Luigi Auriemma

Iracing also uses encrypted .3do's , textures, and various other files are also encrypted.

Has anyone looked into this?

I seen it mentioned it uses aes256 but cannot confirm for sure.

Attached a few files as examples

I wrote an extractor for the iracing files (included those encrypted with aes256) but the only missing thing is the aes "key", and obviously without it it's all useless because it's nothing else than a classical extractor for the nascar 3 files (the file format is exactly the same).

here I can't make the job because I think there is something missing in my configuration or files but if you want to do it it's enough to run iRacingSim.exe 1.2.0.0 (the version is important) with ollydbg and putting a breakpoint at offset 004e91d0.
when the debugger will break it's enough to watch in the stack window and you should see a hexadecimal string (which in my case is "0000000000000000000000000000000000000000000000000000000000000000"), that's the key.

There is a 1.2.0.0 version out now that allows you test the cars and tracks offline.

They must have figured out how to get around this?

as far as I know also the files of that version are encrypted, so the key is still necessary

My point was it works so they must have either found key or a way around it.

It use loader to let you pick track and car.

Then uses create process to start iracingsim.exe with a command line.

Do you need link to it?

Maybe it could be useful.

it's only a key used for fixed files, there is no direct relation with the "online" part of the game.
anyway I have already explained how to retrieve that key

When i try to run in olly it never gets to that address.

How where you getting there?

in my tests here I reached that part of the code almost immediately at the starting of program.
if you don't reach it first check in olly that the code at that location looks like:
then remember to run the game in window mode (I don't know if it's supported because I have never played this game, doesn't work here) and start a race for forcing the reading of the files

Well the code is same.

But running iracingsim.exe in olly never gets to that address it says failed to connect to server and closes when you click ok.

I'm not sure how you where getting around the server check.

6411A609E5F6FFCAB9CC1612C0266A3B58AF453951280A939D14CA3CEB2F1167

Not sure if its big endian or little endian.

Can you try that with above attached files and see if it works?

Thanks

uhmmm, the key looks like the key I expected (included its size of 32 bytes) but unfortunately the result is still wrong.
at this point the only think to which I can think is that what I guessed was wrong or probably is required another key (maybe one for each file? mah).

anyway in attachment there is a micro tool for using the AES decryption with an input file using a custom key (like the one you provided)

After doing some more looking these came up.

ASCII "BE85312474F19BC1A706DC9B745DBE72FEB1DE80015B831298AA07D8A3A2A1A0./V"

ASCII "4330AD4BA80C679589AAD2EBB684E534BF833F88F4324DD865315D54E2AE887B./V"

Not sure what the ./V means but your little program does not allow for this type of key.

Let me know if thats of any use?

the ./V is not needed because the key is the binary representation of that hexadecimal string.
anyway the various keys you are posting seem to confirm the theory of a different key for each file or archive.
and it's interesting to notice that the length of the key is like a SHA256 hash and more interesting is the fact that this algorithm is used in iRacingSim.exe.

anyway without the game able to run here I can't do additional tests (and yes, I have already tried with the sha256 and panama hash of both the single file and the archive without success).

anyway, fyi, in iracingsim.exe 1.2.0.0 "seems" that the sha256 function is located at offset 004e77c0.