Pojerv Proxy

Page 2 of 3 1 2 3
10/01/2011 18:27 Silent-Death#16
ok, so I finally understood that the loader you were talking about is this one:

[Only registered and activated users can see links. Click Here To Register...]

It seems that something is working, because i set the loader to localhost, so my loader config is this:
Code:
[Loader]
IPAddress=127.0.0.1
LoginPort=5000
GamePort=5001
Website=http://www.elitepvpers.com
and have the proxy running.

Tested port 9958 (didn`t talk to the server) but port 9960 seems to move something, because it actually gets to the part where it makes the login info check and if I enter random keystrokes it feeds me valid errors.

Now here is where I stop having fun..
Once I input valid user/pass, the loader gets to the part where it makes the check and instead of errors or going past it to get me into the game, it crashes (no errors, just closes).
No activity on the proxy, but it`s pretty clear it`s working if the loader responds valid user checks set on localhost.

Sounds like a loader problem in my opinion, any ideas/advice?
10/01/2011 18:40 pro4never#17
It's because the encryption is no longer the same.

This and my proxy framework will have the same issues.
10/01/2011 18:44 Silent-Death#18
So IAmH advanced hooking is the only answer to hooking at the moment?
10/02/2011 20:02 -impulse-#19
Quote:
Originally Posted by Silent-Death View Post
So IAmH advanced hooking is the only answer to hooking at the moment?
Proxy isn't related hooking :S. You probably mean, the only public way to hack on CO now is by hooking... which is currently true.
10/02/2011 20:08 BaussHacker#20
Quote:
Originally Posted by Silent-Death View Post
So IAmH advanced hooking is the only answer to hooking at the moment?
Nope. You just need to switch the encryptions.
10/02/2011 20:54 Cyanogen#21
The base encryption hasn't changed, they just changed the way the encryption key the encryption system uses is generated.

Looking at the code that generates the key is a brain scrambler, it jmp's all over the place. It looks like it's been written in raw asm.
10/02/2011 22:30 _DreadNought_#22
Isnt it just that encryption hash bullshit?
10/12/2011 22:55 Dream-war2015#23
update Patch 5530
11/12/2011 03:10 Crazy_XX#24
thanks Bagu
11/14/2011 20:51 MeGaMaX#25
If i want to recode it in c++ like that

its always give me Invalid password length. Must be greater than 0 bytes :confused:

ConquerPassword.cpp

Code:
	ConquerPassword::RC5Exception::RC5Exception(String ^message) : Exception(message)
	{
	}

	ConquerPassword::RC5::RC5(array<Byte> ^data)
	{
		if (data->Length != 0x10)
		{
			throw gcnew RC5Exception("Invalid data length. Must be 16 bytes");
		}
		UInt32 index = 0;
		UInt32 num2 = 0;
		UInt32 num3 = 0;
		UInt32 num4 = 0;
		for (int i = 0; i < 4; i++)
		{
			this->bufKey[i] = safe_cast<UInt32>(((data[i * 4] + (data[(i * 4) + 1] << 8)) + (data[(i * 4) + 2] << 0x10)) + (data[(i * 4) + 3] << 0x18));
		}
		this->bufSub[0] = 0xb7e15163;
		for (int j = 1; j < 0x1a; j++)
		{
			this->bufSub[j] = this->bufSub[j - 1] - 0x61c88647;
		}
		for (int k = 1; k <= 0x4e; k++)
		{
			this->bufSub[index] = LeftRotate((this->bufSub[index] + num3) + num4, 3);
			num3 = this->bufSub[index];
			index = (index + 1) % 0x1a;
			this->bufKey[num2] = LeftRotate((this->bufKey[num2] + num3) + num4, safe_cast<int>(num3 + num4));
			num4 = this->bufKey[num2];
			num2 = (num2 + 1) % 4;
		}
	}

