The function below is used for encrypting 8*NBlocks long xtea packets. Since it is a simple xor based encryption, this function can also be used for decrypting packets encrypted by it
Code:
void tsa(char* packet,int len, char* key )
{
int k, blocks=len/8;
while(blocks-->0)
{
for (k=0;k<8;k++,packet++,key++)
{
*packet^=*key;
}
}
}
Here is some simple test code:
Code:
#include <stdio.h>
void tsa(char* packet,int len, char* key )
{
int blocks=len/8;
int k;
while(blocks-->0)
{
for (k=0;k<8;k++,packet++,key++)
{
*packet^=*key;
}
}
}
void print(char* array,int len)
{
int pos;
for(pos=0;pos<len;pos++)
{
printf("%c ",(int)array[pos]);
}
puts("");
}
int main()
{
char orig[]={180,212,214,212,25,232,133,169};
char enc[]={87,120,220,36,44,51,141,185};
char key[]={0xe3,0xac,0x0a,0xf0,0x35,0xdb,0x08,0x10};
//known original xtea packet
print(orig,sizeof(orig));
//known encrypted by tsa packet
print(enc,sizeof(enc));
//encrypting original>check
tsa(orig,sizeof(orig),key);
print(orig,sizeof(orig));
//decrypting "original">check
tsa(orig,sizeof(orig),key);
print(orig,sizeof(orig));
system("pause");
return 0;
}
The tsa function is located at the address tibia.dll+0x1025C and the 8-bytes long key is at tibia.dll+0x6E0B0. This key seems to be character based and probably can be calculated based on character stats or something like that. I didn't bother looking into it much.
GL