Page 1 of 3 123 LastLast
Results 1 to 15 of 42

Thread: Okay, ultimate challange i belive

  1. #1
    Bmsfx
    Guest

    Okay, ultimate challange i belive

    Me and some friends have been trying for month's to crack the lineage mmorpg's blowfish code, and as far as i know (in the game's 5 years+) noone have ever successfully cracked it (and ALOT have tryed to do it).

    For anyone interrestet to look at it, ill post some of the info i got now..

    first i did a check on the file using a program called KANAL, it showed it was using:

    Blowfish (Check 2), whatever check 2 means.
    and
    CRC32 (prolly just for file check)

    Here are some packet stuff (key auth) happens when you connect to the server (3 packets are transfered)

    peer 1_x = server -> client
    peer 0_x = client -> server

    char peer1_0[] = {
    0x0a, 0x00, 0x29, 0xe5, 0x4c, 0x66, 0x79, 0xa8,
    0x00, 0x4e
    };
    char peer0_0[] = {
    0x0e, 0x00, 0xcb, 0x45, 0x03, 0xa9, 0x8f, 0x9b,
    0x01, 0x20, 0x8c, 0x3b, 0xa8, 0x82
    };
    char peer1_1[] = {
    0x22, 0x00, 0x60, 0xfe, 0x9b, 0x13, 0xac, 0xb8,
    0x22, 0x12, 0x3b, 0x11, 0xf6, 0x22, 0x9e, 0x8a,
    0x10, 0x45, 0x6c, 0x46, 0xa1, 0xb4, 0x9c, 0x35,
    0xef, 0xce, 0xfa, 0xd1, 0x0b, 0x50, 0x95, 0x70,
    0xa9, 0x2e
    };

    firsly some packet info on those 3.

    first [xx xx] of every packet = size of packet
    rest is data & opcodes and so on.

    the 1_0 packet is always code [0x0a 0x00] [0x29] (where 0x29 is opcode)
    rest of the data you see is always random numbers and stuff.

    we belive server sends a key to client, and client returns a new key encryptet with the key server sends, and then at last packet server receive a key from client wich is the key to use.

    (also note, these packets are always same size).

    i can post a few here (else go download lineage from www.lineage.com)

    packet 1
    char peer1_0[] = {
    0x0a, 0x00, 0x29, 0xe5, 0x4c, 0x66, 0x79, 0xa8,
    0x00, 0x4e
    };
    char peer0_0[] = {
    0x0e, 0x00, 0xcb, 0x45, 0x03, 0xa9, 0x8f, 0x9b,
    0x01, 0x20, 0x8c, 0x3b, 0xa8, 0x82
    };
    char peer1_1[] = {
    0x22, 0x00, 0x60, 0xfe, 0x9b, 0x13, 0xac, 0xb8,
    0x22, 0x12, 0x3b, 0x11, 0xf6, 0x22, 0x9e, 0x8a,
    0x10, 0x45, 0x6c, 0x46, 0xa1, 0xb4, 0x9c, 0x35,
    0xef, 0xce, 0xfa, 0xd1, 0x0b, 0x50, 0x95, 0x70,
    0xa9, 0x2e
    };

    packet 2
    char peer1_0[] = {
    0x0a, 0x00, 0x29, 0x0b, 0x95, 0x58, 0x0b, 0xbf,
    0x00, 0x12
    };
    char peer0_0[] = {
    0x0e, 0x00, 0x4e, 0xa7, 0x70, 0x01, 0xa2, 0x27,
    0xce, 0x20, 0x7a, 0x5c, 0xbc, 0x59
    };
    char peer1_1[] = {
    0x22, 0x00, 0xe5, 0x1c, 0xe8, 0xbb, 0x81, 0x04,
    0xed, 0x12, 0xcd, 0x76, 0xe2, 0xf9, 0xb3, 0x36,
    0xdf, 0x45, 0x9a, 0x21, 0xb5, 0x6f, 0xb1, 0x89,
    0x20, 0xce, 0x0c, 0xb6, 0x1f, 0x17, 0x24, 0x79,
    0xe2, 0xce
    };

