Disable encryption?

[Esoserv2]

Hi,

is there a way to disable or patch out crypto stuff permanently? I mean, no matter, what "key packet" you'll send, the client accepts it, responses that a valid packet has received (e.g. 0x010A chara server) but sends not encrypted packets and also accepts unencrypted packets?

The c# version of server is done, without crypto stuff. If you ignore these packets and continue with chara data for example, you'll get til chara screen with this emu. But there is a drawback, you can't create charas, join world, ... these packets aren't send from client, because crypto stuff was not validated. For the newest client, protocol hasn't changed til this point, that means, you'll get as ever to chara selection. Dumping and binary injecting blar0's public key works too. Address, where key is found has changed. It's now found at 0x00F4F650 in raw hex dump. (change to 0xF52050 in replace_pub.c).

If've ignored inter server communication between lobby and chara (regarding "ping" packets). Lobby server is sending ping packets at a defined interval, so that you won't disconnect. The connection is stable, no disconnects or crashs, but as explained no interaction is possible.

Blar0 if you got a clou how to disable crypto, it would be nice if you can post the addresses what to patch or assembler instructions. Thx.

[Anakin5]

You cannot disable crypto and without patching the client. Thus patching for disabling crypto or patching for a new public key is equivalent.

We all have a server and able to create characters. So I don't know what is wrong with yours about character creation.

[Esoserv2]

ehm, i think you misunderstood my belonging. I know and i tried it: the python server is working very well. I've redone this one in C#, but without crypto stuff. The drawback is, when you are not sending the "key packet(x010b)" from chara server to client, there is something missing. So when you are at the chara creation screen, you can design and so on, but no requests are send from client when clicking create or join.

So i want the client to think he'd received a key, sends the response (0x010a), but nevers uses the encrypting function for parsing packets.

I need some addresses or clues where i can patch the client exe, so that these functions aren't called anymore. After this update the crypto stuff seems broken, but when i know where to patch, then it's insignificant for me, if there is crypto or not.

[Anakin5]

That's right, I don't get it. Why not just implementing the crypto stuff in C# ? Is it for the challenge that you want to make communication between client and server "clear" ?
If you implement the crypto stuff in C#, you would be able to decrypt/encrypt packets for the client and you will have all functionalities.

[Esoserv2]

I have dealed only a little bit with encryption til now and maybe, when i spend a certain time, i will get it. But my thoughts are other nature. It's slightly possible that they would change the protocol at this stage of development, but encryption mechanism could easily be changed. So with every release i have to fear that they implemented something new. If you could rip that stuff out or know where to search for, a new patched version could be released faster and you don't have to change your emu code.

I would do it by myself, but "real time"-debugging doesn't work at my machine, so i have to look up the disassembly and figure out the places.

[Geraff]

Even if you never done encryption you can do it simply thanks to blar0 python script.
The script helped me a lot for this part as you can check if it's good by generating the same key and encrypting the same packets as the python packet log.

[Esoserv2]

Jepp, but my fear is, that C# doesn't use a standard for encryption, there is a "normal" and a managed aes encryption class, so i have to read a lot, to understand which one to choose for this case. Maybe both aren't working and i have to take a implementation from bouncy. That's the reason why i want to have encryption "disabeld" for the moment.

Greeting & thx for your oppinions...

[Esoserv2]

Btw. could it be possible that my graphic card driver is making debugging impossible for me? Client loads up successful, i hear sound, but seeing only a black window. No gui elements or background picture. It' not frozen, can pause debugging. Anyone got a an idea? When i can debug, i will find this stuff on my own ;-)

[Geraff]

All you need to do is generate an AES key and encrypt a data with an AES CTR without padding and with a specific IV.

I have made it in JAVA without too much trouble (the time lost was for type conversion where C# is more efficient) so i thing C# can do the same.

After you have done that you can do the diffie hellman stuff with it.