Well brute forcing is an alternative to encryption...
I don't really think of it as an essential part of the program, but I believe it could be a neat extra tool.
Important information: this site is currently scheduled to go offline indefinitely by end of the year.
Granado Espada .IPF format
-
piratesephiroth
- beginner
- Posts: 29
- Joined: Sun Nov 08, 2009 11:05 am
- Location: Brazil
- Has thanked: 3 times
- Been thanked: 16 times
Re: Granado Espada .IPF format
Again, I fail to see how brute forcing is an alternative to encryptionpiratesephiroth wrote:Well brute forcing is an alternative to encryption...
I don't really think of it as an essential part of the program, but I believe it could be a neat extra tool.
I really dislike saying things like this but: Research things before mentioning it. From the looks you got no idea how brute forcing works other than its a way of "cracking" its just not as simple as that and there is a lot to it.
255 * Length Of String * Possible Combinations = one heck of a big number which means a lot of loops.
Example:
Something of three letters
255 * 3 * 16777215 = 12834569475
(16777215 = FFFFFF)
From the outlooks the name encryption probably uses Windows encrypting due to things mentioned in the client however its got lookup tables and everything instead of getting the encryption its just easier to compile all the current filenames from existing IPFs into a databank. You will not need to add any files that do not exist in the IPF files.
If you want to use bruteforce something look on the internet there are plenty of tools.
Re: Granado Espada .IPF format
hey, is there anyone who cracked password to ies.ipf?
if not so I got a question.
Password to ai.ipf has got 38 letters, it contains everything, normal letters, special letters
So Im wondering what is the best way to crack password like that,
Rainbow tables? brute force? any other way?
or someone who cracked it could share it
also im interested how to write X-trap bypass, it doesnt let me read the packets with WPE Pro. Anyone got any clues how to do that? I appreciate everything.
if not so I got a question.
Password to ai.ipf has got 38 letters, it contains everything, normal letters, special letters
So Im wondering what is the best way to crack password like that,
Rainbow tables? brute force? any other way?
or someone who cracked it could share it
also im interested how to write X-trap bypass, it doesnt let me read the packets with WPE Pro. Anyone got any clues how to do that? I appreciate everything.
Re: Granado Espada .IPF format
emriv wrote:hey, is there anyone who cracked password to ies.ipf?
if not so I got a question.
Password to ai.ipf has got 38 letters, it contains everything, normal letters, special letters
So Im wondering what is the best way to crack password like that,
Rainbow tables? brute force? any other way?
or someone who cracked it could share it
also im interested how to write X-trap bypass, it doesnt let me read the packets with WPE Pro. Anyone got any clues how to do that? I appreciate everything.
Code: Select all
%f %f %s %s ÿÿÿÿ?[ ÿÿÿÿ?%f %f %s h %s .?. Xÿ$$The Encryption on the names of the files inside the IPF uses some byte tables to do it which may be connected to ZIP2 Encryption.
Anyway, on X-Trap bypass I refuse to tell you or even help you to do that since you said "WPE Pro" also the Packets are encrypted with Blowfish, I don't think that it uses the same password as the IPF either.
This site is about reversing file formats and that not about "hacking" so if you might want to start looking else where for your stuff or work out how to do it people will only spoon feed some stuff.
Re: Granado Espada .IPF format
Here is IPF_extractor
http://kainits.clan.su/load/1-1-0-1
Just pick on the label " Скачать с сервера (123.5Kb) "
http://kainits.clan.su/load/1-1-0-1
Just pick on the label " Скачать с сервера (123.5Kb) "
Re: Granado Espada .IPF format
Hey,
Does anyone know how to use the currently released IPF Packer? I'm trying to make my own custom se.ipf sound effects but the onscreen instructions isn't very clear to me. Can someone explain it please? Thanks!
Does anyone know how to use the currently released IPF Packer? I'm trying to make my own custom se.ipf sound effects but the onscreen instructions isn't very clear to me. Can someone explain it please? Thanks!
Re: Granado Espada .IPF format
No, IPF Packer is basicly broken.IHX001 wrote:Hey,
Does anyone know how to use the currently released IPF Packer? I'm trying to make my own custom se.ipf sound effects but the onscreen instructions isn't very clear to me. Can someone explain it please? Thanks!
Anyway I lost interest this quite a while back, here is how the IPF File Encryption works.
IPF Files are just a zip archive the names encrypted with Zip 2.0 algo.
