How to encrypt client files (just tips, not full working code)

Discussion in 'OTClient' started by Gesior.pl, Aug 21, 2015.

  1. Gesior.pl

    Gesior.pl Mega Noob&LOL 2012 Premium User

    Joined:
    Sep 18, 2007
    Messages:
    1,964
    Likes Received:
    867
    Best Answers:
    17
    Some people ask me where did I add encrypt/decrypt functions in OTClient, so it's hard to run OTClient with modified files (or get content of files).

    I post my functions with some weird files encoding (all files as 1 string), but every programmer will find interesting things in my code.

    Encryption is very weak (XOR :D https://en.wikipedia.org/wiki/XOR_cipher), but as it's already implemented in OTClient (crypt.cpp) and I got compatible version of XOR in PHP it's good enough.

    My encryption code is in '#ifdef AB' parts (so you can compile client to work with not encrypted files - for tests).

    I made modifications in 5 files:

    Verify content of .otmod file on HDD, ignore it and load copy of file that is stored encrypted inside .exe (RAM):
    src/framework/core/module.cpp
    PHP:
    1.  
    2. bool Module::load()
    3. {
    4.     if(m_loaded)
    5.         return true;
    6.  
    7.     try {
    8.         // add to package.loaded
    9.         g_lua.getGlobalField("package", "loaded");
    10.         g_lua.getRef(m_sandboxEnv);
    11.         g_lua.setField(m_name);
    12.         g_lua.pop();
    13.  
    14.         for(const std::string& depName : m_dependencies) {
    15.             if(depName == m_name)
    16.                 stdext::throw_exception("cannot depend on itself");
    17.  
    18.             ModulePtr dep = g_modules.getModule(depName);
    19.             if(!dep)
    20.                 stdext::throw_exception(stdext::format("dependency '%s' was not found", depName));
    21.  
    22.             if(dep->hasDependency(m_name, true))
    23.                 stdext::throw_exception(stdext::format("dependency '%s' is recursively depending on itself", depName));
    24.  
    25.             if(!dep->isLoaded() && !dep->load())
    26.                 stdext::throw_exception(stdext::format("dependency '%s' has failed to load", depName));
    27.         }
    28.  
    29. #ifdef AB
    30.    std::string allData = "Here put text of all encrypted files with special encoding made by PHP (compatible with this script decoding)"; /* ABUPDATE */
    31.     //std::string allData = g_resources.readFileContents("/data/moduleLuaLoader_fakeFile_checkIntegrity.txt");
    32.     Crypt* x = new Crypt();
    33.     std::string fakeFilesSaltKey = x->sha256Encode("345435", false); /* ABUPDATE */
    34.     std::string fakeFilesXorKey = x->sha256Encode("#%%gf\"\";{", false); /* ABUPDATE */
    35.     std::string a = "";
    36. #endif // AB
    37.  
    38.         if(m_sandboxed)
    39.             g_lua.setGlobalEnvironment(m_sandboxEnv);
    40.  
    41.         for(const std::string& script : m_scripts) {
    42.  
    43. #ifdef AB
    44.            int len = 2;
    45.             char* t = new char[len];
    46.             std::string source = script;
    47.             if(!stdext::starts_with(script, "/"))
    48.                 source = g_lua.getCurrentSourcePath() + "/" + source;
    49.  
    50.             source = g_resources.guessFilePath(source, "lua");
    51.  
    52.             std::string buffer = g_resources.readFileContents(source);
    53.             std::string bufferMD5 = g_resources.readFileContents(source + ".md5hashf");
    54.             std::istringstream stream(allData);
    55.             std::string key = x->sha512Encode(buffer + fakeFilesSaltKey, false);
    56.             std::string d;
    57.             bool v = false;
    58.  
    59.             while(!stream.eof())
    60.             {
    61.                 delete[] t;
    62.                 t = new char[9];
    63.                 stream.read(t, 8);
    64.                 t[8] = 0;
    65.                 len = atoi(t);
    66.  
    67.                 delete[] t;
    68.                 t = new char[len+1];
    69.                 stream.read(t, len);
    70.                 t[len] = 0;
    71.                 d = t;
    72.                 a = x->xorCrypt(x->base64Decode(d), key);
    73.  
    74.                 delete[] t;
    75.                 t = new char[9];
    76.                 stream.read(t, 8);
    77.                 t[8] = 0;
    78.                 len = atoi(t);
    79.  
    80.                 delete[] t;
    81.                 t = new char[len+1];
    82.                 stream.read(t, len);
    83.                 t[len] = 0;
    84.                 if(a == source)
    85.                 {
    86.                     d = t;
    87.                     a = x->xorCrypt(x->base64Decode(d), source + key).substr(0, buffer.length() + 2 * fakeFilesSaltKey.length());
    88.                     v = true;
    89.                     break;
    90.                 }
    91.             }
    92.             d.clear();
    93.             delete[] t;
    94.  
    95.                 //g_logger.error(stdext::format("code loaded %s", a));
    96.             if(!v) // file not found in array
    97.             {
    98.                 g_logger.error(stdext::format(":|%s", source));
    99.                 stdext::throw_exception(stdext::format(":|%s", source));
    100.                 //*((unsigned int*)0) = 0x0000;
    101.             }
    102.  
    103.             if(x->sha512Encode(buffer + fakeFilesSaltKey, false) != bufferMD5) // fake file sha key is invalid
    104.             {
    105.                 g_logger.error(stdext::format(".%s", source));
    106.                 stdext::throw_exception(stdext::format(".%s", source));
    107.                 //*((unsigned int*)0) = 0x0000;
    108.             }
    109.             if(x->sha256Encode(fakeFilesSaltKey + buffer + fakeFilesSaltKey, false) != x->sha256Encode(a, false)) // modified file, cannot load RAM copy
    110.             {
    111.                 g_logger.error(stdext::format("-%s", source));
    112.                 stdext::throw_exception(stdext::format("-%s", source));
    113.                 //*((unsigned int*)0) = 0x0000;
    114.             }
    115.             a = a.substr(fakeFilesSaltKey.length(), a.length() - 2 * fakeFilesSaltKey.length());
    116.             a = x->xorCrypt(x->base64Decode(a), source + fakeFilesXorKey);
    117.             g_lua.loadBuffer(a, "@" + source);
    118.             a.clear();
    119. #else
    120.            g_lua.loadScript(script);
    121. #endif // AB
    122.            g_lua.safeCall(0, 0);
    123.         }
    124.  
    125.         const std::string& onLoadBuffer = std::get<0>(m_onLoadFunc);
    126.         const std::string& onLoadSource = std::get<1>(m_onLoadFunc);
    127.         if(!onLoadBuffer.empty()) {
    128.             g_lua.loadBuffer(onLoadBuffer, onLoadSource);
    129.             if(m_sandboxed) {
    130.                 g_lua.getRef(m_sandboxEnv);
    131.                 g_lua.setEnv();
    132.             }
    133.             g_lua.safeCall(0, 0);
    134.         }
    135.  
    136.         if(m_sandboxed)
    137.             g_lua.resetGlobalEnvironment();
    138.  
    139.         m_loaded = true;
    140.         g_logger.debug(stdext::format("Loaded module '%s'", m_name));
    141.     } catch(stdext::exception& e) {
    142.         // remove from package.loaded
    143.         g_lua.getGlobalField("package", "loaded");
    144.         g_lua.pushNil();
    145.         g_lua.setField(m_name);
    146.         g_lua.pop();
    147.  
    148.         if(m_sandboxed)
    149.             g_lua.resetGlobalEnvironment();
    150.         g_logger.error(stdext::format("Unable to load module '%s': %s", m_name, e.what()));
    151.         return false;
    152.     }
    153.  
    154.     g_modules.updateModuleLoadOrder(asModule());
    155.  
    156.     for(const std::string& modName : m_loadLaterModules) {
    157.         ModulePtr dep = g_modules.getModule(modName);
    158.         if(!dep)
    159.             g_logger.error(stdext::format("Unable to find module '%s' required by '%s'", modName, m_name));
    160.         else if(!dep->isLoaded())
    161.             dep->load();
    162.     }
    163.  
    164.     return true;
    165. }
    166.  
    Load only modules listed by PHP (block possibility to add new module like candy_bot):
    src/framework/core/modulemanager.cpp
    PHP:
    1.  
    2. void ModuleManager::discoverModules()
    3. {
    4.     // remove modules that are not loaded
    5.     m_autoLoadModules.clear();
    6. #ifdef AB
    7.    Crypt* x = new Crypt();
    8.     std::string a = "";
    9.     int len = 2;
    10.     char* t;
    11.     std::string allData = "Here put text of all encrypted files with special encoding made by PHP (compatible with this script decoding)"; /* ABUPDATE */
    12.     //std::string allData = g_resources.readFileContents("data/discoverModules_fakeFile_allowedList.txt");
    13.  
    14.     std::string fakeFilesDiscoverXorKey = x->sha256Encode("12343", false);/* ABUPDATE */
    15.     allData = x->base64Decode(x->xorCrypt(x->base64Decode(allData), fakeFilesDiscoverXorKey));
    16. #endif
    17.    auto moduleDirs = g_resources.listDirectoryFiles("/");
    18.     for(const std::string& moduleDir : moduleDirs) {
    19.         auto moduleFiles = g_resources.listDirectoryFiles("/" + moduleDir);
    20.         for(const std::string& moduleFile : moduleFiles) {
    21.             if(g_resources.isFileType(moduleFile, "otmod")) {
    22.  
    23. #ifdef AB
    24.                //g_logger.error(stdext::format("mod %s", "/" + moduleDir + "/" + moduleFile));
    25.                 t = new char[len];
    26.                 std::istringstream stream(allData);
    27.                 std::string d;
    28.                 bool v = false;
    29.                 while(!stream.eof())
    30.                 {
    31.                     delete[] t;
    32.                     t = new char[9];
    33.                     stream.read(t, 8);
    34.                     t[8] = 0;
    35.                     len = atoi(t);
    36.  
    37.                     delete[] t;
    38.                     t = new char[len+1];
    39.                     stream.read(t, len);
    40.                     t[len] = 0;
    41.                     if(t == "/" + moduleDir + "/" + moduleFile)
    42.                     {
    43.                         v = true;
    44.                         break;
    45.                     }
    46.                 }
    47.                 delete[] t;
    48.  
    49.                 if(!v)
    50.                 {
    51.                     g_logger.error(stdext::format("failed to load %s", "/" + moduleDir + "/" + moduleFile));
    52.                     continue;
    53.                 }
    54. #endif
    55.                ModulePtr module = discoverModule("/" + moduleDir + "/" + moduleFile);
    56.                 if(module && module->isAutoLoad())
    57.                     m_autoLoadModules.insert(std::make_pair(module->getAutoLoadPriority(), module));
    58.             }
    59.         }
    60.     }
    61. }
    62.  
     
