[Reversing] find a function of encryption

[megabox]

Greetings!

I am within my learning of c ++ and reversing things... some time ago that I own a private server of a game that his development died here in ragezone long time ago.

So, I wonder if someone could help me out with a little thing (I'll pay for that...) the thing is that i want to make an emulator for that game because the server files are more older than the working client (it's impossible to find the one who match XD) and some things doesn't work in game because of that.

I can make the server (connect, handle data, disconnect) but with no encryption or decryption packet method it's useless.

I know that will be easy to find that thing because this game it's like gunz a p2p game, with little checks on gameserver... everything it's done by client.

With server files and an unpacked client from a 2006 game, i think that will be easy.

I just want that encryption algorithm... some thing that you send me, like:

void Enc_Packet(){
}
void Dec_Packet(){
}

(an example)

And just with that I'll be gratefully and I'll start to work making the emu.

I've been months trying on IDA and Olly but with low understanding of them it's hard, but with ollydbg I barely could trace the info but when it got encrypted I didn't know what to do XD hard to read hahaha.

So, if someone experienced in reversing wants to take the job, I'll tell you everything you need to know about this game. And please... don't kill me with an extreme amount of money.

 

[megabox]

Bump!

I'm still looking for someone who can help me :S
The game uses "AES Rijndael" as encryption method and I have the offsets but still don't know what to do...

Please if someone knows about reversing, I'm willing to pay for help me with that.

 

[GHOST107]

If you don't know the encryption, the best option is to disable the encryption for the client, look at the excryption procedure/ function, look for its input and output, and nop or jump over the function.

Trying to find the encryption sometimes will take too much time and lead you to no results. Till you find the encryption, try to disable it and continue with the emulator. The encryption it is not necessary, you can disable the original encryption and inject your custom encryption into the client.

I suggest trying to start your emulator, from the old client that is compatible with the old server files you got, and then upgrade it to the latest version.

PS: I don't take money, and I also am a busy guy, but if you have a problem you can post your problem on the forum here, and when I or anybody else see the post will answer to it.

 

[megabox]

Thanks for reply, I don't know how that didn't occur to me XD
I'll try and see what happens...

PS: I'm using the old client that works!

 

[Scapoot]

What game?

I might be a bit out of your price range, but I can do it.... I'm actually the only developer for another MMORPG that shut down in 2007-2008, and I had to reverse engineer the encryption/decryption methods for my emulators client, as well as remove the old methods and incorporate my own.

I can take do it for you, PM me to discuss prices if you're interested.

 

[megabox]

I'm interested, but your inbox is full...
I can't pm you!

 

[jonnybravo]

What game is it? I dont mind helping or posting what sub address or functions you need its pretty easy after a while.

 

[megabox]

Well! it seems that everyone who comment here just disappears! (forever alone u_u)

 

[megabox]

It's been a few months and I've been busy with my new job, but would like to return to continue this and I would like someone to help me or guide me in developing this.

And this I meant a game called "Rakion" that had little/0 development since its unique files were released.

 

[lastfun]

@megabox - this client? - http://forum.ragezone.com/f437/rakion-server-files-client-846964/

 

[megabox]

yes i have clients from korean beta and more!
whatever you need just pm me

 

[megabox]

Bump!

 

[lastfun]

@megabox
not 100% sure, but it seems
for the official client

You must be registered to see links

function decrypt (4687ac call ....):

