New Encryption (Key) [Patch 5509]

Belth · 07/07/2011, 21:17

"BC234xs45nme7HU9"

Still doesn't seem to decrypt the server's key exchange packet. Did something else change or am I doing something wrong?

~~pro4never~~ · 07/07/2011, 21:24

Santa · 07/07/2011, 22:28

Must be Tqs new "proxy protection"

shitboi · 07/10/2011, 05:06

yeah, i was wondering why CO closes after the auth process.

KraHen · 07/12/2011, 13:43

Is the encryption replaced? Or a new layer was added? What did I miss?

shitboi · 07/13/2011, 15:39

encryption wise, looks like nothing has changed. just changed the default blowfish key.

~~pro4never~~ · 07/13/2011, 23:08

Quote:

Originally Posted by shitboi

encryption wise, looks like nothing has changed. just changed the default blowfish key.

So I may be way off base here cause I've barely looked into it at all but I'd say a few things from just observations.

#1: It's a new layer to blowfish: The encryption key is still in client (changed as people already pointed out)

2: It's not JUST the key: Proof being that no bots were working including my basic packet logger. If you try to use the new encryption key you will not be able to set up your blowfish properly (***** up trying to read the exchange packets).

Again just going off observations here but I'd say it's a new layer to blowfish but not a full encryption change.

Santa · 07/14/2011, 11:48

Quote:

Originally Posted by pro4never

#1: It's a new layer to blowfish: The encryption key is still in client (changed as people already pointed out)

I've just gotta say. Most encryptions use an encryption key.

With that being said, there are numerous possibilities. But it is TQ.

xmen01235 · 07/14/2011, 16:11

Quote:

Originally Posted by shitboi

encryption wise, looks like nothing has changed. just changed the default blowfish key.

Sounds like you have made your proxy work again. And it's nice to see that you've finished your proxy already man.

I've been out for many months because of work so I did not able to contact you last time when you were working on it.

shitboi · 07/15/2011, 16:02

Quote:

Originally Posted by xmen01235

Sounds like you have made your proxy work again. And it's nice to see that you've finished your proxy already man.

I've been out for many months because of work so I did not able to contact you last time when you were working on it.

It worked. yeah! haha.

Well, it is not working now.
I was actually looking at the packet sequences/sizes when i arrived at my previous conclusion. I guess I was jumping to conclusion too early.

Just for a side note, when i compared the login packets from English CO to Chinese CO, there only difference i saw is that Chinese attempted to get a response from another Server right after obtained the DiffieHellsman info packet.

Again like Pro4never has suggested, this might be another layer or encoding before the actual blowfish implementation. N

KraHen · 07/15/2011, 16:34

RSA

_DreadNought_ · 07/15/2011, 18:21

No.

KraHen · 07/15/2011, 19:54

I meant parts of the RSA headers are surely used in the code, I`m pretty bad when it comes to RE.

_DreadNought_ · 07/15/2011, 20:09

Uhm, afaik, no.

I know what your getting at, The client does contain RSA but has nothing todo with the new enc.

~~Cyanogen~~ · 07/15/2011, 21:54

I think the RSA has to do with the Server.dat decryption, they keep the private key to themselves so no one can create an encrypted Server.dat. If they used that technique on the encryption all proxies would be ******.