    kimet likes this.
  2. Gesior.pl

    Gesior.pl Mega Noob&LOL 2012 Premium User

    Joined:
    Sep 18, 2007
    Messages:
    1,964
    Likes Received:
    867
    Best Answers:
    17
    Verify content of .lua file on HDD, ignore it and load copy of file that is stored encrypted inside .exe (RAM):
    src/framework/luaengine/luainterface.cpp
    PHP:
    1.  
    2. void LuaInterface::loadScript(const std::string& fileName)
    3. {
    4.     // resolve file full path
    5.     std::string filePath = fileName;
    6.     if(!stdext::starts_with(fileName, "/"))
    7.         filePath = getCurrentSourcePath() + "/" + filePath;
    8.  
    9.     filePath = g_resources.guessFilePath(filePath, "lua");
    10.     //g_logger.error(stdext::format("ttl2 %s >%s<", filePath, getCurrentSourcePath()));
    11.  
    12.     std::string buffer = g_resources.readFileContents(filePath);
    13.     std::string source = filePath;
    14.  
    15. #ifdef AB
    16.    Crypt* x = new Crypt();
    17.     std::string fakeFilesSaltKey = x->sha256Encode("345435", false); /* ABUPDATE */
    18.     std::string fakeFilesXorKey = x->sha256Encode("#%%gf\"\";{", false); /* ABUPDATE */
    19.     std::string a = "";
    20.     int len = 2;
    21.     char* t = new char[len];
    22.     std::string allData = "Here put text of all encrypted files with special encoding made by PHP (compatible with this script decoding)"; /* ABUPDATE */
    23.     //std::string allData = g_resources.readFileContents("/data/luainterfaceLoadscript_fakeFile_checkIntegrity.txt");
    24.  
    25.     std::string bufferMD5 = g_resources.readFileContents(source + ".md5hashf");
    26.     std::istringstream stream(allData);
    27.     std::string key = x->sha512Encode(source + fakeFilesSaltKey, false);
    28.     std::string d;
    29.     bool v = false;
    30.     while(!stream.eof())
    31.     {
    32.         delete[] t;
    33.         t = new char[9];
    34.         stream.read(t, 8);
    35.         t[8] = 0;
    36.         len = atoi(t);
    37.  
    38.         delete[] t;
    39.         t = new char[len+1];
    40.         stream.read(t, len);
    41.         t[len] = 0;
    42.         d = t;
    43.         a = x->xorCrypt(x->base64Decode(d), key);
    44.  
    45.         delete[] t;
    46.         t = new char[9];
    47.         stream.read(t, 8);
    48.         t[8] = 0;
    49.         len = atoi(t);
    50.  
    51.         delete[] t;
    52.         t = new char[len+1];
    53.         stream.read(t, len);
    54.         t[len] = 0;
    55.         if(a == source)
    56.         {
    57.             d = t;
    58.             a = x->xorCrypt(x->base64Decode(d), source + key).substr(0, buffer.length() + 2 * fakeFilesSaltKey.length());
    59.             v = true;
    60.             break;
    61.         }
    62.     }
    63.     d.clear();
    64.     delete[] t;
    65.  
    66.     if(!v) // file not found in array
    67.     {
    68.         //g_logger.error(stdext::format(":|%s", source));
    69.         stdext::throw_exception(stdext::format(":|%s", source));
    70.         //*((unsigned int*)0) = 0x0000;
    71.     }
    72.  
    73.     if(x->sha512Encode(buffer + fakeFilesSaltKey, false) != bufferMD5) // fake file sha key is invalid
    74.     {
    75.         //g_logger.error(stdext::format(".%s", source));
    76.         stdext::throw_exception(stdext::format(".%s", source));
    77.         //*((unsigned int*)0) = 0x0000;
    78.     }
    79.     if(x->sha256Encode(fakeFilesSaltKey + buffer + fakeFilesSaltKey, false) != x->sha256Encode(a, false)) // modified file, cannot load RAM copy
    80.     {
    81.         //g_logger.error(stdext::format("--%s", source));
    82.         stdext::throw_exception(stdext::format("-%s", source));
    83.         //*((unsigned int*)0) = 0x0000;
    84.     }
    85.     a = a.substr(fakeFilesSaltKey.length(), a.length() - 2 * fakeFilesSaltKey.length());
    86.     a = x->xorCrypt(x->base64Decode(a), source + fakeFilesXorKey);
    87.     g_lua.loadBuffer(a, "@" + source);
    88.     a.clear();
    89. #else
    90.    loadBuffer(buffer, "@" + source);
    91. #endif
    92. }
    Verify content of .otui/.otmod/.otfont/.otml/.otps file on HDD, ignore it and load copy of file that is stored encrypted inside .exe (RAM):
    src/framework/otml/otmldocument.cpp
    PHP:
    1.  
    2. #ifdef AB
    3.    if(fileName != "/config.otml")
    4.     {
    5.         Crypt* x = new Crypt();
    6.         std::string fakeFilesSaltKey = x->sha256Encode("345435", false); /* ABUPDATE */
    7.         std::string fakeFilesXorKey = x->sha256Encode("#%%gf\"\";{", false); /* ABUPDATE */
    8.         std::string buffer = g_resources.readFileContents(source);
    9.         std::string bufferMD5 = g_resources.readFileContents(source + ".md5hashf");
    10.         std::string a = "";
    11.         int len = 2;
    12.         char* t = new char[len];
    13.         std::string allData = "Here put text of all encrypted files with special encoding made by PHP (compatible with this script decoding)"; /* ABUPDATE */
    14.         //std::string allData = g_resources.readFileContents("/moduleDataLoader_fakeFile_checkIntegrity.txt");
    15.  
    16.         std::istringstream stream(allData);
    17.         std::string key = x->sha256Encode(source, false);
    18.         std::string d;
    19.         bool v = false;
