XeNTaX Forum Index
Forum MultiEx Commander Tools Tools Home
It is currently Wed Jul 26, 2017 7:25 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 11 posts ] 
Author Message
 Post subject: Echo of Soul File Decryptor / Encryptor
PostPosted: Sun Dec 06, 2015 7:59 am 
Offline
beginner
User avatar

Joined: Sat Sep 27, 2014 9:19 am
Posts: 36
Location: 127.0.0.1
Has thanked: 0 time
Have thanks: 14 times

Project Source: https://github.com/atom0s/EoSTools

eosdec
    eosdec, short for Echo of Soul Decryptor, is a tool that can decrypt protected EoS files that use the in-house custom encryption.

    Usage: eosdec.exe [file]

    Multiple files can be passed at once. eosdec is drag and drop friendly!

eosenc
    eosenc, short for Echo of Soul Encryptor, is a tool that can encrypt files to be readable by Echo of Soul.

    Usage: eosenc.exe [file]

    Multiple files can be passed at once. eosenc is drag and drop friendly!


You can make the ads go away by registering



Top
 Profile  
 
 Post subject: Re: Echo of Soul File Decryptor / Encryptor
PostPosted: Sun Dec 06, 2015 7:59 am 
Offline
beginner
User avatar

Joined: Sat Sep 27, 2014 9:19 am
Posts: 36
Location: 127.0.0.1
Has thanked: 0 time
Have thanks: 14 times
Encryption Information

Echo of Soul is an online MMORPG that makes use of some custom encryption mixed with Microsoft's Cryptography library.
Code:
http://echoofsoul.aeriagames.com/


Protected files can be seen having a header like this:
Image

The first four bytes are used as a signature to determine if the file is protected or not. Inside of the game, we can see a check for this like this:
Code:
  v2 = (const CHAR *)sub_E2DF80(lpFileName);
  v3 = CreateFileA(v2, 0x80000000, 1u, 0, 3u, 0x80u, 0);
  if ( v3 == (HANDLE)-1
    || (NumberOfBytesRead = 0,
        v9 = 0xD0B7A0CC,
        ReadFile(v3, Buffer, 4u, &NumberOfBytesRead, 0),
        CloseHandle(v3),
        NumberOfBytesRead != 4) )
  {
LABEL_8:
    result = 0;
  }
  else
  {
    for ( i = 0; ; ++i )
    {
      v7 = i;
      if ( i >= 4 )
        break;
      if ( Buffer[i] != *((_BYTE *)&v9 + i) )
        goto LABEL_8;
    }
    result = 1;
  }
  return result;


Here the file is loaded and the first 4 bytes are read. Afterward, the code checks byte by byte against the value of v9 (or 0xD0B7A0CC). If it matches its considered protected; otherwise it is not.

Next the game makes use of the Crypto library functions provided by Microsoft. The game creates an MD5 hash object by using the following:
Code:
  if ( !CryptAcquireContextW((HCRYPTPROV *)(a2 + 1140), L"SBENCRYPTIONKEYCONTAINER10", L"Microsoft Enhanced Cryptographic Provider v1.0", 1u, 0) && GetLastError() == -2146893802 )
    CryptAcquireContextW((HCRYPTPROV *)(a2 + 1140), L"SBENCRYPTIONKEYCONTAINER10", 0, 1u, 8u);
  if ( !*(_DWORD *)(a2 + 1140) )
  {
    v6 = GetLastError();
    sub_E4B130(L"CryptAcquireContext failed. (%d)(0x%08x)", v6);
  }
  v7 = (HCRYPTHASH *)(a2 + 1148);
  if ( CryptCreateHash(*(_DWORD *)(a2 + 1140), 0x8003u, 0, 0, (HCRYPTHASH *)(a2 + 1148))
    && CryptHashData(*v7, &pbData, 8u, 0)
    && CryptDeriveKey(*(_DWORD *)(a2 + 1140), 0x6801u, *v7, (DWORD)&loc_800000, (HCRYPTKEY *)(a2 + 1144)) )
    v11 = 0;
  else
    LOBYTE(v11) = 0;


Here the game is creating a hash provider context to use an MD5 crypto object. The pbData is added to the has object as a key for the encryption / decryption which in this case is:
Image

