Yretenai wrote: ↑Sun Oct 11, 2020 7:02 am
Same applied to the old HFS files.
If anyone is well versed in reversing encryption schemes, help would be much appreciated.
After about 5 months of thinking, it could be that I've found a different method:
I went on a quick google trip today in the morning and found out that the AES encrpytion (which Vindictus uses) can also be reversed with a small program which is called AES Crypt. This program does not only encrypt files with the AES encryption, but is also capable of decrypting them.
Now the question is: What kind of AES encryption is used (as the .aes file extension is missing)? And can the linked program crack it?
By the way: I found out somewhere else that this game runs on a modified version of Valve's Source Engine. Can this be another possible starting point?
LightXPS wrote: ↑Fri Mar 12, 2021 3:24 pm
After about 5 months of thinking, it could be that I've found a different method:
I went on a quick google trip today in the morning and found out that the AES encrpytion (which Vindictus uses) can also be reversed with a small program which is called AES Crypt. This program does not only encrypt files with the AES encryption, but is also capable of decrypting them.
Now the question is: What kind of AES encryption is used (as the .aes file extension is missing)? And can the linked program crack it?
By the way: I found out somewhere else that this game runs on a modified version of Valve's Source Engine. Can this be another possible starting point?
Maybe - it looks like AES's only parameter is the key (which I guess is somewhere in the Vindictus code) but I'm not sure if the files are AES encrypted or the files are container formats with AES encrypted data.
The Source engine doesn't have any built-in encryption for archive files by default - some script files can be encrypted but that is it.
LightXPS wrote: ↑Fri Mar 12, 2021 3:24 pm
After about 5 months of thinking, it could be that I've found a different method:
I went on a quick google trip today in the morning and found out that the AES encrpytion (which Vindictus uses) can also be reversed with a small program which is called AES Crypt. This program does not only encrypt files with the AES encryption, but is also capable of decrypting them.
Now the question is: What kind of AES encryption is used (as the .aes file extension is missing)? And can the linked program crack it?
By the way: I found out somewhere else that this game runs on a modified version of Valve's Source Engine. Can this be another possible starting point?
Maybe - it looks like AES's only parameter is the key (which I guess is somewhere in the Vindictus code) but I'm not sure if the files are AES encrypted or the files are container formats with AES encrypted data.
The Source engine doesn't have any built-in encryption for archive files by default - some script files can be encrypted but that is it.
Vindictus heavily modified the source engine. It had encryption before, but they just doubled down on it. The IV on AES can change as well, but I don't think they did in this case.
tschumann wrote: ↑Fri Mar 12, 2021 10:31 pm
Maybe - it looks like AES's only parameter is the key (which I guess is somewhere in the Vindictus code) but I'm not sure if the files are AES encrypted or the files are container formats with AES encrypted data.
The Source engine doesn't have any built-in encryption for archive files by default - some script files can be encrypted but that is it.
If I remember correctly, the hfs file format is some kind of an archive format, much like rar or 7z. Unfortunately, 7Zip can't open the files with the message that they can't be opened as an archive. So, we've got a kind of archive a normal unzipper can't open.
Yretenai wrote: ↑Sat Mar 13, 2021 3:01 am
Vindictus heavily modified the source engine. It had encryption before, but they just doubled down on it. The IV on AES can change as well, but I don't think they did in this case.
I went down the road and explored the game files a bit more. There, a folder named "BlackCipher" crossed my view - and some of those files have some kind of AES encryption. Maybe we'll find the solution in this folder? If there's need, I can pack all the AES iles in a 7z archive and place it somewhere. It also looks like this BlackCipher is some kind of anti-cheat tool which MAY be blocking our path to unpack the hfs files as well. There are two more files right in the main folder (where the Vindictus.exe lies) of the game, which also seem to have something to do with the Nexon Launcher that comes with the game - and those are AES ecrypted as well.
LightXPS wrote: ↑Sat Mar 13, 2021 7:06 am
If I remember correctly, the hfs file format is some kind of an archive format, much like rar or 7z. Unfortunately, 7Zip can't open the files with the message that they can't be opened as an archive. So, we've got a kind of archive a normal unzipper can't open.