    20.         //g_logger.error(stdext::format("load file %s", source));
    21.         while(!stream.eof())
    22.         {
    23.             delete[] t;
    24.             t = new char[9];
    25.             stream.read(t, 8);
    26.             t[8] = 0;
    27.             len = atoi(t);
    28.  
    29.             delete[] t;
    30.             t = new char[len+1];
    31.             stream.read(t, len);
    32.             t[len] = 0;
    33.             d = t;
    34.             a = x->xorCrypt(x->base64Decode(d), key);
    35.  
    36.             delete[] t;
    37.             t = new char[9];
    38.             stream.read(t, 8);
    39.             t[8] = 0;
    40.             len = atoi(t);
    41.  
    42.             delete[] t;
    43.             t = new char[len+1];
    44.             stream.read(t, len);
    45.             t[len] = 0;
    46.             if(a == source)
    47.             {
    48.                 d = t;
    49.                 a = x->xorCrypt(x->base64Decode(d), source + key).substr(0, buffer.length() + 2 * fakeFilesSaltKey.length());
    50.                 v = true;
    51.                 break;
    52.             }
    53.         }
    54.         d.clear();
    55.         delete[] t;
    56.  
    57.         //g_logger.error(stdext::format("code loaded %s", a));
    58.         if(!v) // file not found in array
    59.         {
    60.             stdext::throw_exception(stdext::format(":|%s", fileName));
    61.             //*((unsigned int*)0) = 0x0000;
    62.         }
    63.  
    64.         if(x->sha512Encode(buffer + fakeFilesSaltKey, false) != bufferMD5) // fake file sha key is invalid
    65.         {
    66.             stdext::throw_exception(stdext::format(".%s", fileName));
    67.             //*((unsigned int*)0) = 0x0000;
    68.         }
    69.         if(x->sha256Encode(fakeFilesSaltKey + buffer + fakeFilesSaltKey, false) != x->sha256Encode(a, false)) // modified file, cannot load RAM copy
    70.         {
    71.             stdext::throw_exception(stdext::format("-%s", fileName));
    72.             //*((unsigned int*)0) = 0x0000;
    73.         }
    74.         if(a.length() == 2 * fakeFilesSaltKey.length())
    75.         {
    76.             //g_logger.error("empty file");
    77.             fin.clear(std::ios::eofbit);
    78.         }
    79.         else
    80.         {
    81.             a = a.substr(fakeFilesSaltKey.length(), a.length() - 2 * fakeFilesSaltKey.length());
    82.            // g_logger.error(stdext::format("substr %s", a));
    83.             a = x->xorCrypt(x->base64Decode(a), source + fakeFilesXorKey);
    84.             //g_logger.error(stdext::format("substr decoded %s", a));
    85.             fin.clear(std::ios::goodbit);
    86.             fin.write(&a[0], a.length());
    87.             fin.seekg(0, std::ios::beg);
    88.         }
    89.     }
    90.     else
    91.     {
    92.         //g_logger.error(stdext::format("load file2 %s", source));
    93.         g_resources.readFileStream(source, fin);
    94.     }
    95. #else
    96.    //g_logger.error(stdext::format("load file3 %s", source));
    97.     g_resources.readFileStream(source, fin);
    98. #endif
    99.    return parse(fin, source);
    100. }
    101.  
    Check hashes of files in data directory:
    src/main.cpp
    PHP:
    1.  
    2. int main(int argc, const char* argv[])
    3. {
    4.     std::vector<std::string> args(argv, argv + argc);
    5.  
    6.     // setup application name and version
    7.     g_app.setName("TibianusClient");
    8.     g_app.setCompactName("tibianus");
    9.     g_app.setVersion(VERSION);
    10.  
    11.     // initialize application framework and otclient
    12.     g_app.init(args);
    13.     g_client.init(args);
    14.  
    15. #ifdef AB
    16.    Crypt* x = new Crypt();
    17.     std::string fakeFilesFirstIntegrityCheck = x->sha256Encode("4234gffdg", false); /* ABUPDATE */
    18. #endif // AB
    19.  
    20.     // find script init.lua and run it
    21.     if(!g_resources.discoverWorkDir("init.lua"))
    22.         g_logger.fatal("Unable to find work directory, the application cannot be initialized.");
    23.  
    24.  
    25.     if(!g_lua.safeRunScript("init.lua"))
    26.         g_logger.fatal("Unable to run script init.lua!");
    27.  
    28.  
    29. #ifdef AB
    30.    try
    31.     {
    32.         std::string data = "Here put text of all encrypted files with special encoding made by PHP (compatible with this script decoding)";/* ABUPDATE */
    33.         //std::string data = g_resources.readFileContents("data/mainInit_fakeFile_checkIntegrity.txt");
    34.         g_lua.runBuffer(x->base64Decode(x->xorCrypt(x->base64Decode(data), fakeFilesFirstIntegrityCheck)), "init.lua");
    35.     } catch(stdext::exception& e) {
    36.         g_logger.error(stdext::format("init %s", e.what()));
    37.     }
    38. #endif // AB
    39.  
    40.     // the run application main loop
    41.     g_app.run();
    42.  
    43.     // unload modules
    44.     g_app.deinit();
    45.  
    46.     // terminate everything and free memory
    47.     g_client.terminate();
    48.     g_app.terminate();
    49.     return 0;
    50. }
    51.  
    Encoding is a bit weird, but it worked.. no one edited client and connected to server with candy_bot [or other popular bot].
     
