Jump to content


Photo

IE xor encryption


6 replies to this topic

#1 igi

igi

    IESDP Guardian

  • Gibberlings
  • 1210 posts
  • Gender:Male

Posted 14 February 2012 - 10:49 AM

Is the xor encryption key accurate for all IE games that use xor encryption?

When I extract boolean.ids from BG2 I get a 48 byte file starting 0xEF 0xBF 0xBD 0xEF. Xor these gives 0x67 0x17 0x32 0x55 which is surprisingly far away from anything resembling
5
0 FALSE
1 TRUE

Of this this ignores the fact that to start with I have a 48 byte file, whereas the decrypted version should be around 20 bytes...

#2 Avenger

Avenger
  • Modders
  • 3431 posts
  • Gender:Male
  • Location:Hungary

Posted 15 February 2012 - 12:04 AM

Try to open the encrypted file in dltcep. If it works, then... yeea

#3 igi

igi

    IESDP Guardian

  • Gibberlings
  • 1210 posts
  • Gender:Male

Posted 15 February 2012 - 12:50 PM

DLTCEP fails to open the encrypted file (there are no errors or warnings, but the contents doesn't load into the editor window.

Presumably the extraction code is at fault then (though it has successfully extracted every other file correctly except these encrypted IDS files...)?


For reference the complete encrypted boolean.ids I extract is:


0xEF 0xBF 0xBD 0xEF 0xBF 0xBD 0xEF 0xBF0x-0xBD 0xEF 0xBF 0xBD 0xEF 0xBF 0xBD 0xEF
0xBF 0xBD 0xEF 0xBF 0xBD 0xEF 0xBF 0xBD0x-0xEF 0xBF 0xBD 0xEF 0xBF 0xBD 0xEF 0xBF
0xBD 0xEF 0xBF 0xBD 0xEF 0xBF 0xBD 0xEF0x-0xBF 0xBD 0xEF 0xBF 0xBD 0xE1 0xA9 0xBE


I've tried running the xor decryption ignoring the first two marker bytes, but I still don't get a sensible output. My current code is
  int markerLength = 2;
  for (int i = 0; i < input.Length - markerLength; i++)
  {
	result[i] = (char)(input[i + markerLength] ^ xorKey[i % 64]);
  }


Someone pointing out my obvious mistakes would be really appreciated.

#4 Avenger

Avenger
  • Modders
  • 3431 posts
  • Gender:Male
  • Location:Hungary

Posted 15 February 2012 - 11:00 PM

I would be surprised if that homogenous data would decrypt into anything useful (notice the cycled ef,bf,bd).
Unless the information is in the key, i doubt it would yield your boolean.
I'll check this later.

#5 igi

igi

    IESDP Guardian

  • Gibberlings
  • 1210 posts
  • Gender:Male

Posted 16 February 2012 - 02:06 PM

This is now resolved, thanks for the help :)

#6 Avenger

Avenger
  • Modders
  • 3431 posts
  • Gender:Male
  • Location:Hungary

Posted 23 March 2012 - 11:07 AM

This bothered me for some time and not really important any more.
IWD2 cheat commands are obfuscated by the formula: y=x*2+8
Starting from 0x08AF630 (file offset 0x04AF630) we read:
CTRLALTDELETE
FIRSTAID
HANS
MIDAS
ADDGOLD
ADDSPELL
CHECKVAR
CREATEITEM
ENABLECHEATKEYS
EXPLOREAREA
MOVETOAREA
SETCURRENTXP
SETGLOBAL
SETCHAPTER
JEFFKATTACKS
JEFFKDEFENDS  


#7 igi

igi

    IESDP Guardian

  • Gibberlings
  • 1210 posts
  • Gender:Male

Posted 21 April 2012 - 05:43 AM

IWD2 cheat commands are obfuscated by the formula: y=x*2+8


Local copy updated, thanks.



Reply to this topic



  


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users