	array<Byte> ^ConquerPassword::RC5::Decrypt(array<Byte> ^data)
	{
		if ((data->Length % 8) != 0)
		{
			throw gcnew RC5Exception("Invalid password length. Must be multiple of 8");
		}
		int num = (data->Length / 8) * 8;
		if (num <= 0)
		{
			throw gcnew RC5Exception("Invalid password length. Must be greater than 0 bytes.");
		}
		array<UInt32> ^numArray = gcnew array<UInt32>(data->Length / 4);
		for (int i = 0; i < (data->Length / 4); i++)
		{
			numArray[i] = safe_cast<UInt32>(((data[i * 4] + (data[(i * 4) + 1] << 8)) + (data[(i * 4) + 2] << 0x10)) + (data[(i * 4) + 3] << 0x18));
		}
		for (int j = 0; j < (num / 8); j++)
		{
			UInt32 num4 = numArray[2 * j];
			UInt32 num5 = numArray[(2 * j) + 1];
			for (int m = 12; m >= 1; m--)
			{
				num5 = RightRotate(num5 - this->bufSub[(2 * m) + 1], safe_cast<int>(num4)) ^ num4;
				num4 = RightRotate(num4 - this->bufSub[2 * m], safe_cast<int>(num5)) ^ num5;
			}
			UInt32 num7 = num5 - this->bufSub[1];
			UInt32 num8 = num4 - this->bufSub[0];
			numArray[2 * j] = num8;
			numArray[(2 * j) + 1] = num7;
		}
		array<Byte> ^buffer = gcnew array<Byte>(numArray->Length * 4);
		for (int k = 0; k < numArray->Length; k++)
		{
			buffer[k * 4] = safe_cast<Byte>(numArray[k]);
			buffer[(k * 4) + 1] = safe_cast<Byte>(numArray[k] >> 8);
			buffer[(k * 4) + 2] = safe_cast<Byte>(numArray[k] >> 0x10);
			buffer[(k * 4) + 3] = safe_cast<Byte>(numArray[k] >> 0x18);
		}
		return buffer;
	}

	array<Byte> ^ConquerPassword::RC5::Encrypt(array<Byte> ^data)
	{
		if ((data->Length % 8) != 0)
		{
			throw gcnew RC5Exception("Invalid password length. Must be multiple of 8");
		}
		int num = (data->Length / 8) * 8;
		if (num <= 0)
		{
			throw gcnew RC5Exception("Invalid password length. Must be greater than 0 bytes.");
		}
		array<UInt32> ^numArray = gcnew array<UInt32>(data->Length / 4);
		for (int i = 0; i < (data->Length / 4); i++)
		{
			numArray[i] = safe_cast<UInt32>(((data[i * 4] + (data[(i * 4) + 1] << 8)) + (data[(i * 4) + 2] << 0x10)) + (data[(i * 4) + 3] << 0x18));
		}
		for (int j = 0; j < (num / 8); j++)
		{
			UInt32 num4 = numArray[j * 2];
			UInt32 num5 = numArray[(j * 2) + 1];
			UInt32 num6 = num4 + this->bufSub[0];
			UInt32 num7 = num5 + this->bufSub[1];
			for (int m = 1; m <= 12; m++)
			{
				num6 = LeftRotate(num6 ^ num7, safe_cast<int>(num7)) + this->bufSub[m * 2];
				num7 = LeftRotate(num7 ^ num6, safe_cast<int>(num6)) + this->bufSub[(m * 2) + 1];
			}
			numArray[j * 2] = num6;
			numArray[(j * 2) + 1] = num7;
		}
		array<Byte> ^buffer = gcnew array<Byte>(numArray->Length * 4);
		for (int k = 0; k < numArray->Length; k++)
		{
			buffer[k * 4] = safe_cast<Byte>(numArray[k]);
			buffer[(k * 4) + 1] = safe_cast<Byte>(numArray[k] >> 8);
			buffer[(k * 4) + 2] = safe_cast<Byte>(numArray[k] >> 0x10);
			buffer[(k * 4) + 3] = safe_cast<Byte>(numArray[k] >> 0x18);
		}
		return buffer;
	}

	UInt32 ConquerPassword::RC5::LeftRotate(UInt32 value, int shiftAmount)
	{
		return ((value << shiftAmount) | (value >> (0x20 - (shiftAmount & 0x1f))));
	}

	UInt32 ConquerPassword::RC5::RightRotate(UInt32 value, int shiftAmount)
	{
		return ((value >> shiftAmount) | (value << (0x20 - (shiftAmount & 0x1f))));
	}