signed int __cdecl sub_45CA20(int a1, int a2, int a3)
{
  unsigned int v4; // ecx@3
  unsigned int v5; // ebx@3
  int v6; // esi@3
  unsigned int v7; // edi@3
  int v8; // eax@3
  unsigned int v9; // ST0C_4@6
  unsigned int v10; // ST10_4@6
  unsigned int v11; // ST14_4@6
  unsigned int v12; // edx@6
  unsigned int v13; // ST0C_4@7
  unsigned int v14; // ST10_4@7
  unsigned int v15; // ST14_4@7
  unsigned int v16; // edx@7
  int v17; // edi@7
  unsigned int v18; // ST14_4@8
  unsigned int v19; // edx@8
  unsigned int v20; // ecx@8
  unsigned int v21; // ST18_4@8
  unsigned int v22; // ST1C_4@8
  unsigned int v23; // ST20_4@8
  unsigned int v24; // ST24_4@8
  unsigned int v25; // esi@8
  unsigned int v26; // ecx@8
  unsigned int v27; // edi@8
  unsigned int v28; // ST14_4@8
  unsigned int v29; // esi@8
  unsigned int v30; // ST20_4@8
  unsigned int v31; // edx@8
  unsigned int v32; // ST24_4@8
  unsigned int v33; // esi@8
  unsigned int v34; // ST10_4@8
  unsigned int v35; // ST14_4@8
  unsigned int v36; // ecx@8
  unsigned int v37; // esi@8
  unsigned int v38; // edx@8
  unsigned int v39; // ST20_4@8
  unsigned int v40; // ST24_4@8
  unsigned int v41; // esi@8
  unsigned int v42; // ecx@8
  unsigned int v43; // ST10_4@8
  unsigned int v44; // ST14_4@8
  unsigned int v45; // esi@8
  unsigned int v46; // edx@8
  unsigned int v47; // ST20_4@8
  unsigned int v48; // ST24_4@8
  unsigned int v49; // esi@8
  unsigned int v50; // ST10_4@8
  unsigned int v51; // ecx@8
  unsigned int v52; // ST14_4@8
  unsigned int v53; // esi@8
  unsigned int v54; // ST20_4@8
  unsigned int v55; // [sp+10h] [bp-14h]@3
  unsigned int v56; // [sp+14h] [bp-10h]@3
  unsigned int v57; // [sp+18h] [bp-Ch]@3
  unsigned int v58; // [sp+1Ch] [bp-8h]@3

