Nostale emulator state and reverse engineering ?

02/20/2015 16:48 SgT-Fatality#1

Hi,

I'm new in Nostale emulation and I would like to know what is the current developpement state ? Like what is done. Do we know the basic packet structure and stuff ?

Is there anyone who already worked on reverse engineering the client ?

Thanks a lot,
Sgt

02/20/2015 17:00 ernilos#2

Packet crypto has been released on C++ two years ago thought, also packetloggers are easy to find.

And... Seems to be a malediction to emulators, everyone who worked on it left the project after few months I:

02/20/2015 19:30 FI0w#3

Quote:

Originally Posted by ernilos

Packet crypto(Yes but buggy) has been released on C++ two years ago thought, also packetloggers are easy to find.

And... Seems to be a malediction to emulators, everyone who worked on it left the project after few months I:

The Crypto~

Spoiler

Code:

Login Decryption (�3V!L, C++)
std::string loginDecrypt(std::string str)
{
    std::string dec_str;
    for (int i = 0; i < str.size(); i++) { dec_str += str[i] - 0xF ^ 0xC3; }
    return dec_str;
}

Login Encryption (trollface, C++)
std::string EncryptLoginPacket(std::string str)
{
    std::string encrypted_string;

    for (int i = 0; i < str.length(); i++) { encrypted_string += str[i] + 0xF; }

    return encrypted_string += 0x19;
}

Password Hash Decryption (�3V!L, C++) -- BUG FIXED
std::string LoginPassDecrypt(std::string tmp)
{
    try
    {
        bool equal = tmp.size() % 2 == 0 ? true : false;
        std::string str = equal == true ? tmp.erase(0,3) : tmp.erase(0, 4);
        std::string dec_pass;
        for(int i = 0; i < str.size(); i += 2) { dec_pass += str[i]; }
        
        if(dec_pass.size() % 2 != 0)
        {
            str.clear();
            dec_pass.clear();
            str = tmp.erase(0, 2);
            for(int i = 0; i < str.size(); i += 2) { dec_pass += str[i]; }
        }
        
        std::string temp = dec_pass;
        dec_pass.clear();
        for(int i = 0; i < temp.size(); i++)
        {
            dec_pass += temp[i];
            if (i % 2 && i != 0) dec_pass += " ";
        }

        std::stringstream ss(dec_pass);
        dec_pass.clear();
        
        int convert;
        while ( ss >> std::hex >> convert)
        {
            dec_pass.push_back(convert);
        }

        return dec_pass;
    }
    catch (...)
    {
        return "-1";
    }
}

Session Packet Decryption (trollface, C++)
std::string DecryptSessionPacket(std::string str)
{
    std::string    encrypted_string;

    for (int i = 1; i < str.length(); i++)
    {
        if (str[i] == 0xE) { return encrypted_string; }

                          unsigned char firstbyte = str[i] - 0xF;
        unsigned char secondbyte = firstbyte;
        secondbyte &= 0xF0;
        firstbyte =    firstbyte - secondbyte;
        secondbyte >>=    0x4;

        switch (secondbyte)
        {
        case 0:
            encrypted_string +=    ' ';
        break;

        case 1:
            encrypted_string +=    ' ';
        break;

        case 2:
            encrypted_string +=    '-';
        break;

        case 3:
            encrypted_string +=    '.';
        break;

        default:
            secondbyte += 0x2C;
            encrypted_string +=    secondbyte;
        break;
        }

        switch (firstbyte)
        {
        case 0:
            encrypted_string +=    ' ';
        break;

        case 1:
            encrypted_string += ' ';
        break;

        case 2:
            encrypted_string += '-';
        break;

        case 3:
            encrypted_string += '.';
        break;

        default:
            firstbyte += 0x2C;
            encrypted_string +=    firstbyte;
        break;
        }
    }

    return encrypted_string;
}

Game Packet Decryption (Part 1) (trollface, C++)
std::string DecryptGamePacket(int session_id, unsigned char *str, int length)
{
    std::string encrypted_string = "";
    int session_key = session_id & 0xFF;
    unsigned char session_number = session_id >> 6;
    session_number &= 0xFF;
    session_number &= 0x80000003;

    switch (session_number)
    {
    case 0:
        for (int i = 0; i < length; i++)
        {
                unsigned char firstbyte = session_key + 0x40;
                unsigned char highbyte = str[i] - firstbyte;
                encrypted_string += highbyte;
        }
    break;

    case 1:
        for (int i = 0; i < length; i++)
        {
                unsigned char firstbyte = session_key + 0x40;
                unsigned char highbyte = str[i] + firstbyte;
                encrypted_string += highbyte;
        }
    break;

    case 2:
        for (int i = 0; i < length; i++)
        {
                unsigned char firstbyte = session_key + 0x40;
                unsigned char highbyte = str[i] - firstbyte ^ 0xC3;
                encrypted_string += highbyte;
        }
    break;

