View unanswered posts | View active topics It is currently Thu Mar 28, 2024 3:23 am



Reply to topic  [ 32 posts ]  Go to page Previous  1, 2, 3  Next
 EP_Haggle2018 Released 
Author Message
Ambassador
User avatar

Joined: Wed Apr 20, 2011 1:19 pm
Posts: 2559
Location: Oklahoma City, OK 73170 US
Unread post Re: EP_Haggle2018 Released
Shadow wrote:
Someone might have, or at least have started one and is working out some bugs :)

I probably could, but I haven't.

_________________
Regards,
Micro

Website: http://www.microblaster.net
TWGS2.20b/TW3.34: telnet://twgs.microblaster.net:2002

ICQ is Dead Jim! Join us on Discord:
https://discord.gg/zvEbArscMN


Sat Jan 05, 2019 8:49 pm
Profile ICQ YIM WWW
Commander
User avatar

Joined: Wed May 01, 2013 11:28 pm
Posts: 1318
Location: Rural Indiana
Unread post Re: EP_Haggle2018 Released
Micro wrote:
Shadow wrote:
Someone might have, or at least have started one and is working out some bugs :)

I probably could, but I haven't.


You need to
sk

_________________
Star Killer
USA(RETIRED)
Loyalty Above All Else Except Honor
Playing with integrity is more important than winning
HHT 2015 Champs: Cloud09
2015 Lottery Tournament Winning Team Member
2016 Big Game Draft Tournament Winning Team Member
HHT 2016 Champs: Cloud09
HHT 2021 Champs(Just For Showing Up)
HHT 2022 Champs(For 90mins of Play)

Star Killer's Ice9 TWGS
Viper's Pit V1 TWGS
Website: http://sk-twgs.com
Email: starkillerstwgs@yahoo.com
Discord: Star Killer#0358
Ice 9 V2 TWGS: SK-TWGS.COM PORT 2002
Viper's Pit V1 TWGS: V1.SK-TWGS.COM PORT 2002
Now The Fastest TWGS in the West
https://www.facebook.com/StarKillersTradeWars/
To help offset the server(s) hosting bill donate via PayPal to: starkillerstwgs@yahoo.com


Sat Jan 05, 2019 11:29 pm
Profile WWW
Commander
User avatar

Joined: Fri Jun 09, 2006 2:00 am
Posts: 1396
Location: Canada
Unread post Re: EP_Haggle2018 Released
Might be as simple as rewriting TWXC, but in reverse.

Reverse in but, TWXC rewriting as simple as be might!

_________________
----------------------------
-= QUANTUM Computing 101: 15 = 3 x 5 ... 48% of the time.
-= There are 10 types of people in the world: Those that understand Binary and those who do not
-= If Oil is made from Dinosaurs, and Plastic is made from Oil... are plastic Dinosaurs made from real Dinosaurs?
-= I like to keep my friends and my enemies rich, and wait to see which is which - Tony Stark (R.I.P.)


Sun Jan 06, 2019 10:03 am
Profile ICQ YIM
Lieutenant
User avatar

Joined: Tue Dec 17, 2002 3:00 am
Posts: 516
Location: Virginia
Unread post Re: EP_Haggle2018 Released
LoneStar wrote:
Might be as simple as rewriting TWXC, but in reverse.

Reverse in but, TWXC rewriting as simple as be might!


Basically yes. Those functions anyway.

CTS format is actually compiled bytecode that obfuscates (not really encrypts) strings. TWX loads the bytecode directly into the script object. So it's a little complicated to reverse it but not really that bad.

_________________
TOURNAMENT WINNER: ICE 2017 - ICE 2019 - SUMMER SPLASH 2019 - XMAS TOURNEY 2019


Mon Jan 07, 2019 6:07 pm
Profile ICQ
Ambassador
User avatar

Joined: Wed Apr 20, 2011 1:19 pm
Posts: 2559
Location: Oklahoma City, OK 73170 US
Unread post Re: EP_Haggle2018 Released
Shadow wrote:
LoneStar wrote:
Might be as simple as rewriting TWXC, but in reverse.

Reverse in but, TWXC rewriting as simple as be might!


Basically yes. Those functions anyway.

CTS format is actually compiled bytecode that obfuscates (not really encrypts) strings. TWX loads the bytecode directly into the script object. So it's a little complicated to reverse it but not really that bad.