	ConquerPassword::ConquerPassword(String ^key)
	{
		int seed = 0;
		for each (Byte num2 in Encoding::ASCII::GetBytes(key))
		{
			seed += num2;
		}
		msvcrt::msvcrt::srand(seed);
		array<Byte> ^buffer = gcnew array<Byte>(0x10);
		for (int i = 0; i < 0x10; i++)
		{
			buffer[i] = safe_cast<Byte>(msvcrt::msvcrt::rand());
		}
		for (int j = 1; j < 0x100; j++)
		{
			this->key[j * 2] = safe_cast<Byte>(j);
			this->key[(j * 2) + 1] = safe_cast<Byte>(j ^ buffer[j & 15]);
		}
		for (int k = 1; k < 0x100; k++)
		{
			for (int m = 1 + k; m < 0x100; m++)
			{
				if (this->key[(k * 2) + 1] < this->key[(m * 2) + 1])
				{
					this->key[k * 2] = safe_cast<Byte>(this->key[k * 2] ^ this->key[m * 2]);
					this->key[m * 2] = safe_cast<Byte>(this->key[m * 2] ^ this->key[k * 2]);
					this->key[k * 2] = safe_cast<Byte>(this->key[k * 2] ^ this->key[m * 2]);
					this->key[(k * 2) + 1] = safe_cast<Byte>(this->key[(k * 2) + 1] ^ this->key[(m * 2) + 1]);
					this->key[(m * 2) + 1] = safe_cast<Byte>(this->key[(m * 2) + 1] ^ this->key[(k * 2) + 1]);
					this->key[(k * 2) + 1] = safe_cast<Byte>(this->key[(k * 2) + 1] ^ this->key[(m * 2) + 1]);
				}
			}
		}
	}

	String ^ConquerPassword::Decrypt(array<Byte> ^data, int seed, String ^username)
	{
		msvcrt::msvcrt::srand(seed);

		auto rc5Key = gcnew array<Byte>(0x10);
		for (int i = 0; i < 0x10; i++)
			rc5Key[i] = safe_cast<Byte>(msvcrt::msvcrt::rand());
		auto password = System::Text::Encoding::ASCII::GetString((gcnew ConquerPassword(username))->Decrypt((gcnew RC5(rc5Key))->Decrypt(data)));
		password = password->Split('\0')[0];
		return password;
	}

	array<Byte> ^ConquerPassword::Decrypt(array<Byte> ^data)
	{
		array<Byte> ^buffer = gcnew array<Byte>(data->Length);
		for (int i = 0; i < data->Length; i++)
		{
			bool flag = false;
			if (data[i] == 0)
			{
				return buffer;
			}
			Byte index = this->key[data[i] * 2];
			if (index >= 0x80)
			{
				index = safe_cast<Byte>(this->key[data[i] * 2] - 0x80);
				flag = true;
			}
			buffer[i] = safe_cast<Byte>(buffer[i] + scanCodeToVirtualKeyMap[index]);
			if ((!flag && (buffer[i] >= 0x41)) && (buffer[i] <= 90))
			{
				buffer[i] = safe_cast<Byte>(buffer[i] + 0x20);
			}
		}
		return buffer;
	}

	array<Byte> ^ConquerPassword::Encrypt(array<Byte> ^data)
	{
		array<Byte> ^buffer = gcnew array<Byte>(data->Length);
		for (int i = 0; i < data->Length; i++)
		{
			Byte num2 = data[i];
			if ((data[i] >= 0x61) && (data[i] <= 0x7a))
			{
				data[i] = safe_cast<Byte>(data[i] - 0x20);
			}
			Byte num3 = virtualKeyToScanCodeMap[data[i]];
			if ((num2 >= 0x41) && (num2 <= 90))
			{
				num3 = safe_cast<Byte>(num3 + 0x80);
			}
			for (Byte j = 0; j <= 0xff; j = safe_cast<Byte>(j + 1))
			{
				Byte num5 = this->key[j * 2];
				if (num5 == num3)
				{
					buffer[i] = j;
					break;
				}
			}
		}
		return buffer;
	}
ConquerPassword.h

Code:
public ref class ConquerPassword sealed
{
public:
	ref class RC5Exception sealed: Exception
	{
	public:
		RC5Exception(String ^message);
	};
public:
	ref class RC5 sealed
	{
	private:
		initonly array<UInt32> ^bufKey = gcnew array<UInt32>(4);
		initonly array<UInt32> ^bufSub = gcnew array<UInt32>(0x1a);

	public:
		RC5(array<Byte> ^data);

		array<Byte> ^Decrypt(array<Byte> ^data);

		array<Byte> ^Encrypt(array<Byte> ^data);

	private:
		static UInt32 LeftRotate(UInt32 value, int shiftAmount);

