Quote:
|
Originally Posted by Damilis
Good stuff thank you!!! I have got a decent handle around the encode/decode process. The part that is tripping me up is getting a working ws2_32.dll proxy and then grabbing the keys in the first client/server exchange....
|
EH ? WS2_32.DLL is WinSock2. It's available for free from Microsoft.
Here is some information you might find handy on your trip.
This is the theory of how EQ's new encryption works:
1) Servers have a public/private 512 or 640 bit key pair.
2) Public is available and is sent to client just before character selection mode and during zoning actions. (This is Op E541 from server to client and is stored as 80 bytes of data; likely a 640 bit key).
3) Client creates its session key with internal entropy (current process table values, custom random number generator, whatever it needs to insure some sort of randomness) encrypts this during ZONING periods (plenty of cpu avail, not doing anything else) and sends to Servers (who decrypt with the public key only they have).
4) The agreed method of encrypting for Character Profile on Zone, Zone Spawn Packets on zone, and possibly NewSpawn packets is DES CBC (Block cipher to prevent snoop or restricting key space searches)
Observations:
a) RSA challenge is to break a 576 bit number. Has been around many many months and has a $10000 reward. No one has won, so breaking a 512 (much less a 640 bit) key is not likely. Even if they did, VI could "use multiple keys, 1 per user" or "make a new key monthly or weekly". So even tho we see the key coming from VI as E541, it does us no good, we still can't read the session key from it.
b) DES CBC is a 56 bit encryption for 1 or more blocks of data (64 bits). Requires padding with 1 to 8 bytes in the last block. Prevent key space attacks where you KNOW the format and position of plaintext. CBC's first block is discarded (2 byte opcode, 4 bytes unknown, 2 bytes name), so they could have changes the format to add the IV? In any event it is fairly good, because much of the unknown data at the beginning will restrict attacks against CBC.
c) DES CBC is fairly fast and uses integer and bitwise operations. It is only used during zoning (plenty of cpu) and possibly during NEW spawns (scattered and limited impact).
d) DES is secure against known plaintext attacks (EQ old encryption wasn't). The asolute best method of attack known is Linear Cryptanalysis by Matsui. This provides for attacks on average of 2^28 difficulty. Applying this, for EQ, the more encrypted packets you see, the better you are at decoding them and at the point you have seen 2^28, then you can assume you can decode any key in 2^28 steps. You can trade space (ram/disk) for time (cpu) also and decode in 1 step with 2^56 data storage. 2^28 is 268 million. So expect terabytes of disk to do 2^28 steps and expect to wait (EFF $250k machine did 90 million DES/second; DESCHALL did 600 trillion keys / day with 14000 machines, so that is almost half a million per second; so at best that is 500 seconds IF you could find the 2^28 million keys with the same beginning 64 bit chunk; not gonna happen in EQ, our plaintext changes faster than this). Another good method is Differential Cryptanalsys, but it also requires static plaintext or static key. Man-in-the-middle requires double DES (or quad or any even) so we can't expect much luck using this attack. Two new interesting attacks involve looking at the POWER (electrical usage like SPA and DPA; mostly interesting to Chips which perform DES you can monitor by using a voltmeter, not useful for a PC because the PC may be [will be] doing tasks other than DES) and timing attacks (how long does the encryption take? not useful for us, because we can not clock the time the decode is taking, too many factors and no way to narrow it down.) Another good attack is the birthday paradox. Gather 64 TB of 8 byte plaintext/ciphertext pairs and you have a 40 percent chance to locate the IV which will open up the DES CBC to better linear cryptoanalsis because you can have many more CBC blocks to analyze. Still not likely for us EQ-ers. In short DES is secure (as long as you don't have half a million to spend and 30 minutes or so to decode) for our purposes.
Packet Collecting of sorts.
Linear Mode