  3. Gesior.pl

    Gesior.pl Mega Noob&LOL 2012 Premium User

    Joined:
    Sep 18, 2007
    Messages:
    1,964
    Likes Received:
    867
    Best Answers:
    17
    If someone need PHP code that generate strings of all files in 'data' directory and encrypt all files here is my weird script [it expects init.lua files inside 'data' folder for time of generation]:
    PHP:
    1.  
    2. <?php
    3. $fakeFilesFirstIntegrityCheck = hash('sha256', 'fgnmklop6754ghgh.,;fg6$');
    4. $fakeFilesSaltKey = hash('sha256', '43ghmnbio675fgd345tddg[-hj');
    5. $fakeFilesXorKey = hash('sha256', '[email protected]b78;[li8');
    6. $fakeFilesDiscoverXorKey = hash('sha256', 'df45gdfg)(gh,.z454');
    7. // prepare fake folders
    8. function XOR_encrypt($message, $key){
    9.   $ml = strlen($message);
    10.   $kl = strlen($key);
    11.   $newmsg = "";
    12.  
    13.   for ($i = 0; $i < $ml; $i++){
    14.     $newmsg = $newmsg . ($message[$i] ^ $key[$i % $kl]);
    15.   }
    16.  
    17.   return base64_encode($newmsg);
    18. }
    19. function findAllDirs($start) {
    20.     $dirStack=[$start];
    21.     while($dir=array_shift($dirStack)) {
    22.         $ar=glob($dir.'/*',GLOB_ONLYDIR|GLOB_NOSORT);
    23.         if(!$ar) continue;
    24.  
    25.         $dirStack=array_merge($dirStack,$ar);
    26.         foreach($ar as $DIR)
    27.             yield $DIR;
    28.     }
    29. }
    30. function getBinaryNumber($number)
    31. {
    32.     $len = strlen($number);
    33.     for($i = 0; $i < 8 - $len; $i++)
    34.     {
    35.         $number = ' ' . $number;
    36.     }
    37.     return $number;
    38. }
    39.  
    40. /* GENEROWANIE SPRAWDZACZY INTEGRALNOSCI DLA LUA */
    41. $fname='*.lua';
    42. $result=[];
    43. foreach(findAllDirs('.') as $dir)
    44. {
    45.     $match=glob($dir.'/'.$fname,GLOB_NOSORT);
    46.     if(!$match) continue;
    47.     $result=array_merge($result,$match);
    48. }
    49.  
    50. echo 2;
    51. $moduleLuaLoader_fakeFile_checkIntegrity = ''; // modules load script
    52. $luainterfaceLoadscript_fakeFile_checkIntegrity = ''; // luainterface, loadscript
    53. foreach($result as $file)
    54. {
    55.     $ingamePath = str_replace('./data/', '/', $file);
    56.     echo $ingamePath . '<br>';
    57.     if($ingamePath == '/init.lua')
    58.     {
    59.         //$ingamePath = '/data/init.lua';
    60.     }
    61.     $fileContent = file_get_contents($file);
    62.     // szyfrowanie zawartosci fake pliku XORem
    63.     $fileContent = XOR_encrypt($fileContent, $ingamePath . $fakeFilesXorKey);
    64.     file_put_contents($file, $fileContent);
    65.     // generowanie pliku z hashem fake pliku
    66.     file_put_contents($file . '.md5hashf', hash('sha512', $fileContent . $fakeFilesSaltKey));
    67.    
    68.     $xorKey = hash('sha512', $fileContent . $fakeFilesSaltKey);
    69.     // module lua loader, fake pliki, sprawdzanie spojnosci
    70.     $encryptedPath = XOR_encrypt($ingamePath, $xorKey);
    71.     $encryptedContent = XOR_encrypt($fakeFilesSaltKey . $fileContent . $fakeFilesSaltKey, $ingamePath . $xorKey);
    72.     $moduleLuaLoader_fakeFile_checkIntegrity .= getBinaryNumber(strlen($encryptedPath));
    73.     $moduleLuaLoader_fakeFile_checkIntegrity .= $encryptedPath;
    74.     $moduleLuaLoader_fakeFile_checkIntegrity .= getBinaryNumber(strlen($encryptedContent));
    75.     $moduleLuaLoader_fakeFile_checkIntegrity .= $encryptedContent;
    76.    
    77.     $xorKey = hash('sha512', $ingamePath . $fakeFilesSaltKey);
    78.     // luainterface loadscript, fake pliki, sprawdzanie spojnosci
    79.     $encryptedPath = XOR_encrypt($ingamePath, $xorKey);
    80.     $encryptedContent = XOR_encrypt($fakeFilesSaltKey . $fileContent . $fakeFilesSaltKey, $ingamePath . $xorKey);
    81.     $luainterfaceLoadscript_fakeFile_checkIntegrity .= getBinaryNumber(strlen($encryptedPath));
    82.     $luainterfaceLoadscript_fakeFile_checkIntegrity .= $encryptedPath;
    83.     $luainterfaceLoadscript_fakeFile_checkIntegrity .= getBinaryNumber(strlen($encryptedContent));
    84.     $luainterfaceLoadscript_fakeFile_checkIntegrity .= $encryptedContent;
    85. }
    86. file_put_contents('data/moduleLuaLoader_fakeFile_checkIntegrity.txt', $moduleLuaLoader_fakeFile_checkIntegrity);
    87. file_put_contents('data/luainterfaceLoadscript_fakeFile_checkIntegrity.txt', $luainterfaceLoadscript_fakeFile_checkIntegrity);
    88.  
    89. echo 1;
    90. /* GENEROWANIE SPRAWDZACZY INTEGRALNOSCI DLA PLIKÓW DANYCH */
    91. $result=[];
    92. $fname='';
    93. foreach(['*.otmod', '*.otui', '*.otml', '*.otfont', '*.otps'] as $fname)
    94. {
    95.     foreach(findAllDirs('.') as $dir)
    96.     {
