Register for your free account! | Forgot your password?

Go Back   elitepvpers > MMORPGs > Lineage 2
You last visited: Today at 23:54

  • Please register to post and access all features, it's quick, easy and FREE!

 

Packet Decryption help

Reply
 
Old   #1
 
elite*gold: 0
Join Date: Jan 2008
Posts: 3
Received Thanks: 0
Packet Decryption help

Hi!

I'm working on a little prog. that decrypts the L2 packages.

The decryption algorithm is (I think) good, because the first packet seems to be decrypted successfully, the problem is probably in the key update, which is made after every packet.


You can see on this image that the decryption is good, and it doesn't screws up long strings (will be described below).

I noticed the error when I tried to decrypt Message packets.


You can see on this image, that every 9. byte is wrong if you split the packets into 16 byte parts, which is the key length (and the error is the same in each packet). On the image, the opcode is separated in the first line, and the others is the data splitted 8 byte/row.

I use this algorithm to decrypt packets (c#):
Code:
public void Decrypt(byte[] buf)
        {
            int temp = 0;
            for (int i = 0; i < buf.Length; i++)
            {
                int temp2 = buf[i];
                buf[i] = ((byte)(temp2 ^ (this._key[i & 0x0F]) ^ temp));
                temp = temp2;
            }

            long old = ((uint)this._key[8] & 0x000000ff)
                | (((uint)this._key[9] << 8) & 0x0000ff00)
                | (((uint)this._key[10] << 16) & 0x00ff0000)
                | (((uint)this._key[11] << 24) & 0xff000000);

            old += buf.Length;

            this._key[8] = (byte)(old & 0xff);
            this._key[9] = (byte)(old >> 8 & 0xff);
            this._key[10] = (byte)(old >> 16 & 0xff);
            this._key[11] = (byte)(old >> 24 & 0xff);
        }
As you see, the algorithm updates the bytes 9, 10, 11 and 12 (8...11 if zero based), exactly the ones, that is wrong in the decryption, and you can see, that if you decrypt the 9. byte of the packet, it's decrypted using the 9. byte of the key (buf[i] = ((byte)(temp2 ^ (this._key[i & 0x0F]) ^ temp))

I made this algorithm based on the L2J source (gameserver/Crypt.java and gameserver/network/GameCrypt.java) and the LineAge Utils ( it works on C4 and written in c#.

I try to decrypt Interlude packages, but the problem is the same on the locally installed L2J server and on an offmod server too.



Kendoo is offline  
Old   #2
 
elite*gold: 0
Join Date: Aug 2004
Posts: 106
Received Thanks: 7
a friend had the same problem, but i can't really remember how we solved the problem *hm*

try
old += buf.Length -2;
instead of
old += buf.Length;

---->
I use a slightly different code for decrypting (beside the fact that i'm using c++), i have 2 arguments (the buffer, and the size..)

I'm not sure how you do the packet handling, but remember:
the thing that you add to "old" is not the tcp packet size but the packet size...

packet size is in the first 2 bytes of a packet, so normally your "correct size" should be buf.Length-2 .....
do you have implented a packet queue? don't forget that the tcp packet might be fragmented... so normally you should do s.th like:

1* get packet
* if(oldPacket!=null) packet=oldPacket+packet; oldPacket=null;
* size=packet[1+2];
* if packet.size < (size+2) oldPacket=packet; goto 1;

blablub... i think you know what i mean


pengpong is offline  
Old   #3
 
elite*gold: 0
Join Date: Jan 2008
Posts: 3
Received Thanks: 0
The algorithm is perfect, the data, that the decrypter gets is the game packet data only, the size has been splitted, so the old is right.
I didn't made a packet queue and a TCP sorter.

Now it works, thanks.
Kendoo is offline  
Old   #4
 
elite*gold: 0
Join Date: Sep 2007
Posts: 1
Received Thanks: 0
Good code
i have about 1 month trying to decrypt l2 packets

this is my code (it the same, i taked from Crypt.java)

Code:
    public class LA2Crypt
    {
        private byte[] decode_key = new byte[16];
        public byte[] inKey = new byte[16];
        public byte[] outKey = new byte[16];

        public LA2Crypt(byte[] decode_key, bool blowfish)
        {
            decode_key.CopyTo(inKey, 1);
            decode_key.CopyTo(outKey, 1);
        }

        public void Decrypt(byte[] buf)
        {
            int tmp = 0;
            for (int k = 0; k < buf.Length; k++)
            {
                int tmp2 = buf[k] & 0xFF;
                buf[k] = (byte)(tmp2 ^ (inKey[k & 0x0F]) ^ tmp);
                tmp = tmp2;
            }

            long old = ((uint)this.inKey[8] & 0x000000ff)
                | (((uint)this.inKey[9] << 0x08) & 0x0000ff00)
                | (((uint)this.inKey[10] << 0x10) & 0x00ff0000)
                | (((uint)this.inKey[11] << 0x18) & 0xff000000);

            old += buf.Length;

            inKey[8] = (byte)(old & 0xff);
            inKey[9] = (byte)(old >> 0x08 & 0xff);
            inKey[10] = (byte)(old >> 0x10 & 0xff);
            inKey[11] = (byte)(old >> 0x18 & 0xff);
        }
    }


dinesat4 is offline  
Old   #5
 
elite*gold: 0
Join Date: Jan 2009
Posts: 397
Received Thanks: 66
any one have a decryption tool? or any1 play 2moon here? any idea to make the 2moon exe read only real time? help pls.


nobleman80 is offline  
Reply



« Previous Thread | Next Thread »

Similar Threads
Packet Decryption
I need help with understanding packet decryption. can anyone point me to a right tutorial? maybe tuts for reverse engineering? or tutorials for...
3 Replies - General Coding
CO Packet decryption.
Hi, i recently made a Java proxy, I'm wondering if anyone would like to share with me the CO packet encryption/decryption packet structure. I...
11 Replies - CO2 Programming
Packet Decryption
Packet Decryption: BYTE *DecryptPacket&#40;BYTE *Packet, DWORD len&#41; { BYTE KeyIndex, curKey, lastByte; DWORD i; KeyIndex = *&#40;CryptInfo +...
9 Replies - WoW Exploits, Hacks, Tools & Macros
t4c packet decryption
Hey I was wondering if anyone could help me with packet decrypting of a game. Its called The 4th Coming. its a 2d game, and speed hacks work on it,...
0 Replies - General Coding



All times are GMT +2. The time now is 23:54.


Powered by vBulletin®
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.

Support | Contact Us | FAQ | Advertising | Privacy Policy | Abuse
Copyright ©2017 elitepvpers All Rights Reserved.