kal int packet encryption

[syntur4]

hi,

Im trying to find out how the data of the packets are encrypted. I wasted many hours on reverse engineering already(since Im totally unexperienced and new into asm).
I also tried to download the engine source, but all links are dead. can someone reupload the engine or give me some tips/references to go on.
my goal is to rewrite the encryption/decryption in c# or c++.
I appreciate any help.

edit: is the packet encryption algorithm/key still the same like in old days, or did it change over the years?

syntur4

[syntur4]

come on guys, Im not far from writing a custom client/clientless bot
Im just a programmer, not a reverse engineerer (yet )



syntur4

[meak1]

lol, u dont need cryption for an bot. Clientless only works with Emulating Hackshield, ur not able to Reverse Hackshield i guess.

the normal Cryption in kal is -> if longer then 16 bytes -> Crypt/Decrypt Table + AESKey rest XORkey.

Less then 16 bytes only Crypt/Decrypt Table + XORkey.

XORkey is the old, not changed yet. U need to copy & paste the crypt/Decrypt table
Then just find some open released Sources and just edit them ;/

The AESKey addresse is still the same u just need to copy the Key.

[pamz12]

ooh and he thought he'll become uber 1337 hackir in 1 night (

[~Army~]

[szopenfx]

This topic gave me a lot of clue maybe it will helpful for you too. But remember that packets ID's was changed and now for example packet $2A have other signature. Remember also that SwordCrypt table that are used also to decode kal *.pk files are different for packets and files (you can find this table easy checking high entropy on engine.exe process dump if you have no exp with RE and ASM).
First packet have enc/dec AES ECB key but it's encoded by INIX invention algorithm that if i good remember take 52 bytes as input and output 16 bytes.

AES is also bit strange coz for 128 bit input buffer is made little/big endian change every 4 bytes