Cin Files

[NickAKAVexus]

no.. ok more hints...

the first 4 bytes = related to key 1 and related to file size

the next 4 bytes = related to first 4 bytes and related to data and related to offset.

Thanks for the hints


Hopefully this is more along the lines of what you mean?

Key:=2405717118; //first 4 bytes
Key2:=236176201; //3 bytes after the first key because 4 bytes is to large
KeyFinal:=Key xor sizeof(Myfile){332} xor Key2;

Test:=MyWord xor KeyFinal xor 2682133139{offset} shr 2;


lol hopefully its close. -_-

 

[Kaori]

not close.. I am not sure what you meant by "4 bytes is to large". Nothing is large.

 

[NickAKAVexus]

not close.. I am not sure what you meant by "4 bytes is to large". Nothing is large.

What I ment was you can't fit all 4 numbers in a long word.


and bla whats not close about it.. isn't that what you said? -_-

 

[Kaori]

4 bytes max unsigned integer = 0xFFFFFFFF or 4294967295
It's not just a simple XOR... there are a lot of bitwise operations.

 

[NickAKAVexus]

4 bytes max unsigned integer = 0xFFFFFFFF or 4294967295
It's not just a simple XOR... there are a lot of bitwise operations.

Ok ill have to look closer at the asm functions then. -_-

 

[Damian]

Just give it up Nick, you could get a million hints, ur
never gonna figure it out lol!

:P :P :P

 

[shorty606]

I'm gonna look into it all now...Nick said he can decode some parts but not other and I did notice groups of shifts when looking at the hex, I'll keep a looking hehe

 

[shorty606]

I'm absolutely stumped. I bow down to kaori and her excellent skills.
I've worked on it solid and can't come close. There is so much it does!.

 

[Kaori]

I was exactly like that... these were my attempts... maybe you will squeeze something out of them...

There was actually a "chinese encoder" in GT server files. It worked 50% (meaning it's got the XOR'ing but not the CRC'ing).

So I started to create different files with 0 byte, 1 byte etc... with 0x00 0x01 data... then I ended up an encoded file with a PATTERN!! BUT I still didn't understand the algo... What I got from this part was "there must be XOR'ing"

Disassembling was the next step for me. Back in GT, Server AND Client has this encryption! (!setup.txt and maybe many other files were encrypted)... So I go ahead and find cmlist or mir3.cin etc in the client ASM. And trace around it.. found something similar to the first 2 bytes of cin. F0 39 XX XX so that's the first key.

 

[NickAKAVexus]

What other files are encrypted with this? I thought it was only this cin file, I am having trouble figuring out what function is the actualy decoding function I would trace it and see it called by like 10 different areas and be like nah that can't be it.. but now that you say this it could be lolz.

 

[idaBigA]

I have found this, is it related?

 

[Kaori]

What other files are encrypted with this? I thought it was only this cin file, I am having trouble figuring out what function is the actualy decoding function I would trace it and see it called by like 10 different areas and be like nah that can't be it.. but now that you say this it could be lolz.

If you remember on my site...
This area will let you decrypt and encrypt mir 3 client files: cmlist.dat credit.edt magic.exp map.mif minfo.dat mir3.cin and notice.ntc

I have found this, is it related?

View attachment 8206

Yes it's related, but I don't think the numbers helped.

 

[shorty606]

I noticed this pattern Kaiori - it shifts bytes in groups is my guess - but I don't know by what amount or anything. It's frustrating hehe.

 

[Kaori]

that's why ASM is your next step.

 

[NickAKAVexus]

lol my next attempt.. -_-

kaori how close am I lolz

 //2682133139 / $9FDE1A93 <- XOR KEY
  if opendialog1.execute then
  AssignFile(myFile, opendialog1.filename);
  Reset(myFile);
  Read(myFile, myWord[0]);

  Key :=$390AB8E;

  showmessage(inttostr(sizeof(myfile)));

 // if something = MainKey then begin
     Inc(Key,8);
     KeyFinal := Key xor Sizeof(MyFile);

 for i := 0 to High(myWord) do
    begin

  if myWord[i] < 4 then begin
  sub_4B4FD3(myWord[i] and $800000FF);
  end else begin
    sub_4B4FD3(myWord[i]);
    myWord[i]:=myWord[i] shl 16;
    sub_4B4FD3(myWord[i]);
    Test:=MyWord[i] xor KeyFinal;
    listbox1.AddItem(inttostr(test),sender);
    listbox2.AddItem(chr(test),sender);
  end;
  end;

  CloseFile(myFile);
end;

function tForm1.sub_4B4FD3(Value: Integer): Integer;
asm
imul    eax, 214013
add     eax, 2531011
sar     eax, 16
and     eax, 32767
end;

 

[Damian]

This is all i cba to work out, not perfect, but it will give u the same output..

[delphi]
function DecodeVal(nVal:Integer):Integer;
begin
nVal := (nVal * 214013 + 2531011) shr 16 and 32767;
Result := nVal;
// sar eax, 16
end;
[/delphi]

 

[DjDarkBoyZ]

Anyone can translate the decode to VB? Thx!!

 

[NickAKAVexus]

Anyone can translate the decode to VB? Thx!!

Its not exactly hard......

Create a byte array make a loop find a xoring function for vb6 and wa la.

 

[DjDarkBoyZ]

Its not exactly hard......

Create a byte array make a loop find a xoring function for vb6 and wa la.

I dont know delphi and asm,you can post here a function to decode? or the correct form using xor ^^

Soz for mi english im learning.

 

[Kaori]

Don't know much about delphi haha...
It's close.. you got 1 key and the other key is close.