Hey guys!
Im sadly not able to write in russian but i hope you can still understand me. :-)
First i have to say i browsed this whole forum with google translator and pwlabs and google search. But i couldnt really find an example for the encryption and unpacking except Vorts C++ example wich is really confusing me. I can't really read it and tried for hours if not days.
This is what i got so far:
S>C: Recieve 0x01 + 16 byte key from server
md5 = login + pw
hmac1 = md5 <- 16bytekey
C>S 0x03 + hmac
S>C Receive 0x02 + new 16 byte key
hmac2 = login <- hmac1 + new16bytekey
random = 0x02 + randomkey
rc4 = random <- hmac2
C>S rc4
S>C Receive 0x04 rc4 crypted and mppc packed packet
until here everything is working fine
i also have the mppc function but not sure if its working so i cant do try and error.
whether my mppc function is wrong or im not decrypting it correctly.
thats why i wrote this question, to exclude the possibility that i decrypt 0x04 incorrect. and so i can concentrate on mppc only.
but i dont know the exact order how to decrypt and then unpack it
rc4 = rc4 ( 0x04 packet, hmac2)
mppc.unpack ( rc4 )
like this?
do i use the hmac key that i used on my last sent packet or do i have to create a new hmac for decrypting 0x04
maybe with the random key i sent?
also i seen that Vort's rc4 algorithm has two parts.. one for rc4-packing the data and one for crypting it with the key. my rc4 function does everything in 1 function. and i have seen in vorts sourcecode that he might use only the rc4-unpacking function without any key before using mppc? but i didnt really understand it.
also vort is encoding the login sometimes with 0x5c and 0x36. I googled and found out it has something to do with the security of hmac, but is it really necessary to do it? because i didnt use it and everythign worked fine so far
i would be really happy if someone could explain that last step for me
regards
loki
Добавлено через 3 часа 5 минут
Hi!
I found it out on my own now.
To decrypt the S>C packet 0x04:
hmac1 = hmac(md5(login + pw), 1stserverkeyfrom0x01)
hmac2 = hmac(login,hmac1 + randomkeysentin0x02)
rc4(data0x04,hmac2)
yay!
i hope this helps someone
loki