		static UInt32 RightRotate(UInt32 value, int shiftAmount);
	};

private:
	initonly array<Byte> ^key = gcnew array<Byte>(0x200);
	static array<Byte> ^scanCodeToVirtualKeyMap = gcnew array<Byte> { 0, 0x1b, 0x31, 50, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x30, 0xbd, 0xbb, 8, 9, 0x51, 0x57, 0x45, 0x52, 0x54, 0x59, 0x55, 0x49, 0x4f, 80, 0xdb, 0xdd, 13, 0x11, 0x41, 0x53, 0x44, 70, 0x47, 0x48, 0x4a, 0x4b, 0x4c, 0xba, 0xc0, 0xdf, 0x10, 0xde, 90, 0x58, 0x43, 0x56, 0x42, 0x4e, 0x4d, 0xbc, 190, 0xbf, 0x10, 0x6a, 0x12, 0x20, 20, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 120, 0x79, 0x90, 0x91, 0x24, 0x26, 0x21, 0x6d, 0x25, 12, 0x27, 0x6b, 0x23, 40, 0x22, 0x2d, 0x2e, 0x2c, 0, 220, 0x7a, 0x7b, 12, 0xee, 0xf1, 0xea, 0xf9, 0xf5, 0xf3, 0, 0, 0xfb, 0x2f, 0x7c, 0x7d, 0x7e, 0x7f, 0x80, 0x81, 130, 0x83, 0x84, 0x85, 0x86, 0xed, 0, 0xe9, 0, 0xc1, 0, 0, 0x87, 0, 0, 0, 0, 0xeb, 9, 0, 0xc2, 0 };
	static array<Byte> ^virtualKeyToScanCodeMap = gcnew array<Byte> { 0, 0, 0, 70, 0, 0, 0, 0, 14, 15, 0, 0, 0x4c, 0x1c, 0, 0, 0x2a, 0x1d, 0x38, 0, 0x3a, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0x39, 0x49, 0x51, 0x4f, 0x47, 0x4b, 0x48, 0x4d, 80, 0, 0, 0, 0x54, 0x52, 0x53, 0x63, 11, 2, 3, 4, 5, 6, 7, 8, 9, 10, 0, 0, 0, 0, 0, 0, 0, 30, 0x30, 0x2e, 0x20, 0x12, 0x21, 0x22, 0x23, 0x17, 0x24, 0x25, 0x26, 50, 0x31, 0x18, 0x19, 0x10, 0x13, 0x1f, 20, 0x16, 0x2f, 0x11, 0x2d, 0x15, 0x2c, 0x5b, 0x5c, 0x5d, 0, 0x5f, 0x52, 0x4f, 80, 0x51, 0x4b, 0x4c, 0x4d, 0x47, 0x48, 0x49, 0x37, 0x4e, 0, 0x4a, 0x53, 0x35, 0x3b, 60, 0x3d, 0x3e, 0x3f, 0x40, 0x41, 0x42, 0x43, 0x44, 0x57, 0x58, 100, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 110, 0x76, 0, 0, 0, 0, 0, 0, 0, 0, 0x45, 70, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x2a, 0x36, 0x1d, 0x1d, 0x38, 0x38, 0x6a, 0x69, 0x67, 0x68, 0x65, 0x66, 50, 0x20, 0x2e, 0x30, 0x19, 0x10, 0x24, 0x22, 0x6c, 0x6d, 0x6b, 0x21, 0, 0, 0x27, 13, 0x33, 12, 0x34, 0x35, 40, 0x73, 0x7e, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x1a, 0x56, 0x1b, 0x2b, 0x29, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x71, 0x5c, 0x7b, 0, 0x6f, 90, 0, 0, 0x5b, 0, 0x5f, 0, 0x5e, 0, 0, 0, 0x5d, 0, 0x62, 0, 0, 0, 0 };

public:
	ConquerPassword(String ^key);

	static String ^Decrypt(array<Byte> ^data, int seed, String ^username);

private:
	array<Byte> ^Decrypt(array<Byte> ^data);

	array<Byte> ^Encrypt(array<Byte> ^data);
};
11/14/2011 21:02 prog4mer#26
you should get some help from our advanced programmers, check the development forum and write them a pm :rolleyes:
11/14/2011 21:06 MeGaMaX#27
i'm waiting a replay from any c++ programmer , thanks prog4mer about your answer :)
11/22/2011 12:22 wild_ShAdOw#28
then how to get the encryption Key :D
and how to make it with loader to get into server
and my last question i want an expert to help me with answering some question in a pm
i want to know a few things about coding only ^_^ any one say he will help ?
03/08/2012 22:42 ×Holo#29
Thanks, helped me greatly.
03/11/2012 19:08 Mr_PoP#30
Quote:
Originally Posted by androw3349 View Post
If i want to recode it in c++ like that

its always give me Invalid password length. Must be greater than 0 bytes :confused:
well I didn't check your codes , but here is a working RC5 & PasswordCrypt of my old source