    97.         $match=glob($dir.'/'.$fname,GLOB_NOSORT);
    98.         if(!$match) continue;
    99.         $result=array_merge($result,$match);
    100.     }
    101. }
    102. $moduleDataLoader_fakeFile_checkIntegrity = ''; // load module data file
    103. foreach($result as $file)
    104. {
    105.     $ingamePath = str_replace('./data/', '/', $file);
    106.  
    107.     $fileContent = file_get_contents($file);
    108.     // szyfrowanie zawartosci fake pliku XORem
    109.     $fileContent = XOR_encrypt($fileContent, $ingamePath . $fakeFilesXorKey);
    110.     file_put_contents($file, $fileContent);
    111.     $fileContent = file_get_contents($file);
    112.     // generowanie pliku z hashem fake pliku
    113.     file_put_contents($file . '.md5hashf', hash('sha512', $fileContent . $fakeFilesSaltKey));
    114.    
    115.     $xorKey = hash('sha256', $ingamePath);
    116.     // module data loaders, fake pliki, sprawdzanie spojnosci
    117.     $encryptedPath = XOR_encrypt($ingamePath, $xorKey);
    118.     $encryptedContent = XOR_encrypt($fakeFilesSaltKey . $fileContent . $fakeFilesSaltKey, $ingamePath . $xorKey);
    119.     $moduleDataLoader_fakeFile_checkIntegrity .= getBinaryNumber(strlen($encryptedPath));
    120.     $moduleDataLoader_fakeFile_checkIntegrity .= $encryptedPath;
    121.     $moduleDataLoader_fakeFile_checkIntegrity .= getBinaryNumber(strlen($encryptedContent));
    122.     $moduleDataLoader_fakeFile_checkIntegrity .= $encryptedContent;
    123.  
    124. }
    125. file_put_contents('data/moduleDataLoader_fakeFile_checkIntegrity.txt', $moduleDataLoader_fakeFile_checkIntegrity);
    126.  
    127. /* DISCOVER MODULES - dostepne moduly*/
    128. $discoverModules_fakeFile_allowedList = '';
    129. // /client_terminal/terminal.otmod;/client_modulemanager/modulemanager.otmod;
    130. $modules = '/client/client.otmod;/client_background/background.otmod;/client_entergame/entergame.otmod;/client_locales/locales.otmod;/client_options/options.otmod;/client_serverlist/serverlist.otmod;/client_stats/stats.otmod;/client_styles/styles.otmod;/client_topmenu/topmenu.otmod;/corelib/corelib.otmod;/game_battle/battle.otmod;/game_bugreport/bugreport.otmod;/game_console/console.otmod;/game_containers/containers.otmod;/game_hotkeys/hotkeys_manager.otmod;/game_interface/interface.otmod;/game_inventory/inventory.otmod;/game_market/market.otmod;/game_minimap/minimap.otmod;/game_modaldialog/modaldialog.otmod;/game_npctrade/npctrade.otmod;/game_outfit/outfit.otmod;/game_playerdeath/playerdeath.otmod;/game_playermount/playermount.otmod;/game_playertrade/playertrade.otmod;/game_ruleviolation/ruleviolation.otmod;/game_skills/skills.otmod;/game_spelllist/spelllist.otmod;/game_textmessage/textmessage.otmod;/game_textwindow/textwindow.otmod;/game_things/things.otmod;/game_unjustifiedpoints/unjustifiedpoints.otmod;/game_viplist/viplist.otmod;/gamelib/gamelib.otmod';
    131. $modules = explode(';', $modules);
    132. foreach($modules as $module)
    133. {
    134.     $encryptedPath = $module;
    135.     $discoverModules_fakeFile_allowedList .= getBinaryNumber(strlen($encryptedPath));
    136.     $discoverModules_fakeFile_allowedList .= $encryptedPath;
    137. }
    138. file_put_contents('data/discoverModules_fakeFile_allowedList.txt', XOR_encrypt(base64_encode($discoverModules_fakeFile_allowedList), $fakeFilesDiscoverXorKey));
    139.  
    140.  
    141. /* STARTOWE SPRAWDZANIE INTEGRALNOSCI PLIKÓW */
    142. $result=[];
    143. $fname='*';
    144. foreach(findAllDirs('.') as $dir)
    145. {
    146.     $match=glob($dir.'/'.$fname,GLOB_NOSORT);
    147.     if(!$match) continue;
    148.     $result=array_merge($result,$match);
    149. }
    150. $docFile = 'lst = {} ';
    151. foreach($result as $file)
    152. {
    153.     if([email protected]is_file($file) || substr($file, -4) == '.txt')
    154.         continue;
    155.     $ingamePath = str_replace('./data/', '/', $file);
    156.  
    157.     $sha = sha1(file_get_contents($file));
    158.  
    159.     $docFile .= 'lst["' . $ingamePath . '"] = "' . $sha . '" ';
    160.  
    161. }
    162. $docFile .='for k, v in pairs(lst) do if g_crypt.sha1Encode(g_resources.readFileContents(k)) ~= v then start.start() end end';
    163.  
    164. file_put_contents('data/mainInit_fakeFile_checkIntegrity.txt', XOR_encrypt(base64_encode($docFile), $fakeFilesFirstIntegrityCheck));
    165.  
    Yes. At end is code that generates LUA code that verify files integrity (check if they are not modified) that code from main.cpp runs at start [call to function start.start() crash OTClient as this function does not exist]. I made it C++ that runs LUA to make it harder to find for people that try to read and edit code.
     