Unorganized code - Note removed some things from it since it was a test program:
You will have to rebuild the function around the Encrypt and Decrypt functions for this to work.
Code: Select all
#include <string>
#include <windows.h>
const int keyLen = 48;
unsigned char key[keyLen] = {
0x25, 0x66, 0x20, 0x25, 0x66, 0x20, 0x25, 0x73,
0x20, 0x25, 0x73, 0x20, 0xFF, 0xFF, 0xFF, 0xFF,
0x3F, 0x5B, 0x20, 0xFF, 0xFF, 0xFF, 0xFF, 0x3F,
0x25, 0x66, 0x20, 0x25, 0x66, 0x20, 0x25, 0x73,
0x20, 0x68, 0x20, 0x25, 0x73, 0x20, 0x2E, 0x3F,
0x2E, 0x20, 0x20, 0x20, 0x58, 0xFF, 0x24, 0x24 };
//CRC Table from Zlib
const long crc_table[256] = {
0x00000000L, 0x77073096L, 0xee0e612cL, 0x990951baL, 0x076dc419L,
0x706af48fL, 0xe963a535L, 0x9e6495a3L, 0x0edb8832L, 0x79dcb8a4L,
0xe0d5e91eL, 0x97d2d988L, 0x09b64c2bL, 0x7eb17cbdL, 0xe7b82d07L,
0x90bf1d91L, 0x1db71064L, 0x6ab020f2L, 0xf3b97148L, 0x84be41deL,
0x1adad47dL, 0x6ddde4ebL, 0xf4d4b551L, 0x83d385c7L, 0x136c9856L,
0x646ba8c0L, 0xfd62f97aL, 0x8a65c9ecL, 0x14015c4fL, 0x63066cd9L,
0xfa0f3d63L, 0x8d080df5L, 0x3b6e20c8L, 0x4c69105eL, 0xd56041e4L,
0xa2677172L, 0x3c03e4d1L, 0x4b04d447L, 0xd20d85fdL, 0xa50ab56bL,
0x35b5a8faL, 0x42b2986cL, 0xdbbbc9d6L, 0xacbcf940L, 0x32d86ce3L,
0x45df5c75L, 0xdcd60dcfL, 0xabd13d59L, 0x26d930acL, 0x51de003aL,
0xc8d75180L, 0xbfd06116L, 0x21b4f4b5L, 0x56b3c423L, 0xcfba9599L,
0xb8bda50fL, 0x2802b89eL, 0x5f058808L, 0xc60cd9b2L, 0xb10be924L,
0x2f6f7c87L, 0x58684c11L, 0xc1611dabL, 0xb6662d3dL, 0x76dc4190L,
0x01db7106L, 0x98d220bcL, 0xefd5102aL, 0x71b18589L, 0x06b6b51fL,
0x9fbfe4a5L, 0xe8b8d433L, 0x7807c9a2L, 0x0f00f934L, 0x9609a88eL,
0xe10e9818L, 0x7f6a0dbbL, 0x086d3d2dL, 0x91646c97L, 0xe6635c01L,
0x6b6b51f4L, 0x1c6c6162L, 0x856530d8L, 0xf262004eL, 0x6c0695edL,
0x1b01a57bL, 0x8208f4c1L, 0xf50fc457L, 0x65b0d9c6L, 0x12b7e950L,
0x8bbeb8eaL, 0xfcb9887cL, 0x62dd1ddfL, 0x15da2d49L, 0x8cd37cf3L,
0xfbd44c65L, 0x4db26158L, 0x3ab551ceL, 0xa3bc0074L, 0xd4bb30e2L,
0x4adfa541L, 0x3dd895d7L, 0xa4d1c46dL, 0xd3d6f4fbL, 0x4369e96aL,
0x346ed9fcL, 0xad678846L, 0xda60b8d0L, 0x44042d73L, 0x33031de5L,
0xaa0a4c5fL, 0xdd0d7cc9L, 0x5005713cL, 0x270241aaL, 0xbe0b1010L,
0xc90c2086L, 0x5768b525L, 0x206f85b3L, 0xb966d409L, 0xce61e49fL,
0x5edef90eL, 0x29d9c998L, 0xb0d09822L, 0xc7d7a8b4L, 0x59b33d17L,
0x2eb40d81L, 0xb7bd5c3bL, 0xc0ba6cadL, 0xedb88320L, 0x9abfb3b6L,
0x03b6e20cL, 0x74b1d29aL, 0xead54739L, 0x9dd277afL, 0x04db2615L,
