Register for your free account! | Forgot your password?

You last visited: Today at 11:44

  • Please register to post and access all features, it's quick, easy and FREE!

 

[HELP] Password encryption

Reply
 
Old   #16
 
elite*gold: 0
Join Date: Oct 2005
Posts: 295
Received Thanks: 340
The password encryption is basically the same as before with some added extras. The server now sends a extra 32 bit cypher before login starts, the base key has changed, there is a character by character substitution before encryption, and a further encryption based on the ascii sum of the pz user name.

I did get quite far into working it out before other commitments took me away. If I get back on it in the near future I'll probably post here with it.



Qonquer is offline  
Old   #17
 
elite*gold: 20
Join Date: Jun 2005
Posts: 1,013
Received Thanks: 379
Yeah, it's still RC5. The key to seed it now is based on that int received from the server. It's used to create some 16 random bytes (srand(), rand() from msvcrt), and the 16 byte sequence is what seeds the RC5.

In addition to the RC5 though, there's another layer of encryption, which is seeded from the sum of all the username's character's ASCII values, and that seed then creates a 256 int16 key, which is then sorted by most sig byte only. The cryptography then works based on key indexes and converting scan codes to virtual key characters (ie, MapVirtualKey());

.Net implementation of that part here anyway. Reflect it if you need to port to another language. It has no external dependencies.

Also an RC5 implementation for those who were lazy and hardcoded the old key rather than implementing the keygen routine.

Credit to Ultimation & Myself.
Attached Files
File Type: rar PasswordCryptographer.rar (4.1 KB, 139 views)
File Type: rar RC5.rar (2.1 KB, 115 views)


unknownone is offline  
Thanks
21 Users
Old   #18
 
elite*gold: 0
Join Date: Dec 2009
Posts: 7
Received Thanks: 0
Quote:
Originally Posted by unknownone View Post
Actually, they previously used RC5, and more recently, began using their own algorithm (which still uses part of the RC5, with modifications).
Why are you such a nerd?
Neo~ is offline  
Old   #19
 
elite*gold: 0
Join Date: Nov 2009
Posts: 129
Received Thanks: 45
Quote:
Originally Posted by Neo~ View Post
Why are you such a nerd?
He knows his stuff, which is very fortunate for us, as he most likely makes up for all the retards here.


~Falcon is offline  
Old   #20
 
elite*gold: 0
Join Date: Jan 2009
Posts: 1,922
Received Thanks: 490
Quote:
Originally Posted by Neo~ View Post
Why are you such a nerd?
just because hes smarter than you doesn't make him a nerd. just a highly advanced human being. either that or your just retarded.
PeTe Ninja is offline  
Old   #21
 
elite*gold: 0
Join Date: Aug 2009
Posts: 919
Received Thanks: 442
Quote:
Originally Posted by Zion~ View Post
It depends on the version. From 4267 to 5017 TQ used the blowfish(cipher) algorithm and for their latest patch a modified version of RSA is used (as far as I know).
5165 updated lotf version also uses blowfish
.Guru is offline  
Old   #22
 
elite*gold: 0
Join Date: Oct 2005
Posts: 295
Received Thanks: 340
Quote:
Originally Posted by unknownone View Post
Yeah, it's still RC5. The key to seed it now is based on that int received from the server. It's used to create some 16 random bytes (srand(), rand() from msvcrt), and the 16 byte sequence is what seeds the RC5.

In addition to the RC5 though, there's another layer of encryption, which is seeded from the sum of all the username's character's ASCII values, and that seed then creates a 256 int16 key, which is then sorted by most sig byte only. The cryptography then works based on key indexes and converting scan codes to virtual key characters (ie, MapVirtualKey());

.Net implementation of that part here anyway. Reflect it if you need to port to another language. It has no external dependencies.

Also an RC5 implementation for those who were lazy and hardcoded the old key rather than implementing the keygen routine.

Credit to Ultimation & Myself.
Nice one, lol that saved me some time in ollydbg. I knew you guys woulda sussed it.

Quote:
Originally Posted by Neo~ View Post
Why are you such a nerd?
I guarantee he's smarter than you. Probably by several times. Contrary to normal belief, someone smarter than you (which may be a great proportion of the population) is not a nerd.
Qonquer is offline  
Old   #23
 
elite*gold: 20
Join Date: Jan 2008
Posts: 2,338
Received Thanks: 489
i myselfe would like to know how i can decrypt the Pass be4 writing it...

