Blowfish key

Page 1 of 2 1 2
03/07/2012 15:05 Speedie123#1
Hey guys.
I was wondering what's the best way to get the blowfish key?
I've tried some other stuff from ultimation but it doesnt work with protected servers, so may i ask for a trusted way?
and how to replace the new key into the exe using hex or w/e
Thanks.
03/07/2012 20:36 Spirited#2
Some servers just edit it using a hex editor. You can open Conquer.exe in Notepad++ and find it next to "TQServer". Other servers might use a loader to inject it with a new blowfish key. In any case, it's pretty easy to figure out the BF key by reverse engineering the loader. I know there's a few tutorials and programs out there to help you in the Programming Section. Good luck!
03/07/2012 20:46 _DreadNought_#3
Fang incorect, "AFAIK" The BFKey is a fixed string and cannot be changed via hooking.
03/07/2012 20:53 Spirited#4
Quote:
Originally Posted by _DreadNought_ View Post
Fang incorect, "AFAIK" The BFKey is a fixed string and cannot be changed via hooking.
So it's not possible to hook the client's method that sets the key in the game cipher? It's not possible to inject a new method that sets the cipher using another key? o.O
03/07/2012 20:59 _DreadNought_#5
When you think about it that way yes, but simply just changing the string at the address in memory its set to, no.
03/07/2012 21:08 -impulse-#6
Quote:
Originally Posted by Fаng View Post
So it's not possible to hook the client's method that sets the key in the game cipher? It's not possible to inject a new method that sets the cipher using another key? o.O
Not in CO's case... well it's not exactly easy.
TQ's programmers that wrote CO's encryption implemented all by hand... so a simple detour wouldn't work (like get the lib and includes for openssl and set up a detour on BF_set_key from openssl) because you dont have the function pointer.
But, if you can get the function's pointer then you can hook the function and get the parameters easily.

On the other hand, if you're dealing with a CO.exe like classic co's, which is packed and closes the game if it finds c-e, ollydbg, programming environments (VC#, VC++), it's going to be a lot harder.
If you don't succeed with hooking/detours, you could always try a bruteforce but it might take you around a month to be able to find the right combination considering that there are 94^16 (^ = power) possible arrangements. (Starting from '0' to '~').

If you're trying bruteforce... good luck with that.
03/08/2012 13:56 Speedie123#7
I still couldnt know how to get it after all.
03/08/2012 14:44 Lateralus#8
Attach with a debugger; Enigma decrypts at runtime. I swear I've posted this same thing at least 5 times now.
03/08/2012 23:34 Speedie123#9
Sorry, can you link me it?
03/09/2012 01:23 injection illusion logic#10
link u what ? debugger ? if u duno how to get it then im pretty sure u dont know a thing about asm , so google asm books and read some and come back :)
03/09/2012 01:51 Speedie123#11
Dude, I've asked clearly for help.
So, Could you just tell me a trusted way?
03/09/2012 01:53 _DreadNought_#12
Google OlyDBG.

I'll do it for you I guess, [Only registered and activated users can see links. Click Here To Register...] use google to learn how to use the software and you can do everything as so.
03/09/2012 02:26 Speedie123#13
I know the ollydbg.
I was asking for a way to get the blowfish key.
Could you show me it?
Oweee, thanks.
03/10/2012 14:29 Speedie123#14
Up guys.
03/10/2012 16:01 ×Holo#15
Please, don't bump a thread that you won't get a simple answer on..

you have to get throw alot first.
Page 1 of 2 1 2