[Help]Password Decryption on CoEmu V2

02/21/2012 15:58 JobvdH#1
Hello people,

Does someone know how to decrypt the password?
RC5 Layer gives me the following error:
The arithmetic operation resulted in an overflow.

On this line:
Code:
passInts[i] = (uint)reader.ReadInt32();
Thanks in advanced,
Jobdvh!
02/21/2012 17:12 Kiyono#2
It doesn't use RC5 but the old password encryption.
02/21/2012 17:28 JobvdH#3
And which password encryption is that?
02/21/2012 17:39 -impulse-#4
Quote:
Originally Posted by JobvdH View Post
Hello people,

Does someone know how to decrypt the password?
RC5 Layer gives me the following error:
The arithmetic operation resulted in an overflow.

On this line:
Code:
passInts[i] = (uint)reader.ReadInt32();
Thanks in advanced,
Jobdvh!
Code:
passInts[i] = reader.ReadUInt32();
or
Code:
passInts[i] = Convert.ToUInt32(reader.ReadUInt32());
02/21/2012 17:45 JobvdH#5
Thanks for you answer impulse,
Now I get the same error on another line:
Code:
temp2 = RightRotate(temp2 - _key[j * 2 + 6], temp1) ^ temp1;
Heres my decrypt void:
Code:
        public static string Decrypt(byte[] bytes)
        {
            BinaryReader reader = new BinaryReader(new MemoryStream(bytes, false));
            uint[] passInts = new uint[4];
            for (uint i = 0; i < 4; i++)
                passInts[i] = Convert.ToUInt32(reader.ReadUInt32());


            uint temp1, temp2;
            for (int i = 1; i >= 0; i--)
            {
                temp1 = passInts[(i * 2) + 1];
                temp2 = passInts[i * 2];
                for (int j = 11; j >= 0; j--)
                {
                    temp1 = RightRotate(temp1 - _key[j * 2 + 7], temp2) ^ temp2;
                    temp2 = RightRotate(temp2 - _key[j * 2 + 6], temp1) ^ temp1;

                }
                passInts[i * 2 + 1] = temp1 - _key[5];
                passInts[i * 2] = temp2 - _key[4];

            }
            BinaryWriter writer = new BinaryWriter(new MemoryStream(bytes, true));
            for (uint i = 0; i < 4; i++)
                writer.Write((int)passInts[i]);
            for (int i = 0; i < 16; i++)
                if (bytes[i] == 0)
                    return Encoding.ASCII.GetString(bytes, 0, i);
            return Encoding.ASCII.GetString(bytes);
        }
02/21/2012 23:27 CptSky#6
Quote:
Originally Posted by Kiyono View Post
It doesn't use RC5 but the old password encryption.
The old password encryption is RC5...

N.B. Maybe you can check my public implementation.
02/21/2012 23:34 _DreadNought_#7
Quote:
Originally Posted by JobvdH View Post
Hello people,

Does someone know how to decrypt the password?
RC5 Layer gives me the following error:
The arithmetic operation resulted in an overflow.

On this line:
Code:
passInts[i] = (uint)reader.ReadInt32();
Thanks in advanced,
Jobdvh!
Quote:
Originally Posted by JobvdH View Post
Thanks for you answer impulse,
Now I get the same error on another line:
Code:
temp2 = RightRotate(temp2 - _key[j * 2 + 6], temp1) ^ temp1;
Heres my decrypt void:
Code:
        public static string Decrypt(byte[] bytes)
        {
            BinaryReader reader = new BinaryReader(new MemoryStream(bytes, false));
            uint[] passInts = new uint[4];
            for (uint i = 0; i < 4; i++)
                passInts[i] = Convert.ToUInt32(reader.ReadUInt32());


            uint temp1, temp2;
            for (int i = 1; i >= 0; i--)
            {
                temp1 = passInts[(i * 2) + 1];
                temp2 = passInts[i * 2];
                for (int j = 11; j >= 0; j--)
                {
                    temp1 = RightRotate(temp1 - _key[j * 2 + 7], temp2) ^ temp2;
                    temp2 = RightRotate(temp2 - _key[j * 2 + 6], temp1) ^ temp1;

                }
                passInts[i * 2 + 1] = temp1 - _key[5];
                passInts[i * 2] = temp2 - _key[4];

            }
            BinaryWriter writer = new BinaryWriter(new MemoryStream(bytes, true));
            for (uint i = 0; i < 4; i++)
                writer.Write((int)passInts[i]);
            for (int i = 0; i < 16; i++)
                if (bytes[i] == 0)
                    return Encoding.ASCII.GetString(bytes, 0, i);
            return Encoding.ASCII.GetString(bytes);
        }
Accoding to e*pvp you posted the second error within 2 hours of fixing the first one, you have NOT tryed very hard at ALL.

Try for a day or two and if you still have troubbles then make a thread but 2 hours is just stupid, I've spent 3 days on just one error before. It pays off.
02/22/2012 09:15 Kiyono#8
Quote:
Originally Posted by CptSky View Post
The old password encryption is RC5...

