Originally Posted by
UnknOwned
That is like winning in the lottery!
Word!! Much thanks kynox! Hehe, I actually finished the mangling yesterday before going to bed (well, this morning at 6AM really), but I'm thinking grabbing the RC4 key directly would be more robust if they ever change the mangling.
I guess I might as well post it here for reference, if you really need this and can't Perl, drop me a line. (None of these functions are custom, btw, it's all in available Perl packages).
Code:
use Digest::SHA1 qw(sha1);
use OpenSSL::Cipher qw(new_encrypt);
package Golemmo::WoW::Cipher;
sub spawn {
my $class = shift;
return bless {
seed_key => 0,
session_key => 0,
cipher_key => 0,
cipher => 0,
}, $class;
}
sub init {
my ($self, $seed_key, $session_key) = @_;
$self->{seed_key} = my $SDK = $seed_key;
$self->{session_key} = my $SSK = $session_key;
# compute the actual RC4 based on the session key (received from Golemmo::WoW::Espionage)
my @b1; $b1[$_] = 0x36 for (0 .. 63);
my @b2; $b2[$_] = 0x5C for (0 .. 63);
my @SDK = split //, $SDK;
for (0 .. $#SDK) {
$b1[$_] ^= $SDK[$_];
$b2[$_] ^= $SDK[$_];
}
my $CIK = sha1( join('', @b1), $SSK );
$CIK = sha1 ( join('', @b2), $CIK );
$self->{cipher_key} = $CIK;
# build the cipher
$self->{cipher} = new_encrypt('rc4', $CIK);
# discard the first 1024 bytes of the keystream
my $a = ""; $a .= chr(0) until length($a)==1024;
$self->{cipher}->update($a);
}
Note: you'll need two ciphers, one for encryption and one for decryption. You'll notice the seed key above, it's different for these two ciphers. From Aspire Hearthstone:
Code:
uint8 ServerEncryptionKey[SeedKeyLen] = { 0x22, 0xBE, 0xE5, 0xCF, 0xBB, 0x07, 0x64, 0xD9, 0x00, 0x45, 0x1B, 0xD0, 0x24, 0xB8, 0xD5, 0x45 };
uint8 ServerDecryptionKey[SeedKeyLen] = { 0xF4, 0x66, 0x31, 0x59, 0xFC, 0x83, 0x6E, 0x31, 0x31, 0x02, 0x51, 0xD5, 0x44, 0x31, 0x67, 0x98 };
then you simply apply the appropriate cipher (i.e. encrypt, RC4 uses only one kind of action for both enc and dec, and that's XORing your data with the keystream) to do either encoding or decoding.