using enctypedec.exe

apnulled · **Joined:** 11 May 2009 20:06 **Posts:** 15

I have problem with using of enctypedec.exe

In my application request looks like this:

Code:

battlefield2.gslive.!`#Z5$W>(bf2_anticheat = 1 or bf2_anticheat = 0) and (bf2_mapsize = 16 or bf2_mapsize = 32 or bf2_mapsize = 64) and gamever = '1.5.3153-802.0' and gamevariant = 'pr' and gametype not like '%gpm_training%'.\hostname

All received data in attachment.

then I try to decode received data with this:
enctypedec.exe -v "!`#P5$W>" -g "hW6m9a" -o "out.txt" "rcvd.gsl"

and result is "Error: unsupported enctype"

Wtf ?

apnulled · **Joined:** 11 May 2009 20:06 **Posts:** 15

Here is my sample application with source code in delphi, that sends request to game spy and receives data back.

But in fact the received data cannot be encoded with enctypedec.exe :(

aluigi · **Posted:** 31 Dec 2009 17:34

*edit* wrong

aluigi · **Posted:** 31 Dec 2009 17:47

Code:

enctypedec -v "!`#P5$W>" -g "Xn221z" -o "out.txt" x rcvd.gsl

you must use the gamekey of gslive, not the one of battlefield2 because you used the first one to "log" in the gamespy master server and you forgot to specify the x of enctypex before rcvd.gsl

apnulled · **Joined:** 11 May 2009 20:06 **Posts:** 15

Thanks :) it works now, all host names are decoded successful but ip:ports are still unreadable, why ? is it limitations of compiled enctypedec.exe or i do some thing wrong ?

aluigi · **Posted:** 01 Jan 2010 16:44

they are not readable because they are stored in binary mode and in a not much simple format.
that's why my enctypeX source code contains also a function for parsing the received data and extracting the IP and ports: enctypex_decoder_convert_to_ipport

apnulled · **Joined:** 11 May 2009 20:06 **Posts:** 15

aluigi wrote:

they are not readable because they are stored in binary mode and in a not much simple format.
that's why my enctypeX source code contains also a function for parsing the received data and extracting the IP and ports: enctypex_decoder_convert_to_ipport

Does it mean that for the first received data must be decoded with enctypeX and then passed through enctypex_decoder_convert_to_ipport or function enctypex_decoder_convert_to_ipport works with encoded data directly ?

aluigi · **Posted:** 01 Jan 2010 22:44

exactly, first decrypt it and then parse it with that function.
if you search "enctypex_decoder_convert_to_ipport" on google you will find other 3 threads on this forum with some examples and explanations (one in italian), anyway the quick usage example is the following (posted in the italian thread):

Code:

len = enctypex_wrapper(gamekey, validate, buff, len);
unsigned char *lista, *limit;
lista = malloc((len / 5) * 6);
len = enctypex_decoder_convert_to_ipport(buff, len, lista, NULL, 0);
limit = lista + len;
for(p = lista; p < limit; p += 6) {
    printf("%hhu.%hhu.%hhu.%hhu %hu\n", p[0], p[1], p[2], p[3], (p[4] << 8) | p[5]);
}

the topic about I refer is the following, which contains also an example with decryption in real-time during the receiving: enctypex-t578.html

aluigi · **Posted:** 02 Jan 2010 13:31

I have updated enctypedec for doing all the job.
if you want a binary list (4 bytes ip and 2 bytes port) add the -l option after enctypedec.exe, while if you want the textual IP:port list use -L
http://aluigi.org/papers/enctypedec.zip

apnulled · **Joined:** 11 May 2009 20:06 **Posts:** 15

Nice :) , thanks Luigi

apnulled · **Joined:** 11 May 2009 20:06 **Posts:** 15

Little bug found:

if validate contains simbol \ then enctypedec can't read source file

sample:

Code:

-v ":Dg9Yt&\" -g "Xn221z" -o "~glist.txt" -L x glist.tmp

rcvd data in attach.

aluigi · **Posted:** 09 Jan 2010 22:01

it's not a bug but a feature of the console (the command-line environment) because the backslash \ is a special char
in your example indeed you mean that the second argument is not :Dg9Yt&\, it's everything from :Dg9Yt&\ till glist.tmp.
so you must simply use :Dg9Yt&\\"

Luigi Auriemma

using enctypedec.exe