    packet 3
    char peer1_0[] = {
    0x0a, 0x00, 0x29, 0xb3, 0x75, 0xbd, 0x4c, 0xa2,
    0x00, 0x06
    };
    char peer0_0[] = {
    0x0e, 0x00, 0xa3, 0x5a, 0xb2, 0x14, 0x5a, 0xe0,
    0xcb, 0x20, 0x55, 0x4c, 0x6e, 0x8e
    };
    char peer1_1[] = {
    0x22, 0x00, 0x08, 0xe1, 0x2a, 0xae, 0x79, 0xc3,
    0xe8, 0x12, 0xe2, 0x66, 0x30, 0x2e, 0x4b, 0xf1,
    0xda, 0x45, 0xb5, 0x31, 0x67, 0xb8, 0x49, 0x4e,
    0x25, 0xce, 0x23, 0xa6, 0xcd, 0x8d, 0x91, 0x0c,
    0x7b, 0x54
    };

    packet 4
    char peer1_0[] = {
    0x0a, 0x00, 0x29, 0x75, 0xa8, 0x61, 0x25, 0xf1,
    0xd8, 0xf6
    };
    char peer0_0[] = {
    0x0e, 0x00, 0x76, 0x27, 0x81, 0x52, 0xc9, 0x3d,
    0x25, 0x20, 0xb3, 0xe4, 0xf5, 0xfb
    };
    char peer1_1[] = {
    0x22, 0x00, 0xdd, 0x9c, 0x19, 0xe8, 0xea, 0x1e,
    0x06, 0x12, 0x04, 0xce, 0xab, 0x5b, 0xd8, 0x2c,
    0x34, 0x45, 0x53, 0x99, 0xfc, 0xcd, 0xda, 0x93,
    0xcb, 0xce, 0xc5, 0x0e, 0x56, 0xf8, 0x02, 0xc1,
    0xe4, 0xe1
    };

    I tryed checking the lin.bin file in IDA but im getting sooo lost all the time.

    anyways, if anyone wanna have a go or can provide more info, all info is welcome

    Thanks.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    הבּרוּ נשׂאי כּלי יהוה mike's Avatar
    Join Date
    Mar 2001
    Posts
    491
    When you say "crack" the blowfish code, what exactly are you trying to accomplish? Do you want to write a bot for lineage? What is the crypto preventing you from doing?

  3. #3
    Bmsfx
    Guest
    well first of all, im not doing this to cheat in the game, im trying to figure out, is NCI (the game dev's) as good as people say, for years people have kept saying that it is impossible to crack there encryptions (packets).

    NCI is one of the largest company's for mmorpg's, and im trying to see, if people work together, can they beat them.

    i might be interrestet in making something for it later (a server emulator) but thats not in the "idea" yet, people are still playing the game on the real servers (altho the server population is getting lower and lower) duo to the fact that it:

    Lineage 2 came out and replaces it
    cost 15$ a month (same as lineage 2, but 2 is much larger)
    Lineage 1 got a very outdatet gfx engine.

    when i startet many years ago there was 1000+ ppl online all the time, now its down to 90-160 (160 on a GOOD day) online.

    I dont wanna see this game die away, and then sit and have nothing to do, i like this game..

    I program visual c++ (winsock mostly) and have the "skills" to make a emulator once needed.

    I tryed yesterday again to memory hook it, to see where it does it's winsock call's but that got confusing, i know where it does its sends, but still not where it does its encryption.

    The encryption prevents me from seeing the packets, the opcodes, whats wierd is even the ingame messages (eg. chat) is also encryptet.

    hope this answers some of your questions, else just let me know
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    הבּרוּ נשׂאי כּלי יהוה mike's Avatar
    Join Date
    Mar 2001
    Posts
    491
    Quote Originally Posted by Bmsfx
    The encryption prevents me from seeing the packets, the opcodes, whats wierd is even the ingame messages (eg. chat) is also encryptet.
    OK, so it's preventing you from reverse-engineering the protocol. My bet is that they construct the packet and then encrypt the whole thing. Finding the encryption code should be straightforward, since you know what it looks like. You can also look for references to the blowfish tables to greatly reduce the amount of code you're looking at.

    Set a breakpoint on the call to the encryption function; I bet the buffer that's being encrypted will be the packet you want to dump.

  5. #5
    Bmsfx
    Guest
    Quote Originally Posted by mike
    OK, so it's preventing you from reverse-engineering the protocol. My bet is that they construct the packet and then encrypt the whole thing. Finding the encryption code should be straightforward, since you know what it looks like. You can also look for references to the blowfish tables to greatly reduce the amount of code you're looking at.