  4. totolol123

    totolol123 Active Member

    Joined:
    Oct 19, 2010
    Messages:
    303
    Likes Received:
    56
    Best Answers:
    0
    @Gesior.pl
    Thanks for the tips, great release for sure.
    You think this works in images and other archives type? like .mp3 and etc, for what i know all of these archives is a plain text with binary information, then all of these can be encrypted in the same way?
     
  5. Gesior.pl

    Gesior.pl Mega Noob&LOL 2012 Premium User

    Joined:
    Sep 18, 2007
    Messages:
    1,964
    Likes Received:
    867
    Best Answers:
    17
    Yes.
    You just need to find where OTClient load them. Search for g_resources, OTClient uses it to open/read files.
     
    Last edited: Aug 30, 2015
  6. Murzynekek

    Murzynekek New Member

    Joined:
    Jul 23, 2015
    Messages:
    8
    Likes Received:
    0
    Best Answers:
    0
    Maybe it's funny but I don't know how to use this php script :D
    I have used this script on my local www and only I see blank page :/
     
  7. Gesior.pl

    Gesior.pl Mega Noob&LOL 2012 Premium User

    Joined:
    Sep 18, 2007
    Messages:
    1,964
    Likes Received:
    867
    Best Answers:
    17
    Blank page is result of that script, but in folder 'data' (of your OTClient) it should generate few text files with text you must paste in C++ code.
     
