Author |
Message |
Micro
Ambassador
Joined: Wed Apr 20, 2011 1:19 pm Posts: 2559 Location: Oklahoma City, OK 73170 US
|
Re: EP_Haggle2018 Released
Shadow wrote: Someone might have, or at least have started one and is working out some bugs I probably could, but I haven't.
_________________ Regards, Micro Website: http://www.microblaster.net TWGS2.20b/TW3.34: telnet://twgs.microblaster.net:2002
ICQ is Dead Jim! Join us on Discord: https://discord.gg/zvEbArscMN
|
Sat Jan 05, 2019 8:49 pm |
|
|
Star Killer
Commander
Joined: Wed May 01, 2013 11:28 pm Posts: 1319 Location: Rural Indiana
|
Re: EP_Haggle2018 Released
Micro wrote: Shadow wrote: Someone might have, or at least have started one and is working out some bugs I probably could, but I haven't. You need to sk
_________________ Star Killer USA(RETIRED) Loyalty Above All Else Except Honor Playing with integrity is more important than winning HHT 2015 Champs: Cloud09 2015 Lottery Tournament Winning Team Member 2016 Big Game Draft Tournament Winning Team Member HHT 2016 Champs: Cloud09 HHT 2021 Champs(Just For Showing Up) HHT 2022 Champs(For 90mins of Play) Star Killer's Ice9 TWGS Viper's Pit V1 TWGS Website: http://sk-twgs.com Email: starkillerstwgs@yahoo.com Discord: Star Killer#0358 Ice 9 V2 TWGS: SK-TWGS.COM PORT 2002 Viper's Pit V1 TWGS: V1.SK-TWGS.COM PORT 2002 Now The Fastest TWGS in the West https://www.facebook.com/StarKillersTradeWars/ To help offset the server(s) hosting bill donate via PayPal to: starkillerstwgs@yahoo.com
|
Sat Jan 05, 2019 11:29 pm |
|
|
LoneStar
Commander
Joined: Fri Jun 09, 2006 2:00 am Posts: 1396 Location: Canada
|
Re: EP_Haggle2018 Released
Might be as simple as rewriting TWXC, but in reverse.
Reverse in but, TWXC rewriting as simple as be might!
_________________ ---------------------------- -= QUANTUM Computing 101: 15 = 3 x 5 ... 48% of the time. -= There are 10 types of people in the world: Those that understand Binary and those who do not -= If Oil is made from Dinosaurs, and Plastic is made from Oil... are plastic Dinosaurs made from real Dinosaurs? -= I like to keep my friends and my enemies rich, and wait to see which is which - Tony Stark (R.I.P.)
|
Sun Jan 06, 2019 10:03 am |
|
|
Shadow
Lieutenant
Joined: Tue Dec 17, 2002 3:00 am Posts: 516 Location: Virginia
|
Re: EP_Haggle2018 Released
LoneStar wrote: Might be as simple as rewriting TWXC, but in reverse.
Reverse in but, TWXC rewriting as simple as be might! Basically yes. Those functions anyway. CTS format is actually compiled bytecode that obfuscates (not really encrypts) strings. TWX loads the bytecode directly into the script object. So it's a little complicated to reverse it but not really that bad.
_________________ TOURNAMENT WINNER: ICE 2017 - ICE 2019 - SUMMER SPLASH 2019 - XMAS TOURNEY 2019
|
Mon Jan 07, 2019 6:07 pm |
|
|
Micro
Ambassador
Joined: Wed Apr 20, 2011 1:19 pm Posts: 2559 Location: Oklahoma City, OK 73170 US
|
Re: EP_Haggle2018 Released
Shadow wrote: LoneStar wrote: Might be as simple as rewriting TWXC, but in reverse.
Reverse in but, TWXC rewriting as simple as be might! Basically yes. Those functions anyway. CTS format is actually compiled bytecode that obfuscates (not really encrypts) strings. TWX loads the bytecode directly into the script object. So it's a little complicated to reverse it but not really that bad. I am pretty sure it is actually encrypted. That is the bit of code I can't convert to c#. The encrypt/decrypt functions are both in "encryptor.pas". Strings are are not obfuscated, but commands are, and then the whole file is encrypted.