I am pretty sure it is actually encrypted. That is the bit of code I can't convert to c#. The encrypt/decrypt functions are both in "encryptor.pas". Strings are are not obfuscated, but commands are, and then the whole file is encrypted.

_________________
Regards,
Micro

Website: http://www.microblaster.net
TWGS2.20b/TW3.34: telnet://twgs.microblaster.net:2002

ICQ is Dead Jim! Join us on Discord:
https://discord.gg/zvEbArscMN


Wed Jan 09, 2019 12:45 pm
Profile ICQ YIM WWW
Chief Warrant Officer

Joined: Sun Apr 17, 2005 2:00 am
Posts: 194
Location: USA
Unread post Re: EP_Haggle2018 Released
Maybe Elder Prophet can help us crack it? :lol:

_________________
The New Order
66.26.112.116:2002

MicroBlaster:
http://www.microblaster.net/ServerDetai ... erverid=66

One day, the entire Tradewars 2002 fanbase will tremble at the mere mention of "Lionmane." Too bad it's not my name!?!?! -Krovach


Wed Jan 09, 2019 7:51 pm
Profile
Commander
User avatar

Joined: Fri Jun 09, 2006 2:00 am
Posts: 1396
Location: Canada
Unread post Re: EP_Haggle2018 Released
Micro wrote:
I am pretty sure it is actually encrypted. That is the bit of code I can't convert to c#. The encrypt/decrypt functions are both in "encryptor.pas". Strings are are not obfuscated, but commands are, and then the whole file is encrypted.


TWX must have a routine to decrypt and de-obfuscate CTS files when they're loaded; wouldn't that 'routine' essentially do most of the work?

_________________
----------------------------
-= QUANTUM Computing 101: 15 = 3 x 5 ... 48% of the time.
-= There are 10 types of people in the world: Those that understand Binary and those who do not
-= If Oil is made from Dinosaurs, and Plastic is made from Oil... are plastic Dinosaurs made from real Dinosaurs?
-= I like to keep my friends and my enemies rich, and wait to see which is which - Tony Stark (R.I.P.)


Wed Jan 09, 2019 11:42 pm
Profile ICQ YIM
Ambassador
User avatar

Joined: Fri Feb 23, 2001 3:00 am
Posts: 4016
Location: USA
Unread post Re: EP_Haggle2018 Released
Lionmane wrote:
Maybe Elder Prophet can help us crack it? :lol:


Or release it without the time bomb.

_________________

BOTE 1998 Champs: Team Fament
HHT 2015 Champs: Cloud09
Big Game 2016 Champs: Draft team
HHT 2018 Champs: Rock Stars
Big Game 2019 Champs: Draft Team


Classic Style Games Here:
telnet://crunchers-twgs.com:2002

Web page from 1990's: https://web.archive.org/web/20170103155645/http://tradewars.fament.com/Cruncher/tradewar.htm
Blog with current server info: http://cruncherstw.blogspot.com
Discord: https://discord.gg/4dja5Z8
E-mail: Cruncherstw@gmail.com
FaceBook: http://www.facebook.com/CrunchersTW


Thu Jan 10, 2019 9:04 am
Profile ICQ WWW
Lieutenant
User avatar

Joined: Tue Dec 17, 2002 3:00 am
Posts: 516
Location: Virginia
Unread post Re: EP_Haggle2018 Released
Micro wrote:
I am pretty sure it is actually encrypted. That is the bit of code I can't convert to c#. The encrypt/decrypt functions are both in "encryptor.pas". Strings are are not obfuscated, but commands are, and then the whole file is encrypted.


I've spent a lot of time looking at this too and the file is definitely not encrypted. If you do a "strings" on it all of the actual strings are in the cts and readable. If it was encrypted that wouldn't be the case. And the other parts are there and also not encrypted.

It's bytecode with obfuscation of the strings.

_________________
TOURNAMENT WINNER: ICE 2017 - ICE 2019 - SUMMER SPLASH 2019 - XMAS TOURNEY 2019


Thu Jan 10, 2019 10:26 am
Profile ICQ
Ambassador
User avatar

Joined: Wed Apr 20, 2011 1:19 pm
Posts: 2559
Location: Oklahoma City, OK 73170 US
Unread post Re: EP_Haggle2018 Released
LoneStar wrote:
TWX must have a routine to decrypt and de-obfuscate CTS files when they're loaded; wouldn't that 'routine' essentially do most of the work?