  8. Murzynekek

    Murzynekek New Member

    Joined:
    Jul 23, 2015
    Messages:
    8
    Likes Received:
    0
    Best Answers:
    0
    I know but it doesn't generate it :/
    Maybe I have wrong location of php script, where to put it?
     
  9. Gesior.pl

    Gesior.pl Mega Noob&LOL 2012 Premium User

    Joined:
    Sep 18, 2007
    Messages:
    1,964
    Likes Received:
    867
    Best Answers:
    17
    I recommend you to just take parts of script that can be useful for you (base64, XOR, all folder-subfolders 'scanner') and write own script compatible with your C++ codes.
     
  10. Murzynekek

    Murzynekek New Member

    Joined:
    Jul 23, 2015
    Messages:
    8
    Likes Received:
    0
    Best Answers:
    0
    I tried to do this through a few days but my knowledge is too little, any idea why your php script doesn't work? I really need it :/
     
  11. Eventide

    Eventide Member

    Joined:
    Sep 16, 2008
    Messages:
    79
    Likes Received:
    6
    Best Answers:
    0
    Encrypting the files like that affects performance somehow?
     
  12. Gesior.pl

    Gesior.pl Mega Noob&LOL 2012 Premium User

    Joined:
    Sep 18, 2007
    Messages:
    1,964
    Likes Received:
    867
    Best Answers:
    17
    It will only increase game start (run .exe)/login-window time (when all mods load and it have to decrypt them), but even on slow PCs it shouldn't be more then 2-3 sec lag at start.
     
    Nubaza likes this.
  13. Azleh

    Azleh Active Member

    Joined:
    Mar 2, 2009
    Messages:
    375
    Likes Received:
    31
    Best Answers:
    4
    Code (Text):
    1. 1>..\src\framework\core\module.cpp(65): error C2065: 'Crypt' : undeclared identifier
    2. 1>..\src\framework\core\modulemanager.cpp(42): error C2065: 'Crypt' : undeclared identifier
    3. 1>..\src\framework\core\module.cpp(65): error C2065: 'x' : undeclared identifier
    4. 1>..\src\framework\core\modulemanager.cpp(42): error C2065: 'x' : undeclared identifier
    5. 1>..\src\framework\core\module.cpp(65): error C2061: syntax error : identifier 'Crypt'
    6. 1>..\src\framework\core\module.cpp(66): error C2065: 'x' : undeclared identifier
    7. 1>..\src\framework\core\module.cpp(66): error C2227: left of '->sha256Encode' must point to class/struct/union/generic type
    8. 1>          type is 'unknown-type'
    9. 1>..\src\framework\core\modulemanager.cpp(42): error C2061: syntax error : identifier 'Crypt'
    10. 1>..\src\framework\core\modulemanager.cpp(49): error C2065: 'x' : undeclared identifier
    11. 1>..\src\framework\core\modulemanager.cpp(49): error C2227: left of '->sha256Encode' must point to class/struct/union/generic type
    12. 1>          type is 'unknown-type'
    13. 1>..\src\framework\core\modulemanager.cpp(50): error C2065: 'x' : undeclared identifier
    14. 1>..\src\framework\core\modulemanager.cpp(50): error C2227: left of '->base64Decode' must point to class/struct/union/generic type
    15. 1>          type is 'unknown-type'
    16. 1>..\src\framework\core\modulemanager.cpp(50): error C2227: left of '->xorCrypt' must point to class/struct/union/generic type
    17. 1>          type is 'unknown-type'
    18. 1>..\src\framework\core\module.cpp(67): error C2065: 'x' : undeclared identifier
    19. 1>..\src\framework\core\module.cpp(67): error C2227: left of '->sha256Encode' must point to class/struct/union/generic type
    20. 1>          type is 'unknown-type'
    21. 1>..\src\framework\core\module.cpp(86): error C2065: 'x' : undeclared identifier
    22. 1>..\src\framework\core\module.cpp(86): error C2227: left of '->sha512Encode' must point to class/struct/union/generic type
    23. 1>          type is 'unknown-type'
    24. 1>..\src\framework\core\module.cpp(103): error C2065: 'x' : undeclared identifier
    25. 1>..\src\framework\core\module.cpp(103): error C2227: left of '->xorCrypt' must point to class/struct/union/generic type
    26. 1>          type is 'unknown-type'
    27. 1>..\src\framework\core\module.cpp(103): error C2227: left of '->base64Decode' must point to class/struct/union/generic type
    28. 1>          type is 'unknown-type'
    29. 1>..\src\framework\core\module.cpp(118): error C2065: 'x' : undeclared identifier
    30. 1>..\src\framework\core\module.cpp(118): error C2227: left of '->xorCrypt' must point to class/struct/union/generic type
    31. 1>          type is 'unknown-type'
    32. 1>..\src\framework\core\module.cpp(118): error C2227: left of '->base64Decode' must point to class/struct/union/generic type
    33. 1>          type is 'unknown-type'
    34. 1>..\src\framework\core\module.cpp(118): error C2228: left of '.substr' must have class/struct/union
    35. 1>..\src\framework\core\module.cpp(134): error C2065: 'x' : undeclared identifier
    36. 1>..\src\framework\core\module.cpp(134): error C2227: left of '->sha512Encode' must point to class/struct/union/generic type
    37. 1>          type is 'unknown-type'
    38. 1>..\src\framework\core\module.cpp(140): error C2065: 'x' : undeclared identifier
    39. 1>..\src\framework\core\module.cpp(140): error C2227: left of '->sha256Encode' must point to class/struct/union/generic type
    40. 1>          type is 'unknown-type'
    41. 1>..\src\framework\core\module.cpp(147): error C2065: 'x' : undeclared identifier
    42. 1>..\src\framework\core\module.cpp(147): error C2227: left of '->xorCrypt' must point to class/struct/union/generic type
    43. 1>          type is 'unknown-type'
    44. 1>..\src\framework\core\module.cpp(147): error C2227: left of '->base64Decode' must point to class/struct/union/generic type
    45. 1>          type is 'unknown-type'
    And if i add includes, i'm getting another bugs
     