I need code peaces please
~Yuki~ is offline  
Old   #24
 
elite*gold: 0
Join Date: Oct 2005
Posts: 295
Received Thanks: 340
It's all in unknownone's dll he attached earlier in this post. Just use a reflector to open the dll and you can see the source in any language you prefer. You should really thank him for this not me mang.
Qonquer is offline  
Old   #25
 
elite*gold: 20
Join Date: Jan 2008
Posts: 2,338
Received Thanks: 489
fixed thanked you both
~Yuki~ is offline  
Old   #26
 
elite*gold: 20
Join Date: Jun 2005
Posts: 1,013
Received Thanks: 379
The only part missing from the DLL is the creation of the RC5 key. It's just an int sent from the server to the client on connect in an 0x423 packet. For a basic template of how you'd implement it..
Code:
    using Liberate.Cryptography;
    using msvcrt;

    class Connection
    {
        private readonly int passCryptoSeed;
        //...

        public Connection(Socket socket)
        {
            this.passCryptoSeed = (new Random()).Next();
            var seedPacket = new PasswordCryptographySeedPacket()
            {
                Seed = this.passCryptoSeed
            };
            this.SendPacket(seedPacket);
            //...
        }

        public void OnLoginPacket(LoginPacket loginPacket)
        {
            msvcrt.srand(this.passCryptoSeed);
            var rc5Key = new byte[0x10];
            for (int i = 0; i < 0x10; i++) 
                rc5Key[i] = (byte)msvcrt.rand();
            var password = Encoding.ASCII.GetString(
                                (new ConquerPasswordCryptpographer(loginPacket.Username)).Decrypt(
                                    (new RC5(rc5Key)).Decrypt(loginPacket.Password)));
            //...
        }
        //...
    }
unknownone is offline  
Thanks
3 Users
Old   #27
 
elite*gold: 0
Join Date: Oct 2005
Posts: 295
Received Thanks: 340
Not dome much .NET stuff myself, just a little worried about the seeding of the PRNG like that. Are the variables used in srand() and rand() private to that particular thread or are they global for the entire application? If the latter is true, it could cause problems to a whole server application to have the seed constantly reset to a relatively small integer everytime someone logs on. A multi threaded application could also call rand() right in the middle of the key generation causing a failed login. Of course, if the routines are pure to the thread it isn't an issue.
Qonquer is offline  
Old   #28
 
elite*gold: 20
Join Date: Mar 2005
Posts: 1,247
Received Thanks: 2,252
Quote:
Originally Posted by Qonquer View Post
Not dome much .NET stuff myself, just a little worried about the seeding of the PRNG like that. Are the variables used in srand() and rand() private to that particular thread or are they global for the entire application? If the latter is true, it could cause problems to a whole server application to have the seed constantly reset to a relatively small integer everytime someone logs on. A multi threaded application could also call rand() right in the middle of the key generation causing a failed login. Of course, if the routines are pure to the thread it isn't an issue.
Code:
public class rand
{

    static int _seed;
    int seed;

    public rand(int seed)
    {
        this.seed = seed;
    }

    public final int _next()
    {
        seed *= 0x343fd;
        seed += 0x269Ec3;
        return (seed >> 0x10) & 0x7FFF;
    }

    public static void seed(int seed)
    {
        _seed = seed;
    }

    public static final int next()
    {
        _seed *= 0x343fd;
        _seed += 0x269Ec3;
        return (_seed >> 0x10) & 0x7FFF;
    }

    public static final int next(int max)
    {
        return (next() % (max + 1));
    }

    public static final int next(int min, int max)
    {
        return (next() % (int) (((max) + 1) - (min))) + (min);
    }
}
could just do
rand rand = new rand(seed)
rand._next();


or static mode
rand.seed(seed)
rand.next()


That's in Java, basically a copy of what msvcrt does because Java's random sucks



edit: Also, I'm having some problems with my encryptions still, it decrypts correctly about half the letters (and all upper case). I think the mapping may be wrong, not sure (using sparkie's source).

For example:
Encrypted (by client): teest
Decrypted (by proxy): ( S( (contains 2 spaces after ( )

Encrypted (by client): aaabbb
Decrypted (by proxy): ���BBB


XtremeX-CO is offline  
Reply



« Previous Thread | Next Thread »

Similar Threads
AuthServer password encryption
Well thought it would fit in this section. Most of the sources I seen works this way: the first time an account login, it takes the "encrypted"...
1 Replies - CO2 PServer - Discussions / Questions
CO password encryption
Was it ever released? I know it was hiding in dev section for some time but I don&#39;t know if it ever got out. If it has, a friendly link to where to?...
3 Replies - CO2 Main - Discussions / Questions
Conquer Password Encryption?
Me and my bro are currently making a private server and we need help with the password encryption. Any help would be greatly appreciated. :D
4 Replies - CO2 Main - Discussions / Questions



All times are GMT +2. The time now is 11:44.


Powered by vBulletin®
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.

Support | Contact Us | FAQ | Advertising | Privacy Policy
Copyright ©2017 elitepvpers All Rights Reserved.