_________________ Regards, Micro Website: http://www.microblaster.net TWGS2.20b/TW3.34: telnet://twgs.microblaster.net:2002
ICQ is Dead Jim! Join us on Discord: https://discord.gg/zvEbArscMN
|
Wed Jan 09, 2019 12:45 pm |
|
|
Lionmane
Chief Warrant Officer
Joined: Sun Apr 17, 2005 2:00 am Posts: 194 Location: USA
|
Re: EP_Haggle2018 Released
Maybe Elder Prophet can help us crack it?
_________________ The New Order 66.26.112.116:2002
MicroBlaster: http://www.microblaster.net/ServerDetai ... erverid=66
One day, the entire Tradewars 2002 fanbase will tremble at the mere mention of "Lionmane." Too bad it's not my name!?!?! -Krovach
|
Wed Jan 09, 2019 7:51 pm |
|
|
LoneStar
Commander
Joined: Fri Jun 09, 2006 2:00 am Posts: 1396 Location: Canada
|
Re: EP_Haggle2018 Released
Micro wrote: I am pretty sure it is actually encrypted. That is the bit of code I can't convert to c#. The encrypt/decrypt functions are both in "encryptor.pas". Strings are are not obfuscated, but commands are, and then the whole file is encrypted. TWX must have a routine to decrypt and de-obfuscate CTS files when they're loaded; wouldn't that 'routine' essentially do most of the work?
_________________ ---------------------------- -= QUANTUM Computing 101: 15 = 3 x 5 ... 48% of the time. -= There are 10 types of people in the world: Those that understand Binary and those who do not -= If Oil is made from Dinosaurs, and Plastic is made from Oil... are plastic Dinosaurs made from real Dinosaurs? -= I like to keep my friends and my enemies rich, and wait to see which is which - Tony Stark (R.I.P.)
|
Wed Jan 09, 2019 11:42 pm |
|
|
Cruncher
Ambassador
Joined: Fri Feb 23, 2001 3:00 am Posts: 4016 Location: USA
|
Re: EP_Haggle2018 Released
Lionmane wrote: Maybe Elder Prophet can help us crack it? Or release it without the time bomb.
_________________
BOTE 1998 Champs: Team Fament HHT 2015 Champs: Cloud09 Big Game 2016 Champs: Draft team HHT 2018 Champs: Rock Stars Big Game 2019 Champs: Draft Team
Classic Style Games Here: telnet://crunchers-twgs.com:2002 Web page from 1990's: https://web.archive.org/web/20170103155645/http://tradewars.fament.com/Cruncher/tradewar.htm Blog with current server info: http://cruncherstw.blogspot.com Discord: https://discord.gg/4dja5Z8 E-mail: Cruncherstw@gmail.com FaceBook: http://www.facebook.com/CrunchersTW
|
Thu Jan 10, 2019 9:04 am |
|
|
Shadow
Lieutenant
Joined: Tue Dec 17, 2002 3:00 am Posts: 516 Location: Virginia
|
Re: EP_Haggle2018 Released
Micro wrote: I am pretty sure it is actually encrypted. That is the bit of code I can't convert to c#. The encrypt/decrypt functions are both in "encryptor.pas". Strings are are not obfuscated, but commands are, and then the whole file is encrypted. I've spent a lot of time looking at this too and the file is definitely not encrypted. If you do a "strings" on it all of the actual strings are in the cts and readable. If it was encrypted that wouldn't be the case. And the other parts are there and also not encrypted. It's bytecode with obfuscation of the strings.
_________________ TOURNAMENT WINNER: ICE 2017 - ICE 2019 - SUMMER SPLASH 2019 - XMAS TOURNEY 2019
|
Thu Jan 10, 2019 10:26 am |
|
|
Micro
Ambassador
Joined: Wed Apr 20, 2011 1:19 pm Posts: 2559 Location: Oklahoma City, OK 73170 US
|
Re: EP_Haggle2018 Released
LoneStar wrote: TWX must have a routine to decrypt and de-obfuscate CTS files when they're loaded; wouldn't that 'routine' essentially do most of the work? Yes, that routine would do most of the work. Most stuff is obfuscated though, so you would have to make up names. Variable names would be $var1, $var2, etc... Trigger names, labels, etc... would all have random names making it very "fun" to read the code.
