[PHP - CLIENT] Login Cryptography

Page 1 of 3 1 23
10/01/2013 03:33 Sm•ke#1
Hi community ! :pimp:

today i open this thread for release the login cryptography written in php..

Code:
// encrypt 'NoS0575..' packet
function packet_enc($packet)
{
	$str_enc = "";
	for($i = 0; $i < strlen($packet); $i++)
		$str_enc .= chr((ord($packet[$i])^195) + 15);
	return $str_enc .= chr(216);
}

// encrypt password of login
function password_enc($password)
{
	$pos = rand(0, 22);
	$str_hex = strtoupper(ToHex($password));
	$secondtable = array(46, 42, 23, 79, 32, 36, 71, 17, 91, 55, 83, 67, 21, 52, 69, 37, 75, 29, 47, 88, 43, 50, 99);
	$pw_enc = strtoupper(ToHex(chr($secondtable[$pos])));
	for($i = 0; $i < strlen($str_hex); $i += 2)
	{
		$pw_enc .= strtoupper(ToHex(chr(($secondtable[$pos] & 240) >> 4)));
		$pw_enc .= $str_hex[$i];
		$pw_enc .= strtoupper(ToHex(chr($secondtable[$pos] & 15)));
		$pw_enc .= $str_hex[$i + 1];
		$pos == 22 ? $pos = 0 : $pos++;
	}
	return $pw_enc;
}

// decrypt response received from server
function packet_dec($packet)
{
	$str_dec = "";
	for($i = 0; $i < strlen($packet); $i++)
		$str_dec .= chr(ord($packet[$i]) - 15);
	return $str_dec .= chr(25);
}
it's the function that i use for convert string to hex

Code:
function ToHex($string)
{
	$hex = "";
	for ($i = 0; $i < strlen($string); $i++)
		$hex .= dechex(ord($string[$i]));
	return $hex;
}
it's an example, how to make the login packet

Code:
$HASH = "529D12EF5699E29548A9914C7B2AB6DFA735FA8053A6B0EDFF75E607FF3EBBED";
$ID = "YOUR ID";
$PW = password_enc("YOUR PW");
	
$login_packet = "NoS0575 10039722 ".$ID." ".$PW." 00564F36";
$login_packet .= chr(11);
$login_packet .= "0.9.3.3021 0 ".strtoupper(md5($HASH.$ID));
$login_packet = packet_enc($login_packet);
good luck with your project ! :handsdown:
10/01/2013 11:34 Mr.Tr33#2
It looks interessting, but what Hash ist it?
I think it would be more interessting, if you show people how to connect to the server as well :)
10/01/2013 11:51 Sm•ke#3
Quote:
Originally Posted by Mr.Tr33 View Post
It looks interessting, but what Hash ist it?
I think it would be more interessting, if you show people how to connect to the server as well :)
okay, I think you're right !

the important parts of the login packet are:

NoS0575 10039722 ID PW_ENCRYPTED 00564F36HERE_THERE_IS_A_BYTE_THAT_FORUM_DON'T_READ0.9.3.3021 0 MD5_OF_HASH_+_ID

then, with this cryptography u can make an emulator of client on the web (for now i released only part of login and not of the game server)

it's an example written in 5 minutes for try..

Code:
<?php
	error_reporting(E_ALL);
	
	echo "creating socket..<br>";
	$socket = socket_create(AF_INET, SOCK_STREAM, SOL_TCP); // here u create socket
	if($socket === false)
		echo "FAILED<br>";
	else
		echo "OK<br>";
	
	echo "Connecting to 79.110.84.75:4003..<br>";
	$result = socket_connect($socket, "79.110.84.75", 4003); // here u try connection to login server of nostale
	if($result === false)
		echo "FAILED<br>";
	else
		echo "OK<br>";
		
	function packet_enc($packet)
	{
		$str_enc = "";
		for($i = 0; $i < strlen($packet); $i++)
			$str_enc .= chr((ord($packet[$i])^195) + 15);
		return $str_enc .= chr(216);
	}
	
	function ToHex($string)
	{
		$hex = "";
		for ($i = 0; $i < strlen($string); $i++)
			$hex .= dechex(ord($string[$i]));
		return $hex;
	}
	
	function password_enc($password)
	{
		$pos = rand(0, 22);
		$str_hex = strtoupper(ToHex($password));
		$secondtable = array(46, 42, 23, 79, 32, 36, 71, 17, 91, 55, 83, 67, 21, 52, 69, 37, 75, 29, 47, 88, 43, 50, 99);
		$pw_enc = strtoupper(ToHex(chr($secondtable[$pos])));
		for($i = 0; $i < strlen($str_hex); $i += 2)
		{
			$pw_enc .= strtoupper(ToHex(chr(($secondtable[$pos] & 240) >> 4)));
			$pw_enc .= $str_hex[$i];
			$pw_enc .= strtoupper(ToHex(chr($secondtable[$pos] & 15)));
			$pw_enc .= $str_hex[$i + 1];
			$pos == 22 ? $pos = 0 : $pos++;
		}
		return $pw_enc;
	}
	
	$HASH = "529D12EF5699E29548A9914C7B2AB6DFA735FA8053A6B0EDFF75E607FF3EBBED"; // with updates this change, then u need to reverse the client and get it.. if u have problems u can contact me to skype: enigma_styl3
	$ID = "YOURID";
	$PW = password_enc("YOURPW");

