[Help]Password Decryption on CoEmu V2

JobvdH · 02/21/2012, 15:58

Hello people,

Does someone know how to decrypt the password?
RC5 Layer gives me the following error:
The arithmetic operation resulted in an overflow.

On this line:

Code:

passInts[i] = (uint)reader.ReadInt32();

Thanks in advanced,
Jobdvh!

Kiyono · 02/21/2012, 17:12

It doesn't use RC5 but the old password encryption.

JobvdH · 02/21/2012, 17:28

And which password encryption is that?

-impulse- · 02/21/2012, 17:39

Quote:
Originally Posted by JobvdH
Hello people,

Does someone know how to decrypt the password?
RC5 Layer gives me the following error:
The arithmetic operation resulted in an overflow.

On this line:
Code:
passInts[i] = (uint)reader.ReadInt32();
Thanks in advanced,
Jobdvh!

Code:

passInts[i] = reader.ReadUInt32();

or

Code:

passInts[i] = Convert.ToUInt32(reader.ReadUInt32());

JobvdH · 02/21/2012, 17:45

Thanks for you answer impulse,
Now I get the same error on another line:

Code:

temp2 = RightRotate(temp2 - _key[j * 2 + 6], temp1) ^ temp1;

Heres my decrypt void:

Code:

        public static string Decrypt(byte[] bytes)
        {
            BinaryReader reader = new BinaryReader(new MemoryStream(bytes, false));
            uint[] passInts = new uint[4];
            for (uint i = 0; i < 4; i++)
                passInts[i] = Convert.ToUInt32(reader.ReadUInt32());


            uint temp1, temp2;
            for (int i = 1; i >= 0; i--)
            {
                temp1 = passInts[(i * 2) + 1];
                temp2 = passInts[i * 2];
                for (int j = 11; j >= 0; j--)
                {
                    temp1 = RightRotate(temp1 - _key[j * 2 + 7], temp2) ^ temp2;
                    temp2 = RightRotate(temp2 - _key[j * 2 + 6], temp1) ^ temp1;

                }
                passInts[i * 2 + 1] = temp1 - _key[5];
                passInts[i * 2] = temp2 - _key[4];

            }
            BinaryWriter writer = new BinaryWriter(new MemoryStream(bytes, true));
            for (uint i = 0; i < 4; i++)
                writer.Write((int)passInts[i]);
            for (int i = 0; i < 16; i++)
                if (bytes[i] == 0)
                    return Encoding.ASCII.GetString(bytes, 0, i);
            return Encoding.ASCII.GetString(bytes);
        }

CptSky · 02/21/2012, 23:27

Quote:

Originally Posted by Kiyono

It doesn't use RC5 but the old password encryption.

The old password encryption is RC5...

N.B. Maybe you can check my public implementation.

_DreadNought_ · 02/21/2012, 23:34

Quote:
Originally Posted by JobvdH
Hello people,

Does someone know how to decrypt the password?
RC5 Layer gives me the following error:
The arithmetic operation resulted in an overflow.

On this line:
Code:
passInts[i] = (uint)reader.ReadInt32();
Thanks in advanced,
Jobdvh!

Quote:

Originally Posted by JobvdH

Thanks for you answer impulse,
Now I get the same error on another line:

Code:

temp2 = RightRotate(temp2 - _key[j * 2 + 6], temp1) ^ temp1;

Heres my decrypt void:

Code:

        public static string Decrypt(byte[] bytes)
        {
            BinaryReader reader = new BinaryReader(new MemoryStream(bytes, false));
            uint[] passInts = new uint[4];
            for (uint i = 0; i < 4; i++)
                passInts[i] = Convert.ToUInt32(reader.ReadUInt32());


            uint temp1, temp2;
            for (int i = 1; i >= 0; i--)
            {
                temp1 = passInts[(i * 2) + 1];
                temp2 = passInts[i * 2];
                for (int j = 11; j >= 0; j--)
                {
                    temp1 = RightRotate(temp1 - _key[j * 2 + 7], temp2) ^ temp2;
                    temp2 = RightRotate(temp2 - _key[j * 2 + 6], temp1) ^ temp1;

                }
                passInts[i * 2 + 1] = temp1 - _key[5];
                passInts[i * 2] = temp2 - _key[4];

            }
            BinaryWriter writer = new BinaryWriter(new MemoryStream(bytes, true));
            for (uint i = 0; i < 4; i++)
                writer.Write((int)passInts[i]);
            for (int i = 0; i < 16; i++)
                if (bytes[i] == 0)
                    return Encoding.ASCII.GetString(bytes, 0, i);
            return Encoding.ASCII.GetString(bytes);
        }

Accoding to e*pvp you posted the second error within 2 hours of fixing the first one, you have NOT tryed very hard at ALL.

Try for a day or two and if you still have troubbles then make a thread but 2 hours is just stupid, I've spent 3 days on just one error before. It pays off.

