[Snippet]Tibianic-hr encryption

**Farsa** · 10-19-2012, 03:27 PM

The function below is used for encrypting 8*NBlocks long xtea packets. Since it is a simple xor based encryption, this function can also be used for decrypting packets encrypted by it

Code:

void tsa(char* packet,int len, char* key )
{
    int k, blocks=len/8;
    while(blocks-->0)
    {
        for (k=0;k<8;k++,packet++,key++)
        {
            *packet^=*key;
        }
    }
}

Here is some simple test code:

Code:

#include <stdio.h>
void tsa(char* packet,int len, char* key )
{
    int blocks=len/8;
    int k;
    while(blocks-->0)
    {
        for (k=0;k<8;k++,packet++,key++)
        {
            *packet^=*key;
        }
    }
}
void print(char* array,int len)
{
    int pos;
    for(pos=0;pos<len;pos++)
    {
        printf("%c ",(int)array[pos]);
    }
    puts("");
}
int main()
{
    char orig[]={180,212,214,212,25,232,133,169};
    char enc[]={87,120,220,36,44,51,141,185};
    char key[]={0xe3,0xac,0x0a,0xf0,0x35,0xdb,0x08,0x10};
    //known original xtea packet
    print(orig,sizeof(orig));
    //known encrypted by tsa packet
    print(enc,sizeof(enc));
    //encrypting original>check
    tsa(orig,sizeof(orig),key);
    print(orig,sizeof(orig));
    //decrypting "original">check
    tsa(orig,sizeof(orig),key);
    print(orig,sizeof(orig));
    system("pause");
    return 0;
}

The tsa function is located at the address tibia.dll+0x1025C and the 8-bytes long key is at tibia.dll+0x6E0B0. This key seems to be character based and probably can be calculated based on character stats or something like that. I didn't bother looking into it much.

GL

**DarkstaR** · 10-19-2012, 03:37 PM

Code:

while(blocks-->0)

I spent about 10 seconds wondering what new low-level language had an --> operator before I realized that you don't space your code, bro.

**panpikus** · 08-24-2015, 01:44 PM

I'm trying to pass this xor and i wondering that it's called before or after xtea encryption?
I connedted this client to my server and it sending always different encrypted packets also i getting error:

This is xtea function the error comes from there:

Code:

bool Protocol::XTEA_decrypt(NetworkMessage& msg)
{

	if((msg.getMessageLength() - 2) % 8 != 0){
		std::cout << "Failure: [Protocol::XTEA_decrypt]. Not valid encrypted message size"
			<< std::endl;
		return false;
	}
	
	uint32_t k[4];
	k[0] = m_key[0];
	k[1] = m_key[1];
	k[2] = m_key[2];
	k[3] = m_key[3];

	uint32_t* buffer = (uint32_t*)msg.getBodyBuffer();

	int read_pos = 0;
	int32_t messageLength = msg.getMessageLength();

	while(read_pos < messageLength/4){

		uint32_t v0 = buffer[read_pos], v1 = buffer[read_pos + 1];
		uint32_t delta = 0x61C88647;
		uint32_t sum = 0xC6EF3720;
		
		for(int32_t i = 0; i<32; i++) {
			v1 -= ((v0 << 4 ^ v0 >> 5) + v0) ^ (sum + k[sum>>11 & 3]);
			sum += delta;
			v0 -= ((v1 << 4 ^ v1 >> 5) + v1) ^ (sum + k[sum & 3]);
		}

		buffer[read_pos] = v0; buffer[read_pos + 1] = v1;
		read_pos = read_pos + 2;
	}

	int tmp = msg.GetU16();
	int Length = msg.getMessageLength();
	//std::cout << "tmp:"  << tmp << std::endl;
	//std::cout << "Length:"  << Length << std::endl;

	if(tmp > Length - 4){
		std::cout << "Failure: [Protocol::XTEA_decrypt]. Not valid unencrypted message size" << std::endl;
		return false;
	}
	
	msg.setMessageLength(tmp);
	return true;
}

Any ideas what to do?

**panpikus** · 08-25-2015, 08:11 PM

Nobody? i can debug every message in every place.

Thread: [Snippet]Tibianic-hr encryption

Thread Tools

Search Thread

Display

[Snippet]Tibianic-hr encryption

RE: [Snippet]Tibianic-hr encryption

Posting Permissions