Encrypted mix file reading

[CCHyper]

Somewhat... I'm new to Blowfish, just started mapping out the functions from the game after I see your post. I pretty much have all functions mapped, is there anything I could find in the games code that would help?

[Iran]

Which game and which function names (if RA1)?

[Blade]

I don't know really, without knowing what the algorithm is its hard to say what information we would need to construct a working encryption system. I have a gut feeling it must be something like RSA with a Westwood twist, but who knows. It also seems that the game checks the recovered key somehow since the game won't read mix files encrypted with a randomly generated 80byte block but XCC will implying there is some signature or pattern in the key that the game wants.

[Blade]

Okay, I believe I have an understanding now of exactly how decryption of a mix header works. The 80byte block in the header is handled as two 40 byte little endian BigIntegers that are decrypted by a raw RSA transform using the WW public key from keys.ini (after a few transforms) strangely the keys are stored as encoded big endian BigIntegers and are swapped to little endian in the XCC code (which is probably what the game does as well). For those familiar with RSA or capable of reading up on it, the public key in keys.ini is actually the modulus. You also need the public exponent which is 65537 (or 0x10001 if you are looking for it in the XCC code) to compose the full public key. The private key is the private exponent and is only needed to encode the blowfish key.

 

After decryption you have two 40byte big ints that are concatenated together, but only 56 bytes are ever none zero and infact the XCC code just chops those off when it composes the final temp buffer to copy to the destination provided to the function. This is then set as the blowfish key and used to decrypt the header as described in the XCC documentation. Hopefully this will let me create a mix reader that doesn't rely on the XCC code and also create a mix creator that can generate its own encryption keys that the game will accept, rather than copying them from other mix files.

 

The blowfish keys themselves are strange, they follow a pattern of two 28byte sequences composed of a short (3 - 11 bytes) random sequence padded to 28bytes with their last random byte.

[Nyerguds]

Will XCC still be able to open those encrypted mix files, then? I assume yes?

 

Also, overall, besides figuring out the system, is there any actual use to this?

[Blade]

Well, if XCC or the game can't open them I've not got the encryption right There are two points to this, 1. it means that you could use any standard crypto library to read encrypted mix files, XCC code has some issues building as 64bit with gcc when optimization is used so it allows it to be more cross platform. 2. it means that in theory we can generate encrypted headers rather than having to specify one from an existing mix file (I need to write an implementation to do it to test it first).

[Nyerguds]

I get point #1, it's just #2 that seems rather useless, especially with an increasing number of TS mods opting for not using any encrypted mixfiles and completely kicking out the blowfish.dll the game needs for that

[Blade]

Hey, if people want to go to the trouble of repaking the mix files just to avoid blowfish.dll, that is their business I admit that to some degree it is academic, but at least its doable now where it wasn't before.