Timeline for File Decryption Problems
Current License: CC BY-SA 4.0
11 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Jul 31, 2018 at 21:11 | comment | added | Gardosen | we have more or less solved the riddle now. they use a specific encryption library compiled as an armarbi64 .so file. we are right now rewriting the functions to be able to use them on a x86 tool to try a decryption. let's see if we can get it working ^^ | |
| Jul 31, 2018 at 19:38 | comment | added | sudhackar | The behaviour is not exactly like multibyte xor cipher. Its somewhat algebraic though. Same input text result in almost same block(6/8 bytes are same). For encrypted text similar text offsets match with that in plaintext. 8f655d7f0f45 [160, 248] 296074eb0db4 [224, 376] 4b279b9268a7 [8, 56] d56c6cde2f0e [32, 88] untProxy [32, 88] ccountPr [224, 376] countPro [8, 56] ountProx [160, 248] | |
| Jul 31, 2018 at 17:47 | history | edited | NirIzr | CC BY-SA 4.0 | deleted 11 characters in body |
| Jul 31, 2018 at 17:07 | comment | added | user22970 | mind sharing the name of the game? tried working with those files only but thinking about it, the "autoImport" could be coincidental. you can get any result by xoring a given string with the appropriate "key" | |
| Jul 31, 2018 at 11:18 | comment | added | Gardosen | yes, one of our team noticed that it seems that there was a conversion happening which changed all CRLF at the end of each line to LF. maybe this is what you see. | |
| Jul 31, 2018 at 11:00 | comment | added | sudhackar | The normal file is larger in size than the encrypted version. | |
| Jul 31, 2018 at 10:59 | comment | added | Gardosen | that's what i meant, it looks weird. we have tried some bruteforce xor encryption keys and on another file we were able to decrypt the first part which gave us autoImport("TestEffe the rest was still scrambled we are kinda lost on this :/ i am abit worried i have to close the english patch project | |
| Jul 31, 2018 at 10:54 | comment | added | sudhackar | Are you sure about the files you attached? The sizes don't correlate by the pattern you mentioned. | |
| Jul 31, 2018 at 10:34 | history | edited | 0xC0000022L♦ | CC BY-SA 4.0 | deleted 26 characters in body |
| Jul 31, 2018 at 10:20 | review | First posts | |||
| Jul 31, 2018 at 10:34 | |||||
| Jul 31, 2018 at 10:12 | history | asked | Gardosen | CC BY-SA 4.0 |