_________________ Regards, Micro Website: http://www.microblaster.net TWGS2.20b/TW3.34: telnet://twgs.microblaster.net:2002
ICQ is Dead Jim! Join us on Discord: https://discord.gg/zvEbArscMN
|
Thu Jan 10, 2019 10:44 am |
|
|
Micro
Ambassador
Joined: Wed Apr 20, 2011 1:19 pm Posts: 2559 Location: Oklahoma City, OK 73170 US
|
Re: EP_Haggle2018 Released
Shadow wrote: I've spent a lot of time looking at this too and the file is definitely not encrypted. If you do a "strings" on it all of the actual strings are in the cts and readable. If it was encrypted that wouldn't be the case. And the other parts are there and also not encrypted.
It's bytecode with obfuscation of the strings. ok, so I created and compiled a one line script: echo "This is a string" Below is the "bytecode", and you clearly cannot read the string.
Attachments:
twx.jpg [ 35.89 KiB | Viewed 9527 times ]
_________________ Regards, Micro Website: http://www.microblaster.net TWGS2.20b/TW3.34: telnet://twgs.microblaster.net:2002
ICQ is Dead Jim! Join us on Discord: https://discord.gg/zvEbArscMN
|
Thu Jan 10, 2019 11:42 am |
|
|
LoneStar
Commander
Joined: Fri Jun 09, 2006 2:00 am Posts: 1396 Location: Canada
|
Re: EP_Haggle2018 Released
This string actually starts at 0020:08
Far as I can tell is't a straight lookup table that'll work. I don't have enough to figure out any Algorithm, but:
a = 10h g = 16h h = 19h i = 18h
Lower case 'a' to 'g' appears consistent with their ordinal positions, except 'h' and 'i' appear to have been swapped, as well as 'r' and 's'.
Really the only way to map out the encryption is to create another 'script' and Echo/SetVar the letters as they appear in the Ascii Table --from '!' 21h .. through to... '~' 7Eh, inclusive. Then you'll have your lookup table. This could be more complicated than it appears. Need more input.
Attachments:
decrypt.jpg [ 58.09 KiB | Viewed 9514 times ]
_________________ ---------------------------- -= QUANTUM Computing 101: 15 = 3 x 5 ... 48% of the time. -= There are 10 types of people in the world: Those that understand Binary and those who do not -= If Oil is made from Dinosaurs, and Plastic is made from Oil... are plastic Dinosaurs made from real Dinosaurs? -= I like to keep my friends and my enemies rich, and wait to see which is which - Tony Stark (R.I.P.)
|
Thu Jan 10, 2019 6:47 pm |
|
|
Shadow
Lieutenant
Joined: Tue Dec 17, 2002 3:00 am Posts: 516 Location: Virginia
|
Re: EP_Haggle2018 Released
Micro wrote: Shadow wrote: I've spent a lot of time looking at this too and the file is definitely not encrypted. If you do a "strings" on it all of the actual strings are in the cts and readable. If it was encrypted that wouldn't be the case. And the other parts are there and also not encrypted.