RC5.h
Code:
#ifndef _RC5_H_
#define _RC5_H_

#include <vector>
#include <stdint.h>

class RC5 {
    public:
        RC5 (const std::vector<uint8_t> data);
        ~RC5 (void);
        const std::vector<uint8_t> Encrypt (const std::vector<uint8_t> buffer) const;
        const std::vector<uint8_t> Decrypt (const std::vector<uint8_t> buffer) const;
    protected:
    private:
        uint32_t m_bufKey[4];
        uint32_t m_bufSub[26];
};

#endif _RC5_H_
RC5.Cpp

Code:
#include "rc5.h"

#include <assert.h>

static uint32_t rotate_left (uint32_t dwVar, int dwOffset);
static uint32_t rotate_right (uint32_t dwVar, int dwOffset);

RC5::RC5 (const std::vector<uint8_t> buffer) {
    assert (buffer.capacity() == 16);
    const uint32_t p32 = 0xB7E15163;
    const uint32_t q32 = 0x61C88647;
    uint32_t offsetA = 0, offsetB = 0, A = 0, B = 0;
    memcpy (m_bufKey, &buffer[0], 16);
    m_bufSub[0] = p32;
    for (int i = 1; i < 26; i++) m_bufSub[i] = m_bufSub[i - 1] - q32;
    for (int s = 1; s <= 78; s++) {
        m_bufSub[offsetA] = rotate_left (m_bufSub[offsetA] + A + B, 3);
        A = m_bufSub[offsetA];
        offsetA = (offsetA + 1) % 0x1A;
        m_bufKey[offsetB] = rotate_left (m_bufKey[offsetB] + A + B, (int) (A + B));
        B = m_bufKey[offsetB];
        offsetB = (offsetB + 1) % 4;
    }
}

RC5::~RC5 (void) { }

const std::vector<uint8_t> RC5::Encrypt (const std::vector<uint8_t> buffer) const {
    assert (buffer.capacity() % 8 == 0);
    int nLen = buffer.capacity() / 8 * 8;
    assert (nLen > 0);

    uint32_t* bufData = new uint32_t[buffer.capacity() /4];
    memcpy (bufData, &buffer[0], buffer.capacity());

    for (int i = 0; i < nLen / 8; i++) {
        uint32_t A = bufData[i * 2];
        uint32_t B = bufData[i * 2 + 1];
        uint32_t le = A + m_bufSub[0];
        uint32_t re = B + m_bufSub[1];
        for (int j = 1; j <= 12; j++) {
            le = rotate_left ( (le ^ re), (int) re) + m_bufSub[j * 2];
            re = rotate_left ( (re ^ le), (int) le) + m_bufSub[j * 2 + 1];
        }
        bufData[i * 2] = le;
        bufData[i * 2 + 1] = re;
    }
    std::vector<uint8_t> result (buffer.capacity(), 0);
    memcpy (&result[0], bufData, buffer.capacity());
    delete [] bufData;
    return result;
}

const std::vector<uint8_t> RC5::Decrypt (const std::vector<uint8_t> buffer) const {
    assert (buffer.capacity() % 8 == 0);
    int nLen = buffer.capacity() / 8 * 8;
    assert (nLen > 0);

    uint32_t* bufData = new uint32_t[buffer.capacity() /4];
    memcpy (bufData, &buffer[0], buffer.capacity());
    for (int i = 0; i < nLen / 8; i++) {
        uint32_t ld = bufData[2 * i];
        uint32_t rd = bufData[2 * i + 1];
        for (int j = 12; j >= 1; j--) {
            rd = rotate_right ( (rd - m_bufSub[2 * j + 1]), (int) ld) ^ ld;
            ld = rotate_right ( (ld - m_bufSub[2 * j]), (int) rd) ^ rd;
        }
        uint32_t B = rd - m_bufSub[1];
        uint32_t A = ld - m_bufSub[0];
        bufData[2 * i] = A;
        bufData[2 * i + 1] = B;
    }
    std::vector<uint8_t> result (buffer.capacity(), 0);
    memcpy (&result[0], bufData, buffer.capacity());
    delete [] bufData;
    return result;
}