Closest thing I can describe HFS as is an encrypted, modified ZIP format. Required special tooling for this reason. The "Old" one worked like that, the "new" one I have very little idea about it. It's encrypted from start to finish.
LightXPS wrote: ↑Sat Mar 13, 2021 7:06 am
I went down the road and explored the game files a bit more. There, a folder named "BlackCipher" crossed my view - and some of those files have some kind of AES encryption. Maybe we'll find the solution in this folder? If there's need, I can pack all the AES iles in a 7z archive and place it somewhere. It also looks like this BlackCipher is some kind of anti-cheat tool which MAY be blocking our path to unpack the hfs files as well. There are two more files right in the main folder (where the Vindictus.exe lies) of the game, which also seem to have something to do with the Nexon Launcher that comes with the game - and those are AES ecrypted as well.
BlackCipher is one of the three anti-cheats that NEXON uses, not related to the game archives. All of their games have it.
LightXPS wrote: ↑Sat Mar 13, 2021 7:06 am
If I remember correctly, the hfs file format is some kind of an archive format, much like rar or 7z. Unfortunately, 7Zip can't open the files with the message that they can't be opened as an archive. So, we've got a kind of archive a normal unzipper can't open.
Closest thing I can describe HFS as is an encrypted, modified ZIP format. Required special tooling for this reason. The "Old" one worked like that, the "new" one I have very little idea about it. It's encrypted from start to finish
In this case, I'll have to leave the field to the coding experts - absolutely clueless here.
I also thought of getting an old version of the game to get the stuff I need, but I don't know if the stuff's in there... Would it be helpful if I link an older version with the "old" hfs files, to get a clue on what of the encryption changed?
LightXPS wrote: ↑Sat Mar 13, 2021 8:16 am
In this case, I'll have to leave the field to the coding experts - absolutely clueless here.
I also thought of getting an old version of the game to get the stuff I need, but I don't know if the stuff's in there... Would it be helpful if I link an older version with the "old" hfs files, to get a clue on what of the encryption changed?
Maybe. My extraction program for the old HFS formats is open source, I can't say if the format changed much since it's encrypted.
Yretenai wrote: ↑Sat Mar 13, 2021 9:05 am
Maybe. My extraction program for the old HFS formats is open source, I can't say if the format changed much since it's encrypted.
Also, there seems to be a new wiki from XenTax where a new article about this format was written. Interestingly, the last edit on that article was made on April 4, 2021 so someone might have to check if the article reflects the current state of the hfs file format. If it does, does it help with busting the encryption? Here's the link: Vindictus HFS article
Yretenai wrote: ↑Sat Mar 13, 2021 9:05 am
Maybe. My extraction program for the old HFS formats is open source, I can't say if the format changed much since it's encrypted.
Also, there seems to be a new wiki from XenTax where a new article about this format was written. Interestingly, the last edit on that article was made on April 4, 2021 so someone might have to check if the article reflects the current state of the hfs file format. If it does, does it help with busting the encryption? Here's the link: Vindictus HFS article
Format on the wiki is still the old format, someone just added it to the XOR Encryption category and renamed the article.
Yretenai wrote: ↑Sun Jun 06, 2021 7:47 am
Format on the wiki is still the old format, someone just added it to the XOR Encryption category and renamed the article.
Yretenai wrote: ↑Sun Jun 06, 2021 7:47 am
Format on the wiki is still the old format, someone just added it to the XOR Encryption category and renamed the article.
As Yretenai said in newest version HFS files is encrypted by AES (probably modified) cuz for setup encryption keys it uses SOSEMANUK multiplication tables (I have never seen such thing ). There are no static encryption keys, they are dynamic and are generated from the file name
Ekey wrote: ↑Wed Sep 01, 2021 4:53 pm
As Yretenai said in newest version HFS files is encrypted by AES (probably modified) cuz for setup encryption keys it uses SOSEMANUK multiplication tables (I have never seen such thing ). There are no static encryption keys, they are dynamic and are generated from the file name
Soseman is a cipher based off AES Serpent, which is why it looks similar. Likely are just using the normal Soseman chiper as-is in a common block mode like CBC or ECB