Welcome!

Join our community of MMO enthusiasts and game developers! By registering, you'll gain access to discussions on the latest developments in MMO server files and collaborate with like-minded individuals. Join us today and unlock the potential of MMO server development!

Join Today!

Key retrieval and XOR decryption

Initiate Mage
Joined
Oct 15, 2014
Messages
13
Reaction score
0
Hi, everybody. I am studying the creation of the emulator, at the moment I study packages.
I was able to find out exactly the encryption method-XOR.
Tell me, how can I find the key?
And then how are the bytes decrypted using this key?
 
Initiate Mage
Joined
Oct 7, 2018
Messages
30
Reaction score
4
Mind sending the code so we can look at it?
 
Junior Spellweaver
Joined
Oct 27, 2008
Messages
165
Reaction score
89
To retrieve the XOR key, you just have to make a big packet and XOR it with your original data.
Code:
^  = XOR
data ^ key = encrypted_data
encrypted_data ^ key = data 
encrypted_data ^ data = key

So to put it simple, just input a big enough data(use a long string made of a repeating character) to generate a big packet. When you got your packet just look for repeating data. To get the key, you just have to select the block of data that repeats and xor it with your input data.

Example:
Code:
data = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
encrypted_data = randomdataencryptedencryptedencryptedencryptedencryptedencryptedencryptedencrypted
key = encrypted_data  ^ data = encrypted ^ aaaaa = 040f0213181115
key = 040f0213181115 in hex

This method works well, if the key is small(your input string is bigger then the key), you can also try to brute force the key out of the packet, with validation from your data.
 
Last edited:
Initiate Mage
Joined
Oct 15, 2014
Messages
13
Reaction score
0
Thanks, but in what format to enter data? hex?

For example I have this packet (hex and string).

gB8LKX - Key retrieval and XOR decryption - RaGEZONE Forums


data = 5e ae 83 4f 83 d1 00 ac b3 17 c1 d9 08 00 45 00 ....
or
data = ^®.O.Ñ.¬³.ÁÙ..E.........
 

Attachments

You must be registered for see attachments list
Initiate Mage
Joined
Oct 7, 2018
Messages
30
Reaction score
4
What you're basically looking for is the Many Time Pad Attack (Crib Dragging)
 
Junior Spellweaver
Joined
Oct 27, 2008
Messages
165
Reaction score
89
That packet is encrypted data, I don't know if the packet is encrypted, because you can see part of the structure there (because will be rare to have four consecutive 00).

You first need to analyze more packets from the client. try to make a rough classification of the packets depending on your actions in the client. also when trying to to determine the encryption, compare use packets where you gave your own input, a simple slring(like login window, chat window, etc).

For example(Login):
Code:
Test (1)
user = aaaaaaaaaaa
password  = bbbbbbbb = > this maybe will be hashed
packet =  xxzzzzzzzyyyyyyyyyy

Test (2)
user = ddddddddd
password =bbbbbb
packet = xxwwwwyyyyyyyyyy

...
xx could be header information, zzzzzzzzzz and wwwwww are the user info, yyyyyyyyy is the password info.
 
Back
Top