Packet [0x02B0] -- Login HAN / AES Encrypted Login

[kLabMouse]

Description:
Packet sent to Login (Account) server on Login state just after packet 0x0204.
Analysis show, that packet is specified only Sakray servers, and may-be a few Normal servers.
Also, This packet has two types, one for normal Client (old), and AES Encrypted type for Renewal (new).
Used only if: g_bUseCommand == 0, g_passwordEncrypt == 0, and g_serviceType == 0.

Packet seen in Wild: YES!
(ToDo: Check g_serviceType and g_serverType, thous servers use it)

Packet structure:

Code: Select all

struct PACKET_CA_LOGIN_HAN {
  short PacketType;
  unsigned long Version; // Usual data
  unsigned char ID[24]; // Login Name
  unsigned char Passwd[24]; // Password. Renewal client encrypt this using AES
  unsigned char clienttype; // Usual data
  char m_szIP[16]; // Adapter Address with dot's. Default Value: 111.111.111.111
  unsigned char m_szMacAddr[13]; // Adapter Mac. Default Value: 111111111111
  unsigned char isHanGameUser; // p.isHanGameUser = g_isGravityID; // Indicate if the Account is GM or GMHelper account
}

Renewal Encryption and Decryption of password:

Code: Select all

const unsigned char AESKey_key[16] = {6, 169, 33, 64, 54, 184, 161, 91, 81, 46, 3, 213, 52, 18, 0, 6};
const unsigned char AESKey_chain[16] = {61, 175, 186, 66, 157, 158, 180, 48, 180, 34, 218, 128, 44, 159, 172, 65};

// Use these if you will have trouble Encrypting string
// const unsigned char AESKey_key[24] = {6, 169, 33, 64, 54, 184, 161, 91, 81, 46, 3, 213, 52, 18, 0, 6, 61, 175, 186, 66, 157, 158, 180, 48};
// const unsigned char AESKey_chain[24] = {61, 175, 186, 66, 157, 158, 180, 48, 180, 34, 218, 128, 44, 159, 172, 65, 1, 2, 4, 8, 16, 32, 128};

// Default call: 
//   AESEncrypt(password, *(p.Passwd), 24);
// Please note, that key_len = 24, so if you will have trouble, switch to [24] byte keys 
void AESEncrypt(const char *in, char *out, int key_len) {
  CRijndael *chiper = new CRijndael;
  chiper->MakeKey(*AESKey_key, *AESKey_chain, key_len, key_len);
  unsigned char result[128];
  memset(&result, 0, 128);
  chiper->Encrypt(in, result, key_len, 0);
  memcpy(out, result, key_len);
}
void __cdecl AESDecrypt(const char *in, char *out, int key_len) {
  CRijndael *chiper = new CRijndael;
  chiper->MakeKey(*AESKey_key, *AESKey_chain, key_len, key_len);
  unsigned char result[128];
  memset(&result, 0, 128);
  chiper->Decrypt(in, result, key_len, 0);
  memcpy(out, result, key_len);
}

CRijndael class, and files in

Rijndael.zip

AES Encryption files originally used by RE Client.

(22.43 KiB) Downloaded 174 times

[Technology]

Ok, I've made a proof of concept in C++, its able to encrypt and decrypt correctly.
Now that needs to be converted to .xs, i think i'm close but i don't have much time now.

[kLabMouse]

Ok, I've made a proof of concept in C++, its able to encrypt and decrypt correctly.
Now that needs to be converted to .xs, i think i'm close but i don't have much time now.

Good!!! Is the AES need some modifications? or I made some mistakes?

[Technology]

PATCH INCLUDED

Ok, the implementation i'm after will be a bit more dynamic.
The idea is that you will only have to make the keys once when encrypting more than just 1 string.
First we make a CRijndael object.
Then we make the keys.
Lastly you can encrypt string(s) (if you don't need to encrypt anymore from this point you can destroy the CRijndael object or letting it get out of scope)

First i hardcoded the chain, key and password in .xs just to test and this is giving the right encrypted string.
Now i'm trying to pass it to the .xs from perl, since that is what we need.
However something is going wrong passing them to .xs and i don't know what...
I've added the patch so that you and others can take a look at it so we can tackle this last problem.

