EQEmulator Forums

EQEmulator Forums (https://www.eqemulator.org/forums/index.php)
-   Misc::Off Topic (https://www.eqemulator.org/forums/forumdisplay.php?f=595)
-   -   Packet Collecting of sorts. (https://www.eqemulator.org/forums/showthread.php?t=21805)

Damilis 11-02-2006 04:01 AM
Packet Collecting of sorts.
 
Greets all, let me just preface this with the statement: This has nothing to do with trying to decode the EQLive data stream. There. That way no one can get in trouble or put this site in danger.

What I am trying to learn is how to make a ws2_32.dll proxy that can identify the Diffie-Hillman keys in the first initial packets of a client/server communication, copy all subsequent packets, run them through something like cryptlib.dll, decode them using the obtained D-H keys, and log them to a text file.
...basicly a packet collector :)

I have the basic ideas of what to do, but my C++/socketing experience level just isn't high enough yet. Although I am willing to learn, I am failing to find much information on my exact 'project.' Since the coding masters here have attained something like this, I figured this is a good place to ask.

Anyone have ANY leads/links/info?

Thanks a bunch either way!

Damilis 11-06-2006 12:41 AM
No takers eh?

sdabbs65 11-07-2006 12:36 AM
code.
 
Quote:
Originally Posted by Damilis
No takers eh?
Im not much of a decoder I useally break things <G>..
but let me point you in the right direction,
standards such as Diffie-Hillman key exchange, Authenticated Header, Encapsulating Security Payload, Data Encryption Standard/Cypher Block Chaining (DES/CBC), and Internet Key Exchange (IKE) are used as part of the IPsec standard. IPsec is primarily defined in RFC2401.

sdabbs65 11-07-2006 12:40 AM
More Info.
 
Agh I got cut off anyways... heres the rest of the story...

The code is demonstrated here.

http://www.codeproject.com/cpp/DiffieHellmanExample.asp

Damilis 11-07-2006 12:45 AM
Good stuff thank you!!! I have got a decent handle around the encode/decode process. The part that is tripping me up is getting a working ws2_32.dll proxy and then grabbing the keys in the first client/server exchange....

sdabbs65 11-07-2006 06:40 AM
.
 
Quote:
Originally Posted by Damilis
Good stuff thank you!!! I have got a decent handle around the encode/decode process. The part that is tripping me up is getting a working ws2_32.dll proxy and then grabbing the keys in the first client/server exchange....
EH ? WS2_32.DLL is WinSock2. It's available for free from Microsoft.

Here is some information you might find handy on your trip.
This is the theory of how EQ's new encryption works:

1) Servers have a public/private 512 or 640 bit key pair.
2) Public is available and is sent to client just before character selection mode and during zoning actions. (This is Op E541 from server to client and is stored as 80 bytes of data; likely a 640 bit key).
3) Client creates its session key with internal entropy (current process table values, custom random number generator, whatever it needs to insure some sort of randomness) encrypts this during ZONING periods (plenty of cpu avail, not doing anything else) and sends to Servers (who decrypt with the public key only they have).
4) The agreed method of encrypting for Character Profile on Zone, Zone Spawn Packets on zone, and possibly NewSpawn packets is DES CBC (Block cipher to prevent snoop or restricting key space searches)

Observations:
a) RSA challenge is to break a 576 bit number. Has been around many many months and has a $10000 reward. No one has won, so breaking a 512 (much less a 640 bit) key is not likely. Even if they did, VI could "use multiple keys, 1 per user" or "make a new key monthly or weekly". So even tho we see the key coming from VI as E541, it does us no good, we still can't read the session key from it.

b) DES CBC is a 56 bit encryption for 1 or more blocks of data (64 bits). Requires padding with 1 to 8 bytes in the last block. Prevent key space attacks where you KNOW the format and position of plaintext. CBC's first block is discarded (2 byte opcode, 4 bytes unknown, 2 bytes name), so they could have changes the format to add the IV? In any event it is fairly good, because much of the unknown data at the beginning will restrict attacks against CBC.

