i can just share 1.4 packet decryption algorithm but i cannot share 2.0 one so are you ok with 1.4Last update from me, I was able to figure out how both keys are derived. First time I've ever reversed something on my own, so it was quite the challenge. For purposes of keeping things simple, GFFCHKDELNC = Key1, ALHLOPIEDNI = Key2. Both keys are 4096 bytes, and if the packet is over this length, it will just cycle back. Encryption and decryption are the same as XOR is symmetric. I'm not going to spoon feed here, but hopefully this helps people out.
Code:for (int i = 0; i < data_length; i++) { data[i] ^= key[i % key_length]; }
Key1 is constant, if you get it from memory you can keep using it. However, if you are interested in figuring out how it is derived, the function is found in UnityPlayer.dll (sub_180C9B9C0). It was a real pain to trace this one, for no real gain, so I suggest you just dump the key from memory. (It's a static variable so you can find it pretty easily) Not sure how this changes between updates, but we'll see once 2.1 is out.
You can also dump Key2 from memory, but it changes every session, so it's better to figure out how it is derived. You will need Key1 to decrypt the first few packets, one of which contains the seed for Key2.
Both keys are generated by mt19937_64 (mostly)
The decrypted packet should follow this structure. Note that I haven't really dissected any packets yet, but this is what I see:
Code:45 67 AA AA BB BB CC CC CC CC XX YY 89 AB 45 67 = Constant AA AA = OpCode? BB BB = X Length CC CC CC CC = Y Length XX = Data YY = Data 89 AB = Constant
Most visitors online was 8830 , on 6 Feb 2024