Digging the Game Encryption at CoGen Code

xmen01235 · 05/19/2012, 11:16

Code:

        public GameCrypto()
        {
            [COLOR="red"]Class0.N47LJ78z09Kgf();[/COLOR]
            this.ClientIV = new byte[8];
            this.ServerIV = new byte[8];
            .........
            .........
            .........
        }

Code:

using System;

internal class Class0
{
    private static bool bool_0;

    internal static void N47LJ78z09Kgf()
    {
    }
}

This line makes me confuse.

Class0.N47LJ78z09Kgf();

shitboi · 05/19/2012, 14:05

code obsfuscation? He might have purposely named it that way, use his look up table to find the corresponding documentation for that function. Can you locate that function, you mgiht be able to make some sense out of it?

KraHen · 05/19/2012, 14:37

Right click - go to definition. Should be an empty function dropped out by the reflection IMO.

donn · 05/19/2012, 15:21

Anyway, password encryption is done by his auth server, current game enc ain't in the reflected source.

InfamousNoone · 05/19/2012, 18:13

You can get the game encryption from various sources that are intended to run on a higher patch (I believe). Trying to find it in the COG source code is unnecessarily shooting yourself in the foot. Also, the password encryption isn't in his src.

xmen01235 · 05/19/2012, 18:45

So it is the reflected function.

Did you guys edited the client for the dynamic keys? It seems that the game encryption function did not change a lot except for the reflected function which inserted at the beginning of the gamecrypto function.

_DreadNought_ · 05/21/2012, 00:50

The game encryption didnt change, the DHKey exchange did, that should be in the source.

The password encryption he uses the COGen auth servers to do all the encrypting, however if you want to crash cogenius then there encryption they use to communicate with the bot->cogen is in there.

Find all references and go to definition buttons should help you figure that out.

Enjoy.

KraHen · 05/21/2012, 08:40

Anyways the password encryption is completely unnecessary for proxy functions.

_DreadNought_ · 05/23/2012, 09:53

what about clientless KraHen?

KraHen · 05/23/2012, 12:37

I was talking about proxy, man-in-the-middle functions.

Korvacs · 05/23/2012, 13:49

Yeah, but he was pointing out that there's been no mention of what the encryption was for so you cant assume that its for a proxy and therefore unnecessary.

KraHen · 05/24/2012, 00:14

I really don`t see someone who is capable of creating a clientless bot asking questions like the OP, so I just assumed that it`s either for a proxy or a server, non of which truly require the password cryptography. But that may be just because I`m cynic as well.

_DreadNought_ · 05/24/2012, 10:03

Just because a server doesnt truly require the new password encryption its the correct a way to go about it.

KraHen · 05/24/2012, 12:16

Why exactly? In the DB you`re storing hashed passwords anyways, be that encrypted from the real password or the encrypted one, you`re not really supposed to reverse the hash, so I`d say it`s pointless. Though this is just my opinion.

~~I don't have a username~~ · 05/24/2012, 13:11

TQ doesn't hash their passwords, if I'm correct. Unless they've started doing it, but I know they didn't do in the past.