Reverse public encryption keys on the MuOnline

Hello again. Today we’ll again talk about MuOnline and their encryption system.

A little briefing before the story. MuOnline uses two types of packets for data transfer. First is the open packet (0xC1 and 0xC2 types) and second – encrypted (0xC3, 0xC4). This all based on encryption algorithm with public and private keys. The client contains the public and private keys (enc1.dat and dec2.dat), the server also includes a second pair (enc2.dat, dec1.dat). It is standard encryption system for MuOnline.

Encryption uses only on critical packages. However, the game protocol isn’t secured and very vulnerable. Almost all private servers use standard keys pair. Apparently, what this encrypt system was hacked, and some hackers made cool cheats. This cheats used a standard key pair for decrypt game traffic and made their shady deals. Now becomes popular to replace standard encryption keys for unique, but is it more secured?

The fact that MuOnline encryption algorithm isn’t too cryptographically. It uses block cipher, but I can’t exactly say cipher name. Inputted 64-bit data block splits into 16-bit values what are encrypted via 32-bit keys (some value does not exceed 16 bits). In the output, you have slightly more data with CRC appended. Let’s look at a couple of encryption keys:

As can be seen, the range of xor_key and modulus are the same, so it should be. The whole secret of encryption is in the closed “dec_key” which will be used to decrypt. Each decrypt/encrypt iteration uses this 32-bit keys (mod, xor, encdec) by the columns. Our current task knowing modulus, enc_key, xor_key get dec_key consisting of four 32-bit values.

To make an attack on the keys, you first need to understand in what property they are based. In our case, not hard to see that everything is kept on a simple modular arithmetic:

It is the main part of the encryption algorithm, all other unrelated to encdec keys. Slightly simplify the problem discarding excess and translate all the pseudo-representation:

As seen in underlies everything primitive property modular arithmetic. Referring to the mathematical formula of finding reciprocals modulo:

In our case, a role performed by one of encdec keys as x unknown second enc dec key, and n is the key mod. Just according to the condition keys enc, dec are coprime with the key mod. Thus knowing a and n, we can find the inverse number x simple search.

Okay, let’s try to brute. But what about the search range? Based on the properties of the module, each of encdec keys can not be >= mod. Thus we are firmly reducing search range. But there is another feature of the encryption algorithm, the value of key encdec cannot be more than 16 bits, due to the fact that operations are carried out with 16-bit values. So the maximum range can’t be more than 0xFFFF :)

I wrote simple code that demonstrates the technique key circulation. So I will throw another stick to the MuOnline protection wheel. Alas, it is obvious that without external protection standard methods are useless.

Working bruteforcer you can find at https://github.com/JKornev/MuEncDec-Brutforcer
Thank you for attention.

2 comments

  1. I love your work man.
    Can you add an video-guide for hot wo brute force and get the keys ofr any random mu server?

Leave a Reply

Your email address will not be published. Required fields are marked *

*