    Set a breakpoint on the call to the encryption function; I bet the buffer that's being encrypted will be the packet you want to dump.
    im not 100% what u mean by reference to the blowfish tables
    i been reading this one

    http://babel.altavista.com/babelfish/trurl_pagecontent?url=http%3A%2F%2Fquequero.org%2Fuic%2FBlowFish.htm&lp=it_en

    i cant locate the blowfish reference tho.

    has some info on blowfish, but my problem is i cannot execute the file in debug mode to set breakpoints because its memory protectet, game crashes at once when i try to do anything but run it normally (in a read/write memory error).

    ill continue to looking at it tho.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #6
    הבּרוּ נשׂאי כּלי יהוה mike's Avatar
    Join Date
    Mar 2001
    Posts
    491
    Quote Originally Posted by Bmsfx
    (Three pages of code dumps)
    OK, this isn't helpful. You are the one who is interested in reverse-engineering this particular target; no one else will do it for you. What we can offer here is techniques, approaches to the problem, tools, etc.
    Quote Originally Posted by Bmsfx
    im not 100% what u mean by reference to the blowfish tables
    You need to become familiar with the algorithm that does the encryption in order to recognize the code that implements the algorithm. Blowfish was created by Bruce Schneier. You can find a description here

    http://www.schneier.com/paper-blowfish-fse.html

    The tables to look for are the S and P tables. They start out with known values that are changed during the key setup step. You will find large tables of random-looking constants in the program.

    A more pressing problem is the anti-debug code. What do you mean, run it in debug mode? What debugger are you using? If you're using SoftIce and you're running into problems with the target detecting it, you can try some of the other forums for help with bypassing that. It will be almost impossible to reverse-engineer the protocol if you can't set breakpoints.

    Good luck!
    Last edited by mike; June 9th, 2004 at 20:49.

  7. #7
    Bmsfx
    Guest
    Quote Originally Posted by mike
    OK, this isn't helpful. You are the one who is interested in reverse-engineering this particular target; no one else will do it for you. What we can offer here is techniques, approaches to the problem, tools, etc.
    You need to become familiar with the algorithm that does the encryption in order to recognize the code that implements the algorithm. Blowfish was created by Bruce Schneier. You can find a description here

    http://www.schneier.com/paper-blowfish-fse.html

    The tables to look for are the S and P tables. They start out with known values that are changed during the key setup step. You will find large tables of random-looking constants in the program.

    A more pressing problem is the anti-debug code. What do you mean, run it in debug mode? What debugger are you using? If you're using SoftIce and you're running into problems with the target detecting it, you can try some of the other forums for help with bypassing that. It will be almost impossible to reverse-engineer the protocol if you can't set breakpoints.

    Good luck!
    thanks for the url, and yes i know noone will do it for me, and i AM trying my best, i guess those dumps where useless since they got deletet (sorry for that, just thought i had something there).

    And yeah, im very happy that you guys will give me some idea's tips'n'trix

    about the debug mode stuff, i used IDA to do it (run program in debugging mode), but im getting softice and ill try again.

    in IDA the program crashed at startup, because there is a memory protection thing in the exe, it can detect if something is hooking itself to the client (im not 100% sure but i think its the nprotect thing) to prevent keyloggers and so on..

    but ill take a look at what you postet first and have a go with softice and return back to report whatever progress im making.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  8. #8
    Bmsfx
    Guest
    okay after checking some more i found out the file uses actually 3 encryptions

    1) CRC32 (file check only i belive to check if someone tampered with files)
    2) Blowfish (only for username / password i think)
    3) DES (most likely Triple-DES)

    so i think ill go read up on Triple DES & DES first.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  9. #9
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    Actually, in this situation you probably shouldn't need to know much more about these three algorithms than the following:

    CRC32 is a 32-bit hash/checksum, which is a weak enough algorithm (non-cryptographical) to make it completely and fully breakable without any effort at all, if needed.

    Blowfish is a symmetrical block cipher, which you should not consider trying to break per se, you will fail.

    DES/3DES are also symmetrical block ciphers that for all practical purposes should be considered non-breakable per se.


    Knowing this, you should instead concentrate on analyzing the use of these technologies in the application, i.e. the design of the application security model, for which you only need to consider these algorithms above as black boxes, labeled with what I said above. Then you should find weak spots in this general design instead, and exploit these.