Yes, that routine would do most of the work. Most stuff is obfuscated though, so you would have to make up names. Variable names would be $var1, $var2, etc... Trigger names, labels, etc... would all have random names making it very "fun" to read the code.

_________________
Regards,
Micro

Website: http://www.microblaster.net
TWGS2.20b/TW3.34: telnet://twgs.microblaster.net:2002

ICQ is Dead Jim! Join us on Discord:
https://discord.gg/zvEbArscMN


Thu Jan 10, 2019 10:44 am
Profile ICQ YIM WWW
Ambassador
User avatar

Joined: Wed Apr 20, 2011 1:19 pm
Posts: 2559
Location: Oklahoma City, OK 73170 US
Unread post Re: EP_Haggle2018 Released
Shadow wrote:
I've spent a lot of time looking at this too and the file is definitely not encrypted. If you do a "strings" on it all of the actual strings are in the cts and readable. If it was encrypted that wouldn't be the case. And the other parts are there and also not encrypted.

It's bytecode with obfuscation of the strings.


ok, so I created and compiled a one line script:

echo "This is a string"

Below is the "bytecode", and you clearly cannot read the string.


Attachments:
twx.jpg
twx.jpg [ 35.89 KiB | Viewed 9424 times ]

_________________
Regards,
Micro

Website: http://www.microblaster.net
TWGS2.20b/TW3.34: telnet://twgs.microblaster.net:2002

ICQ is Dead Jim! Join us on Discord:
https://discord.gg/zvEbArscMN
Thu Jan 10, 2019 11:42 am
Profile ICQ YIM WWW
Commander
User avatar

Joined: Fri Jun 09, 2006 2:00 am
Posts: 1396
Location: Canada
Unread post Re: EP_Haggle2018 Released
This string actually starts at 0020:08

Far as I can tell is't a straight lookup table that'll work. I don't have enough to figure out any Algorithm, but:

a = 10h
g = 16h
h = 19h
i = 18h

Lower case 'a' to 'g' appears consistent with their ordinal positions, except 'h' and 'i' appear to have been swapped, as well as 'r' and 's'.

Really the only way to map out the encryption is to create another 'script' and Echo/SetVar the letters as they appear in the Ascii Table --from '!' 21h .. through to... '~' 7Eh, inclusive. Then you'll have your lookup table. This could be more complicated than it appears. Need more input.


Attachments:
decrypt.jpg
decrypt.jpg [ 58.09 KiB | Viewed 9411 times ]

_________________
----------------------------
-= QUANTUM Computing 101: 15 = 3 x 5 ... 48% of the time.
-= There are 10 types of people in the world: Those that understand Binary and those who do not
-= If Oil is made from Dinosaurs, and Plastic is made from Oil... are plastic Dinosaurs made from real Dinosaurs?
-= I like to keep my friends and my enemies rich, and wait to see which is which - Tony Stark (R.I.P.)
Thu Jan 10, 2019 6:47 pm
Profile ICQ YIM
Lieutenant
User avatar

Joined: Tue Dec 17, 2002 3:00 am
Posts: 516
Location: Virginia
Unread post Re: EP_Haggle2018 Released
Micro wrote:
Shadow wrote:
I've spent a lot of time looking at this too and the file is definitely not encrypted. If you do a "strings" on it all of the actual strings are in the cts and readable. If it was encrypted that wouldn't be the case. And the other parts are there and also not encrypted.

It's bytecode with obfuscation of the strings.


ok, so I created and compiled a one line script:

echo "This is a string"

Below is the "bytecode", and you clearly cannot read the string.


Right, because it's obfuscated. Didn't we discuss this? :lol:

$ strings LSD.cts
TWX SCRIPT
U3>%.?0<4
U$?=8<8%4560<4
U3>%.%$#?.=8<8%
U$"4#.2><<0?5.=8?4
U="5.>#54#
[many more lines of the bytecode]
LOCKTOW
TRYLOCKAGAIN9d
BEAMOFFJd
DOTOW
:3752e
:377
:378
:379[f
:379[f
:376
NOTHERE
SHIPSCANgg
PWPROTECTED
TOWENGAGEDyh
:380yh
:381
DOXPORT
XPORT_NOTAVAIL
XPORT_BADRANGE
XPORT_SECURITY
XPORT_NOACCESS
XPORT_XPRTGOOD
XPORT_GO_AHEADDj
XPORT_SCRUBUj
XPORT_DOCKED
DOTWARP
ADJ_WARP
LOCKINGYl
TWARPNOFUEL{l
TWARP_ADJ
TWARPNOROUTE
NO_TWARP_LOCK
TWARPIGD
TWARPPHOTONED5m
TWARP_LOCKym
:384
:384
:385
TWARPDONE
:386
:387
:382
:383$n
DOSHIPTOWEDCHECK
:388
:390to
:391
:392#p
:392#p
:389tp
NOTINLIST
NOTHING2SELL
SOMETHING2SELL
GETPASSWORD
PLINEwq
:393wq
:394
MAKECORP
NOTANOPTION
COMMASIZE
:3957s
:397
:398
:396
PADITEMCOSTS]u
:399
:401
:402qv
:403
:404)w
:405)w
:405)w
:400/w
FINDJUMPSECTORQw
:406/x
TWARPADJFx
TWARPVOIDEDbx
TWARPLOCKED~x
TWARPBLIND
TRYINGNEXTADJ
:407
NOADJSFOUND
SECTORLOCKED
IG_TURN_IT_ONny
NO_IG_AVAILABLE
NO_IG_BEAMQz
NO_IG_CBYrz
IG_WAS_ON
IG_WAS_OFF
DO_IG_THINGJ{
:408U{
:408U{
:409[{
TURNSDETECT
TURNSDETECT_NOTURNS
TURNSDETECT_GOTTURNS
TURNSREQUIRED
TURNSREQUIRED_TPW
:412
:412
:413
:4109}
:4109}
:411Q}
BUYSHIP\~
SHIPSBOUGHTOUT
NOTENOUGHEXPL
NOTENOUGHCASH
MAKESHIPCORP
NAMETHESHIP
PURCHASEDFAILEDD
GOTNEWSHIPNUMBERn
GETNEWSHIPNUMBERj
:414j
:415
CN1_AND_CN9_CHECKING
:416;
:416;
:417A
ALLKEYS_OFFb
ALLKEY_ON
:418
:419
PARSESHIPDATA
NEXTPAGERESET
LINETRIGNEXT
NEXTPAGE
QUIT2LEAVE/
:4201
:4217
LINETRIG
:426
:427
:424
:425
:422
:423
LOADSHIPDATA
:430
:432
:433
:434
:435\
:436\
:437
NEXTREALLINE0
:431K
:428[
:428[
:429

Does that look like an encrypted *file* to you?

It's obfuscated as already suggested. Obfuscation and encryption are not the same thing. And you said the obfuscation was applied to strings (true) and then the entire *file* was encrypted, which is clearly not the case.

_________________
TOURNAMENT WINNER: ICE 2017 - ICE 2019 - SUMMER SPLASH 2019 - XMAS TOURNEY 2019


Fri Jan 11, 2019 8:51 am
Profile ICQ
Lieutenant
User avatar

Joined: Tue Dec 17, 2002 3:00 am
Posts: 516
Location: Virginia
Unread post Re: EP_Haggle2018 Released
LoneStar wrote:
This string actually starts at 0020:08

Far as I can tell is't a straight lookup table that'll work. I don't have enough to figure out any Algorithm, but:

a = 10h
g = 16h
h = 19h
i = 18h

Lower case 'a' to 'g' appears consistent with their ordinal positions, except 'h' and 'i' appear to have been swapped, as well as 'r' and 's'.

Really the only way to map out the encryption is to create another 'script' and Echo/SetVar the letters as they appear in the Ascii Table --from '!' 21h .. through to... '~' 7Eh, inclusive. Then you'll have your lookup table. This could be more complicated than it appears. Need more input.


This is the relevant code. It's not a straight up conversion from delphi to C# and I had to do a lot of messing with the code to get it close to compiling but this is almost there.

