Packet encryption

Page 1 of 3 1 23
02/17/2013 23:25 EliteRinciks#1
Hi guys, i know that some of you know the packet encryption mechanism used by DarkOrbit, so I was wondering if you might share it.

I am trying to figure it out but with no luck whatsoever :/ ...

I know that they use RC4 to encrypt their data, but i can't find the key. I have an idea, that they are sending the key over the connection, where the unique ID = 9098 , but i am not sure. the code decrypted by SWF Decompiler is so hard to understand ...

Any ideas here?
Thanks.
02/18/2013 00:56 mouradhndr#2
how did you know that they use RC4 to encrypt their data? moreover there are variants in this kind of encryption (RC4A, VMPC, and RC4+)...
02/18/2013 01:12 EliteRinciks#3
I found it in the source code, but, man, it's hard to understand. There are so many functions connected to it, just omg. I just can't figure it out...
02/18/2013 01:15 TheFallenAngel#4
sounds like a DO employee trying to find out what we know O.o
(this is mostly a joke because of join date and post count)
02/18/2013 01:21 EliteRinciks#5
Hahaha, no m8, not at all.
I have only been reading the stuff here without an account, only joined today to ask the question. :)
02/18/2013 04:23 jesse13042#6
funny how he starts of with complete sentences and in his other post it goes down hill slowly.....
02/18/2013 05:06 V.I.R.U.S.#7
triple encryption
02/18/2013 06:07 EliteRinciks#8
Quote:
Originally Posted by V.I.R.U.S. View Post
triple encryption
triple encryption ? anything more precise? I can see that they add something to the ByteArray before ARC4'ing it, but couldn't figure out - what.
02/18/2013 06:53 »jD«#9
Do a google search, its called a salt, or more commonly in crypto terms, an IV (In RC4's case its a nonce, as its used once as a seed to a counter that is used on both sides, so RC4 is one of the weaker encryptions out there.)

-jD
02/18/2013 07:33 GnomeProgramming#10
Quote:
Originally Posted by »jD« View Post
Do a google search, its called a salt, or more commonly in crypto terms, an IV (In RC4's case its a nonce, as its used once as a seed to a counter that is used on both sides, so RC4 is one of the weaker encryptions out there.)

-jD

The problem in the DO encryption is how to get the Key and IV, Thats the real probem, maybe you could give us a clue with that about where did you get the IV? :D
02/18/2013 07:36 »jD«#11
The RC4 implementation they use has no IV, its based on a count.

-jD
02/18/2013 09:35 EliteRinciks#12
Thanks, jD!

So basicly - the only encryption they use is the RC4 with an IV - bytearray count?
How did u find the passkey ?
02/18/2013 09:49 »jD«#13
Keep looking, its in the first 3 packets ;)

-jD
02/18/2013 09:50 EliteRinciks#14
It isnt encoded, right? :D

Thanks a lot! :)
Once im home, will try to look in them.
02/18/2013 10:07 GnomeProgramming#15
Quote:
Originally Posted by »jD« View Post
Keep looking, its in the first 3 packets ;)

-jD
Thanks for the help, but in the first 3 packets to the port 8080 i can just find this packets, did you say that the key is there?

00 0E 02 9A 00 00 00 00 00 00 00 1D 00 00 00 08 = ................

00 0F 02 9B 01 00 00 00 00 00 00 00 1D 00 00 00 08 = .................

00 02 7A 3E = ..z>
Page 1 of 3 1 23