Jump to content
  • 0

Packet decrypt


KaL
 Share

Question

I'm trying to make a tool which includes packet decryptation, however I'm stuck on decrypt results. My application gets KeyPacket and find the BF Key, then I use it with this formula:

 

public byte[] decryptRecv(byte[] raw, final int size)
{
	if (!_isEnabled)
		return null;

	int temp = 0;
	for (int i = 0; i < size; i++)
	{
		int temp2 = raw[i] & 0xFF;
		raw[i] = (byte) (temp2 ^ _inKey[i&15] ^ temp);
		temp = temp2;
	}

	int old = _inKey[8] &0xff;
	old |= _inKey[9] << 8 &0xff00;
	old |= _inKey[10] << 0x10 &0xff0000;
	old |= _inKey[11] << 0x18 &0xff000000;

	old += size;

	_inKey[8] = (byte)(old &0xff);
	_inKey[9] = (byte)(old >> 0x08 &0xff);
	_inKey[10] = (byte)(old >> 0x10 &0xff);
	_inKey[11] = (byte)(old >> 0x18 &0xff);

	return raw;
}

 

This is the formula used by the emulators (gameserver part) but with the return of modified raw instead of void.

 

I checked if the hex key is fine, and it is.

Dunno if the conversion to byte is wrong, I'm using this:

 

public byte[] hexToBytes(String hex)
{
	hex = hex.replaceAll(" ", "");
	byte[] b = new BigInteger(hex, 16).toByteArray();

	return b;
}

 

I'm comparing the decryptation results with PHX results. Once every 15 checks, it goes ok, but the others, some bytes are different from PHX.

For example:

 

RequestAuthLogin of PHX

08 73 00 6D 00 61 00 6C 00 6C 00 76 00 69 00 6C 00 6C 00 65 00 00 00 FB 3F 00 00 87 69 00 00 00 00 00 00 00 00 00 00 01 00 00 00

 

Now, the same packet on my application:

00 08 73 00 6D 00 61 00 6C 00 6C 00 76 00 69 00 FB 00 6C 00 65 00 00 00 FB 3F 00 00 87 69 00 00 97 00 00 00 00 00 00 00 01 00 00 7E

 

Bold hex are different of PHX. Also, the differences are always at these bytes.

 

What am I doing wrong?

 

Thanks

Link to comment
Share on other sites

0 answers to this question

Recommended Posts

There have been no answers to this question yet

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share



×
×
  • Create New...