Need help decoding this.

The fear of every surveillance society: citizens protecting their own privacy with strong cryptography

Need help decoding this.

Post by sassieston on Thu Apr 30, 2009 10:02 am
([msg=22807]see Need help decoding this.[/msg])

I've been trying to decode this, it is a conversation between server and client when logging in.

> Stands for "Sent to server"
< Stands for "Recieved from server"

I did 3 login attempts, with username: "usernames" pass: "password", the login attempts were of course successful.

On the first message SENT to the server, you see a repeating pattern at the end, of which I think are zero's.
So I took that pattern and tried to calculate the difference between the end pattern, and the complete pattern, but the result is still somewhat different between attempts...

Can somebody help me with this? Or at least point me in the right direction..

I'm not really experienced with encryptions, but this looked easy to solve...

Thanks in advance : :D

Login attempt 1:
Code: Select all
< 0c 00 00 00 17 5a 67 77 68 e3 f3 0f

> 4c 00 00 00 b3 90 41 23 2b 21 40 23 19 11 70 16 1b 16 72 17 2b 21 40 23 2b 21 40 23 0e 5d 67 94 a6 e7 d6 5e c4 9d 85 8c 1a 67 66 f4 a6 4b 2a 18 bd 3a 06 9a bd dc 3a bf e2 48 e6 c1 1c 1e 41 19 16 63 e9 58 ba 3f a7 2c b6 f4 2a 51

< 3e 00 00 00 62 7e 43 23 2a 21 40 23 1a 52 25 51 5d 44 32 23 0b 01 60 03 0b 01 60 03 29 21 40 23 f1 21 40 23 31 21 40 23 2b 21 40 23 2b 21 40 23 2b 21 40 23 2b 21 40 23 2b 21 40 23 2b 21


Login attempt 2:
Code: Select all
< 0c 00 00 00 16 b2 77 0b 20 50 40 8c

> 4c 00 00 00 bd 97 2b 2b 25 26 2a 2b 17 16 1a 1e 15 11 18 1f 25 26 2a 2b 25 26 2a 2b 00 5a 0d 9c a8 e0 bc 56 aa 7a 5a 6a fd 83 fb e8 a8 4c 40 10 b3 3d 6c 92 b3 db 50 b7 ec 4f 8c c9 12 19 2b 11 18 64 83 50 b4 38 cd 24 b8 f3 40 59

< 3e 00 00 00 6c 79 29 2b 24 26 2a 2b 14 55 4f 59 53 43 58 2b 05 06 0a 0b 05 06 0a 0b 27 26 2a 2b f2 26 2a 2b 3c 26 2a 2b 25 26 2a 2b 25 26 2a 2b 25 26 2a 2b 25 26 2a 2b 25 26 2a 2b 25 26


Login Attempt 3:
Code: Select all
< 0c 00 00 00 10 50 d5 29 91 6f 03 4c

> 4c 00 00 00 bb 95 24 26 23 24 25 26 11 14 15 13 13 13 17 12 23 24 25 26 23 24 25 26 06 58 02 91 ae e2 b3 5b a1 90 94 d8 1b 74 eb 37 ae 4e 4f 1d b5 3f 63 9f b5 d9 5f ba ea 4d 83 c4 14 1b 24 1c 1e 66 8c 5d b2 3a c2 29 be f1 4f 54

< 3e 00 00 00 6a 7b 26 26 22 24 25 26 12 57 40 54 55 41 57 26 03 04 05 06 03 04 05 06 21 24 25 26 f7 24 25 26 38 24 25 26 23 24 25 26 23 24 25 26 23 24 25 26 23 24 25 26 23 24 25 26 23 24


"Decoded" second message:
Code: Select all
1st: 03 00 FE 00 00 00 EE 31 E4 2E 32 23 F1 00 DF DF 20 DF DF DF 20 DF FD 00 00 00 C6 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

2nd: FE 00 FE 00 00 00 EE 2F 25 2E 2E 1D 2E 00 DF DF DF DF DF DF DF DF 02 00 00 00 CD 00 00 00 17 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

3rd: 01 00 FE 00 00 00 EE 33 1B 2E 32 1D 32 00 DF DF DF DF DF DF DF DF FD 00 00 00 D4 00 00 00 15 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
sassieston
New User
New User
 
Posts: 2
Joined: Thu Apr 30, 2009 9:47 am
Blog: View Blog (0)


Re: Need help decoding this.

Post by vladiftodi on Thu Apr 30, 2009 2:24 pm
([msg=22826]see Re: Need help decoding this.[/msg])

Before asking further question, was by chance your connection SSLed?
And can you give detailed as to what server you were connected using what (assuming proprietary protocol)
Or I haven't quite understood your question/problem.
vladiftodi
New User
New User
 
Posts: 44
Joined: Thu May 22, 2008 12:29 pm
Blog: View Blog (0)


Re: Need help decoding this.

Post by sassieston on Thu Apr 30, 2009 3:53 pm
([msg=22847]see Re: Need help decoding this.[/msg])

Well the problem is, I don't know what protocol, that's what I'm trying to find out right now. It is a gameserver, and I don't think the connection is SSL'ed because with multiple attempts, the data sent/received is very close to eachother.

For example at one point, I tried logging in 2 times onto the same character (name was Aaaaaaaaaaaaa) and I found out the message that sends the character name(encrypted), but because it is encrypted with a different key each time the values are different:
First attempt: 62 45 44 47 42 45 44 47 42 45 44 47
Second attempt: 64 47 4b 4a 44 47 4b 4a 44 47 4b 4a

Still the encrypted names, encrypted with different keys look alot alike eachother...
If the connection was SSL'ed it wouldn't be that close to eachother right?

And upon closer investigation, calculating the difference between the first attempt, and second attempt encrypted character name, I found this pattern:
Encrypted name(1) - Enycrypted name(2) = 2 2 7 3 2 2 7 3 2 2 7 3
[64 47 4b 4a 44 47 4b 4a 44 47 4b 4a] - [62 45 44 47 42 45 44 47 42 45 44 47] = 2 2 7 3 2 2 7 3 2 2 7 3
So clearly this isn't an very secure encryption.

Now the problem is, I don't know what I need to find next, I tried to add up, and substract several patterns to the encrypted character name, but I can't seen to get the original character name out of it...

If you want more examples, ask me.
sassieston
New User
New User
 
Posts: 2
Joined: Thu Apr 30, 2009 9:47 am
Blog: View Blog (0)



Return to Crypto

Who is online

Users browsing this forum: No registered users and 0 guests

cron