Someone can help me ?

[MR.SYS32]

Hi community,
sorry for my english but i come from another country, so, there is the 50% of probability that i will write something of crazy xD.
I'm new in this forum but i will have the pleasure to write something about me in the appropriate section when i will have a bit of free time.

I'm here to try to answer a little doubt, i embarked on a project for reconstruct the client side cryptography ( password encrypt, authentication packet encrypt, servers/channels packet decrypt ), currently i wrote a small class with the 3 objects cited before. No problems with it but i have a question about password algorithm. How is generated the first block of password ?

For example:
password = t
hex = 74
get a byte from table = 25
concatenate extracted byte with hex 2574 and invert the internal positions
encrypted password = 2754

But i see that there is also another block at start of password that varies from 2 to 4 chars, example: 812754, from where 81 is extracted ? i tryed to reverse but i don't understand how it work..

Code:

0051F7B5   B8 A7000000      MOV EAX,0A7
0051F7BA   E8 A13FEEFF      CALL nostalex.00403760

Code:

00403760   53               PUSH EBX
00403761   31DB             XOR EBX,EBX
00403763   6993 08E06500 05>IMUL EDX,DWORD PTR DS:[EBX+65E008],8088405
0040376D   42               INC EDX
0040376E   8993 08E06500    MOV DWORD PTR DS:[EBX+65E008],EDX
00403774   F7E2             MUL EDX
00403776   89D0             MOV EAX,EDX
00403778   5B               POP EBX
00403779   C3               RETN

I'm in the right zone ?
Someone know how is generated the first block ?

It's my C++ class:

nostale.hpp

Code:

#ifndef nostale_hpp
#define nostale_hpp
 
class TCryptography
{
public:
        std::string password(std::string pass) const; /* incomplete */
        std::string encrypt(std::string packet) const;
        std::string decrypt(std::string packet) const;
};
 
#endif // nostale_hpp

nostale.cpp

Code:

#include <iostream>
#include <sstream>
 
#include "nostale.hpp"
 
std::string TCryptography::password(std::string pass) const /* incomplete */
{
        const char dump[] = {
                0x2E, 0x2A, 0x17, 0x4F, 0x20, 0x24,
                0x47, 0x11, 0x5B, 0x37, 0x53, 0x43,
                0x15, 0x34, 0x45, 0x25, 0x4B, 0x1D,
                0x2F, 0x58, 0x2B, 0x32, 0x63 };
 
        short index = rand() % sizeof(dump);
 
        std::stringstream ss;
        for (unsigned short i = 0; i < pass.size(); i++)
        {
                ss << std::uppercase << std::hex << (int)dump[index];
                ss << std::uppercase << std::hex << (int)pass[i];
                index == sizeof(dump)-1 ? index = 0 : index++;
        }
        pass = ss.str();
 
        char c = { 0 };
        for (unsigned short i = 0; i < pass.size(); i += 4)
        {
                c = pass[i + 1];
                pass[i + 1] = pass[i + 2];
                pass[i + 2] = c;
        }
 
        return pass;
}
 
std::string TCryptography::encrypt(std::string packet) const
{
        for (unsigned short i = 0; i < packet.size(); i++)
        {
                packet[i] = (packet[i] ^ 0xC3) - 0x0F;
        }
        return packet;
}
 
std::string TCryptography::decrypt(std::string packet) const
{
        for (unsigned short i = 0; i < packet.size(); i++)
        {
                packet[i] -= 0x0F;
        }
        return packet;
}

Thanks.

[ernilos]

Check this thread this would help you

[MR.SYS32]

Thanks for the link but i dont need an adapted function ( i'm trying to rebuild the original )

Why, for me, it's adapted ? unfortunately i haven't nostale's client in this pc but i remember that the initial block ranged from 2 to 4 characters and the function posted by Sm•ke is always 2.

I still think that there is another algorithm for the first block, somebody know it ? or should i look for it by yourself ?

Thanks.