It's bytecode with obfuscation of the strings. ok, so I created and compiled a one line script: echo "This is a string" Below is the "bytecode", and you clearly cannot read the string. Right, because it's obfuscated. Didn't we discuss this? $ strings LSD.cts TWX SCRIPT U3>%.?0<4 U$?=8<8%4560<4 U3>%.%$#?.=8<8% U$"4#.2><<0?5.=8?4 U="5.>#54# [many more lines of the bytecode] LOCKTOW TRYLOCKAGAIN9d BEAMOFFJd DOTOW :3752e :377 :378 :379[f :379[f :376 NOTHERE SHIPSCANgg PWPROTECTED TOWENGAGEDyh :380yh :381 DOXPORT XPORT_NOTAVAIL XPORT_BADRANGE XPORT_SECURITY XPORT_NOACCESS XPORT_XPRTGOOD XPORT_GO_AHEADDj XPORT_SCRUBUj XPORT_DOCKED DOTWARP ADJ_WARP LOCKINGYl TWARPNOFUEL{l TWARP_ADJ TWARPNOROUTE NO_TWARP_LOCK TWARPIGD TWARPPHOTONED5m TWARP_LOCKym :384 :384 :385 TWARPDONE :386 :387 :382 :383$n DOSHIPTOWEDCHECK :388 :390to :391 :392#p :392#p :389tp NOTINLIST NOTHING2SELL SOMETHING2SELL GETPASSWORD PLINEwq :393wq :394 MAKECORP NOTANOPTION COMMASIZE :3957s :397 :398 :396 PADITEMCOSTS]u :399 :401 :402qv :403 :404)w :405)w :405)w :400/w FINDJUMPSECTORQw :406/x TWARPADJFx TWARPVOIDEDbx TWARPLOCKED~x TWARPBLIND TRYINGNEXTADJ :407 NOADJSFOUND SECTORLOCKED IG_TURN_IT_ONny NO_IG_AVAILABLE NO_IG_BEAMQz NO_IG_CBYrz IG_WAS_ON IG_WAS_OFF DO_IG_THINGJ{ :408U{ :408U{ :409[{ TURNSDETECT TURNSDETECT_NOTURNS TURNSDETECT_GOTTURNS TURNSREQUIRED TURNSREQUIRED_TPW :412 :412 :413 :4109} :4109} :411Q} BUYSHIP\~ SHIPSBOUGHTOUT NOTENOUGHEXPL NOTENOUGHCASH MAKESHIPCORP NAMETHESHIP PURCHASEDFAILEDD GOTNEWSHIPNUMBERn GETNEWSHIPNUMBERj :414j :415 CN1_AND_CN9_CHECKING :416; :416; :417A ALLKEYS_OFFb ALLKEY_ON :418 :419 PARSESHIPDATA NEXTPAGERESET LINETRIGNEXT NEXTPAGE QUIT2LEAVE/ :4201 :4217 LINETRIG :426 :427 :424 :425 :422 :423 LOADSHIPDATA :430 :432 :433 :434 :435\ :436\ :437 NEXTREALLINE0 :431K :428[ :428[ :429 Does that look like an encrypted *file* to you? It's obfuscated as already suggested. Obfuscation and encryption are not the same thing. And you said the obfuscation was applied to strings (true) and then the entire *file* was encrypted, which is clearly not the case.
_________________ TOURNAMENT WINNER: ICE 2017 - ICE 2019 - SUMMER SPLASH 2019 - XMAS TOURNEY 2019
|
Fri Jan 11, 2019 8:51 am |
|
|
Shadow
Lieutenant
Joined: Tue Dec 17, 2002 3:00 am Posts: 516 Location: Virginia
|
Re: EP_Haggle2018 Released
LoneStar wrote: This string actually starts at 0020:08
Far as I can tell is't a straight lookup table that'll work. I don't have enough to figure out any Algorithm, but:
a = 10h g = 16h h = 19h i = 18h
Lower case 'a' to 'g' appears consistent with their ordinal positions, except 'h' and 'i' appear to have been swapped, as well as 'r' and 's'.
