Is it possible to decrypt Server.dat in 5672+?

[derpingson]

Hello pros & noobs,

i've been wondering if why can't the itemtype.dat decrypter decrypt the server.dat file, is there a way to mess with that file?

[CptSky]

Quote:

Originally Posted by derpingson

Hello pros & noobs,

i've been wondering if why can't the itemtype.dat decrypter decrypt the server.dat file, is there a way to mess with that file?

Find the RSA keys and you'll be able to decrypt it.

[Spirited]

It's possible (and more realistic) to decrypt it; however, once decrypted, you can't encrypt it without a key that TQ keeps secret (out of the client). If you want to decrypt server.dat, you would have to hook the client to bypass the RSA decryption.

[pro4never]

As fang said, the most reasonable method would be either...

A: nop out the decryption calls so that it loads in a pre-decrypted server.dat

B: Replace the decryption calls with your own custom encryption so you can create your own server.dat that no other servers can steal. Bit more work but kinda nice to have the option if you were planning on running a very serious server.

C: Edit the login screen so that it just doesn't show servers at all. This is what most servers do as far as I'm aware.

[Lateralus]

Why hasn't the RSA private key been bruteforced? How long are the keys? Has anyone tried using the public key as the private key?

[_DreadNought_]

Example private key(taken from google)



If you want to bruteforce that be my guess.

[Lateralus]

Yes, sure, but if they use a 128-bit key or maybe even a 256-bit key (likely), then it can be cracked fairly easily and quickly.

I'm assuming it hasn't been cracked because they use a larger key, but it could also be that no one capable felt like spending the time to bruteforce it when it could be ignored/replaced.

[CptSky]

Quote:

Originally Posted by Lateralus

Yes, sure, but if they use a 128-bit key or maybe even a 256-bit key (likely), then it can be cracked fairly easily and quickly.

I'm assuming it hasn't been cracked because they use a larger key, but it could also be that no one capable felt like spending the time to bruteforce it when it could be ignored/replaced.

high6 had the keys for decrypting the server.dat back in the days. He removed his tool and the source at some point and I no longer have it. For the encryption keys, nobody ever tried I think.

[Lateralus]

Ouch. It's 2048 bits. Nevermind.

[derpingson]

Quote:

Originally Posted by pro4never

B: Replace the decryption calls with your own custom encryption so you can create your own server.dat that no other servers can steal. Bit more work but kinda nice to have the option if you were planning on running a very serious server.

no serious server, no server, nothing, i'm just trying to learn more tricks.

Quote:

I'm assuming it hasn't been cracked because they use a larger key, but it could also be that no one capable felt like spending the time to bruteforce it when it could be ignored/replaced.

he said can be ignored/replaced, the ConquerLoaderv5 doesn't work anymore on these clients, and when i took a look at some egy servers, i found they're using some messed ****, sometimes it works, sometimes it doesn't.

Is there an available Loader for 5672+ clients? did the old loader got updated/upgraded and i didn't know?

[Super Aids]

I'm almost certain that it still works, the problem is a little encryption change.

[_DreadNought_]

Encryption change is irrelevant.

Nullable's loader works by hooking the ws2_32.dll connect() function in Conquer, and simply modifying the sockaddr values to whatever you have in Loaderset.ini

That's it, nothing fancy.

If you want to create your own launcher there's guide how todo this:




Also,

The encryption change you're talking about is just the game encryption key.

New key: C238xs65pjy7HU9Q

What is however interesting is seeing "AFX_CLIENTSECURITY_H__4556C08B_9069_4D74_83AB_94C F9498D606__INCLUDED_%d" after the key.

(yes, i used notepad because real men use notepad -- it was quicker)

[derpingson]

thank you very much guys, hearing(reading) you and knowing your point of view in several thing was a great pleasure.

I hope someday, i can as helpful and useful as you guys

Thanks

[Xio.]

Quote:

Originally Posted by xxmorchidxx

½ڑظُٹpلسiXù-KEٌ‚6;عUZï8ùvغشrً—§HBعض–م-Dزٍےگ K·e.tہں¸vبٍ[چضزgw"ه¶y77ôک·3شPk½”
¾(]-ثG±¶,‡KBâ×C=،NOAèOذ^ٹ¹„ک6Wù9*ءbف¼¨/صصù.›ù0ءح¸Q½ںâ*ے^ڈRچéْlم)”3!ٌ،·¥aھةش†>ز؟"ءJT ²|\÷ےأô3Lإ5؛'ضfS2ط·<†@ک Rء(
f¤زSگـê4کنM= \¼,x´ثIîx#¼ي £WL´~جg¶ †jéئ’–أc€X«éع4ب€ىSï€'?>M1غ´&^!ظںط3پ‡ح-P‎ہ³8«{‹–ة¸وے½؛‚.¦ذwE—Nü(،ہسD²¼جzےM
ذü:جJ0{ف¶ wù<?*B%²*+7ف 9™eخôصصXح) ¶ڈ/ةO؟
†ںغ41@ُ¼آfخ{„–h]\'´س¾9-A؟»*‎=¸ه²(´W°j¶aا¦Y}YQظٍ؟Y؟ئT»u؟}خƒ5aٌ‏sى%چذE² ´S¥رشU¼@Aي
um‡ْZ2Bvً›rچ*œyشt0uنى5؛بصخLث/¤لأ¹‡ِ£ذ«V`—JإbNغ‘cحùœط؟مطه"…£ûْے>ٌ"!ة½ت4)ـ *´ث´2ك¾قجr£—ûٍٹ*+§2€دêB3Bپmٹ€آ؛^ïقü¼„>ةE¦‰ˆا ˆ^`ك¾ف%ôo‎©7$ي 8oKپ¢wn/¬?*!¬‡8O6ê•fûظ'”YSسü~•رu
ك†@NڑVt*w؟¥ھ*{+^{àŒ+g.B8za*}شں=«9؟ےكc¤9ِœ´F·t÷N[c‎•*لù8›C]ضI"ہôè„
ر›=‎Ox¼ؤّئVcç‎G@lہsu¢
¹²G긦°¶پ-ُéأulƒحqعp)™¯ےû·J»TBKz´rI‡éَ©ِ¦*\‡گç‏—ھ$ ¬چ²= ´ر.™´©ƒ²ص@³2,9·Œˆ
خeV®l™حb£&ِXى
چةتy؛ثLQŒقب·‚؟أھ·?iD`*ك´’Cا÷Wع”[ R* (،’L?wysہ eW@o0f.*[Sإ½¥¼3®هuPè²کt‏#¬>¥—"ج؟شZ3ّ8çخE¸K°q
(ک·&^§‡ظھ`پ}±Cدëچù~Y9@__ëش]8$ذ%Z¶2rفof«ƒتم“*y\ZuJضgبB„ذ¦.Rùï*ھM
àڈR1©aا#*عآ‰ہس¥ر–ZCچر(¥$¶إN8عر‹\¥5?e÷*
uة9<=èئc”ü§ي(IصCTpغ0ْ®ـ¸tض†<Oê´‘ت"ء8)4³îïDbˆمهé¢[6ùë™^ے€’نçtس`¶ٍه+وpCقï“9ىc3‎ـ8‚³إـqُH£~پ’«Cث3‘َ ©y¾ذوا7ک9±آ„2يfخھ€ءJ½“ €‰ٹëG*¹¥؛*V}ظfآt 3^êH«t¸vو†ژ<yë„52فXEƒm‎ùàkPƒˆ^a[€•ذ<oچ*;ر؟*rط£;ت‏àMj?T“Ajا±¹‎Sم5uO/‘/ج-¹مغرؤطuûym]k2_FàH،*®fR) àـ¼tس*-¦ا–²97ù¼FپD™ر³·عoشض[ر¬‹r1*“1َ؟jئ¥
Bإp%”
ہJiہ·Uj*_âLغہك›£¸M@Mï¦jW*{÷ْؤùa!9%©±ُƒi‎¨„*\dK ¤دي‏E,د´ذ
HI¸WسمDœ)ٍء¢…ئ²aüظs[³D‚ت¢2€UقثO¬*¸C‰آّSQZڈëث±ovî–8)£؟±eBèء؟ïْV‘ـ!îE3î„®oOچ&خ؛X§S*³ُْےPپI
ù*&Œa©›ء،4‚÷z#G ـلJœLO.J% تy‘‏ل
1Eٹ£إ¤‎@،ƒù]v'¨هu,$|¸ûت4e?x2اوçً:ف?ط*ٍ*ڈW*«£I”ف²N0z¦؟mƒ5 v¨¦َôkٍ¦¦>1\;{ںçىپإLم.
!آàŒT/.'ںا?ؤ©P¥دˆwà·Œ
؟ک
%¨ڈ¶=ح|َخ¹gم.$$(±±نئ@£Œ÷k‚.ٍج#<ڈCH¸ذقCëعCùرو1 کê׌*eهشüj%yد‚X+ں’h„Y ي’_H¨ے½سœآھîوH±²Yِè¶4‚÷<S ¾`B؛Uh¥JMl.UكqـR ,


can you encrypt this

Looks encrypted to me.

[Ultimation]

the server.dat encryption key is 2048 bytes, i have wrote a program to decrypt, replace the public key in the client with a new keypair, and then i can encrypt using my own key pair.

I think that is the closest anyone has bothered to go without the need of hooking.