Decrypt client packets

[NL0bP]

Decrypt client packets

[uranusq]

Client messages encrypted with 2 stages:

1. AES-CBC-128 Encryption
2. Then aes encrypted message encrypts with XOR procedure similar (but not the same) to server encryption

[NL0bP]

We'll keep thinking.

[uranusq]

That is my prototype for now (Python). It works if you get the aes_key and xor_key from memory on running app.
dec_code.zip

[uranusq]

So basically i stuck on point of key generation. Do you have any ideas?

[NL0bP]

def init(self, aes_key, xor_key, iv=None):
aes_key & xor_key Where to take?

[uranusq]

I don't know how to tell, i have breakpoints in ollydbg on certain functions to get them

[NL0bP]

Give them to me (for crynetwork you can have the last 4 digits). I also use ollydbg.

[NL0bP]

The algorithm for decrypting packets from the client is disassembled.
I try to disassemble how to get the keys.
Thanks uranusq!

[menta2k]

Guys its a bit offtopic but i will give it a try.
Do you know how the S2C packets are encrypted when packet level is 5 ?

[NL0bP]

The link is for decrypting SC packets. The encryption algorithm is the reverse of the decryption. https://github.com/NL0bP/Archeage-Server-emulator/blob/master/AAEmu.Commons/Cryptography/EncryptSC.cs