CodeGuru Home VC++ / MFC / C++ .NET / C# Visual Basic VB Forums Developer.com
Results 1 to 13 of 13

Hybrid View

  1. #1
    Join Date
    Dec 2013
    Posts
    6

    [Reverse Engineering] Find data decryption algorithm.

    First of all, Hi and Merry Christmas to everyone.

    I am not sure if i've chosen the correct section to post my thread, so i apologize if its wrong and feel free to move it where you should.

    now to the problem.
    I am basically a 3D developer, i am writing importers and exporters of game files into 3d developing software (Blender for now), BUT lately i came across some files that meant to contain 3D data and they seem to be encrypted. I am not sure if i am using the correct word also but i assume that since in the hex editor the data does not contain characters in its total, its not encoded.

    So what i am trying to do is to find my way in those unknown fields for me (both decrypting and reversing) and i am kind of completely lost :P

    I started debugging the game trying to find where the file is accessed and to see how the data is handled, but it does not seem to be that easy.
    From the few things that i know (btw i am using Olly to debug the game), i searched the memory for a byte sequence taken from the actual file (there are already tools available to unpack them from their archives) and i did found the place in memory where the file is stored. Then i thought that be adding a memory breakpoint in there the game would stop and i would see the data. That never happened...

    So i have no idea what i should do now, i have no idea if my approach to the problem is correct.

    Thats i am asking desperately for help :P If someone more experienced than me has some advice or thought or guidance to give please do so, i am asking for it.


    PS: The decryption key that i am propably asking for should be a string??? could it be just and array of bytes?

    Thanks in advance

    Greg

  2. #2
    2kaud's Avatar
    2kaud is offline Super Moderator Power Poster
    Join Date
    Dec 2012
    Location
    England
    Posts
    7,822

    Re: [Reverse Engineering] Find data decryption algorithm.

    BUT lately i came across some files that meant to contain 3D data and they seem to be encrypted.
    Why not simply ask the person from whom they came how to access them?
    All advice is offered in good faith only. All my code is tested (unless stated explicitly otherwise) with the latest version of Microsoft Visual Studio (using the supported features of the latest standard) and is offered as examples only - not as production quality. I cannot offer advice regarding any other c/c++ compiler/IDE or incompatibilities with VS. You are ultimately responsible for the effects of your programs and the integrity of the machines they run on. Anything I post, code snippets, advice, etc is licensed as Public Domain https://creativecommons.org/publicdomain/zero/1.0/ and can be used without reference or acknowledgement. Also note that I only provide advice and guidance via the forums - and not via private messages!

    C++23 Compiler: Microsoft VS2022 (17.6.5)

  3. #3
    Join Date
    Dec 2013
    Posts
    6

    Re: [Reverse Engineering] Find data decryption algorithm.

    Quote Originally Posted by 2kaud View Post
    Why not simply ask the person from whom they came how to access them?
    I wrote above that all those files are contained in archives, which we do know how to read. I can unpack them as well. The problem is that the unpacked files are not in a "readable" format, they need to be decrypted.

  4. #4
    Join Date
    Apr 2010
    Posts
    172

    Re: [Reverse Engineering] Find data decryption algorithm.

    Print screen the window of ollydbg of the starting point of the decryption algorithm you have found.

    Assuming you have found the decryption algorithm, as the code loops through the decrypting the data your decrypted data will still be stored in memory so you are going to need to alter that code in ollydbg to write the decrypted bytes to an output file and you will have your decrypted file format. This may sound relatively simple but I am also assuming the game has no checksum routines and anti-reversing techniques....

  5. #5
    Join Date
    Dec 2013
    Posts
    6

    Re: [Reverse Engineering] Find data decryption algorithm.

    Quote Originally Posted by gaar321 View Post
    Print screen the window of ollydbg of the starting point of the decryption algorithm you have found.

    Assuming you have found the decryption algorithm, as the code loops through the decrypting the data your decrypted data will still be stored in memory so you are going to need to alter that code in ollydbg to write the decrypted bytes to an output file and you will have your decrypted file format. This may sound relatively simple but I am also assuming the game has no checksum routines and anti-reversing techniques....

    That sounds ok, but i have not found the decryption algorithm. Thats the main problem. I have no clue on how to locate it.

    And i think there might be other issues as well. The game detects debugging software when its started, so i cannot start the game through olly. The only workaround i've found on that, is to start the game, and be as quick as possible with the attachment of olly on the game executable. This way i think i am losing commands that could possibly do the work before i even start debugging. Is there any way that i can stall the execution of the game so that i can attach the debugger in time?

  6. #6
    Join Date
    Apr 2010
    Posts
    172

    Re: [Reverse Engineering] Find data decryption algorithm.

    Quote Originally Posted by gregkwaste View Post
    The game detects debugging software when its started, so i cannot start the game through olly.
    This is a possibility. Firstly what is the game if it is a commercial game you are fully aware of the copyright?, secondly if that is the case you can change the address entry point statically with a hex-editor if you are able to back-trace in olly what code is causing it after attaching it.

  7. #7
    Join Date
    Apr 2000
    Location
    Belgium (Europe)
    Posts
    4,626

    Re: [Reverse Engineering] Find data decryption algorithm.

    First make sure of what you have
    just because the file is not "readable text" does not mean it is encrypted. It could just be a (proprietary) binary format.

    If it really is encrypted, then the contents will appear entirely random.
    If it's a (proprietary) binary format, then chances are that it will contain 'a lot' of binary 00 values.


    Your best chances are asking around on the technical forums of said game. If the author isn't willing to give out the information, or someone else hasn't already done the grunt work, you could be looking at weeks/months of work trying to tie all things together.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  





Click Here to Expand Forum to Full Width

Featured