Once initialized, the game makes use of the crypto provider with its encryption and decryption by the following two functions:
Code:
int __usercall sub_409810@<eax>(HCRYPTKEY hKey@<ecx>, int a2@<esi>)
{
  signed int v2; // ecx@1
  int v3; // eax@2
  int result; // eax@3
  int v5; // [sp+0h] [bp-4h]@1

  v5 = 8;
  CryptDecrypt(hKey, 0, 1, 0, (BYTE *)a2, (DWORD *)&v5);
  v2 = 0;
  do
  {
    LOBYTE(v3) = *(_BYTE *)(v2 + a2);
    if ( (_BYTE)v3 == 127 )
    {
      result = 0;
    }
    else if ( (_BYTE)v3 == -128 )
    {
      result = 255;
    }
    else
    {
      v3 = (unsigned __int8)v3;
      if ( (unsigned __int8)v3 >= 0x80u )
        result = v3 - 1;
      else
        result = v3 + 1;
    }
    *(_BYTE *)(v2++ + a2) = result;
  }
  while ( v2 < 8 );
  *(_DWORD *)a2 ^= 0xA4A7FF88;
  *(_DWORD *)(a2 + 4) ^= 0xA0447823;
  return result;
}

BOOL __usercall sub_4097B0@<eax>(int a1@<edx>, DWORD a2@<ecx>, HCRYPTKEY hKey)
{
  signed int v3; // ecx@1
  unsigned __int8 v4; // al@2
  char v5; // al@3
  DWORD pdwDataLen; // [sp+0h] [bp-4h]@1

  pdwDataLen = a2;
  *(_DWORD *)a1 ^= 0xA4A7FF88;
  *(_DWORD *)(a1 + 4) ^= 0xA0447823;
  v3 = 0;
  do
  {
    v4 = *(_BYTE *)(v3 + a1);
    if ( v4 )
    {
      if ( v4 == -1 )
      {
        v5 = -128;
      }
      else if ( v4 >= 0x80u )
      {
        v5 = v4 + 1;
      }
      else
      {
        v5 = v4 - 1;
      }
    }
    else
    {
      v5 = 127;
    }
    *(_BYTE *)(v3++ + a1) = v5;
  }
  while ( v3 < 8 );
  pdwDataLen = 8;
  return CryptEncrypt(hKey, 0, 1, 0, (BYTE *)a1, &pdwDataLen, 8u);
}


Not going to go into much detail on these, but we see that the data is processed in 8 byte chunks. Those 8 bytes are broken into 4 byte parts and xor'd with the keys: 0xA4A7FF88 and 0xA0447823
Some minor adjustments are made based on the byte data and the crypto provider is called to encrypt or decrypt the data.

I created two tools to deal with both of these functions.
eosdec - A tool to decrypt Echo of Souls files.
eosenc - A tool to encrypt Echo of Souls files.

A simple test to validate the encryption is being handled properly is to:
eosdec the EoS.ini file. Then to eosenc the resulting decrypted file.
The new encrypted file will match the original EoS.ini perfectly.


Top
 Profile  
 
 Post subject: Re: Echo of Soul File Decryptor / Encryptor
PostPosted: Sat Jan 16, 2016 8:51 pm 
Offline
veteran

Joined: Thu Nov 05, 2015 2:45 pm
Posts: 84
Has thanked: 8 times
Have thanks: 1 time
.Ukx
unpack pls
i need weapon + armour + pet Model


Top
 Profile  
 
 Post subject: Re: Echo of Soul File Decryptor / Encryptor
PostPosted: Wed Mar 30, 2016 9:27 pm 
Offline
beginner
User avatar

Joined: Sat Sep 27, 2014 9:19 am
Posts: 36
Location: 127.0.0.1
Has thanked: 0 time
Have thanks: 14 times
godskin wrote:
.Ukx
unpack pls
i need weapon + armour + pet Model


I don't have the game anymore. Got rid of it since it was pay to win and not enjoyable.


Top
 Profile  
 
 Post subject: Re: Echo of Soul File Decryptor / Encryptor
PostPosted: Thu Apr 07, 2016 9:18 am 
Offline
ultra-veteran
ultra-veteran

Joined: Fri Nov 06, 2009 12:13 am
Posts: 579
Has thanked: 64 times
Have thanks: 124 times
atom0s wrote:
godskin wrote:
.Ukx
unpack pls
i need weapon + armour + pet Model


I don't have the game anymore. Got rid of it since it was pay to win and not enjoyable.


did you remove the source from github too? your reverse engineering findings were interesting and i wanted to read your source 8)

nope, just saw you made the move from github. here it is: https://gitlab.com/atom0s/EoSTools

_________________
Useful tool links:


Top
 Profile  
 
 Post subject: Re: Echo of Soul File Decryptor / Encryptor
PostPosted: Wed Apr 13, 2016 9:12 am 
Offline
beginner
User avatar

