Register for your free account! | Forgot your password?

You last visited: Today at 03:13

  • Please register to post and access all features, it's quick, easy and FREE!

 

the new server.dat?

Reply
 
Old   #1
 
elite*gold: 0
Join Date: Nov 2006
Posts: 210
Received Thanks: 42
the new server.dat?

does anyone know how the new server.dat works i have tried translating and it seems like a bunch of gibberish



majick is offline  
Old   #2
 
elite*gold: 0
Join Date: Sep 2005
Posts: 25
Received Thanks: 2
me 2,i tried to use google translate to do that but in serverdat not only have chinese but also have other characters. Plz who know this new dat file tell me


intelman is offline  
Old   #3
 
elite*gold: 20
Join Date: Jun 2005
Posts: 1,013
Received Thanks: 379
K, since I've given up on it, cba wasting more time. I'll give you what I've done, you can try and finish it if you want.

Code:
int decrypt_server_dot_dat()
{
    FILE* f = fopen("server.dat", "rb");
    FILE* g = fopen("n.dat", "rb");

    fseek(f, 0, SEEK_END);
    int filelen = ftell(f);
    uint8_t* bufferin = new uint8_t[filelen];


    fseek(f, 0, SEEK_SET);
    fread(bufferin, 1, filelen, f);
    fclose(f);

    //rotate bytes in 'n' because BN_bin2bn() requires it...
    uint8_t* reversed_n = new uint8_t[0x100];
    char c;
    for (int i=0;i<0x100;i++)
    {
        fread((void*)&c, 1, 1, g);
        reversed_n[0xFF-i] = c;
    }
    fclose(g);

    RSA* rsa = RSA_new();
    rsa->n = BN_new();
    rsa->e = BN_new();
    BN_bin2bn(reversed_n, 0x100, rsa->n);
    BN_hex2bn(&rsa->e, "01");
    rsa->n->flags = 1;
    rsa->e->flags = 1;
    rsa->flags = 6;
    rsa->references = 1;
    RSA_set_method(rsa, RSA_PKCS1_SSLeay());
    RSA_memory_lock(rsa);

    uint8_t* bufferout = new uint8_t[RSA_size(rsa)];

    int decrypted = RSA_public_decrypt(0x100, bufferin, bufferout, rsa, RSA_PKCS1_PADDING);

    RSA_free(rsa);

    if (decrypted==-1)
    {
        printf("%d", ERR_get_error());
        printf("Error decrypting file");
    }
    else
    {
        FILE* h = fopen("decrypted_server.dat", "wb");
        fwrite(bufferout, 1, decrypted, h);
        fclose(h);
    }
    return 0;
}
where n.dat is just a binary file containing
Code:
09 54 80 D8 E4 A2 87 0B 83 03 C7 B7 18 6E 3B C3 39 6E B6 71 BE 26 49 E5 50 66 A0 82 60 0A 3D CD 26 D6 F5 67 E7 33 0B A6 7D 2C 9F EF 60 85 91 EF 4C 95 B0 C2 11 2C B8 4E EE 97 1B CD 70 9E 62 FC FA F0 24 D7 92 83 C3 94 CC D2 54 81 64 34 9F E9 12 F1 3C 09 A2 78 50 5A B1 0C 45 F4 FA A7 9E BD 51 C2 E4 95 B0 0A 21 99 15 59 37 9B 1C FE 88 9E ED 7E 65 17 65 F5 20 A7 DA DE 47 2D 0C E6 80 97 D3 8D 0A 01 08 D2 26 17 24 7B BE 30 70 DC FE 93 76 A7 80 1A 67 BF DF 38 9B 6B 9B A1 3E 04 6E 29 99 98 29 95 23 5C 25 7B F8 E4 88 EE A5 E6 64 9B 89 3C 84 D7 6D A6 70 7E E0 35 47 44 A7 F2 20 22 16 B2 A3 AE B3 68 F1 44 B9 D8 39 8A 8A C7 9A A9 CA 49 3D 78 14 17 73 A0 40 AE 35 62 C7 3A B0 FA B3 46 E2 44 26 7B 10 0E 4F 08 D2 A9 03 2B 8A C3 D7 A7 10 C0 8E A6 7F 95 0C AC 6B 9B 33 BD F5 BE
Basically, I'm passing exactly the same arguments as the client to RSA_public_decrypt(), but getting a different result to the client. (It's returning -1/ERROR). I've traced this a little further and it appears to be a problem when RSA_eay_public_decrypt() calls BN_mod_exp_mont();. The first BIGNUM argument is returned with twice the length it should have, and I can't figure out what's up with it.

It could possibly be something to do with the latest commits on the file here:
, where someone has tried messing with size_ts. TQ might be using one of these bad file versions perhaps. I've not got any more patience to recompile openssl and shit though.

A couple of pointers if you wanna gget debugging (for 5078)

Code:
User-defined labels, item 6
 Label=<libeay.RSA_eay_public_decrypt()> 00525D70
 Disassembly=MOV EAX,8

User-defined labels, item 8
 Label=<libeay.BN_mod_exp_mont()> 0052CF40
 Disassembly=MOV EAX,9C
Oh, and after decryption the stream needs inflating using zlib, but that's pretty self explanatory.

K, that's me done.
unknownone is offline  
Thanks
2 Users
Old   #4
 
elite*gold: 0
Join Date: Nov 2006
Posts: 210
Received Thanks: 42
Now there's an example of useful information ,
I personally have to go read stuff every time I start doing something. I'm still a freshmen.


Please don't spam this thread with anything stupid like can I please have the bypass

refer to the above thread, thats the type of postings we need here to avoid pages of spam
majick is offline  
Reply



« Previous Thread | Next Thread »



All times are GMT +1. The time now is 03:13.


Powered by vBulletin®
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.

Support | Contact Us | FAQ | Advertising | Privacy Policy | Abuse
Copyright ©2017 elitepvpers All Rights Reserved.