Kiyono · 02/22/2012, 09:15

Quote:

Originally Posted by CptSky

The old password encryption is RC5...

N.B. Maybe you can check my public implementation.

Really? Didn't know that. I only saw the word "RC5" appearing in relation to the password decryption after the new password encryption came along so figured that the old one didn't use it.

JobvdH · 02/22/2012, 09:47

Well I've already got a solution that Fang gave me, I'm gonna try that out if it doesn't work out I'll post again.
Atleast thanks for the support!
Btw wasn't RC5 a layer for old password encryptions because Fang told me that NetDragon's Pass Encryption is in version 5017 - 5165 and after that version it should be something else like RC5 maybe?

Spirited · 02/22/2012, 11:04

Here's mine from patch 5017... i'm not sure if it works on 5095 though. (I'm not too familiar with the password cryptography in 5095).

Code:

using System.Runtime.InteropServices;

    public unsafe class PasswordCipher
    {
        private static uint[] _key = new uint[] { 
            0xebe854bc, 0xb04998f7, 0xfffaa88c, 0x96e854bb, 0xa9915556, 0x48e44110, 
            0x9f32308f, 0x27f41d3e, 0xcf4f3523, 0xeac3c6b4, 0xe9ea5e03, 0xe5974bba, 
            0x334d7692, 0x2c6bcf2e, 0xdc53b74, 0x995c92a6, 0x7e4f6d77, 0x1eb2b79f, 
            0x1d348d89, 0xed641354, 0x15e04a9d, 0x488da159, 0x647817d3, 0x8ca0bc20, 
            0x9264f7fe, 0x91e78c6c, 0x5c9a07fb, 0xabd4dcce, 0x6416f98d, 0x6642ab5b
         };

        public static sbyte* Decrypt(uint* password)
        {
            for (int i = 1; i >= 0; i--)
            {
                uint temp1 = *((uint*)(password + (i * 2) + 1));
                uint temp2 = *((uint*)(password + (i * 2)));
                for (int j = 11; j >= 0; j--)
                {
                    temp1 = (uint)RollRight(temp1 - _key[(j * 2) + 7], (byte)temp2) ^ temp2;
                    temp2 = (uint)RollRight(temp2 - _key[(j * 2) + 6], (byte)temp1) ^ temp1;
                }
                password[(i * 2) + 1] = temp1 - _key[5];
                password[i * 2] = temp2 - _key[4];
            }
            return (sbyte*)password;
        }

        public static sbyte* Encrypt(uint* password)
        {
            for (int i = 1; i >= 0; i--)
            {
                uint temp1 = _key[5] + password[(i * 2) + 1];
                uint temp2 = _key[4] + password[i * 2];
                for (int j = 0; j < 12; j++)
                {
                    temp2 = (uint)RollLeft(temp1 ^ temp2, (byte)temp1) + _key[(j * 2) + 6];
                    temp1 = (uint)RollLeft(temp1 ^ temp2, (byte)temp2) + _key[(j * 2) + 7];
                }
                password[i * 2] = temp2;
                password[i * 3] = temp1;
            }
            return (sbyte*)password;
        }

        public static int RollLeft(uint value, byte roll)
        {
            roll = (byte)(roll & 0x1f);
            return (int)((value << roll) | (value >> (0x20 - roll)));
        }
        public static int RollRight(uint value, byte roll)
        {
            roll = (byte)(roll & 0x1f);
            return (int)((value << (0x20 - roll)) | (value >> roll));
        }
    }

JobvdH · 02/22/2012, 11:49

I tried, and I tried and I tried but i can't get it done, it still gives me the error:
The arithmetic operation resulted in an overflow.

And I don't know why!?
It's kinda frustrating me, I try to get this done for 2 days.

Kiyono · 02/22/2012, 16:31

Why are you using CoEmu v2 anyway? EliteCoEmu has the password decryption implemented.

JobvdH · 02/22/2012, 16:47

Elite-CoEmu is a pain to setup, and the creator of Elite-CoEmu has set it up for me, but it didn't seem to work on my computer so thats why.

CptSky · 02/22/2012, 17:15

Quote:

Originally Posted by Kiyono

Really? Didn't know that. I only saw the word "RC5" appearing in relation to the password decryption after the new password encryption came along so figured that the old one didn't use it.

Because before that, the password encryption wasn't really known by the public. When TQ added a new layer over the RC5 and that the RC5 was seeded with a random seed, it became less important to keep the information private. Also, the only public implementation was really badly implemented.

Quote:

Originally Posted by JobvdH

[...]Btw wasn't RC5 a layer for old password encryptions because Fang told me that NetDragon's Pass Encryption is in version 5017 - 5165 and after that version it should be something else like RC5 maybe?

RC5 is used since the beta of Eudemon Online for the password. At patch 5180, TQ added a new layer over this crypto, plus they added a random seed.

JobvdH · 02/22/2012, 21:36

Oh alright, but back to the topic does someone know how to fix this error I don't have any clue