|
You last visited: Today at 21:47
Advertisement
Odd packet decryption problem
Discussion on Odd packet decryption problem within the CO2 Private Server forum part of the Conquer Online 2 category.
04/17/2014, 11:32
|
#1
|
elite*gold: 0 
Join Date: Feb 2014
Posts: 397
Received Thanks: 205
|
Odd packet decryption problem
So, I have pre-5018 Encryption/Decryption. I get past the account server, and the message server receives 1052. Decrypts it perfectly fine. Then I send 1004 with "NEW_ROLE" since no character is currently in the database. Once I attempt to create a character, the server decrypts that packet wrong. I change the decrypt keys using the following method after 1052 is received.
Code:
public void ChangeDecryptKeys(int accountId, int token)
{
Int32 tmpkey1 = (Int32)((((token) + accountId) ^ 0x4321) ^ (token));
Int32 tmpkey2 = (Int32)(tmpkey1 * tmpkey1);
crypt3 = new byte[0x100]; crypt4 = new byte[0x100];
byte[] tmp1 = BitConverter.GetBytes(tmpkey1);
byte[] tmp2 = BitConverter.GetBytes(tmpkey2);
for (int i = 0; i < 256; i++)
{
crypt3[i] = (byte)(crypt1[i] ^ tmp1[i % 4]);
crypt4[i] = (byte)(crypt2[i] ^ tmp2[i % 4]);
}
alternate = true;
}
And here's my decrypt method.
Code:
public void Decrypt(byte[] bufInput, byte[] bufOutput, int size)
{
for (int i = 0; i < size; i++)
{
bufOutput[i] ^= (byte)(bufInput[i] ^ 0xab);
bufOutput[i] = (byte)(bufOutput[i] >> 4 | bufOutput[i] << 4);
if (!alternate)
bufOutput[i] ^= (byte)(crypt2[_decryptCounter.Key2] ^ crypt1[_decryptCounter.Key1]);
else
bufOutput[i] ^= (byte)(crypt4[_decryptCounter.Key2] ^ crypt3[_decryptCounter.Key1]);
_decryptCounter.Increment();
}
}
I cannot seem to find the reason for the packets being decrypted incorrectly. Any ideas, or experience with this same issue? Resetting the key counter does not work btw.
|
|
|
|
04/17/2014, 15:45
|
#2
|
elite*gold: 0
Join Date: Jan 2008
Posts: 1,434
Received Thanks: 1,147
|
Code:
/// <summary>
/// Generates a key (Key) to use for the algorithm and reset the encrypt counter.
/// In Conquer Online: A = Token, B = AccountUID
/// </summary>
public void GenerateKey(Int32 A, Int32 B)
{
Kernel.assert(BufIV != null);
if (BufKey != null)
Kernel.free(BufKey);
BufKey = (Byte*)Kernel.malloc(COSAC_KEY);
Int16 K = COSAC_KEY / 2;
UInt32 tmp1 = (UInt32)(((A + B) ^ 0x4321) ^ A);
UInt32 tmp2 = tmp1 * tmp1;
Byte* tmpKey1 = (Byte*)&tmp1;
Byte* tmpKey2 = (Byte*)&tmp2;
for (Int16 i = 0; i < K; i++)
{
BufKey[i + 0] = (Byte)(BufIV[i + 0] ^ tmpKey1[(i % 4)]);
BufKey[i + K] = (Byte)(BufIV[i + K] ^ tmpKey2[(i % 4)]);
}
EncryptCounter = 0;
}
Yours seems wrong. You don't reset the counter. And maybe you're interverting the parameters ?
|
|
|
|
|
04/17/2014, 18:12
|
#3
|
elite*gold: 0
Join Date: Feb 2014
Posts: 397
Received Thanks: 205
|
Quote:
Originally Posted by CptSky
Code:
/// <summary>
/// Generates a key (Key) to use for the algorithm and reset the encrypt counter.