    case 3:
        for (int i = 0; i < length; i++)
        {
                unsigned char firstbyte = session_key + 0x40;
                unsigned char highbyte = str[i] + firstbyte ^ 0xC3;
                encrypted_string += highbyte;
        }
    break;

    default:
        encrypted_string += 0xF;
    break;
    }

    std::vector<std::string> temp = split(encrypted_string, 0xFF);
    std::string save = "";

    for (int i = 0; i < temp.size(); i++)
    {
        save += DecryptGamePacket2(temp[i].c_str());
        save += 0xFF;
    }

    return save;
}

Game Packet Decryption (Part 2) (trollface, C++)
std::string DecryptGamePacket2(unsigned char str[])
{
    std::string decrypted_string;
    char table[] = {' ','-','.','0','1','2','3','4','5','6','7','8','9','n'};
    int count = 0;

    for (count = 0; count < strlen(str); )
    {
        if (str[count] <= 0x7A)
        {
            unsigned char len = str[count];

            for (int i = 0; i < (int)len; i++)
            {
                count++;
                decrypted_string += str[count] ^ 0xFF;
            }

            count++;
        } else
        {
            unsigned char len = str[count];
            len &= 0x7F;

            for (int i = 0; i < (int)len;)
            {
                count++;

                unsigned char highbyte = str[count];
                highbyte &= 0xF0;
                highbyte >>= 0x4;

                unsigned char lowbyte = str[count];
                lowbyte &= 0x0F;

                if (highbyte != 0x0 && highbyte != 0xF)
                {
                    decrypted_string += table[highbyte-1];
                    i++;
                }

                if (lowbyte != 0x0 && lowbyte != 0xF)
                {
                    decrypted_string += table[lowbyte-1];
                    i++;
                }
            }
            count ++;
        }
    }

    return decrypted_string;
}

Game Packet Encrypt (trollface, C++)
std::string EncryptGamePacket(string str)
{
    std::string encrypted_string;
    std::vector<std::string> buffer;

    buffer = split(str, ' ');
    encrypted_string +=    buffer[0].length();

    for (int i = 0 ; i < str.length(); i++)
    {
        if (i == buffer[0].length())
        {
            int    size = str.length() - buffer[0].length();
            encrypted_string +=    size;
        }

        encrypted_string +=    str[i] ^ 0xFF;
    }

    return encrypted_string += 0xFF;
}

02/20/2015 21:07 ernilos#4

Only decrypt long packets from client was buggy, but thought someone fixxed it lol

02/21/2015 15:08 *-OMG-*#5

Quote:

Originally Posted by ernilos

Only decrypt long packets from client was buggy, but thought someone fixxed it lol

-- LOGIN: 100% Working Cryptography:

Code:

#ifndef CRYPTOGRAPHY_HPP
#define CRYPTOGRAPHY_HPP

class Cryptography
{
public:
	static std::string DecryptPacket(std::string packet, const std::size_t length);
	static std::string DecryptPassword(std::string password);
	static std::string EncryptPacket(std::string packet);
};

#endif

Code:

#include <sstream>

#include "cryptography.hpp"

std::string Cryptography::DecryptPacket(std::string packet, const std::size_t length)
{
	for (std::size_t i = 0; i < length; i++)
		packet[i] = (packet[i] - 0x0F) ^ 0x0C3;
	return packet;
}

std::string Cryptography::DecryptPassword(std::string password)
{
	std::size_t remaining = password.length() % 4;
	password = password.erase(0, !remaining ? 4 : remaining);
	for (std::size_t i = 0; i < password.length(); i++)
		password = password.erase(i, 1);
	for (std::size_t i = 2; i < password.length(); i += 3)
		password.insert(i, " ");
	std::stringstream ss(password);
	password.clear();
	for (std::size_t i = 0; ss >> std::hex >> i;)
		password.push_back(i);
	return password;
}

std::string Cryptography::EncryptPacket(std::string packet)
{
	for (std::size_t i = 0; i < packet.length(); i++)
		packet[i] += 0x0F;
	return packet;
}

-- WORLD: 100% Working Cryptography:

Code:

#pragma once

class TCryptography
{
public:
	static std::string DecryptSessionPacket(const std::string packet);
	static unsigned char GetEndByte(const unsigned short SessionKey);
	static std::string DecryptWorldPacket(const std::string packet, const std::size_t length, const unsigned short SessionKey);
	static std::string DecryptWorldPacket(const unsigned char packet[]);
	static std::string EncryptWorldPacket(std::string packet);
};

Code:

#include "TCryptography.hpp"

std::string TCryptography::DecryptSessionPacket(const std::string packet)
{
	std::string decryptedPacket;

	unsigned char current = NULL;

	for (std::size_t i = 1; i < packet.length() - 1; i++)
	{
		current = (((unsigned char)packet[i] - 0x0F) & 0xF0) >> 4;

		switch (current)
		{
		case 0:
			decryptedPacket += 0x20;
			break;
		case 1:
			decryptedPacket += 0x20;
			break;
		case 2:
			decryptedPacket += 0x2D;
			break;
		case 3:
			decryptedPacket += 0x2E;
			break;
		default:
			decryptedPacket += current + 0x2C;
			break;
		}

		current = ((unsigned char)packet[i] - 0x0F) - (current << 4);

		switch (current)
		{
		case 0:
			decryptedPacket += 0x20;
			break;
		case 1:
			decryptedPacket += 0x20;
			break;
		case 2:
			decryptedPacket += 0x2D;
			break;
		case 3:
			decryptedPacket += 0x2E;
			break;
		default:
			decryptedPacket += current + 0x2C;
			break;
		}
	}

	return decryptedPacket;
}

unsigned char TCryptography::GetEndByte(const unsigned short SessionKey)
{
	unsigned char c = (((SessionKey >> 6) & 0xFF) & 0x80000003);

	if (c < NULL)
	{
		c = (((c - 1) | 0xFFFFFFFC) + 1);
	}

	switch (c)
	{
	case 0:
		return 0xFF + ((SessionKey & 0xFF) + 0x40);
	case 1:
		return 0xFF - ((SessionKey & 0xFF) + 0x40);
	case 2:
		return (0xFF ^ 0xC3) + ((SessionKey & 0xFF) + 0x40);
	case 3:
		return (0xFF ^ 0xC3) - ((SessionKey & 0xFF) + 0x40);
	default:
		return (char)0x10E;
	}
}

std::string TCryptography::DecryptWorldPacket(const std::string packet, const std::size_t length, const unsigned short SessionKey)
{
	unsigned char c = (((SessionKey >> 6) & 0xFF) & 0x80000003);

	if (c < NULL)
	{
		c = (((c - 1) | 0xFFFFFFFC) + 1);
	}

	std::string decryptedPacket;

	unsigned char key = (SessionKey & 0xFF) + 0x40;

	switch (c)
	{
	case 0:
		for (std::size_t i = 0; i < length; i++)
		{
			decryptedPacket += (unsigned char)packet[i] - key;
		}
		break;
	case 1:
		for (std::size_t i = 0; i < length; i++)
		{
			decryptedPacket += (unsigned char)packet[i] + key;
		}
		break;
	case 2:
		for (std::size_t i = 0; i < length; i++)
		{
			decryptedPacket += ((unsigned char)packet[i] - key) ^ 0xC3;
		}
		break;
	case 3:
		for (std::size_t i = 0; i < length; i++)
		{
			decryptedPacket += ((unsigned char)packet[i] + key) ^ 0xC3;
		}
		break;
	default:
		decryptedPacket += 0x0F;
		break;
	}

	std::vector<std::string> vector;
	boost::algorithm::split(vector, decryptedPacket, std::bind2nd(std::equal_to<unsigned char>(), (0xFF)));

	decryptedPacket = "";
	for (std::size_t i = 0; i < vector.size(); i++)
		decryptedPacket += DecryptWorldPacket((unsigned char*)vector[i].c_str());

	return decryptedPacket;
}

std::string TCryptography::DecryptWorldPacket(const unsigned char packet[])
{
	const char table[] = { ' ', '-', '.', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'n' };

	unsigned char length = NULL, high = NULL, low = NULL;

	std::string decryptedPacket;

	for (std::size_t i = 0; i < strlen((char*)packet); i++)
	{
		if (packet[i] <= 0x7A)
		{
			length = packet[i];

			for (unsigned char j = 0; j < length; j++)
				decryptedPacket += packet[++i] ^ 0xFF;
		}
		else
		{
			length = packet[i] & 0x7F;

			for (unsigned char j = 0; j < length;)
			{
				high = (packet[++i] & 0xF0) >> 4;
				low = packet[i] & 0x0F;

				if (high != NULL && high != 0x0F)
				{
					decryptedPacket += table[high - 1];
					j++;
				}

				if (low != NULL && low != 0x0F)
				{
					decryptedPacket += table[low - 1];
					j++;
				}
			}
		}
	}

	return decryptedPacket;
}

std::string TCryptography::EncryptWorldPacket(std::string packet)
{
	std::string encryptedPacket;

	std::vector<std::string> vector;
	boost::algorithm::split(vector, packet, std::bind2nd(std::equal_to<unsigned char>(), (0x20)));

	for (std::size_t i = 0; i < vector.size(); i++)
	{
		if (i > 0)
		{
			encryptedPacket += vector[i].length() + 1;
			encryptedPacket += (char)0xDF;
		}
		else
		{
			encryptedPacket += vector[i].length();
		}

		for (std::size_t t = 0; t < vector[i].length(); t++)
			encryptedPacket += vector[i][t] ^ 0xFF;
	}
	return encryptedPacket;
}