Digging the Game Encryption at CoGen Code

Page 1 of 2

05/19/2012 11:16 xmen01235#1

Code:

        public GameCrypto()
        {
            [COLOR="red"]Class0.N47LJ78z09Kgf();[/COLOR]
            this.ClientIV = new byte[8];
            this.ServerIV = new byte[8];
            .........
            .........
            .........
        }

Code:

using System;

internal class Class0
{
    private static bool bool_0;

    internal static void N47LJ78z09Kgf()
    {
    }
}

This line makes me confuse.

Class0.N47LJ78z09Kgf();

05/19/2012 14:05 shitboi#2

code obsfuscation? He might have purposely named it that way, use his look up table to find the corresponding documentation for that function. Can you locate that function, you mgiht be able to make some sense out of it?

05/19/2012 14:37 KraHen#3

Right click - go to definition. Should be an empty function dropped out by the reflection IMO.

05/19/2012 15:21 donn#4

Anyway, password encryption is done by his auth server, current game enc ain't in the reflected source.

05/19/2012 18:13 InfamousNoone#5

You can get the game encryption from various sources that are intended to run on a higher patch (I believe). Trying to find it in the COG source code is unnecessarily shooting yourself in the foot. Also, the password encryption isn't in his src.

05/19/2012 18:45 xmen01235#6

So it is the reflected function.

Did you guys edited the client for the dynamic keys? It seems that the game encryption function did not change a lot except for the reflected function which inserted at the beginning of the gamecrypto function.

05/21/2012 00:50 _DreadNought_#7

The game encryption didnt change, the DHKey exchange did, that should be in the source.

The password encryption he uses the COGen auth servers to do all the encrypting, however if you want to crash cogenius then there encryption they use to communicate with the bot->cogen is in there.

Find all references and go to definition buttons should help you figure that out.

Enjoy.

05/21/2012 08:40 KraHen#8

Anyways the password encryption is completely unnecessary for proxy functions.

05/23/2012 09:53 _DreadNought_#9

what about clientless KraHen? :)

05/23/2012 12:37 KraHen#10

I was talking about proxy, man-in-the-middle functions. :)

05/23/2012 13:49 Korvacs#11

Yeah, but he was pointing out that there's been no mention of what the encryption was for so you cant assume that its for a proxy and therefore unnecessary.

05/24/2012 00:14 KraHen#12

I really don`t see someone who is capable of creating a clientless bot asking questions like the OP, so I just assumed that it`s either for a proxy or a server, non of which truly require the password cryptography. But that may be just because I`m cynic as well.

05/24/2012 10:03 _DreadNought_#13

Just because a server doesnt truly require the new password encryption its the correct a way to go about it.

05/24/2012 12:16 KraHen#14

Why exactly? In the DB you`re storing hashed passwords anyways, be that encrypted from the real password or the encrypted one, you`re not really supposed to reverse the hash, so I`d say it`s pointless. Though this is just my opinion.

05/24/2012 13:11 I don't have a username#15

TQ doesn't hash their passwords, if I'm correct. Unless they've started doing it, but I know they didn't do in the past.

Page 1 of 2