Note
These judgements are based on Angel-Ro gamefort so I'm not sure they'll work on other gamefort protected servers.
File Descriptions
GameFort.dll: Core protector, injecting to client. (packed with ASPack v2.12)
Shield.dll: Encrypted file which contains RipeMD-160 hash values of client and gamefort.dll
Encryption Definition
Basically it's using rijndael with 32 bytes key length 16 bytes block size. There are two different keys; one is for decrypting shield.dll and other's used for encrypting packet.
Key Extraction
Keys are a bit troublesome to extract. I might write an extractor program if I don't feel lazy later on. For now I'll extract on requests, you can use this format for asking.
Code: Select all
Server Name: blahblah
GameFort.dll: link
Shield.dll: link
(yeah link means you gonna upload those)
This is a bit tricky. It's not encrypting all packets, it just encrypts one packet while connecting to map server. Yeah, it's called WantToConnection function on eathena. My version of gamefort was doing it like this;
Code: Select all
9B 00 36 00 13 FB 20 00 00 6D 21 05 00 62 34 65 00 85 D6 BC 6B 6D C2 93 01 00
Code: Select all
9B 00 C7 A3 E3 70 06 06 1D 39 C9 4E 95 94 CD 32 B8 D9 D6 BC 6B 6D C2 93 01 00
Angel-Ro Keys
Shield.dll key
Code: Select all
0xF0, 0x04, 0xC4, 0x5D, 0xFD, 0x97, 0x40, 0xD0, 0x69, 0x02, 0x8A, 0x33, 0xC3, 0x25, 0xAD, 0x3F, 0xC7, 0x50, 0xE0, 0x79, 0x0A, 0x92, 0x1B, 0xA3, 0x34, 0xBC, 0x45, 0xCD, 0x56, 0xFE, 0x87, 0x10
Code: Select all
0xA0, 0x49, 0xD9, 0x6A, 0xF2, 0x8B, 0x14, 0x94, 0x1D, 0xA5, 0x2E, 0xBE, 0x4F, 0x71, 0x02, 0x8A, 0x13, 0x9B, 0x24, 0xAC, 0x35, 0xB5, 0x46, 0xCE, 0x57, 0xDF, 0x60, 0xE8, 0x71, 0xB2, 0x43, 0xD3