Intro
Currently I'm working on a client that will run on the browser using javascript. I have done several tests and I think it is totally viable, I've made a little game that emulate the way we play tibia and it worked out pretty well. So if there is someone interested in taking part on it please contact me, it will be open source but by now I have just a bunch of functions so I will keep it private until it a bit more organized.
-----
Now, I'm facing some issues with XTEA and I will explain on the bottom of this topic.
-----
Technologies
Ok I will like I have to make an overview of what I'm aiming to achieve and how, so lets begin. The little game I'm made was like a very simple version of bomberman, you can see it here: https://github.com/thiagomorato/BomberPY
The version on github uses JQuery, CSS2 and AJAX calls to communicate with a python server. The last week I took some time to work on it and I'm just moved to use pure Javascript, CSS3, and websockets. It worked out pretty well, I well that I think I can do a whole tibia client with it. It is not on github the new version as it needs some code cleaning and polishing.
All the animation will be handled by the CSS3 now, the keyframes, transactions and animations made it clear to me that I should drop the JQuery off. I could achieve the same results without some javascript craziness I was using before.
But now you might be wondering how are he going to connect the javascript with the sockets of a tibia server? Well it turns out that there is some "bridges" that takes form a websocket and sends to a socket and vice versa. The one I'm using is https://github.com/kanaka/websockify and so far I have nothing to complain.
This think might look bad at a first glance to need a bridge between the client and the server. Well I think ask the users to setup it would be very bad but we can set it up on the server or even better between the user and the server in a internet route that improves the latency as proxies do. Also it would be possible to program the server itself to deal with websockets, however I have no knowledge to intent that.
So, these are the technologies I'm willing to use, any suggestion will be welcome.
Protocol
For simplicity sake I'm using the protocol 8.6 and also there is plenty of ots running on it. Also I'm using as base this C++ client here: https://github.com/edubart/otclient
Believe it or not the RSA encryption is already done and my tests shows I'm doing it right. What I did to prove it was doing fine was:
Generate a new RSA key pair;
Extract the modulus and exponent and convert to decimal;
Convert it to decimal to and added to the C++ client.
Open WireShark and listen to localhost
Open the C++ client and set password and account to "aaaaaa"point it to a local socket written in python
Get the data from WireShark and remove all the stuff that wasn't encrypted on the begging of the message
Send it to another script in python and decrypts the the message,
Then I could see the 41414141 of the former "aaaaa" from account and password.
Ok so it proves that the python script is decrypting it right.
When I sent the data from my javascript encrypted with the public key and exponent of the key pair it get decrypted perfectly. So If the it decrypted both the C++ and JavaScript I assume the RSA encryption is just fine.
The issue
Now it comes to where I'm not able advance. If I send the my login packet to the server with the same XTEA key it always returns me the same response, and if I use a random XTEA key it always respond me with different data. Because of that I assume the server is able to get the XTEA key and encrypt the message. The issue is that I just can't decrypt no matter what I try. The "library" I'm using to do it is this one: http://www.movable-type.co.uk/scripts/tea.html . But I've modified it to instead of input and output strings it inputs an array of 8 bit ints and outputs the same.
Well this topic have got bigger than I thought and it is getting late, tomorrow I will put here some of my code so you guys might help me on that. How ever if someone have some experience with XTEA and have some guide lines please share with us.
Thanks!
Currently I'm working on a client that will run on the browser using javascript. I have done several tests and I think it is totally viable, I've made a little game that emulate the way we play tibia and it worked out pretty well. So if there is someone interested in taking part on it please contact me, it will be open source but by now I have just a bunch of functions so I will keep it private until it a bit more organized.
-----
Now, I'm facing some issues with XTEA and I will explain on the bottom of this topic.
-----
Technologies
Ok I will like I have to make an overview of what I'm aiming to achieve and how, so lets begin. The little game I'm made was like a very simple version of bomberman, you can see it here: https://github.com/thiagomorato/BomberPY
The version on github uses JQuery, CSS2 and AJAX calls to communicate with a python server. The last week I took some time to work on it and I'm just moved to use pure Javascript, CSS3, and websockets. It worked out pretty well, I well that I think I can do a whole tibia client with it. It is not on github the new version as it needs some code cleaning and polishing.
All the animation will be handled by the CSS3 now, the keyframes, transactions and animations made it clear to me that I should drop the JQuery off. I could achieve the same results without some javascript craziness I was using before.
But now you might be wondering how are he going to connect the javascript with the sockets of a tibia server? Well it turns out that there is some "bridges" that takes form a websocket and sends to a socket and vice versa. The one I'm using is https://github.com/kanaka/websockify and so far I have nothing to complain.
This think might look bad at a first glance to need a bridge between the client and the server. Well I think ask the users to setup it would be very bad but we can set it up on the server or even better between the user and the server in a internet route that improves the latency as proxies do. Also it would be possible to program the server itself to deal with websockets, however I have no knowledge to intent that.
So, these are the technologies I'm willing to use, any suggestion will be welcome.
Protocol
For simplicity sake I'm using the protocol 8.6 and also there is plenty of ots running on it. Also I'm using as base this C++ client here: https://github.com/edubart/otclient
Believe it or not the RSA encryption is already done and my tests shows I'm doing it right. What I did to prove it was doing fine was:
Generate a new RSA key pair;
Extract the modulus and exponent and convert to decimal;
Convert it to decimal to and added to the C++ client.
Open WireShark and listen to localhost
Open the C++ client and set password and account to "aaaaaa"point it to a local socket written in python
Get the data from WireShark and remove all the stuff that wasn't encrypted on the begging of the message
Send it to another script in python and decrypts the the message,
Then I could see the 41414141 of the former "aaaaa" from account and password.
Ok so it proves that the python script is decrypting it right.
When I sent the data from my javascript encrypted with the public key and exponent of the key pair it get decrypted perfectly. So If the it decrypted both the C++ and JavaScript I assume the RSA encryption is just fine.
The issue
Now it comes to where I'm not able advance. If I send the my login packet to the server with the same XTEA key it always returns me the same response, and if I use a random XTEA key it always respond me with different data. Because of that I assume the server is able to get the XTEA key and encrypt the message. The issue is that I just can't decrypt no matter what I try. The "library" I'm using to do it is this one: http://www.movable-type.co.uk/scripts/tea.html . But I've modified it to instead of input and output strings it inputs an array of 8 bit ints and outputs the same.
Well this topic have got bigger than I thought and it is getting late, tomorrow I will put here some of my code so you guys might help me on that. How ever if someone have some experience with XTEA and have some guide lines please share with us.
Thanks!