Cin Files

Join Discord

NickAKAVexus

Golden Oldie
Golden Oldie
Apr 16, 2005
1,427
1
145
New york
no.. ok more hints...

the first 4 bytes = related to key 1 and related to file size

the next 4 bytes = related to first 4 bytes and related to data and related to offset.

Thanks for the hints


Hopefully this is more along the lines of what you mean?

Key:=2405717118; //first 4 bytes
Key2:=236176201; //3 bytes after the first key because 4 bytes is to large
KeyFinal:=Key xor sizeof(Myfile){332} xor Key2;

Test:=MyWord xor KeyFinal xor 2682133139{offset} shr 2;


lol hopefully its close. -_-
 
Last edited:

Kaori

LOMCN MiR3 Queen!
VIP
Jun 3, 2004
3,584
38
285
Canada
not close.. I am not sure what you meant by "4 bytes is to large". Nothing is large.
 

Kaori

LOMCN MiR3 Queen!
VIP
Jun 3, 2004
3,584
38
285
Canada
4 bytes max unsigned integer = 0xFFFFFFFF or 4294967295
It's not just a simple XOR... there are a lot of bitwise operations.
 

Damian

LOMCN Developer
Developer
Ravagers
Game Master
Jun 13, 2003
1,111
107
310
Just give it up Nick, you could get a million hints, ur
never gonna figure it out lol!

:P :P :P
 

shorty606

Golden Oldie
Golden Oldie
Apr 10, 2005
867
0
122
I'm gonna look into it all now...Nick said he can decode some parts but not other and I did notice groups of shifts when looking at the hex, I'll keep a looking hehe
 

shorty606

Golden Oldie
Golden Oldie
Apr 10, 2005
867
0
122
I'm absolutely stumped. I bow down to kaori and her excellent skills.
I've worked on it solid and can't come close. There is so much it does!.
 

Kaori

LOMCN MiR3 Queen!
VIP
Jun 3, 2004
3,584
38
285
Canada
I was exactly like that... these were my attempts... maybe you will squeeze something out of them...

There was actually a "chinese encoder" in GT server files. It worked 50% (meaning it's got the XOR'ing but not the CRC'ing).

So I started to create different files with 0 byte, 1 byte etc... with 0x00 0x01 data... then I ended up an encoded file with a PATTERN!! BUT I still didn't understand the algo... What I got from this part was "there must be XOR'ing"

Disassembling was the next step for me. Back in GT, Server AND Client has this encryption! (!setup.txt and maybe many other files were encrypted)... So I go ahead and find cmlist or mir3.cin etc in the client ASM. And trace around it.. found something similar to the first 2 bytes of cin. F0 39 XX XX so that's the first key.
 

NickAKAVexus

Golden Oldie
Golden Oldie
Apr 16, 2005
1,427
1
145
New york
What other files are encrypted with this? I thought it was only this cin file, I am having trouble figuring out what function is the actualy decoding function I would trace it and see it called by like 10 different areas and be like nah that can't be it.. but now that you say this it could be lolz.
 

Kaori

LOMCN MiR3 Queen!
VIP
Jun 3, 2004
3,584
38
285
Canada
What other files are encrypted with this? I thought it was only this cin file, I am having trouble figuring out what function is the actualy decoding function I would trace it and see it called by like 10 different areas and be like nah that can't be it.. but now that you say this it could be lolz.

If you remember on my site...
This area will let you decrypt and encrypt mir 3 client files: cmlist.dat credit.edt magic.exp map.mif minfo.dat mir3.cin and notice.ntc

I have found this, is it related?

View attachment 8206

Yes it's related, but I don't think the numbers helped.
 

shorty606

Golden Oldie
Golden Oldie
Apr 10, 2005
867
0
122
I noticed this pattern Kaiori - it shifts bytes in groups is my guess - but I don't know by what amount or anything. It's frustrating hehe.
 

NickAKAVexus

Golden Oldie
Golden Oldie
Apr 16, 2005
1,427
1
145
New york
lol my next attempt.. -_-

kaori how close am I lolz

Code:
 //2682133139 / $9FDE1A93 <- XOR KEY
  if opendialog1.execute then
  AssignFile(myFile, opendialog1.filename);
  Reset(myFile);
  Read(myFile, myWord[0]);

  Key :=$390AB8E;

  showmessage(inttostr(sizeof(myfile)));

 // if something = MainKey then begin
     Inc(Key,8);
     KeyFinal := Key xor Sizeof(MyFile);

 for i := 0 to High(myWord) do
    begin

  if myWord[i] < 4 then begin
  sub_4B4FD3(myWord[i] and $800000FF);
  end else begin
    sub_4B4FD3(myWord[i]);
    myWord[i]:=myWord[i] shl 16;
    sub_4B4FD3(myWord[i]);
    Test:=MyWord[i] xor KeyFinal;
    listbox1.AddItem(inttostr(test),sender);
    listbox2.AddItem(chr(test),sender);
  end;
  end;

  CloseFile(myFile);
end;

function tForm1.sub_4B4FD3(Value: Integer): Integer;
asm
imul    eax, 214013
add     eax, 2531011
sar     eax, 16
and     eax, 32767
end;
 

Damian

LOMCN Developer
Developer
Ravagers
Game Master
Jun 13, 2003
1,111
107
310
This is all i cba to work out, not perfect, but it will give u the same output..

[delphi]
function DecodeVal(nVal:Integer):Integer;
begin
nVal := (nVal * 214013 + 2531011) shr 16 and 32767;
Result := nVal;
// sar eax, 16
end;
[/delphi]
 

Kaori

LOMCN MiR3 Queen!
VIP
Jun 3, 2004
3,584
38
285
Canada
Don't know much about delphi haha...
It's close.. you got 1 key and the other key is close.