Really the only way to map out the encryption is to create another 'script' and Echo/SetVar the letters as they appear in the Ascii Table --from '!' 21h .. through to... '~' 7Eh, inclusive. Then you'll have your lookup table. This could be more complicated than it appears. Need more input. This is the relevant code. It's not a straight up conversion from delphi to C# and I had to do a lot of messing with the code to get it close to compiling but this is almost there. // Public declarations public void Encrypt(ref string Target) { int Chunks; int I; int X; int ChunkStart; byte J; byte B; byte C; byte ChunkKey; byte Last; byte CheckSum; string S; string Key; string Chunk; char P; // Encode string S = ""; Last = 0x18; CheckSum = 0xF0; Key = FKey; ConvertKey(ref Key); for (I = 1; I <= Target.Length; I ++ ) { // B = (int)(Target[I]); B = (byte)(Target[I]); CheckSum = (byte)(CheckSum ^ B); C = B; for (X = 1; X <= Key.Length; X ++ ) { B = (byte)(B ^ (Key[X])); } if ((I % FShift == 0)) { // apply shift B = (byte)(B ^ FShiftKey); } B = (byte)(B ^ Last); Last = C; S = S + (char)(B); } // add checksum S = S + (char)CheckSum; // Scramble string Target = ""; Chunks = S.Length / FChunkSize; if ((Chunks * FChunkSize < S.Length)) { Chunks = Chunks + 1; } for (I = 1; I <= Chunks; I ++ ) { ChunkStart = (I - 1) * FChunkSize + 1; if ((ChunkStart + FChunkSize - 1 > S.Length)) { X = S.Length - ChunkStart + 1; } else { X = FChunkSize; } Chunk = S.Substring(ChunkStart - 1 ,X); ChunkKey = ((byte)Chunk[1]); // record index of chunk and encrypt it - // do this by accessing 32-bit chunk index in memory and // encrypting it at low level P = (char)I; for (J = 1; J <= sizeof(int); J ++ ) { Chunk = ((char)(byte)P ^ FScrambleSeed ^ ChunkKey ^ J) + Chunk; P = (char)(P + 1 as object); } if (((new System.Random()).NextDouble() < 0.5) || (X < FChunkSize)) { Target = Target + Chunk; } else { Target = Chunk + Target; } } } As you can see, it's a straight up bitwise shift on the strings. I am not a C# programmer and in fact had never looked at C# until a couple of weeks ago but I spent many years writing old school K&R C and then Java, so it's fairly easy to understand.
_________________ TOURNAMENT WINNER: ICE 2017 - ICE 2019 - SUMMER SPLASH 2019 - XMAS TOURNEY 2019
|
Fri Jan 11, 2019 8:54 am |
|
|
Shadow
Lieutenant
Joined: Tue Dec 17, 2002 3:00 am Posts: 516 Location: Virginia
|
Re: EP_Haggle2018 Released
LoneStar wrote: This string actually starts at 0020:08
Far as I can tell is't a straight lookup table that'll work. I don't have enough to figure out any Algorithm, but:
a = 10h g = 16h h = 19h i = 18h
Lower case 'a' to 'g' appears consistent with their ordinal positions, except 'h' and 'i' appear to have been swapped, as well as 'r' and 's'.
Really the only way to map out the encryption is to create another 'script' and Echo/SetVar the letters as they appear in the Ascii Table --from '!' 21h .. through to... '~' 7Eh, inclusive. Then you'll have your lookup table. This could be more complicated than it appears. Need more input. Yes. $ cat test2.cs send "hello" The compiled cts: TWX SCRIPT^@^D^@^@^@^@^@^@^@^K^@^@^@^@^A^@<^@^B^@^@^@^@^@^A^E^@^@^@^Y^T^]^]^^^@^H^@^@^@TEST2.CS^@^@^@^@ $ cat test3.cs send "olleh" And the cts: TWX SCRIPT^@^D^@^@^@^@^@^@^@^K^@^@^@^@^A^@<^@^B^@^@^@^@^@^A^E^@^@^@^^^]^]^T^Y^@^H^@^@^@TEST2.CS^@^@^@^@ Lastly: $ cat test3.cs send "cello" And the cts: TWX SCRIPT^@^D^@^@^@^@^@^@^@^K^@^@^@^@^A^@<^@^B^@^@^@^@^@^A^E^@^@^@^R^T^]^]^^^@^H^@^@^@TEST3.CS^@^@^@^@ "hello": ^Y^T^]^]^^ "olleh": ^^^]^]^T^Y "cello": ^R^T^]^]^^ Same number of characters, same value for each when transposed. As LS said, should be a straight lookup table.
_________________ TOURNAMENT WINNER: ICE 2017 - ICE 2019 - SUMMER SPLASH 2019 - XMAS TOURNEY 2019
|
Fri Jan 11, 2019 9:01 am |
|
|
|