static uint32_t rotate_left (uint32_t dwVar, int dwOffset) {
    return (dwVar << (dwOffset & 0x1F) | dwVar >> 0x20 - (dwOffset & 0x1F));
}

static uint32_t rotate_right (uint32_t dwVar, int dwOffset) {
    return (dwVar >> (dwOffset & 0x1F) | dwVar << 0x20 - (dwOffset & 0x1F));
}
PasswordCrypt.h
Code:
#ifndef _PASSWORDCRYPT_H_
#define _PASSWORDCRYPT_H_

#include <vector>
#include <stdint.h>

class PasswordCrypt {
    public:
        PasswordCrypt (const std::vector<uint8_t> buffer);
        ~PasswordCrypt (void);
        const std::vector<uint8_t> Encrypt (const std::vector<uint8_t> buffer) const;
        const std::vector<uint8_t> Decrypt (const std::vector<uint8_t> buffer) const;
    protected:
    private:
        uint8_t key[0x200];
};

#endif _PASSWORDCRYPT_H_
PasswordCrypt.Cpp
Code:
#include "passwordcrypt.h"

const uint8_t scanCodeToVirtualKeyMap[] = {
    0x00, 0x1B, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x30, 0xBD, 0xBB, 0x08, 0x09,
    0x51, 0x57, 0x45, 0x52, 0x54, 0x59, 0x55, 0x49, 0x4F, 0x50, 0xDB, 0xDD, 0x0D, 0x11, 0x41, 0x53,
    0x44, 0x46, 0x47, 0x48, 0x4A, 0x4B, 0x4C, 0xBA, 0xC0, 0xDF, 0x10, 0xDE, 0x5A, 0x58, 0x43, 0x56,
    0x42, 0x4E, 0x4D, 0xBC, 0xBE, 0xBF, 0x10, 0x6A, 0x12, 0x20, 0x14, 0x70, 0x71, 0x72, 0x73, 0x74,
    0x75, 0x76, 0x77, 0x78, 0x79, 0x90, 0x91, 0x24, 0x26, 0x21, 0x6D, 0x25, 0x0C, 0x27, 0x6B, 0x23,
    0x28, 0x22, 0x2D, 0x2E, 0x2C, 0x00, 0xDC, 0x7A, 0x7B, 0x0C, 0xEE, 0xF1, 0xEA, 0xF9, 0xF5, 0xF3,
    0x00, 0x00, 0xFB, 0x2F, 0x7C, 0x7D, 0x7E, 0x7F, 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0xED,
    0x00, 0xE9, 0x00, 0xC1, 0x00, 0x00, 0x87, 0x00, 0x00, 0x00, 0x00, 0xEB, 0x09, 0x00, 0xC2, 0x00,
};

const uint8_t virtualKeyToScanCodeMap[] = {
    0x00, 0x00, 0x00, 0x46, 0x00, 0x00, 0x00, 0x00, 0x0E, 0x0F, 0x00, 0x00, 0x4C, 0x1C, 0x00, 0x00,
    0x2A, 0x1D, 0x38, 0x00, 0x3A, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
    0x39, 0x49, 0x51, 0x4F, 0x47, 0x4B, 0x48, 0x4D, 0x50, 0x00, 0x00, 0x00, 0x54, 0x52, 0x53, 0x63,
    0x0B, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x1E, 0x30, 0x2E, 0x20, 0x12, 0x21, 0x22, 0x23, 0x17, 0x24, 0x25, 0x26, 0x32, 0x31, 0x18,
    0x19, 0x10, 0x13, 0x1F, 0x14, 0x16, 0x2F, 0x11, 0x2D, 0x15, 0x2C, 0x5B, 0x5C, 0x5D, 0x00, 0x5F,
    0x52, 0x4F, 0x50, 0x51, 0x4B, 0x4C, 0x4D, 0x47, 0x48, 0x49, 0x37, 0x4E, 0x00, 0x4A, 0x53, 0x35,
    0x3B, 0x3C, 0x3D, 0x3E, 0x3F, 0x40, 0x41, 0x42, 0x43, 0x44, 0x57, 0x58, 0x64, 0x65, 0x66, 0x67,
    0x68, 0x69, 0x6A, 0x6B, 0x6C, 0x6D, 0x6E, 0x76, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x45, 0x46, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x2A, 0x36, 0x1D, 0x1D, 0x38, 0x38, 0x6A, 0x69, 0x67, 0x68, 0x65, 0x66, 0x32, 0x20, 0x2E, 0x30,
    0x19, 0x10, 0x24, 0x22, 0x6C, 0x6D, 0x6B, 0x21, 0x00, 0x00, 0x27, 0x0D, 0x33, 0x0C, 0x34, 0x35,
    0x28, 0x73, 0x7E, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1A, 0x56, 0x1B, 0x2B, 0x29,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x71, 0x5C, 0x7B, 0x00, 0x6F, 0x5A, 0x00,
    0x00, 0x5B, 0x00, 0x5F, 0x00, 0x5E, 0x00, 0x00, 0x00, 0x5D, 0x00, 0x62, 0x00, 0x00, 0x00, 0x00
};

