Odd packet decryption problem

[InsomniacPro]

So, I have pre-5018 Encryption/Decryption. I get past the account server, and the message server receives 1052. Decrypts it perfectly fine. Then I send 1004 with "NEW_ROLE" since no character is currently in the database. Once I attempt to create a character, the server decrypts that packet wrong. I change the decrypt keys using the following method after 1052 is received.

 Spoiler

Code:

    public void ChangeDecryptKeys(int accountId, int token)
    {
        Int32 tmpkey1 = (Int32)((((token) + accountId) ^ 0x4321) ^ (token));
        Int32 tmpkey2 = (Int32)(tmpkey1 * tmpkey1);
        crypt3 = new byte[0x100]; crypt4 = new byte[0x100];
        byte[] tmp1 = BitConverter.GetBytes(tmpkey1);
        byte[] tmp2 = BitConverter.GetBytes(tmpkey2);
        for (int i = 0; i < 256; i++)
        {
            crypt3[i] = (byte)(crypt1[i] ^ tmp1[i % 4]);
            crypt4[i] = (byte)(crypt2[i] ^ tmp2[i % 4]);
        }
        alternate = true;
    }

And here's my decrypt method.

 Spoiler

Code:

    public void Decrypt(byte[] bufInput, byte[] bufOutput, int size)
    {
        for (int i = 0; i < size; i++)
        {
            bufOutput[i] ^= (byte)(bufInput[i] ^ 0xab);
            bufOutput[i] = (byte)(bufOutput[i] >> 4 | bufOutput[i] << 4);
            if (!alternate)
                bufOutput[i] ^= (byte)(crypt2[_decryptCounter.Key2] ^ crypt1[_decryptCounter.Key1]);
            else
                bufOutput[i] ^= (byte)(crypt4[_decryptCounter.Key2] ^ crypt3[_decryptCounter.Key1]);

            _decryptCounter.Increment();
        }
    }

I cannot seem to find the reason for the packets being decrypted incorrectly. Any ideas, or experience with this same issue? Resetting the key counter does not work btw.

[CptSky]

Code:

        /// <summary>
        /// Generates a key (Key) to use for the algorithm and reset the encrypt counter.
        /// In Conquer Online: A = Token, B = AccountUID
        /// </summary>
        public void GenerateKey(Int32 A, Int32 B)
        {
            Kernel.assert(BufIV != null);
 
            if (BufKey != null)
                Kernel.free(BufKey);

            BufKey = (Byte*)Kernel.malloc(COSAC_KEY);
            Int16 K = COSAC_KEY / 2;

            UInt32 tmp1 = (UInt32)(((A + B) ^ 0x4321) ^ A);
            UInt32 tmp2 = tmp1 * tmp1;

            Byte* tmpKey1 = (Byte*)&tmp1;
            Byte* tmpKey2 = (Byte*)&tmp2;
            for (Int16 i = 0; i < K; i++)
            {
                BufKey[i + 0] = (Byte)(BufIV[i + 0] ^ tmpKey1[(i % 4)]);
                BufKey[i + K] = (Byte)(BufIV[i + K] ^ tmpKey2[(i % 4)]);
            }
            EncryptCounter = 0;
        }

Yours seems wrong. You don't reset the counter. And maybe you're interverting the parameters ?

[InsomniacPro]

Quote:

Originally Posted by CptSky

Code:

        /// <summary>
        /// Generates a key (Key) to use for the algorithm and reset the encrypt counter.
        /// In Conquer Online: A = Token, B = AccountUID
        /// </summary>
        public void GenerateKey(Int32 A, Int32 B)
        {
            Kernel.assert(BufIV != null);
 
            if (BufKey != null)
                Kernel.free(BufKey);

            BufKey = (Byte*)Kernel.malloc(COSAC_KEY);
            Int16 K = COSAC_KEY / 2;

            //UInt32 tmp1 = 0;
            //tmp1 = (UInt32)(A + B);

            //Byte* tmpKey1 = (Byte*)&tmp1;
            //((Int16*)tmpKey1)[0] ^= 0x4321;

            //for (SByte i = 0; i < 4; i++)
            //    tmpKey1[3 - i] ^= (Byte)(A >> (24 - (8 * i)));

            UInt32 tmp1 = (UInt32)(((A + B) ^ 0x4321) ^ A);
            UInt32 tmp2 = tmp1 * tmp1;

            Byte* tmpKey1 = (Byte*)&tmp1;
            Byte* tmpKey2 = (Byte*)&tmp2;
            for (Int16 i = 0; i < K; i++)
            {
                BufKey[i + 0] = (Byte)(BufIV[i + 0] ^ tmpKey1[(i % 4)]);
                BufKey[i + K] = (Byte)(BufIV[i + K] ^ tmpKey2[(i % 4)]);
            }
            EncryptCounter = 0;
        }

Yours seems wrong. You don't reset the counter. And maybe you're interverting the parameters ?

I don't see how resetting the encrypt counter would do anything, considering its my decrypting that isn't working properly. And I used my same method in my prior source, and it worked perfectly.

[Korvacs]

They are exactly the same methods, his is just neater. He also said he's tried resetting the counters.

[CptSky]

Quote:

Originally Posted by InsomniacPro

I don't see how resetting the encrypt counter would do anything, considering its my decrypting that isn't working properly. And I used my same method in my prior source, and it worked perfectly.

Yeah, just don't forget it As I said, it's probably the arguments which are wrong. Maybe you don't extract them from the packet correctly or you interverted them.

Oh, and I'm not sure if it works with Int32 for tmps. I think you'll overflow them and won't get the appropriate bytes. Like if tmp1 * tmp1 > 2 G, it will be trimmed to 2 G when casting... So, it won't be the same bytes.

Quote:

Originally Posted by Korvacs

They are exactly the same methods, his is just neater. He also said he's tried resetting the counters.

Missed the part where he said he tried to reset the counters.

[Korvacs]

The Int32's aren't an issue its the same encryption used in the CUOSP source I wrote.

[InsomniacPro]

Well, I had the parameters switched. That's what was causing the issue. Thanks to all.