/// In Conquer Online: A = Token, B = AccountUID
/// </summary>
public void GenerateKey(Int32 A, Int32 B)
{
Kernel.assert(BufIV != null);
if (BufKey != null)
Kernel.free(BufKey);
BufKey = (Byte*)Kernel.malloc(COSAC_KEY);
Int16 K = COSAC_KEY / 2;
//UInt32 tmp1 = 0;
//tmp1 = (UInt32)(A + B);
//Byte* tmpKey1 = (Byte*)&tmp1;
//((Int16*)tmpKey1)[0] ^= 0x4321;
//for (SByte i = 0; i < 4; i++)
// tmpKey1[3 - i] ^= (Byte)(A >> (24 - (8 * i)));
UInt32 tmp1 = (UInt32)(((A + B) ^ 0x4321) ^ A);
UInt32 tmp2 = tmp1 * tmp1;
Byte* tmpKey1 = (Byte*)&tmp1;
Byte* tmpKey2 = (Byte*)&tmp2;
for (Int16 i = 0; i < K; i++)
{
BufKey[i + 0] = (Byte)(BufIV[i + 0] ^ tmpKey1[(i % 4)]);
BufKey[i + K] = (Byte)(BufIV[i + K] ^ tmpKey2[(i % 4)]);
}
EncryptCounter = 0;
}
Yours seems wrong. You don't reset the counter. And maybe you're interverting the parameters ? |
I don't see how resetting the encrypt counter would do anything, considering its my decrypting that isn't working properly. And I used my same method in my prior source, and it worked perfectly.
|
|
|
|
|
04/17/2014, 18:17
|
#4
|
elite*gold: 20
Join Date: Mar 2006
Posts: 6,125
Received Thanks: 2,518
|
They are exactly the same methods, his is just neater. He also said he's tried resetting the counters.
|
|
|
|
|
04/17/2014, 18:29
|
#5
|
elite*gold: 0
Join Date: Jan 2008
Posts: 1,434
Received Thanks: 1,147
|
Quote:
Originally Posted by InsomniacPro
I don't see how resetting the encrypt counter would do anything, considering its my decrypting that isn't working properly. And I used my same method in my prior source, and it worked perfectly.
|
Yeah, just don't forget it  As I said, it's probably the arguments which are wrong. Maybe you don't extract them from the packet correctly or you interverted them.
Oh, and I'm not sure if it works with Int32 for tmps. I think you'll overflow them and won't get the appropriate bytes. Like if tmp1 * tmp1 > 2 G, it will be trimmed to 2 G when casting... So, it won't be the same bytes.
Quote:
Originally Posted by Korvacs
They are exactly the same methods, his is just neater. He also said he's tried resetting the counters.
|
Missed the part where he said he tried to reset the counters.
|
|
|
|
|
04/17/2014, 18:41
|
#6
|
elite*gold: 20
Join Date: Mar 2006
Posts: 6,125
Received Thanks: 2,518
|
The Int32's aren't an issue its the same encryption used in the CUOSP source I wrote.
|
|
|
|
|
04/17/2014, 19:31
|
#7
|
elite*gold: 0
Join Date: Feb 2014
Posts: 397
Received Thanks: 205
|
Well, I had the parameters switched. That's what was causing the issue. Thanks to all.
|
|
|
|
 |
Similar Threads
|
Packet decryption problem
12/20/2011 - CO2 Private Server - 4 Replies
So I tried downgrading the Albetros source to 5017 and posted this issue in that thread but since I don't know how many people actually check that thread, I'll post it here as well. The problem is as follows:
The gameserver only handles the first packet properly, in other words packet 1052 is handled ok (correct sizes, type w/e) but then when it receives the next packet, it has these weird huge sizes and wacky IDs such as the charcreation packet becoming ID 34669 instead of 1001.
pro...
|
Packet Decryption
01/27/2008 - WoW Exploits, Hacks, Tools & Macros - 9 Replies
Packet Decryption:
BYTE *DecryptPacket(BYTE *Packet, DWORD len) {
BYTE KeyIndex, curKey, lastByte;
DWORD i;
KeyIndex = *(CryptInfo + 0x115);
lastByte = 0;
|
Packet Decryption
07/10/2006 - Conquer Online 2 - 3 Replies
My Other Thread Died (*sigh* And I Still Can't Decrypt The First Server -> Client Packet)
Heres What I Posted About It There:
http://www.elitepvpers.com/forum/index.php?...f=53 &t=25033&s=
But For Now, Becuase Im Not Tottally Selfish, Heres The Vb6 Solution To Decrypting The First Client -> Server Packet It Currently Has:
*Encrypt Packets
*Decrypt Packets
|
Packet decryption problem..
06/02/2006 - Conquer Online 2 - 2 Replies
In Lowfyr's packet decryption guide, first step to get key3/key4
1.) Add key 1 with key 2 205C48F4 + 0044A62E = 20A0EF22
What do I do when key1+key2 is more than 4 bytes? Discard the first byte?
Just as an example, I have gotten this from the server..
key1 363504E3 key2 D9007F2D
add them together = 10F358410
do I just discard the 1 and end up with 0F358410?
|
All times are GMT +2. The time now is 21:47.
|
|