  if ( !(*(a3 + 520) & 2) )
    return 0;
  v4 = *(a1 + 12) ^ *(a3 + 276);
  v5 = *a1 ^ *(a3 + 264);
  v6 = *(a1 + 4) ^ *(a3 + 268);
  v7 = *(a1 + 8) ^ *(a3 + 272);
  v8 = a3 + 280;
  v55 = *a1 ^ *(a3 + 264);
  v56 = *(a1 + 4) ^ *(a3 + 268);
  v57 = *(a1 + 8) ^ *(a3 + 272);
  v58 = *(a1 + 12) ^ *(a3 + 276);
  if ( *(a3 + 4) == 10 )
    goto LABEL_8;
  if ( *(a3 + 4) == 12 )
  {
LABEL_7:
    v13 = *v8 ^ *&dword_609C98[2 * v5] ^ *&dword_60A898[2 * (v56 >> 24)] ^ *&dword_60A498[2 * (v57 >> 16)] ^ *&dword_60A098[2 * BYTE1(v4)];
    v14 = *(v8 + 4) ^ *&dword_609C98[2 * v56] ^ *&dword_60A098[2 * BYTE1(v5)] ^ *&dword_60A898[2 * (v57 >> 24)] ^ *&dword_60A498[2 * (v4 >> 16)];
    v15 = *(v8 + 8) ^ *&dword_609C98[2 * v57] ^ *&dword_60A498[2 * (v5 >> 16)] ^ *&dword_60A098[2 * BYTE1(v56)] ^ *&dword_60A898[2 * (v4 >> 24)];
    v16 = *(v8 + 12) ^ *&dword_609C98[2 * v4] ^ *&dword_60A898[2 * (v5 >> 24)] ^ *&dword_60A498[2 * (v56 >> 16)] ^ *&dword_60A098[2 * BYTE1(v57)];
    v56 = *(v8 + 20) ^ *&dword_609C98[2 * v14] ^ *&dword_60A098[2 * BYTE1(v13)] ^ *&dword_60A898[2 * (v15 >> 24)] ^ *&dword_60A498[2 * (v16 >> 16)];
    v5 = *(v8 + 16) ^ *&dword_609C98[2 * v13] ^ *&dword_60A898[2 * (v14 >> 24)] ^ *&dword_60A498[2 * (v15 >> 16)] ^ *&dword_60A098[2 * BYTE1(v16)];
    v57 = *(v8 + 24) ^ *&dword_609C98[2 * v15] ^ *&dword_60A498[2 * (v13 >> 16)] ^ *&dword_60A098[2 * BYTE1(v14)] ^ *&dword_60A898[2 * (v16 >> 24)];
    v55 = *(v8 + 16) ^ *&dword_609C98[2 * v13] ^ *&dword_60A898[2 * (v14 >> 24)] ^ *&dword_60A498[2 * (v15 >> 16)] ^ *&dword_60A098[2 * BYTE1(v16)];
    v17 = *(v8 + 28) ^ *&dword_609C98[2 * v16] ^ *&dword_60A898[2 * (v13 >> 24)] ^ *&dword_60A498[2 * (v14 >> 16)] ^ *&dword_60A098[2 * BYTE1(v15)];
    v8 += 32;
    BYTE1(v4) = BYTE1(v17);
    v58 = v17;
LABEL_8:
    v18 = *(v8 + 8) ^ *&dword_609C98[2 * v57] ^ *&dword_60A498[2 * (v55 >> 16)] ^ *&dword_60A098[2 * BYTE1(v56)] ^ *&dword_60A898[2 * (v58 >> 24)];
    v19 = *(v8 + 4) ^ *&dword_609C98[2 * v56] ^ *&dword_60A098[2 * BYTE1(v5)] ^ *&dword_60A898[2 * (v57 >> 24)] ^ *&dword_60A498[2 * (v58 >> 16)];
    v20 = *v8 ^ *&dword_609C98[2 * v5] ^ *&dword_60A898[2 * (v56 >> 24)] ^ *&dword_60A498[2 * (v57 >> 16)] ^ *&dword_60A098[2 * BYTE1(v4)];
    v21 = *(v8 + 12) ^ *&dword_609C98[2 * v58] ^ *&dword_60A898[2 * (v55 >> 24)] ^ *&dword_60A498[2 * (v56 >> 16)] ^ *&dword_60A098[2 * BYTE1(v57)];
    v22 = *(v8 + 16) ^ *&dword_609C98[2 * v20] ^ *&dword_60A898[2 * (v19 >> 24)] ^ *&dword_60A498[2 * (v18 >> 16)] ^ *&dword_60A098[2 * BYTE1(v21)];
    v23 = *(v8 + 20) ^ *&dword_609C98[2 * v19] ^ *&dword_60A098[2 * BYTE1(v20)] ^ *&dword_60A898[2 * (v18 >> 24)] ^ *&dword_60A498[2 * (v21 >> 16)];
    v24 = *(v8 + 24) ^ *&dword_609C98[2 * v18] ^ *&dword_60A498[2 * (v20 >> 16)] ^ *&dword_60A098[2 * BYTE1(v19)] ^ *&dword_60A898[2 * (v21 >> 24)];
    v25 = *(v8 + 28) ^ *&dword_609C98[2 * v21] ^ *&dword_60A898[2 * (v20 >> 24)] ^ *&dword_60A498[2 * (v19 >> 16)] ^ *&dword_60A098[2 * BYTE1(v18)];
    v26 = *(v8 + 32) ^ *&dword_609C98[2 * v22] ^ *&dword_60A898[2 * (v23 >> 24)] ^ *&dword_60A498[2 * (v24 >> 16)] ^ *&dword_60A098[2 * ((*(v8 + 28) ^ dword_609C98[2 * v21] ^ dword_60A898[2 * (v20 >> 24)] ^ dword_60A498[2 * (v19 >> 16)] ^ dword_60A098[2 * BYTE1(v18)]) >> 8)];
