Genshin Impact Private Server

[pong]

Last update from me, I was able to figure out how both keys are derived. First time I've ever reversed something on my own, so it was quite the challenge. For purposes of keeping things simple, GFFCHKDELNC = Key1, ALHLOPIEDNI = Key2. Both keys are 4096 bytes, and if the packet is over this length, it will just cycle back. Encryption and decryption are the same as XOR is symmetric. I'm not going to spoon feed here, but hopefully this helps people out.

for (int i = 0; i < data_length; i++) {
  data[i] ^= key[i % key_length];
}

Key1 is constant, if you get it from memory you can keep using it. However, if you are interested in figuring out how it is derived, the function is found in UnityPlayer.dll (sub_180C9B9C0). It was a real pain to trace this one, for no real gain, so I suggest you just dump the key from memory. (It's a static variable so you can find it pretty easily) Not sure how this changes between updates, but we'll see once 2.1 is out.

You can also dump Key2 from memory, but it changes every session, so it's better to figure out how it is derived. You will need Key1 to decrypt the first few packets, one of which contains the seed for Key2.

Both keys are generated by mt19937_64 (mostly)



The decrypted packet should follow this structure. Note that I haven't really dissected any packets yet, but this is what I see:

45 67 AA AA BB BB CC CC CC CC XX YY 89 AB

45 67 = Constant
AA AA = OpCode?
BB BB = X Length
CC CC CC CC = Y Length
XX = Data
YY = Data
89 AB = Constant

i can just share 1.4 packet decryption algorithm but i cannot share 2.0 one so are you ok with 1.4

 

[Ochi]

i can just share 1.4 packet decryption algorithm but i cannot share 2.0 one so are you ok with 1.4

Sure, I think it can be helpful.

 

[Pizzabazinga]

I figure I should make a post checking in on how things are going, as the thread seems to be somewhat dead. How goes the progress if any?

 

[Fondelli]

you can do this guys!
with the game being so big now this could potentially be the biggest middle finger to gacha games ever. i'm with you!

 

[Fyyre]

You must be registered to see links

 

[stardustshiron]

You must be registered to see links

hello, is this the private server? if no how is the progress currently?

 

[Kapeet]

Take your time my dudes, I believe in you!

 

[pong]

Take your time my dudes, I believe in you!

i dont think private server will release soon or even release so maybe you waste your time wait

 

[Pizzabazinga]

Has there been any developments in the last two weeks? I haven't seen any, but I figured I should check. This is also acting as a bump of sorts for this thread, I guess.

 

[WhatSayYou]

Sure, I think it can be helpful.

If you're interesting to continue your work on the latest client. I opened a pull request to update the mihoyo loader for il2cppinspector to 2.1:

You must be registered to see links

The repository seems inactive currently, I might just continue on my fork and update for future versions:

You must be registered to see links

 

[Raeyn]

Just wanted to say thanks for that. Incredibly helpful to have this working for current version.

 

[nahuel]

so this project was dropped ?

 

[zbby]

Genshin Server Infomation
Path:YuanShen_Data\StreamingAssets\20527480.blk
FileName:channelconfig.asb

{ "ChannelName" : "CNRELWin", "ProvisionProfile" : "", "BundleIdentifier" : "com.miHoYo.Yuanshen", "SigningIdentity" : "", "PreDefines" : "GAIA_ADDON_TOOLS;GAIA_MULTI_TERRAINS;CTS_GAIA_RELOCATE;HOTFIX_ENABLE;UNITY_RELEASE_BUILD", "ProductName" : "原神", "PackageName" : "YuanShen", "TimeZones" : "eur,-2,12,+1;usa,-11,-3,-5", "DispatchConfigs" :[ { "DispatchName": "cn", "DispatchUrls" : [ "https://dispatchcnglobal.yuanshen.com/query_region_list" ] } ], "DataUseAssetBundle" : false, "EventUseAssetBundle" : false, "AccountBranch" : "Original", "PaymentBranch" : "ORIGINAL_ANDROID_PAY", "BaseTextLang" : "1,2,3,4,5,6,7,8,9,10,11,12,13", "BaseAudioLang" : "Chinese,English(US),Korean,Japanese", "MediumReportUrl" : "http://log-upload.mihoyo.com/2g/dataUpload", "CrashReportUrl" : "http://log-upload.mihoyo.com/crash/dataUpload", "LogRecorderUrl" : "http://uspider.yuanshen.com:8888"}

 

[oneplusH]

JaDx + Java

You must be registered to see links

String signNew(Map<String, Object> map, String str) {

 

[whenyouaresussy]

hi there, i was trying to emulate a server but stumbled upon udp packets which are being sent to a server node in unreadable binary matter
so i don't think there is a method to decrypt it or something yet
if you have any info please post here

 

[Hangsang]

An example of decrypted update name packet.
First two bytes probably refer to a sessionId or something since that doesn't change on any struct unless u relog which would replace ur session. And within the end, u can see the int 8 which refers to the utf16 str length. First time reversing a game made in unity but seems easy so far. Might post more stuff as i reverse more. :

edited.

 

[moeiscool]

is there a github repo or something where we can all work on the private server code together? once this is usable i’m am willing to add a mechanism where we can choose our own characters instead of gamble for them

 

[OniZero]

hello, is this the private server? if no how is the progress currently?

i dont think private server will release soon or even release so maybe you waste your time wait

Has there been any developments in the last two weeks? I haven't seen any, but I figured I should check. This is also acting as a bump of sorts for this thread, I guess.

so this project was dropped ?

You expect the game to be ready right now even though it takes years even with a leaked build, you get burnt because devs aren't lightning fast as you expected or maybe because they're doing this voluntarely on their free time instead of being hired by you, why don't you learn how to be a programer and start making your own GI server if you're so impatient?

 

[Pizzabazinga]

My guy, cool down. All I meant by my comment was to both A: Bump the thread. and B: get info on how it was going. I wasn't asking or expecting it to be done, as that'd be entirely unreasonable.

 

[moeiscool]

You expect the game to be ready right now even though it takes years even with a leaked build, you get burnt because devs aren't lightning fast as you expected or maybe because they're doing this voluntarely on their free time instead of being hired by you, why don't you learn how to be a programer and start making your own GI server if you're so impatient?

can i help, im a pretty decent programmer