  10. #10
    Bmsfx
    Guest
    thanks delta, problem is the people who made this mmorpg have millions and millions, so i dun think ill find a weak spot easily.

    i read DES uses 7 byte key, the first packet i receive (key i guess) is 7 byte data

    eg:

    [xx xx] size
    [xx] opcode
    [xx xx xx xx xx xx xx] 7 bytes data.

    i tryed IDing the exe file with PeID it said it was:

    Microsoft Visual C++ 6.0 [Debug] (this might be a weak spot though if its released in debug mode)

    i just wish i knew alot about this stuff, so maybe you are right about i have to find a weak spot and "exploid" it.

    but first ill try find out how to remove the damn memory protection (anti debug) stuff in the file.

    and besides, if i cant get the encryption/decryption rutine then i cannot make a emu for it at any time if thats what i wish to play around with right?.
    Last edited by Bmsfx; June 11th, 2004 at 21:17.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  11. #11
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    Just like with packed programs, it is theoretically impossible to prevent someone that has a working client in his possession from decrypting all communications from the server and modifying the client's responses in a situation like this (no matter how many millions of dollars the developers have access to). Hence, there is no need to find a real "flaw" in the design of the protocol, but rather simply to reverse it and see which points are the natural ones to intercept. Hence, the crypto algorithms used are quite irrelevant, and the great work lies in reversing the program and its design (which will have good interception points in them).

    All I mean is that if I were you I'd put the effort into improving my general reversing skills rather than studying some crypto algorithms, you won't be "breaking", or even modifying, any crypto algorithms at all anyway if you do it the right way.

  12. #12
    הבּרוּ נשׂאי כּלי יהוה mike's Avatar
    Join Date
    Mar 2001
    Posts
    491
    Yep. Server sends encrypted data, client has to decrypt it to show you where everyone else is in the game. So when it's decrypted, you just need to know where to look.

    Also, client has to assemble the plaintext before encrypting it to send to the server. Again, you just need to know where to look to find the plaintext.

    The kind of encryption is irrelevant, as dELTA said, except to help you find the code that does the encryption. The buffer coming into an encrypt routine is plaintext, and the buffer coming out of a decrypt routine is plaintext. That's where you want to look.

  13. #13
    Bmsfx
    Guest
    oooh okay, thanks to both of you, that kinda makes sence now.

    was getting a headacke trying to figure out the damn encryptions, i wont waste more time on that then, ill rather try locating the buffer, sounds alot easier.

    i might be a slow learner, but i wanna learn, so this info helps alot.

    Thanks again, ill come back and let ya all know my progress (if any ).
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  14. #14
    Bmsfx
    Guest
    okay i think i found the buffer location, so whats the next step ?

    is there a way to "monitor" whats comming in/out of that location ? (i mean data)

    note: im using IDA pro right now and Api Monitor 1.5, do i need any other programs ?

    (i dont know how to use softice so i hope i wont need that one).

    Thanks again

    edit: i think this is the buffer because

    in trace, all the "text" data goes -> what i think is buffer then -> jumps to encryption rutine area (i think thats it anyways, makes most sence) then -> send ().
    Last edited by Bmsfx; June 13th, 2004 at 15:39.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  15. #15
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    I would create a loader that uses the debugging API to place breakpoints just before encryption and after decryption, and then read out the buffers at these points every time they hit. That way, it would be very easy to retrieve/display/store entire communication sessions in unencrypted format, for later analysis or whatever it is you want to do with them.

    If you are really lucky and the encryption/decryption routines are located/exported by a dll, you could instead get away with making a proxy dll, for the same kind of interception functionality.

Similar Threads

  1. The Collaborative RCE Knowledge Library - The ultimate RCE resource!
    By dELTA in forum Advanced Reversing and Programming
    Replies: 0
    Last Post: March 22nd, 2010, 20:42
  2. LINK: Process-wide API spying-an ultimate hack
    By Kayaker in forum Advanced Reversing and Programming
    Replies: 2
    Last Post: March 7th, 2004, 18:34
  3. ultimate unwrap3d reversing :(
    By highfly in forum Malware Analysis and Unpacking Forum
    Replies: 7
    Last Post: December 26th, 2003, 07:37
  4. Asprotect 1.2X challange
    By raider in forum Malware Analysis and Unpacking Forum
    Replies: 34
    Last Post: October 23rd, 2003, 03:49
  5. challange ... ;]
    By liaisons_ in forum Mini Project Area
    Replies: 0
    Last Post: October 17th, 2001, 21:33

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •