| View previous topic :: View next topic |
| Author |
Message |
zile
Advanced Cheater
![]() Reputation: 0
Joined: 11 Jul 2009
Posts: 75
|
 Posted: Mon Dec 20, 2010 6:09 am Post subject: File encryption |
 |
|
As i know, some games have files like *.dat, *.bl, or any custom filetypes which are encrypted( cannot be viewed with notepad ). i found out that when the game starts, it loads those files into memory with ReadFile and this is as far as i got , it is still encrypted at this point
after all of the loaded memory have been decrypted by the client, it shows the normal viewable text and stuff ( item infos etc )
so, i just want to confirm, are there any easier ways than to trace slowly after ReadFile? and does any/all decryption method use rep to decrypt one byte at a time?
any help is appreciated, thanks! |
|
| Back to top |
|
 |
tombana
Master Cheater
![]() Reputation: 2
Joined: 14 Jun 2007
Posts: 456
Location: The Netherlands
|
| Posted: Mon Dec 20, 2010 8:17 am Post subject: |
|
|
It depends on the data in the file: if its a list of integers for example then its not really 'encrypted' but its not viewable with notepad either.
If you're sure that its actually encrypted then you'll have to trace the data after ReadFile. You could place breakpoint on the buffer for example and then let it run. |
|
| Back to top |
|
|
zile
Advanced Cheater
![]() Reputation: 0
Joined: 11 Jul 2009
Posts: 75
|
| Posted: Mon Dec 20, 2010 8:58 am Post subject: |
|
|
I followed readfile of a file called Talk.dat, its a list of everything an npc would say. i managed to get this one decrypted by codecaving and writing to a dump. the sad part is it doesnt use the same decryption function as other files as this decrypts directly and doesnt unload from memory. it also doesnt show the npc's id so its useless ( im trying to make a privateserver emu )
but if its in integers and its encrypted ,would they also first use readfile into the memory? it doesnt break eventhough ive put a bp on the buffer |
|
| Back to top |
|
|
atom0s
Moderator
 Reputation: 205
Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
|
| Posted: Mon Dec 20, 2010 4:15 pm Post subject: |
|
|
Depends on the encryption. There are tons of possibilities of how they can be decrypting each file, whether it be inside the file headers (if they have one), a lookup table, per-folder, per-file type, etc. which you wont be able to tell without debugging the decryption method.
You will have to trace from the ReadFile point, as you mentioned, and follow the flow to see what is being used to decrypt the files. You will want to do it for different files as well to compare the routine and variables used per-file to find the pattern of whats being used and so on.
_________________
- Retired. |
|
| Back to top |
|
|
zile
Advanced Cheater
![]() Reputation: 0
Joined: 11 Jul 2009
Posts: 75
|
| Posted: Mon Dec 20, 2010 11:56 pm Post subject: |
|
|
| alright, thanks for helping |
|
| Back to top |
|
|
AhMunRa
Grandmaster Cheater Supreme
![]() Reputation: 27
Joined: 06 Aug 2010
Posts: 1117
|
| Posted: Wed Dec 22, 2010 4:03 pm Post subject: |
|
|
Also some files like this may not actually be encrypted, I've seen instances where obfuscation was used IE a simple zip file. Check the first 3 or 4 bytes of the dat file to see if it matches a known file type.
_________________
<Wiccaan> Bah that was supposed to say 'not saying its dead' lol. Fixing >.> |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
