• There is NO official Otland's Discord server and NO official Otland's server list. The Otland's Staff does not manage any Discord server or server list. Moderators or administrator of any Discord server or server lists have NO connection to the Otland's Staff. Do not get scammed!

C++ I need a encrypt my .spr

douglasscherner

douglasscherner

Member
Joined
Aug 15, 2014
Messages
143
Reaction score
24
I have special itens and sprites in my cliente.

Someone knows a way to hide or difficult players to get the sprites?

Thanks.
 
Sort by date Sort by votes
Gesior.pl said:
Someone told me - on Discord - that he has decompiler for Lua compiler, but did not post link to it yet. Just told me to use Luraph (https://lura.ph/) to secure OTS files.
Can you decompile included textedit.lua from Askara v4 and post what you get?

@Jpstafe
Included my single file OTCv8-decrypt I've made on weekend.
Loads init.lua (ex. Askara v4 init.lua) and decrypts it into file.lua using Docker:
Code: 
docker build . -t test && docker run test > file.lua
You can put Tibia.spr contents in place of init.lua and it will decrypt it into file.lua with decrypted Tibia.spr content (or edit Dockerfile).
Click to expand...

Can I use this on Ubuntu 15.10?

Edit
No need to use it on Ubuntu 15.10 as I managed to decrypt an encrypted lua file on a VM running Ubuntu 22.04
1680878757863.png
 
Last edited:
Upvote 0 Downvote
for some reason it only let me decrypt my init.lua but the others .lua like for example modules/client_locales/locales.lua didn't work xd
 
Last edited:
Upvote 0 Downvote
Gesior.pl said:
Someone told me - on Discord - that he has decompiler for Lua compiler, but did not post link to it yet. Just told me to use Luraph (https://lura.ph/) to secure OTS files.
Can you decompile included textedit.lua from Askara v4 and post what you get?

@Jpstafe
Included my single file OTCv8-decrypt I've made on weekend.
Loads init.lua (ex. Askara v4 init.lua) and decrypts it into file.lua using Docker:
Code: 
docker build . -t test && docker run test > file.lua
You can put Tibia.spr contents in place of init.lua and it will decrypt it into file.lua with decrypted Tibia.spr content (or edit Dockerfile).
Click to expand...
Gesior, I tested your docker and it really works, however if the keys 0xDEADDEAD, 0xB00BEEEF are modified it is not possible to decrypt init.lua.

is there any other way?
 
Upvote 0 Downvote
Let me provide some details on what is the difference between encryption, compression and the adhoc approach that is being used here.

Encryption

Encryption is a way to scramble data so that only authorized parties can unscramble it. (Source: Google), Think of when you type your password in a social media website, your browser does not send your password just like it was typed. It is encrypted using some algorithm and the only person able to decrypt it is the server, It's important to see the threat model here, we trust the browser and the server ONLY. Nothing in between is trusted.

Compression

The process of encoding information using fewer bits than the original representation (Source: Google), the goal of compression is not security / integrity. It's volume, we want to make the data as small as possible while retaining a deterministic way of recovering the original data before compression.

Why is encryption useless in OTCV8?

Think of threat model here, Encryption requires trusted parties, our most obvious party is the server which distributes the clients, we trust the server because we own the server. The second party is the client, it makes sense to trust the client for which we distribute, WRONG.

Assuming that the client is a trusted party is completely wrong, the user can alter the content of the client in any way they wish. They can add new code-path, remove old code-path and even change the condition values, In practice, someone could alter the client code to print out the decrypted data somewhere on the disk. You don't control the code being executed and there is no way to verify that the client you are speaking with is authentic and have not been altered.

This means that encrypting your data files is just a hopeless trial to delay the inevitable, someone somewhere have enough time to sit down and dig after your code. So stick to compression and make the life of your users better.

Compilation

Compiled code can be decompiled, There is no guarantee that the decompiled code will be equivalent to the original source code because compilation is mapping from one space to another (N:1), Two different source code can map to the exact same compiled code, which means that when you decompile. You can get any of them, but that still gives you a lot of information on what's going on because those code will have the exact same behavior afterall.

Compiling your code as a mean for encryption is also useless. Please don't do that and only compile the code for increased performance

Note: There are ways to execute code on a remote-client and ensuring that they only executed the code that you have asked them to execute. Look Software Guard Extensions on google or Intel Enclave.
 
Upvote 0 Downvote

Similar threads

leotrolez
  • Question
Compiling How to replace in object builder without copying the properties?
Replies
0
Views
246
leotrolez
leotrolez
D
  • Question
from .spr & .dat (client 10) to appearence.dat (client)
Replies
4
Views
587
samco
samco
jerynn
  • Question
OTClient Causes of client crash
Replies
0
Views
230
jerynn
jerynn
kosamika
  • Question
Compiling Object Builder 0.5.4 "downgrade" to 16x16
Replies
0
Views
489
kosamika
kosamika
D
  • Question
OTClient 64x64 tools
Replies
6
Views
487
Dercas
D
SalvaART
  • Question
OTClient OTClient - Black screen after compiling in Object Builder
Replies
2
Views
299
SalvaART
SalvaART
grlb
  • Question
.dat/.spr question, map editor
Replies
1
Views
160
Hashcube
Hashcube
douglasscherner
  • Question
Lua setPlayerName for Canary
Replies
0
Views
307
douglasscherner
douglasscherner
V
  • Question
My ip adress in 8.7 client
Replies
1
Views
178
Marko999x
Marko999x
Back
Top