Jump to content

Recommended Posts

  • Forum Moderator

Your question makes sense. But at the same times it doesnt. Let me explain you the point. It can be hard for a behinner but I will try my best to explain it.

 

3 hours ago, Saejin said:

Does anyone have a tutorial or explain to me how to do this ?

 

This sentence is wrong, really wrong. When it comes to encryption, there isn't a way to do it. There are bilions and bilions. The fact that no one should make a tutorial about it is that it won't help anyone to protect their client but on the contrary it will ruin the solution for good. That's why it exists barely no tutorials at all. You can easily break something that is open source, at least, more easily (open source is great though).

Also, make sure that no matter how strong is your security (it depends on the level of course) it can get unpacked. Back then, we had Rubinuum with the nec plus ultra of the security at that time being FoxFS (based on what the community said, not based on facts). They got unpacked anyway because of reverse engineering and the lack of uniqueness in their encryption and compression. Now, FoxFS is open source, but no one is using it, either because they don't know how, or simply because they know that it is not effective anymore.

Instead of giving away how you can secure it, I will simply give you some hint, teach a man how to fish as we commonly say:

  • Change LZO to something better, no matter which one you choose.
  • Despite being small and fast, TEA is somehow depreciated, some newer versions exists, but consider changing it as well. AES, SHA256, SHA512, well, we have a bunch.
  • The usage of keys is good but once you got them (trust me it's easy) you got the masterkey to unpack everything. Change the system, obfuscate them, change the way it works. There are tons of ways to deal with it.
  • The current pack system is working using index and packs, you can change that as well, you can merge them, you can delete them, thousands of methods as well.
  • You can add a bit of salt and pepper to your system, here in France we like when it's perfectly seasoned.
  • You can as well use type4 and type 5. i.e a key sent by the server to your client that decrypt the files. Those are nice, the only problem official had was a backdoor and the lack of overall security, you sniff the keys and you ruin these methods whole career.
  • You can use a brand new method as well. Base yourself upon other protections, you are not forced to use eterpack at all.

Make also sure that you use more than two of the things listed above. What official did with type6 was simply an encrypted snappy, which is funny because that's what I did that for the first pack method I made in late 2014.

 

  • Love 3

Gurgarath
coming soon

Link to comment
Share on other sites

46 minutes ago, Gurgarath said:

Your question makes sense. But at the same times it doesnt. Let me explain you the point. It can be hard for a behinner but I will try my best to explain it.

 

 

This sentence is wrong, really wrong. When it comes to encryption, there isn't a way to do it. There are bilions and bilions. The fact that no one should make a tutorial about it is that it won't help anyone to protect their client but on the contrary it will ruin the solution for good. That's why it exists barely no tutorials at all. You can easily break something that is open source, at least, more easily (open source is great though).

Also, make sure that no matter how strong is your security (it depends on the level of course) it can get unpacked. Back then, we had Rubinuum with the nec plus ultra of the security at that time being FoxFS (based on what the community said, not based on facts). They got unpacked anyway because of reverse engineering and the lack of uniqueness in their encryption and compression. Now, FoxFS is open source, but no one is using it, either because they don't know how, or simply because they know that it is not effective anymore.

Instead of giving away how you can secure it, I will simply give you some hint, teach a man how to fish as we commonly say:

  • Change LZO to something better, no matter which one you choose.
  • Despite being small and fast, TEA is somehow depreciated, some newer versions exists, but consider changing it as well. AES, SHA256, SHA512, well, we have a bunch.
  • The usage of keys is good but once you got them (trust me it's easy) you got the masterkey to unpack everything. Change the system, obfuscate them, change the way it works. There are tons of ways to deal with it.
  • The current pack system is working using index and packs, you can change that as well, you can merge them, you can delete them, thousands of methods as well.
  • You can add a bit of salt and pepper to your system, here in France we like when it's perfectly seasoned.
  • You can as well use type4 and type 5. i.e a key sent by the server to your client that decrypt the files. Those are nice, the only problem official had was a backdoor and the lack of overall security, you sniff the keys and you ruin these methods whole career.
  • You can use a brand new method as well. Base yourself upon other protections, you are not forced to use eterpack at all.

Make also sure that you use more than two of the things listed above. What official did with type6 was simply an encrypted snappy, which is funny because that's what I did that for the first pack method I made in late 2014.

 

 

I cannot agree more. If there's need for a special encryption (and trust me, there is) you can just use a tool that's already included in source: Metin2PackMaker. Afaik it's bugged from start and needs a bit of a setup but it's not that much. As soon as you have it working you're simply having a program that can archive and extract pack files. After this you can think about changing compression or encryption algorithms. It's definitely worth it.

  • Love 1

We are the tortured.
We're not your friends.
As long as we're not visible.
We are unfixable.

Link to comment
Share on other sites

  • Forum Moderator
9 hours ago, OtherChoice said:

Lol, best asnwer is in this small line.

 

Oh you, I indeed love puns...

It might be easier to understand for people who doesn't know about these now, thanks for pointing it out :D

Edited by Gurgarath
  • Good 1
  • Love 1
  • Love 2

Gurgarath
coming soon

Link to comment
Share on other sites

Might be also a good idea to change data size for communicating structures like header of packets and sequence magic table (of course also change the table itself) currently unisgned char, more bits == more work for attacker. Those things will make packet forging attempts much harder. There are also packs which can be loaded, if client code gets rewrote wiser, after client-server first communication (majority of them, the ones you want to protect actually). Just combine those two factors (don't want to get too deep into it not to exploit it) and you will have a decent looking server packet decryption key system.

  • Love 1
Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now

Announcements



×
×
  • Create New...

Important Information

Terms of Use / Privacy Policy / Guidelines / We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.