Here's what you do to see the concept of proof:
1) get the ExtUtils::ParseXS perl module (if you don't already have it)
2) run the perl script in \src\auto\XSTools\utils\perl\ that is named make_xs.cpp.pl
3) make the xstools.dll (you know how to)
4) run the perl script in \src\test named unittests.pl
The outcome should be: 0779633c7c7080c6b4f443e9130b06c8c66bc0bab9700daf

Ok, but we were using a hardcoded chain, key and password in the .xs
We want to pass them from perl, so open \src\auto\XSTools\utils\perl\Rijndael.xs and change 2 lines:

Code: Select all

line 49) THIS->MakeKey(key_t, chain_t , keylength, blockSize);
to: THIS->MakeKey(key_c, chain_c , keylength, blockSize);

Code: Select all

line 61) THIS->Encrypt(in_t, result, n, iMode);
to: THIS->Encrypt(in_c, result, n, iMode);

now repeat steps 1 to 4
The outcome here is: 0c2873e3074f657a2602289b2a79395866b48bcb148329af

Obviously there is something going wrong when passing the chain, key and password array.

Note:
a lot of this code will be removed and cleaned:
- we won't be needing the Utils::Rijndael methods in Rijndael.pm, since the .xs implements prototypes of them (they are just in to test: ex. MakeKey_)

[Technology]

k, got it, its fully functional now.
I'll add it to kore once i have time and after i tested it on kRO
From which kRO version does this packet->(with the AES) exist btw?

[kLabMouse]

From which kRO version does this packet->(with the AES) exist btw?

You have all kRO exes. Check for AES signs. I'm 100% sure, that will be needed versions.

[Technology]

k, i'm able to run the perl script \src\test\test_rijndael.pl with variable key's, pw's etc now.
But when integrating it into kore here's what i get:

Unable to find symbol boot_Utils__RijndaelCompilation failed in require at openkore.pl line 83.
BEGIN failed--compilation aborted at openkore.pl line 83.
Press ENTER to exit.

Maybe someone can help me find a fix for it?
If the fix is found then i'll clean up the code and commit.

Code: Select all

[Korea - kRO]
ip 112.175.128.138
port 6900
master_version 2
version 29
serverType kRO_RagexeRE_0
serverEncoding Korean
charBlockSize
recvpackets recvpackets-kRO-2009-09-23aRagexeRE.txt

[The extension patch has been deactivated and can no longer be displayed.]

recvpackets-kRO-2009-09-23aRagexeRE.txt

(8.24 KiB) Downloaded 294 times

note: when compiling the XSTools when having perl 5.8 you will need to change the next lines back in SConstruct

Code: Select all

#perlenv['LIBS'] += ['perl58']
	perlenv['LIBS'] += ['perl510']

to:

Code: Select all

	perlenv['LIBS'] += ['perl58']
	#perlenv['LIBS'] += ['perl510']

[kLabMouse]

k, i'm able to run the perl script \src\test\test_rijndael.pl with variable key's, pw's etc now.
But when integrating it into kore here's what i get:

Unable to find symbol boot_Utils__RijndaelCompilation failed in require at openkore.pl line 83.
BEGIN failed--compilation aborted at openkore.pl line 83.
Press ENTER to exit.

Maybe someone can help me find a fix for it?
If the fix is found then i'll clean up the code and commit.

Use look and feel from other XSTools modules.

[Technology]

Thats what i did. This is exactly why i'm stuck now.

EDIT:
when i run openkore.pl everything seems to be working fine, however running start.exe is something else,
i can't explain this, start.exe has dependencies on XSTools.dll?
Logged in to the kRO login server tho.

[kali]

start.exe is a "compiled" version of openkore such that other dependencies (xstools, wx for wxstart, other perl libraries) are "all-in"

It was made so that a simple user can just download and run openkore without having to get all required perl libraries first, or having a development environment.

Whenever openkore needs to depend on a new library, start.exe needs to be recompiled to include these libraries.