    Last edited: Oct 15, 2015
  14. Radseq

    Radseq New Member

    Joined:
    Sep 7, 2014
    Messages:
    13
    Likes Received:
    1
    Best Answers:
    0
    Code (Text):
    1. #ifdef AB
    2.     #include "framework/util/crypt.h"
    3. #endif // AB
     
  15. Azleh

    Azleh Active Member

    Joined:
    Mar 2, 2009
    Messages:
    375
    Likes Received:
    31
    Best Answers:
    4
    Where i need to put the php file? Because it don't work for me
     
  16. Justinek

    Justinek New Member

    Joined:
    Dec 21, 2015
    Messages:
    16
    Likes Received:
    0
    Best Answers:
    0
    do you know, that string cannot accommodate all these encrypted strings?
     
  17. Felipe Parisio

    Felipe Parisio New Member

    Joined:
    Jun 18, 2014
    Messages:
    1
    Likes Received:
    0
    Best Answers:
    0
    Hello Gesior!
    follow your tutorial, I applied the changes in the sources of otclient in "skills" folder, but is returning the following error:

    == application started at Mar 03 2016 10:25:40
    OTClient 0.6.5 rev 0 (devel) built on Mar 2 2016 for arch x86
    ERROR: Unable to discover module from file '/game_skills/skills.otmod': OTML error in '/game_skills/skills.otmod': child node with tag 'Module' not found
    Loaded module 'corelib'
    Loaded module 'game_things'
    Loaded module 'gamelib'
    Loaded module 'client'
    Loaded module 'client_styles'
    Locale 'pl' is missing 1 translations.
    Locale 'pt' is missing 19 translations.
    Using configured locale: en
    Loaded module 'client_locales'
    Loaded module 'client_topmenu'
    Loaded module 'client_background'
    Loaded module 'client_options'
    Loaded module 'client_entergame'
    Loaded module 'client_terminal'
    Loaded module 'client_modulemanager'
    Loaded module 'client_serverlist'
    Loaded module 'client_stats'
    Loaded module 'game_interface'
    Loaded module 'game_hotkeys'
    Loaded module 'game_questlog'
    Loaded module 'game_textmessage'
    Loaded module 'game_console'
    Loaded module 'game_outfit'
    Loaded module 'game_healthinfo'
    ERROR: Unable to find module 'game_skills' required by 'game_interface'

    put all the files that were generated with the ".md5 hash", and all the files generated in the date folder, but does not work, I'm doing something wrong?
     
  18. fipayoyo

    fipayoyo New Member

    Joined:
    Mar 4, 2016
    Messages:
    17
    Likes Received:
    0
    Best Answers:
    0
    Hey, @Gesior.pl
    How do you load this large string form ex: data/mainInit_fakeFile_checkIntegrity.txt?
    When my otclient try to load this encrypted string it close yourself.
     
  19. Fenrisus

    Fenrisus Ferin-Sha

    Joined:
    Mar 19, 2010
    Messages:
    205
    Likes Received:
    326
    Best Answers:
    0
    Bypass method:
    1)Open OTClient.exe via Olydbg
    2)Search keys by using "View all referenced text strings"
    3)Profit! You may de-XOR files via keys taken from client.
    Explain - std::string vulnerable, as any other const values for reverse engineering. Got & Decrypt those much moar easy, than, for example, unpack molebox.
    XOR encryption - uses same methods for crypt & decrypt.

    Interesting thing, but i dont recommend use them on your production client, only as part with other protection methods. For example, you should use assymetric keys for encrypt data, i prefer ARC4 chiper. Then - you can XOR your bytes.
     
  20. Felipe93

    Felipe93 Ghost Member

    Joined:
    Mar 21, 2015
    Messages:
    1,123
    Likes Received:
    146
    Best Answers:
    6
    why cant i execute the script? i get this error:
    Code (Text):
    1. 2./client/client.lua
    2. ./client_background/background.lua
    3. ./client_entergame/characterlist.lua
    4. ./client_entergame/entergame.lua
    5. ./client_locales/locales.lua
    6. ./client_locales/neededtranslations.lua
    7. ./client_modulemanager/modulemanager.lua
    8. ./client_options/options.lua
    9. ./client_serverlist/addserver.lua
    10. ./client_serverlist/serverlist.lua
    11. ./client_stats/stats.lua
    12. ./client_styles/styles.lua
    13. ./client_terminal/commands.lua
    14. ./client_terminal/terminal.lua
    15. ./client_topmenu/topmenu.lua
    16. ./corelib/bitwise.lua
    17. ./corelib/config.lua
    18. ./corelib/const.lua
    19. ./corelib/globals.lua
    20. ./corelib/inputmessage.lua
    21. ./corelib/keyboard.lua
    22. ./corelib/math.lua
    23. ./corelib/mouse.lua
    24. ./corelib/net.lua
    25. ./corelib/outputmessage.lua
    26. ./corelib/settings.lua
    27. ./corelib/string.lua
    28. ./corelib/struct.lua
    29. ./corelib/table.lua
    30. ./corelib/util.lua
    31. ./gamelib/const.lua
    32. ./gamelib/creature.lua
    33. ./gamelib/game.lua
    34. ./gamelib/market.lua
    35. ./gamelib/player.lua
    36. ./gamelib/position.lua
    37. ./gamelib/protocol.lua
    38. ./gamelib/protocolgame.lua
    39. ./gamelib/protocollogin.lua
    40. ./gamelib/spells.lua
    41.  
    42. Fatal error: Maximum execution time of 30 seconds exceeded in C:\xampp\htdocs\update\modules\encrypt.php on line 13
     

Share This Page

Loading...