Joined: Sat Sep 27, 2014 9:19 am
Posts: 36
Location: 127.0.0.1
Has thanked: 0 time
Have thanks: 14 times
WRS wrote:
atom0s wrote:
godskin wrote:
.Ukx
unpack pls
i need weapon + armour + pet Model


I don't have the game anymore. Got rid of it since it was pay to win and not enjoyable.


did you remove the source from github too? your reverse engineering findings were interesting and i wanted to read your source 8)

nope, just saw you made the move from github. here it is: https://gitlab.com/atom0s/EoSTools


The majority of my stuff can be found on Gitlab now due to how Github has changed its internal views and values money over people and the open source community.
https://gitlab.com/atom0s

You can also find info on my personal site at: http://atom0s.com/forums/


Top
 Profile  
 
 Post subject: Re: Echo of Soul File Decryptor / Encryptor
PostPosted: Thu Apr 21, 2016 8:53 pm 
Offline
ultra-n00b

Joined: Thu Mar 31, 2016 2:58 pm
Posts: 8
Has thanked: 6 times
Have thanks: 0 time
atom0s wrote:
Project Source: https://github.com/atom0s/EoSTools

eosdec
    eosdec, short for Echo of Soul Decryptor, is a tool that can decrypt protected EoS files that use the in-house custom encryption.

    Usage: eosdec.exe [file]

    Multiple files can be passed at once. eosdec is drag and drop friendly!

eosenc
    eosenc, short for Echo of Soul Encryptor, is a tool that can encrypt files to be readable by Echo of Soul.

    Usage: eosenc.exe [file]

    Multiple files can be passed at once. eosenc is drag and drop friendly!


none of my downloaded VS2015 does not compile the source code. There is some special feature? can to the PM to throw the compiled versions, please.


Top
 Profile  
 
 Post subject: Re: Echo of Soul File Decryptor / Encryptor
PostPosted: Fri Apr 22, 2016 4:45 am 
Offline
beginner
User avatar

Joined: Sat Sep 27, 2014 9:19 am
Posts: 36
Location: 127.0.0.1
Has thanked: 0 time
Have thanks: 14 times
I can assure you it compiles fine as-is. I do not distribute binaries for this kind of thing sorry, you will need to compile it yourself.


Top
 Profile  
 
 Post subject: Re: Echo of Soul File Decryptor / Encryptor
PostPosted: Tue Apr 26, 2016 6:15 am 
Offline
ultra-n00b

Joined: Thu Mar 31, 2016 2:58 pm
Posts: 8
Has thanked: 6 times
Have thanks: 0 time
atom0s wrote:
I can assure you it compiles fine as-is. I do not distribute binaries for this kind of thing sorry, you will need to compile it yourself.


throw off please the link to download(which you have). already downloaded about 10, and always some errors when compile


Top
 Profile  
 
 Post subject: Re: Echo of Soul File Decryptor / Encryptor
PostPosted: Tue Apr 26, 2016 6:30 pm 
Offline
beginner
User avatar

Joined: Sat Sep 27, 2014 9:19 am
Posts: 36
Location: 127.0.0.1
Has thanked: 0 time
Have thanks: 14 times
Dezert wrote:
atom0s wrote:
I can assure you it compiles fine as-is. I do not distribute binaries for this kind of thing sorry, you will need to compile it yourself.


throw off please the link to download(which you have). already downloaded about 10, and always some errors when compile


I've already told you countless times across various sites, I DO NOT release or give out compiled copies of things like this for legal reasons.
Stop asking.


Top
 Profile  
 
 Post subject: Re: Echo of Soul File Decryptor / Encryptor
PostPosted: Wed Jun 08, 2016 8:43 am 
Offline
ultra-n00b

Joined: Thu Mar 31, 2016 2:58 pm
Posts: 8
Has thanked: 6 times
Have thanks: 0 time
atom0s wrote:
Project Source: https://github.com/atom0s/EoSTools

eosdec
    eosdec, short for Echo of Soul Decryptor, is a tool that can decrypt protected EoS files that use the in-house custom encryption.

    Usage: eosdec.exe [file]

    Multiple files can be passed at once. eosdec is drag and drop friendly!

eosenc
    eosenc, short for Echo of Soul Encryptor, is a tool that can encrypt files to be readable by Echo of Soul.

    Usage: eosenc.exe [file]

    Multiple files can be passed at once. eosenc is drag and drop friendly!



The most important thing in this game, UKX files, it decripted? and that something is not working



Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 11 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group