// Public declarations
public void Encrypt(ref string Target)
{
int Chunks;
int I;
int X;
int ChunkStart;
byte J;
byte B;
byte C;
byte ChunkKey;
byte Last;
byte CheckSum;
string S;
string Key;
string Chunk;
char P;
// Encode string
S = "";
Last = 0x18;
CheckSum = 0xF0;
Key = FKey;
ConvertKey(ref Key);
for (I = 1; I <= Target.Length; I ++ )
{
// B = (int)(Target[I]);
B = (byte)(Target[I]);
CheckSum = (byte)(CheckSum ^ B);
C = B;
for (X = 1; X <= Key.Length; X ++ )
{
B = (byte)(B ^ (Key[X]));
}
if ((I % FShift == 0))
{
// apply shift
B = (byte)(B ^ FShiftKey);
}
B = (byte)(B ^ Last);
Last = C;
S = S + (char)(B);
}
// add checksum
S = S + (char)CheckSum;
// Scramble string
Target = "";
Chunks = S.Length / FChunkSize;
if ((Chunks * FChunkSize < S.Length))
{
Chunks = Chunks + 1;
}
for (I = 1; I <= Chunks; I ++ )
{
ChunkStart = (I - 1) * FChunkSize + 1;
if ((ChunkStart + FChunkSize - 1 > S.Length))
{
X = S.Length - ChunkStart + 1;
}
else
{
X = FChunkSize;
}
Chunk = S.Substring(ChunkStart - 1 ,X);
ChunkKey = ((byte)Chunk[1]);
// record index of chunk and encrypt it -
// do this by accessing 32-bit chunk index in memory and
// encrypting it at low level
P = (char)I;
for (J = 1; J <= sizeof(int); J ++ )
{
Chunk = ((char)(byte)P ^ FScrambleSeed ^ ChunkKey ^ J) + Chunk;
P = (char)(P + 1 as object);
}
if (((new System.Random()).NextDouble() < 0.5) || (X < FChunkSize))
{
Target = Target + Chunk;
}
else
{
Target = Chunk + Target;
}
}
}

As you can see, it's a straight up bitwise shift on the strings.

I am not a C# programmer and in fact had never looked at C# until a couple of weeks ago but I spent many years writing old school K&R C and then Java, so it's fairly easy to understand.

_________________
TOURNAMENT WINNER: ICE 2017 - ICE 2019 - SUMMER SPLASH 2019 - XMAS TOURNEY 2019


Fri Jan 11, 2019 8:54 am
Profile ICQ
Lieutenant
User avatar

Joined: Tue Dec 17, 2002 3:00 am
Posts: 516
Location: Virginia
Unread post Re: EP_Haggle2018 Released
LoneStar wrote:
This string actually starts at 0020:08

Far as I can tell is't a straight lookup table that'll work. I don't have enough to figure out any Algorithm, but:

a = 10h
g = 16h
h = 19h
i = 18h

Lower case 'a' to 'g' appears consistent with their ordinal positions, except 'h' and 'i' appear to have been swapped, as well as 'r' and 's'.

Really the only way to map out the encryption is to create another 'script' and Echo/SetVar the letters as they appear in the Ascii Table --from '!' 21h .. through to... '~' 7Eh, inclusive. Then you'll have your lookup table. This could be more complicated than it appears. Need more input.


Yes.

$ cat test2.cs
send "hello"

The compiled cts:
TWX SCRIPT^@^D^@^@^@^@^@^@^@^K^@^@^@^@^A^@<^@^B^@^@^@^@^@^A^E^@^@^@^Y^T^]^]^^^@^H^@^@^@TEST2.CS^@^@^@^@

$ cat test3.cs
send "olleh"

And the cts:
TWX SCRIPT^@^D^@^@^@^@^@^@^@^K^@^@^@^@^A^@<^@^B^@^@^@^@^@^A^E^@^@^@^^^]^]^T^Y^@^H^@^@^@TEST2.CS^@^@^@^@

Lastly:

$ cat test3.cs
send "cello"

And the cts:

TWX SCRIPT^@^D^@^@^@^@^@^@^@^K^@^@^@^@^A^@<^@^B^@^@^@^@^@^A^E^@^@^@^R^T^]^]^^^@^H^@^@^@TEST3.CS^@^@^@^@

"hello": ^Y^T^]^]^^
"olleh": ^^^]^]^T^Y
"cello": ^R^T^]^]^^

Same number of characters, same value for each when transposed. As LS said, should be a straight lookup table.

_________________
TOURNAMENT WINNER: ICE 2017 - ICE 2019 - SUMMER SPLASH 2019 - XMAS TOURNEY 2019


Fri Jan 11, 2019 9:01 am
Profile ICQ
Display posts from previous:  Sort by  
Reply to topic   [ 32 posts ]  Go to page Previous  1, 2, 3  Next

Who is online

Users browsing this forum: No registered users and 15 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group.
Designed by STSoftware.