PasswordCrypt::PasswordCrypt (const std::vector<uint8_t> buffer) {
    int sum = 0;
    for (uint32_t i = 0; i < buffer.capacity(); i++) sum += buffer.at (i);
    srand (sum);
    uint8_t hash[0x10];
    for (int i = 0; i < 0x10; i++) hash[i] = (uint8_t) rand();
    for (int i = 1; i < 0x100; i++) {
        key[i * 2] = (uint8_t) i;
        key[ (i * 2) + 1] = (uint8_t) (i ^ hash[i & 0x0F]);
    }
    for (int i = 1; i < 0x100; i++)
        for (int j = 1 + i; j < 0x100; j++)
            if (key[ (i * 2) + 1] < key[ (j * 2) + 1]) {
                uint8_t tmp = key[j*2];
                key[j*2] = key[i*2];
                key[i*2] = tmp;
                tmp = key[ (j * 2) + 1];
                key[ (j * 2) + 1] = key[ (i * 2) + 1];
                key[ (i * 2) + 1] = tmp;
            }
}

PasswordCrypt::~PasswordCrypt (void) { }

const std::vector<uint8_t> PasswordCrypt::Encrypt (const std::vector<uint8_t> buffer) const {
    std::vector<uint8_t> result (buffer.capacity(), 0);
    std::vector<uint8_t> tmp (buffer);
    for (uint32_t j = 0; j < tmp.capacity(); j++) {
        uint8_t c = tmp[j];
        if (tmp[j] >= 'a' && tmp[j] <= 'z')
            tmp[j] -= 'a' - 'A';
        uint8_t d = virtualKeyToScanCodeMap[tmp[j]];
        if (c >= 'A' && c <= 'Z')
            d += 0x80;
        for (uint32_t i = 0; i < 0x100; i++) {
            uint8_t b = (uint8_t) this->key[i * 2];
            if (b == d) {
                    result[j] = (uint8_t) i;
                break;
            }
        }
    }
    return result;
}

uint8_t getNum(uint8_t num) {
	switch (num) {
	case 45: return 0x30;
	case 35: return 0x31;
	case 40: return 0x32;
	case 34: return 0x33;
	case 37: return 0x34;
	case 12: return 0x35;
	case 39: return 0x36;
	case 36: return 0x37;
	case 38: return 0x38;
	case 33: return 0x39;
	default: return num;
	}
}

const std::vector<uint8_t> PasswordCrypt::Decrypt (const std::vector<uint8_t> buffer) const {
    std::vector<uint8_t> result (buffer.capacity(), 0);
    for (uint32_t i = 0; i < buffer.capacity(); i++) {
        bool upper = false;
        if (buffer[i] == 0) break;
        uint8_t b = this->key[buffer[i] * 2];
        if (b >= 0x80) {
            b = (uint8_t) (this->key[buffer[i] * 2] - 0x80);
            upper = true;
        }
        result[i] += scanCodeToVirtualKeyMap[b];
        if (!upper && result[i] >= 'A' && result[i] <= 'Z') result[i] += 'a' - 'A';
		result[i] = getNum(result[i]);
    }
    return result;
}
Hope it helps you ^_^

EDIT:
after looking at your code I found your using C++/CLI , and your trying to Convert C# class directly into C++ , I don't think this may work as you want, you don't convert everything as it is , every language has its features!
Page 2 of 3 1 2 3