N.B. Maybe you can check my public implementation.
Really? Didn't know that. I only saw the word "RC5" appearing in relation to the password decryption after the new password encryption came along so figured that the old one didn't use it.
02/22/2012 09:47 JobvdH#9
Well I've already got a solution that Fang gave me, I'm gonna try that out if it doesn't work out I'll post again.
Atleast thanks for the support!
Btw wasn't RC5 a layer for old password encryptions because Fang told me that NetDragon's Pass Encryption is in version 5017 - 5165 and after that version it should be something else like RC5 maybe?
02/22/2012 11:04 Spirited#10
Here's mine from patch 5017... i'm not sure if it works on 5095 though. (I'm not too familiar with the password cryptography in 5095).

Code:
using System.Runtime.InteropServices;

    public unsafe class PasswordCipher
    {
        private static uint[] _key = new uint[] { 
            0xebe854bc, 0xb04998f7, 0xfffaa88c, 0x96e854bb, 0xa9915556, 0x48e44110, 
            0x9f32308f, 0x27f41d3e, 0xcf4f3523, 0xeac3c6b4, 0xe9ea5e03, 0xe5974bba, 
            0x334d7692, 0x2c6bcf2e, 0xdc53b74, 0x995c92a6, 0x7e4f6d77, 0x1eb2b79f, 
            0x1d348d89, 0xed641354, 0x15e04a9d, 0x488da159, 0x647817d3, 0x8ca0bc20, 
            0x9264f7fe, 0x91e78c6c, 0x5c9a07fb, 0xabd4dcce, 0x6416f98d, 0x6642ab5b
         };

        public static sbyte* Decrypt(uint* password)
        {
            for (int i = 1; i >= 0; i--)
            {
                uint temp1 = *((uint*)(password + (i * 2) + 1));
                uint temp2 = *((uint*)(password + (i * 2)));
                for (int j = 11; j >= 0; j--)
                {
                    temp1 = (uint)RollRight(temp1 - _key[(j * 2) + 7], (byte)temp2) ^ temp2;
                    temp2 = (uint)RollRight(temp2 - _key[(j * 2) + 6], (byte)temp1) ^ temp1;
                }
                password[(i * 2) + 1] = temp1 - _key[5];
                password[i * 2] = temp2 - _key[4];
            }
            return (sbyte*)password;
        }

        public static sbyte* Encrypt(uint* password)
        {
            for (int i = 1; i >= 0; i--)
            {
                uint temp1 = _key[5] + password[(i * 2) + 1];
                uint temp2 = _key[4] + password[i * 2];
                for (int j = 0; j < 12; j++)
                {
                    temp2 = (uint)RollLeft(temp1 ^ temp2, (byte)temp1) + _key[(j * 2) + 6];
                    temp1 = (uint)RollLeft(temp1 ^ temp2, (byte)temp2) + _key[(j * 2) + 7];
                }
                password[i * 2] = temp2;
                password[i * 3] = temp1;
            }
            return (sbyte*)password;
        }

        public static int RollLeft(uint value, byte roll)
        {
            roll = (byte)(roll & 0x1f);
            return (int)((value << roll) | (value >> (0x20 - roll)));
        }
        public static int RollRight(uint value, byte roll)
        {
            roll = (byte)(roll & 0x1f);
            return (int)((value << (0x20 - roll)) | (value >> roll));
        }
    }
02/22/2012 11:49 JobvdH#11
I tried, and I tried and I tried but i can't get it done, it still gives me the error:
The arithmetic operation resulted in an overflow.

And I don't know why!?
It's kinda frustrating me, I try to get this done for 2 days.
02/22/2012 16:31 Kiyono#12
Why are you using CoEmu v2 anyway? EliteCoEmu has the password decryption implemented.
02/22/2012 16:47 JobvdH#13
Elite-CoEmu is a pain to setup, and the creator of Elite-CoEmu has set it up for me, but it didn't seem to work on my computer so thats why.
02/22/2012 17:15 CptSky#14
Quote:
Originally Posted by Kiyono View Post
Really? Didn't know that. I only saw the word "RC5" appearing in relation to the password decryption after the new password encryption came along so figured that the old one didn't use it.
Because before that, the password encryption wasn't really known by the public. When TQ added a new layer over the RC5 and that the RC5 was seeded with a random seed, it became less important to keep the information private. Also, the only public implementation was really badly implemented.

Quote:
Originally Posted by JobvdH View Post
[...]Btw wasn't RC5 a layer for old password encryptions because Fang told me that NetDragon's Pass Encryption is in version 5017 - 5165 and after that version it should be something else like RC5 maybe?
RC5 is used since the beta of Eudemon Online for the password. At patch 5180, TQ added a new layer over this crypto, plus they added a random seed.
02/22/2012 21:36 JobvdH#15
Oh alright, but back to the topic does someone know how to fix this error I don't have any clue