c) DES CBC is fairly fast and uses integer and bitwise operations. It is only used during zoning (plenty of cpu) and possibly during NEW spawns (scattered and limited impact).

d) DES is secure against known plaintext attacks (EQ old encryption wasn't). The asolute best method of attack known is Linear Cryptanalysis by Matsui. This provides for attacks on average of 2^28 difficulty. Applying this, for EQ, the more encrypted packets you see, the better you are at decoding them and at the point you have seen 2^28, then you can assume you can decode any key in 2^28 steps. You can trade space (ram/disk) for time (cpu) also and decode in 1 step with 2^56 data storage. 2^28 is 268 million. So expect terabytes of disk to do 2^28 steps and expect to wait (EFF $250k machine did 90 million DES/second; DESCHALL did 600 trillion keys / day with 14000 machines, so that is almost half a million per second; so at best that is 500 seconds IF you could find the 2^28 million keys with the same beginning 64 bit chunk; not gonna happen in EQ, our plaintext changes faster than this). Another good method is Differential Cryptanalsys, but it also requires static plaintext or static key. Man-in-the-middle requires double DES (or quad or any even) so we can't expect much luck using this attack. Two new interesting attacks involve looking at the POWER (electrical usage like SPA and DPA; mostly interesting to Chips which perform DES you can monitor by using a voltmeter, not useful for a PC because the PC may be [will be] doing tasks other than DES) and timing attacks (how long does the encryption take? not useful for us, because we can not clock the time the decode is taking, too many factors and no way to narrow it down.) Another good attack is the birthday paradox. Gather 64 TB of 8 byte plaintext/ciphertext pairs and you have a 40 percent chance to locate the IV which will open up the DES CBC to better linear cryptoanalsis because you can have many more CBC blocks to analyze. Still not likely for us EQ-ers. In short DES is secure (as long as you don't have half a million to spend and 30 minutes or so to decode) for our purposes.

sdabbs65 11-07-2006 06:46 AM
number digits prize factored .
 
number digits prize factored
RSA-100 100 Apr. 1991
RSA-110 110 Apr. 1992
RSA-120 120 Jun. 1993
RSA-129 129 $100 Apr. 1994
RSA-130 130 Apr. 10, 1996
RSA-140 140 Feb. 2, 1999
RSA-150 150 withdrawn? open [see postscript]
RSA-155 155 Aug. 22, 1999
RSA-160 160 Apr. 1, 2003
RSA-576 174 $10,000 Dec. 3, 2003
RSA-640 193 $20,000 open
RSA-704 212 $30,000 open
RSA-768 232 $50,000 open
RSA-896 270 $75,000 open
RSA-1024 309 $100,000 open
RSA-1536 463 $150,000 open
RSA-2048 617 $200,000 open

Damilis 11-07-2006 06:48 AM
Wow, again, good info, but like I said in the top post, I am not attempting to build my own 'EQ anything'. Infact this has nothing to do with EQ, hence the off topic forum :) And as for ws2_32.dll proxy, I am looking for how to code a Proxy dll with the DH decrypt routines built in. A few freinds and I have already hooked in to the game we are trying to reverse engeineer and got the n and g values used to generate the two DH keys, we are just missing a working winsock2 dll proxy to intercept, copy, decode and log all traffic.

sdabbs65 11-07-2006 06:55 AM
.
 
Well thats "just" the tip of a huge iceburg.
RSA-2048 617 $200,000 prize is what im seeking to crack someday.
other than that... it's all 1's and Zzzzeros.
any network sniffer should do the trick if you know how to read what your gather is the trick to it.
and belive me ..Im not looking to break that kryption anytime soon either.


All times are GMT -4. The time now is 05:25 AM.

Powered by vBulletin®, Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.