Finding XORed values and the XOR key with Cheat Engine
What you will need:
- An XOR bruteforcer (see attachment for a simple one I wrote, requires .NET 2.0 or newer)
- Cheat Engine
How-to:
- Find the value you want as per usual. If you don't know how to do this, do the Cheat Engine tutorials.
- Enter the encrypted value and the real value in the bruteforcer, choose the appropriate value type, start bruteforcing.
Note: If you use my bruteforcer, make sure your processor is properly cooled to avoid overheating, because it will utilize every logical core to 100%, so there will be some heat. - Once you've got the XOR key through bruteforcing, do a fresh search for the XOR key. You should end up with a single address, this is the XOR key address.
- You can now search for other encrypted values in Cheat Engine, by XORing the real value and the XOR key.
Bruteforcing the XOR key should not take a long time. Using my Phenom II 965 with 4 cores at 3.5 GHz I cracked it in a few seconds.
RE: Finding XORed values and the XOR key with Cheat Engine
There actually isn't any need to brute force the XOR key. If you XOR any two of the three values from a XOR calculation together you will produce the third remaining value, so basically:
A ^ B = C
A ^ C = B
B ^ C = A
So to get the key value you can XOR the values of the encoded and real health.
RE: Finding XORed values and the XOR key with Cheat Engine
If you know the encoded health you can also look at the code around it for XOR V1, V2 and you'll have your value.
Nice concept and good job, but it's a lot of work for something that is much easier. XOR is regarded as weak is because it is, as Sketchy said, "circular" - the unknown can always be derived from the knowns. This is one of the situations where it's weakness shines.
RE: Finding XORed values and the XOR key with Cheat Engine
Thank you both for your input. I didn't give this much thought to begin with, I just wanted a proof of concept. :)
RE: Finding XORed values and the XOR key with Cheat Engine
Thank you for this guide; I have got one question though.
How do I find the encrypted value?
Thanks in advance,
Lille Fille
P.S I know how to find addresses in Cheat Engine. Finding the XOR address though, is an other story for me.
RE: Finding XORed values and the XOR key with Cheat Engine
Quote:
Originally Posted by Lille Fille
How do I find the encrypted value?
Just like you would any other address, except you won't know the value, so you're limited to 'unchanged' and 'changed'.
RE: Finding XORed values and the XOR key with Cheat Engine
Quote:
Originally Posted by Blaster_89
Quote:
Originally Posted by Lille Fille
How do I find the encrypted value?
Just like you would any other address, except you won't know the value, so you're limited to 'unchanged' and 'changed'.
Thank you, successfully found the address.