Jump to content

HybridCrypt

The hybrid cryptation is a new type of cryptation introduced somewhere around 40k files.
What makes this cryptation secure from everyother ones are two key factors:

  • The algorithm that is used changes from the file name, this means that new algorithms can be used and implement in newer versions
  • The key and the IV are sent from the server (after a successfull login), forcing the user to bruteforce a key for every single file extension crypted.

The Hybrid cryptation is divided in two parts:

  • The extension keys
  • The file cryptation

 

Extension keys

The extensions keys is a 16 byte key and 16 byte IV associated to an extension. The keys does not change based from the cryptation type used. The keys are randomly generated during the creation of an EterPack.

An extension key is generated by performing the following actions:

  1. Calculate an hash of the extension (the extension is written in lowercase and does not contain the . before the extension).
  2. Generate two 16-byte values and associate them to the extension hash.

The hash used is simply a 32-bit FNV-1a hash function with the offset_basis set as 0. Written here, a modified version of a MIT implementation found here: 

// License: MIT
// Famous 32 bits FNV-1a hash function by Glenn Fowler, Landon Curt Noll, and Phong Vo.
uint32_t fnv1a32(const char* apStr) {
    uint32_t hash = 0; // 32 bit offset_basis = 0

    for (uint32_t idx = 0; apStr[idx] != 0; ++idx) {
        // 32 bit FNV_prime = 224 + 28 + 0x93 = 16777619
        hash = (16777619U * hash) ^ static_cast<unsigned char>(apStr[idx]);
    }

    return hash;
}

 

File cryptation

A file is crypted with an unique key and IV generated from the extension key. Each file might be encrypted with a different cryptation type, as it's chosen during the cryptation of the file.

A file is encrypted by doing the following actions:

  1. Calculate a CRC32 of the filename (the filename will contain the extension and it's all written in lower case).
  2. Select the algorithm to use for cryptation.
  3. Get the extension key for the file.
  4. Generate the IV and key used for the algorithm from the extension key.

The algorithm is chosen by doing the module of the filename crc with the cryptation types (currently 3).
The key and IV are simply the extension key and IV XORed with the CRC filename (every 4 bytes of the key/IV is XORed).

 

Known cryptation types

  • Camellia
  • Twofish
  • XTEA

 

 

Extra data

 

HybridCrypt Extra data (also known as Type5) is a special cryptation type, where some portion of the file are removed from the client cryptation and stored in the server.
This method ensures that it's impossible to fully retrive the content of a file without connecting to the server, despite being more consuming in terms of bandwidth.

A extra data cryptation will work as follows:

  1. Choose a part at the end of the file to remove (From 64 to 128 bytes)
  2. Crypt the file without the remaining 64/128 bytes with an usual HybridCrypt
  3. Store the remaining bytes in the Server

The extra data will be sent to the client once the client has successfully logged in (same as the HybridCrypt keys)
The data sent from the Server is not encrypted in any form.

  Report Doc

×
×
  • Create New...

Important Information

Terms of Use / Privacy Policy / Guidelines / We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.