonnybravo

    Here is the link for the Sungame.exe (Chinese version). If there is anyway I can help, please let me know. I am still working on figuring out the encryption algorithm. I am not very good at assembly, nor do I know what programs are recommended, but I will at least try to help to the best of my knowledge.
    Last edited by Ashime; 19-03-18 at 10:40 PM.

  12. #12
    Account Upgraded | Title Enabled! jonnybravo is offline
    True MemberRank
    Sep 2006 Join Date
    730Posts

    Re: [S.U.N Online] Encryption Algorithm

    its packed with thermida v2.X gonna have to use ollydbg and run some scripts on it to unpack it so we can see inside the .exe. There are plenty of tuts on how to do this.

  13. #13
    Hardcore Member Ashime is offline
    MemberRank
    Oct 2013 Join Date
    USALocation
    127Posts

    Re: [S.U.N Online] Encryption Algorithm

    @jonnybravo

    I am looking at tutorials for ollydbg with scripts. As bad as this may sound, but I didn't know you could run scripts with ollydbg. I will let you know if I find something or anything by posting it here. Thank you for all your help. I appreciate it.

  14. #14
    Hardcore Member Ashime is offline
    MemberRank
    Oct 2013 Join Date
    USALocation
    127Posts

    Re: [S.U.N Online] Encryption Algorithm

    Last night, I was going through the older C++ files and saw some code with the following information:

    Encrypting block size = 8
    Encrypted block size = 11
    Key size = 4

    If I can find the file again, I will post more of it, but I am still not sure how the encryption algorithm works to produce the outcome.

  15. #15
    Hardcore Member Ashime is offline
    MemberRank
    Oct 2013 Join Date
    USALocation
    127Posts

    Re: [S.U.N Online] Encryption Algorithm

    I have came up with some more conclusions about the encryption.

    Click image for larger version. 

Name:	Login Packet Analysis.jpg 
Views:	31 
Size:	469.9 KB 
ID:	162929

    The other option I thought about was the possibilities of the "key" being an IV for a stream cipher.



Page 1 of 2 12 LastLast

Advertisement