    v27 = *(v8 + 36) ^ *&dword_609C98[2 * v23] ^ *&dword_60A098[2 * BYTE1(v22)] ^ *&dword_60A898[2 * (v24 >> 24)] ^ *&dword_60A498[2 * (v25 >> 16)];
    v28 = *(v8 + 40) ^ *&dword_609C98[2 * v24] ^ *&dword_60A498[2 * (v22 >> 16)] ^ *&dword_60A098[2 * BYTE1(v23)] ^ *&dword_60A898[2 * (v25 >> 24)];
    v29 = *(v8 + 44) ^ *&dword_609C98[2 * v25] ^ *&dword_60A898[2 * (v22 >> 24)] ^ *&dword_60A498[2 * (v23 >> 16)] ^ *&dword_60A098[2 * BYTE1(v24)];
    v30 = *(v8 + 52) ^ *&dword_609C98[2 * v27] ^ *&dword_60A098[2 * BYTE1(v26)] ^ *&dword_60A898[2 * (v28 >> 24)] ^ *&dword_60A498[2 * (v29 >> 16)];
    v31 = *(v8 + 48) ^ *&dword_609C98[2 * v26] ^ *&dword_60A898[2 * (v27 >> 24)] ^ *&dword_60A498[2 * (v28 >> 16)] ^ *&dword_60A098[2 * BYTE1(v29)];
    v32 = *(v8 + 56) ^ *&dword_609C98[2 * v28] ^ *&dword_60A498[2 * (v26 >> 16)] ^ *&dword_60A098[2 * BYTE1(v27)] ^ *&dword_60A898[2 * (v29 >> 24)];
    v33 = *(v8 + 60) ^ *&dword_609C98[2 * v29] ^ *&dword_60A898[2 * (v26 >> 24)] ^ *&dword_60A498[2 * (v27 >> 16)] ^ *&dword_60A098[2 * BYTE1(v28)];
    v34 = *(v8 + 68) ^ *&dword_609C98[2 * v30] ^ *&dword_60A098[2 * BYTE1(v31)] ^ *&dword_60A898[2 * (v32 >> 24)] ^ *&dword_60A498[2 * (v33 >> 16)];
    v35 = *(v8 + 72) ^ *&dword_609C98[2 * v32] ^ *&dword_60A498[2 * (v31 >> 16)] ^ *&dword_60A098[2 * BYTE1(v30)] ^ *&dword_60A898[2 * (v33 >> 24)];
    v36 = *(v8 + 64) ^ *&dword_609C98[2 * v31] ^ *&dword_60A898[2 * (v30 >> 24)] ^ *&dword_60A498[2 * (v32 >> 16)] ^ *&dword_60A098[2 * BYTE1(v33)];
    v37 = *(v8 + 76) ^ *&dword_609C98[2 * v33] ^ *&dword_60A898[2 * (v31 >> 24)] ^ *&dword_60A498[2 * (v30 >> 16)] ^ *&dword_60A098[2 * BYTE1(v32)];
    v38 = *(v8 + 80) ^ *&dword_609C98[2 * v36] ^ *&dword_60A898[2 * (v34 >> 24)] ^ *&dword_60A498[2 * (v35 >> 16)] ^ *&dword_60A098[2 * BYTE1(v37)];
    v39 = *(v8 + 84) ^ *&dword_609C98[2 * v34] ^ *&dword_60A098[2 * BYTE1(v36)] ^ *&dword_60A898[2 * (v35 >> 24)] ^ *&dword_60A498[2 * (v37 >> 16)];
    v40 = *(v8 + 88) ^ *&dword_609C98[2 * v35] ^ *&dword_60A498[2 * (v36 >> 16)] ^ *&dword_60A098[2 * BYTE1(v34)] ^ *&dword_60A898[2 * (v37 >> 24)];
    v41 = *(v8 + 92) ^ *&dword_609C98[2 * v37] ^ *&dword_60A898[2 * (v36 >> 24)] ^ *&dword_60A498[2 * (v34 >> 16)] ^ *&dword_60A098[2 * BYTE1(v35)];
    v42 = *(v8 + 96) ^ *&dword_609C98[2 * v38] ^ *&dword_60A898[2 * (v39 >> 24)] ^ *&dword_60A498[2 * (v40 >> 16)] ^ *&dword_60A098[2 * BYTE1(v41)];
    v43 = *(v8 + 100) ^ *&dword_609C98[2 * v39] ^ *&dword_60A098[2 * BYTE1(v38)] ^ *&dword_60A898[2 * (v40 >> 24)] ^ *&dword_60A498[2 * (v41 >> 16)];
    v44 = *(v8 + 104) ^ *&dword_609C98[2 * v40] ^ *&dword_60A498[2 * (v38 >> 16)] ^ *&dword_60A098[2 * BYTE1(v39)] ^ *&dword_60A898[2 * (v41 >> 24)];
    v45 = *(v8 + 108) ^ *&dword_609C98[2 * v41] ^ *&dword_60A898[2 * (v38 >> 24)] ^ *&dword_60A498[2 * (v39 >> 16)] ^ *&dword_60A098[2 * BYTE1(v40)];
    v46 = *(v8 + 112) ^ *&dword_609C98[2 * v42] ^ *&dword_60A898[2 * (v43 >> 24)] ^ *&dword_60A498[2 * (v44 >> 16)] ^ *&dword_60A098[2 * BYTE1(v45)];
    v47 = *(v8 + 116) ^ *&dword_609C98[2 * v43] ^ *&dword_60A098[2 * BYTE1(v42)] ^ *&dword_60A898[2 * (v44 >> 24)] ^ *&dword_60A498[2 * (v45 >> 16)];