	// here u make login packet like i said on the top, first of example	
	$login_packet = "NoS0575 10039722 ".$ID." ".$PW." 00564F36";
	$login_packet .= chr(11);
	$login_packet .= "0.9.3.3021 0 ".strtoupper(md5($HASH.$ID));
	$login_packet = packet_enc($login_packet); // here u encrypt packet
	
	socket_write($socket, $login_packet, strlen($login_packet)); // here u send packet to login server
	
	function packet_dec($packet)
	{
		$str_dec = "";
		for($i = 0; $i < strlen($packet); $i++)
			$str_dec .= chr(ord($packet[$i]) - 15);
		return $str_dec .= chr(25);
	}
	
	while($out = socket_read($socket, 2048))
		echo packet_dec($out); // here u get response, decrypt and print it
		
	socket_close($socket); // here u close socket
?>
for more informations ask here, no problems, if i can i answer ! :D
10/01/2013 12:10 Mr.Tr33#4
Actually I mean this one here:
Code:
$HASH = "529D12EF5699E29548A9914C7B2AB6DFA735FA8053A6B0EDFF75E607FF3EBBED";
10/01/2013 13:45 Sm•ke#5
with the hash you can make the last part of the login packet ( just a version control )

it change when there are new updates..
10/01/2013 14:02 Mr.Tr33#6
But there is probably a way to create this hash to or not?
10/01/2013 14:08 Sm•ke#7
Quote:
Originally Posted by Mr.Tr33 View Post
But there is probably a way to create this hash to or not?
I think it's a control of files, but I can not tell clearly ..
you can find it in the function where the login packet is generated.

-- EDIT --

i reversed the function and i found that it's md5 of 2 files..

nostalex.dat = 529D12EF5699E29548A9914C7B2AB6DF
nostale.dat = A735FA8053A6B0EDFF75E607FF3EBBED

nostalex.dat md5 + nostale.dat md5 = hash = 529D12EF5699E29548A9914C7B2AB6DFA735FA8053A6B0EDFF 75E607FF3EBBED

solved the problem :)

i wrote a small function in php for don't reverse always the hash:

Code:
<?php
	function hash_calculator($path)
	{
		return strtoupper(md5(file_get_contents($path.'NostaleX.dat', true))).strtoupper(md5(file_get_contents($path.'Nostale.dat', true)));
	}
?>
now u just need to call it:

Code:
<?php $hash = hash_calculator('./'); ?>
10/01/2013 15:27 ernilos#8
Oh! Then GF knows when we use custom clients, cool:D
10/01/2013 18:16 Sm•ke#9
they know only if u edit nostalex.dat or nostale.dat, did not u know this ?
10/01/2013 18:51 PainToTheWorld#10
das sollte jedem ne warnung sein
helfe keinem auf epvpers denn 2 wochen später
released er komplette algorithmen
10/01/2013 18:56 Mr.Tr33#11
Quote:
Originally Posted by Sm•ke View Post
they know only if u edit nostalex.dat or nostale.dat, did not u know this ?
In another topic users say they get banned when they use a bot for multiple clients. Probably that's the reason.

Quote:
Originally Posted by PainToTheWorld View Post
das sollte jedem ne warnung sein
helfe keinem auf epvpers denn 2 wochen später
released er komplette algorithmen
Öhm, ist ja nicht so das es mal publik war und davor auch schon mal gegen 2007 glaube ich?
10/01/2013 18:57 Sm•ke#12
Quote:
Originally Posted by PainToTheWorld View Post
das sollte jedem ne warnung sein
helfe keinem auf epvpers denn 2 wochen später
released er komplette algorithmen
what ? can u translate in english ? ._.

if members of this community want try, it's the link of my bot ( for now work just the login but i work on it )..

u need an account on nostale IT, it's not important the level of character.. u can make a new account for example :)

[Only registered and activated users can see links. Click Here To Register...]

Quote:
Originally Posted by Mr.Tr33 View Post
In another topic users say they get banned when they use a bot for multiple clients. Probably that's the reason.
yes, it's sure.. gameforge see if u jump the function.. for example if u convert .dat to .exe and u jump the function for open it they see and ban u :)

this control has always existed :rolleyes:
10/30/2013 20:39 0Lucifer0#13
I think there is an error in the decrypt system (encrypt)
$str_enc .= chr((ord($packet[$i])^195) + 15);
system(decrypt)
$str_dec .= chr(ord($packet[$i]) - 15); => where is the 195?
and i'm note sure but i thinks decrypt should be
$str_enc .= chr((ord($packet[$i])- 15)^195);
Tell me if i wrong.
10/31/2013 00:28 Sm•ke#14
Quote:
Originally Posted by 0Lucifer0 View Post
I think there is an error in the decrypt system (encrypt)
$str_enc .= chr((ord($packet[$i])^195) + 15);
system(decrypt)
$str_dec .= chr(ord($packet[$i]) - 15); => where is the 195?
and i'm note sure but i thinks decrypt should be
$str_enc .= chr((ord($packet[$i])- 15)^195);
Tell me if i wrong.
it's cryptography of client and not of server, it's the opposite of game server functions ^^

work perfectly man, i used it on my bot: extremedoor.org ^^
10/31/2013 00:47 0Lucifer0#15
ok thanks! but I don't understand why it work^^ because $str_dec .= chr(ord($packet[$i]) - 15); is not the oposite of $str_enc .= chr((ord($packet[$i])^195) + 15); where is ^195 in the first function?
Page 1 of 3 1 23