[OOG] Packet 0x04

[loki13372]

Hey guys!
Im sadly not able to write in russian but i hope you can still understand me. :-)

First i have to say i browsed this whole forum with google translator and pwlabs and google search. But i couldnt really find an example for the encryption and unpacking except Vorts C++ example wich is really confusing me. I can't really read it and tried for hours if not days.

This is what i got so far:
S>C: Recieve 0x01 + 16 byte key from server

md5 = login + pw
hmac1 = md5 <- 16bytekey

C>S 0x03 + hmac

S>C Receive 0x02 + new 16 byte key

hmac2 = login <- hmac1 + new16bytekey
random = 0x02 + randomkey
rc4 = random <- hmac2

C>S rc4

S>C Receive 0x04 rc4 crypted and mppc packed packet


until here everything is working fine
i also have the mppc function but not sure if its working so i cant do try and error.
whether my mppc function is wrong or im not decrypting it correctly.
thats why i wrote this question, to exclude the possibility that i decrypt 0x04 incorrect. and so i can concentrate on mppc only.
but i dont know the exact order how to decrypt and then unpack it

rc4 = rc4 ( 0x04 packet, hmac2)
mppc.unpack ( rc4 )

like this?

do i use the hmac key that i used on my last sent packet or do i have to create a new hmac for decrypting 0x04
maybe with the random key i sent?

also i seen that Vort's rc4 algorithm has two parts.. one for rc4-packing the data and one for crypting it with the key. my rc4 function does everything in 1 function. and i have seen in vorts sourcecode that he might use only the rc4-unpacking function without any key before using mppc? but i didnt really understand it.

also vort is encoding the login sometimes with 0x5c and 0x36. I googled and found out it has something to do with the security of hmac, but is it really necessary to do it? because i didnt use it and everythign worked fine so far

i would be really happy if someone could explain that last step for me

regards
loki

Добавлено через 3 часа 5 минут
Hi!
I found it out on my own now.

To decrypt the S>C packet 0x04:

hmac1 = hmac(md5(login + pw), 1stserverkeyfrom0x01)
hmac2 = hmac(login,hmac1 + randomkeysentin0x02)
rc4(data0x04,hmac2)

yay!
i hope this helps someone
loki

[wajskopf]

and what about mppc? Did you get it?