    v48 = *(v8 + 120) ^ *&dword_609C98[2 * v44] ^ *&dword_60A498[2 * (v42 >> 16)] ^ *&dword_60A098[2 * BYTE1(v43)] ^ *&dword_60A898[2 * (v45 >> 24)];
    v49 = *(v8 + 124) ^ *&dword_609C98[2 * v45] ^ *&dword_60A898[2 * (v42 >> 24)] ^ *&dword_60A498[2 * (v43 >> 16)] ^ *&dword_60A098[2 * BYTE1(v44)];
    v50 = *(v8 + 132) ^ *&dword_609C98[2 * v47] ^ *&dword_60A098[2 * BYTE1(v46)] ^ *&dword_60A898[2 * (v48 >> 24)] ^ *&dword_60A498[2 * (v49 >> 16)];
    v51 = *(v8 + 128) ^ *&dword_609C98[2 * v46] ^ *&dword_60A898[2 * (v47 >> 24)] ^ *&dword_60A498[2 * (v48 >> 16)] ^ *&dword_60A098[2 * BYTE1(v49)];
    v52 = *(v8 + 136) ^ *&dword_609C98[2 * v48] ^ *&dword_60A498[2 * (v46 >> 16)] ^ *&dword_60A098[2 * BYTE1(v47)] ^ *&dword_60A898[2 * (v49 >> 24)];
    v53 = *(v8 + 140) ^ *&dword_609C98[2 * v49] ^ *&dword_60A898[2 * (v46 >> 24)] ^ *&dword_60A498[2 * (v47 >> 16)] ^ *&dword_60A098[2 * BYTE1(v48)];
    v54 = *(v8 + 148) ^ dword_60BC98[v50] ^ dword_60C098[BYTE1(v51)] ^ dword_60C898[v52 >> 24] ^ *(&off_60C498
                                                                                                 + (v53 >> 16));
    v7 = *(v8 + 152) ^ dword_60BC98[v52] ^ *(&off_60C498 + (v51 >> 16)) ^ dword_60C098[BYTE1(v50)] ^ dword_60C898[v53 >> 24];
    v5 = *(v8 + 144) ^ dword_60BC98[v51] ^ dword_60C898[v50 >> 24] ^ *(&off_60C498 + (v52 >> 16)) ^ dword_60C098[BYTE1(v53)];
    v4 = *(v8 + 156) ^ dword_60BC98[v53] ^ dword_60C898[v51 >> 24] ^ *(&off_60C498 + (v50 >> 16)) ^ dword_60C098[BYTE1(v52)];
    v6 = v54;
    goto LABEL_9;
  }
  if ( *(a3 + 4) == 14 )
  {
    v9 = *v8 ^ *&dword_609C98[2 * v5] ^ *&dword_60A898[2 * (v56 >> 24)] ^ *&dword_60A498[2 * (v7 >> 16)] ^ *&dword_60A098[2 * BYTE1(v4)];
    v10 = *(a3 + 284) ^ *&dword_609C98[2 * v56] ^ *&dword_60A098[2 * BYTE1(v5)] ^ *&dword_60A898[2 * (v57 >> 24)] ^ *&dword_60A498[2 * (v4 >> 16)];
    v11 = *(a3 + 288) ^ *&dword_609C98[2 * v57] ^ *&dword_60A498[2 * (v5 >> 16)] ^ *&dword_60A098[2 * BYTE1(v56)] ^ *&dword_60A898[2 * (v4 >> 24)];
    v12 = *(a3 + 292) ^ *&dword_609C98[2 * v4] ^ *&dword_60A898[2 * (v5 >> 24)] ^ *&dword_60A498[2 * (v56 >> 16)] ^ *&dword_60A098[2 * BYTE1(v57)];
    v56 = *(a3 + 300) ^ *&dword_609C98[2 * v10] ^ *&dword_60A098[2 * BYTE1(v9)] ^ *&dword_60A898[2 * (v11 >> 24)] ^ *&dword_60A498[2 * (v12 >> 16)];
    v5 = *(a3 + 296) ^ *&dword_609C98[2 * v9] ^ *&dword_60A898[2 * (v10 >> 24)] ^ *&dword_60A498[2 * (v11 >> 16)] ^ *&dword_60A098[2 * BYTE1(v12)];
    v57 = *(a3 + 304) ^ *&dword_609C98[2 * v11] ^ *&dword_60A498[2 * (v9 >> 16)] ^ *&dword_60A098[2 * BYTE1(v10)] ^ *&dword_60A898[2 * (v12 >> 24)];
    v8 = a3 + 312;
    v4 = *(a3 + 308) ^ *&dword_609C98[2 * v12] ^ *&dword_60A898[2 * (v9 >> 24)] ^ *&dword_60A498[2 * (v10 >> 16)] ^ *&dword_60A098[2 * BYTE1(v11)];
    goto LABEL_7;
  }
LABEL_9:
  *(a2 + 8) = v7;
  *(a2 + 4) = v6;
  *a2 = v5;
  *(a2 + 12) = v4;
  return 1;
}

 

[megabox]

Yes thanks but! i'd already found that long time ago... like 2 days later from this post.
The thing is that i really don't know what to do with that... i don't understand the code well. That's why i was trying to get help but no one... so now i hired someone and i hope he can do it.