Author: serious snow
After a user clicks log on to the game, the server sends a piece of data to the local device:
The selected part is the random key sent from the server to the Local Machine (it is not known that the key combination is inappropriate because it will be encrypted as data ).... The rest are some data packet features and offset sizes...
Then this key is used for a series of processing .... The following authentication information is sent to the server:
The data in the selected part is the encrypted data .....
Next we will analyze this process... Of course the analysis below is not very detailed... Otherwise it will not be harmonious ....
First, let's take a look at the main encryption function. This function is very spectacular... No jump command exists for thousands of Assembly statements. IDA F5 can compile and run it after several modifications... The Code is as follows:Code:int code(BYTE *key, const void *a2)
{
DWORD result; // eax@1
BYTE *v3; // ebx@1
DWORD key1; // ebp@1
DWORD key3; // eax@1
DWORD key2; // edx@1
unsigned int v7; // eax@1
unsigned int v8; // ecx@1
unsigned int v9; // edx@1
unsigned int v10; // esi@1
unsigned int v11; // eax@1
unsigned int v12; // ecx@1
unsigned int v13; // edx@1
unsigned int v14; // esi@1
unsigned int v15; // eax@1
unsigned int v16; // ecx@1
unsigned int v17; // edx@1
unsigned int v18; // esi@1
unsigned int v19; // eax@1
unsigned int v20; // ecx@1
unsigned int v21; // edx@1
unsigned int v22; // esi@1
unsigned int v23; // eax@1
unsigned int v24; // ecx@1
unsigned int v25; // edx@1
unsigned int v26; // esi@1
unsigned int v27; // eax@1
unsigned int v28; // ecx@1
unsigned int v29; // edx@1
unsigned int v30; // esi@1
unsigned int v31; // eax@1
unsigned int v32; // ecx@1
unsigned int v33; // edx@1
unsigned int v34; // esi@1
unsigned int v35; // eax@1
unsigned int v36; // ecx@1
unsigned int v37; // edx@1
unsigned int v38; // esi@1
unsigned int v39; // eax@1
unsigned int v40; // edi@1
unsigned int v41; // ebp@1
unsigned int v42; // ecx@1
unsigned int v43; // eax@1
unsigned int v44; // edx@1
unsigned int v45; // esi@1
unsigned int v46; // ecx@1
unsigned int v47; // eax@1
unsigned int v48; // edx@1
unsigned int v49; // esi@1
unsigned int v50; // ecx@1
unsigned int v51; // eax@1
unsigned int v52; // edx@1
unsigned int v53; // esi@1
unsigned int v54; // ecx@1
unsigned int v55; // eax@1
unsigned int v56; // edx@1
unsigned int v57; // esi@1
unsigned int v58; // ecx@1
unsigned int v59; // eax@1
unsigned int v60; // edx@1
unsigned int v61; // esi@1
unsigned int v62; // ecx@1
unsigned int v63; // eax@1
unsigned int v64; // edx@1
unsigned int v65; // esi@1
unsigned int v66; // ecx@1
unsigned int v67; // eax@1
unsigned int v68; // edi@1
unsigned int v69; // edx@1
DWORD v70; // esi@1
unsigned int v71; // eax@1
DWORD v72; // ecx@1
BYTE v73[64]; // [sp+14h] [bp-40h]@1
unsigned int v74; // [sp+10h] [bp-44h]@1
v3 = key;
key1 = *(DWORD *)(key + 12);
key3 = *(DWORD *)(key + 20);
key2 = *(DWORD *)(key + 16);
memcpy(v73, a2, sizeof(v73));
v7 = key1
+ (((*(DWORD *)(v3 + 8) + (key1 & key2 | key3 & ~key1) + *(DWORD*)v73 - 680876936) << 7) | ((*(DWORD *)(v3 + 8)
+ (key1 & key2 | key3 & (unsigned int)~key1)
+ (DWORD)v73
- 680876936) >> 25));
v8 = v7
+ (((*(DWORD *)(v3 + 20) + *(DWORD *)&v73[4] + (v7 & key1 | key2 & ~v7) - 389564586) << 12) | ((*(DWORD *)(v3 + 20) + *(DWORD *)&v73[4] + (v7 & key1 | key2 & ~v7) - 389564586) >> 20));
v9 = v8
+ (((key2 + *(DWORD *)&v73[8] + (v7 & v8 | key1 & ~v8) + 606105819) << 17) | ((key2
+ *(DWORD *)&v73[8]
+ (v7 & v8 | key1 & ~v8)
&n
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
