• Welcome to Valhalla Legends Archive.
 

Encrypt/Decrypt Packets

Started by WiLD, July 21, 2005, 01:35 AM

Previous topic - Next topic

WiLD

Im having a little trouble using this DLL to encrypt/decrypt packets that i input.
I know the packets are encrypted using double(or perhapes triple?) xoring and i was wondering if there is any already compiled/source around to encrypt/decrypt this?

Otherwise this DLL can be used, though im not sure how to go about using the called functions.

http://www.activateskynet.com/prot/nexpacketcrypt32.zip

Nexus packet decryptor/encryptor function by VIPERZOO.

(new version using 32bit xoring for faster operation)

IMPORTANT IMPORTANT! - If you are using dynamically generated buffers to hold your packet data for encryption/unencryption, the size of the buffer MUST be AT LEAST the smallest multiple of 4 above the size of your packet plus 1. For example, say you have a packet that is in total 25 bytes large (that is including the AA and size header), you must put it in a buffer that is a MINIMUM of 29 bytes large (28 is smallest multiple of 4 over 25, add 1 = 29) to avoid buffer access page faults. Also, remember the true size of the packet (or just check it from the header) when working with the data after so you don't pull any extra garbage data from having to pad the buffer with extra bytes.

Included is the DLL and the source code for the nexus packet decryption/encryption routine.

Usage of it is very simple, include the library file in your project and set up a definition of the "crypt_packet" function, it takes a single DWORD as an argument.

Also you can just use the standard LoadLibrary/GetProcAddress method to execute the function "crypt_packet".

crypt_packet PROTO pPacketBuff:DWORD

The single argument to crypt_packet is a pointer to a buffer containing a COMPLETE nexus packet (either encrypted or decrypted, it will change its status to the other once it completes.) The only error checking it does is to check the first byte of the buffer to be AA. If that first byte is not AA, it returns with a value of 1 (indication an error.) Otherwise the function will work normally, returning a value of 0 upon completion.

Usage:

BufferVariable def "AA 00 05 02 ..." (this is just an example packet, pretend the packet is encrypted)
PointerToBufferVariable DOUBLE WORD

Load PointerToBufferVariable with a pointer to BufferVariable however your programming language of choice does it.

if crypt_packet(PointerToBufferVariable) == 1 then
there was an error!;
else
no error, and now BufferVariable contains an unencrypted packet
endif

www.activateskynet.com/nexusbb

That is the link and the info included with it.

Any help and pointers would be great.
=_=  &&  g0dFraY  &&  -=Templar=-  @USWest

Arta

Just btw, XOR encryption is next to useless. It might be doing some other clever thing, but if it's just xor, then it's rubbish, and its likely to be rubbish anyway.

If you want to use encryption, you should use a proper algorithm, developed by cryptologists, and verified as being valid by other cryptologists. Otherwise, you're probably just using snake oil.

TehUser

The best part is that the "encryption" key is in the ASM file.

encKey db 'NexonInc.NexonInc.NexonInc.NexonInc.',0

Arta


Kp

Also, it's worth pointing out that the author of the DLL is horribly incompetent, that he can't even handle the boundary condition at termination.
[19:20:23] (BotNet) <[vL]Kp> Any idiot can make a bot with CSB, and many do!

Yegg

Quote from: Kp on July 21, 2005, 09:08 PM
Also, it's worth pointing out that the author of the DLL is horribly incompetent, that he can't even handle the boundary condition at termination.
Perhaps he had a reason for this?

WiLD

Sorry, i forgot to mention it had nothing to do with battle.net but NexusTK instead. http://nexustk.com

Yes the DLL is poorly done in a few ways, though its the only thing i could find.

The author said;
Quote
you just feed the function a pointer to a buffer with a complete nexus packet in it and when it returns that same buffer will contain the unencrypted packet. If it returns 1, then the first byte wasn't AA. That's the only error checking it does.

Im actually unsure about using it.
For example... ('crypt' being the function)
crypt 1, ''AA 00 0C B4 F2 8A''
(1 being decrypt and 0 to encrypt)

or is it something different? :S
=_=  &&  g0dFraY  &&  -=Templar=-  @USWest

Arta


WiLD

Perhapes you misunderstand. I need to decrypt some packets from a MMORPG (NexusTK) then able to encrypt them again.
=_=  &&  g0dFraY  &&  -=Templar=-  @USWest

Kp

Quote from: Yegg on July 21, 2005, 09:15 PM
Quote from: Kp on July 21, 2005, 09:08 PMAlso, it's worth pointing out that the author of the DLL is horribly incompetent, that he can't even handle the boundary condition at termination.
Perhaps he had a reason for this?

From the description given, I can't come up with any legitimate reason for the imposed condition.  It'd be very easy to handle non-aligned boundary cases just by reducing the length iteration and adding a partial unroll of the final stage to handle the last 0-3 bytes.  If this were a real block cipher, then it'd make sense to have non-byte granularity, but this is a pathetic excuse for a cipher and the supplied description of the bounding requirements don't even make sense from the perspective of what would be necessary for performance or for a block cipher.

Of course, if you'd like to suggest a reason, I'll listen. ;)
[19:20:23] (BotNet) <[vL]Kp> Any idiot can make a bot with CSB, and many do!

Arta

Quote from: WiLD on July 21, 2005, 11:38 PM
Perhapes you misunderstand. I need to decrypt some packets from a MMORPG (NexusTK) then able to encrypt them again.

Oh, I see. Nevermind then :)

WiLD

Anyone able to help with the development of this? Basically to call a dll function to decrypt inputted data and also able to encrypt inputted data.

:S
=_=  &&  g0dFraY  &&  -=Templar=-  @USWest

TehUser

That's what the DLL is for.  All you have to do is call it from your code and send it either an encrypted or decrypted buffer.  It will modify the buffer and decrypt the packet where it is.