0x73dc1683L, 0xe3630b12L, 0x94643b84L, 0x0d6d6a3eL, 0x7a6a5aa8L,
0xe40ecf0bL, 0x9309ff9dL, 0x0a00ae27L, 0x7d079eb1L, 0xf00f9344L,
0x8708a3d2L, 0x1e01f268L, 0x6906c2feL, 0xf762575dL, 0x806567cbL,
0x196c3671L, 0x6e6b06e7L, 0xfed41b76L, 0x89d32be0L, 0x10da7a5aL,
0x67dd4accL, 0xf9b9df6fL, 0x8ebeeff9L, 0x17b7be43L, 0x60b08ed5L,
0xd6d6a3e8L, 0xa1d1937eL, 0x38d8c2c4L, 0x4fdff252L, 0xd1bb67f1L,
0xa6bc5767L, 0x3fb506ddL, 0x48b2364bL, 0xd80d2bdaL, 0xaf0a1b4cL,
0x36034af6L, 0x41047a60L, 0xdf60efc3L, 0xa867df55L, 0x316e8eefL,
0x4669be79L, 0xcb61b38cL, 0xbc66831aL, 0x256fd2a0L, 0x5268e236L,
0xcc0c7795L, 0xbb0b4703L, 0x220216b9L, 0x5505262fL, 0xc5ba3bbeL,
0xb2bd0b28L, 0x2bb45a92L, 0x5cb36a04L, 0xc2d7ffa7L, 0xb5d0cf31L,
0x2cd99e8bL, 0x5bdeae1dL, 0x9b64c2b0L, 0xec63f226L, 0x756aa39cL,
0x026d930aL, 0x9c0906a9L, 0xeb0e363fL, 0x72076785L, 0x05005713L,
0x95bf4a82L, 0xe2b87a14L, 0x7bb12baeL, 0x0cb61b38L, 0x92d28e9bL,
0xe5d5be0dL, 0x7cdcefb7L, 0x0bdbdf21L, 0x86d3d2d4L, 0xf1d4e242L,
0x68ddb3f8L, 0x1fda836eL, 0x81be16cdL, 0xf6b9265bL, 0x6fb077e1L,
0x18b74777L, 0x88085ae6L, 0xff0f6a70L, 0x66063bcaL, 0x11010b5cL,
0x8f659effL, 0xf862ae69L, 0x616bffd3L, 0x166ccf45L, 0xa00ae278L,
0xd70dd2eeL, 0x4e048354L, 0x3903b3c2L, 0xa7672661L, 0xd06016f7L,
0x4969474dL, 0x3e6e77dbL, 0xaed16a4aL, 0xd9d65adcL, 0x40df0b66L,
0x37d83bf0L, 0xa9bcae53L, 0xdebb9ec5L, 0x47b2cf7fL, 0x30b5ffe9L,
0xbdbdf21cL, 0xcabac28aL, 0x53b39330L, 0x24b4a3a6L, 0xbad03605L,
0xcdd70693L, 0x54de5729L, 0x23d967bfL, 0xb3667a2eL, 0xc4614ab8L,
0x5d681b02L, 0x2a6f2b94L, 0xb40bbe37L, 0xc30c8ea1L, 0x5a05df1bL,
0x2d02ef8dL
};
unsigned long seed[3];
void BuildDecryptKeys(LPBYTE key, int keyLen);
int XORKey();
Encrypt (lElements = Length of the Char Array):
long i;
BYTE FileName[32767] = {0};
seed[1] = 0x12345678;
seed[2] = 0x23456789;
seed[3] = 0x34567890;
BuildDecryptKeys((LPBYTE)key, keyLen);
memset(FileName, 0, lElements + 1);
if(lElements > 0)
{
for (i=0; i < lElements; i++)
{
BYTE decrypt = 0;
BYTE curChar = plArrayOfLongs[i]; //plArrayOfLongs = Character Array
int XKey = 0;
XKey = XORKey();
decrypt = XKey ^ curChar;
BuildDecryptKeys(&curChar, 1);
FileName[i] = decrypt;
}
}
Decrypt (lElements = Length of the Char Array):
long i;
BYTE FileName[32767] = {0};
seed[1] = 0x12345678;
seed[2] = 0x23456789;
seed[3] = 0x34567890;
BuildDecryptKeys((LPBYTE)key, keyLen);
memset(FileName, 0, lElements + 1);
if(lElements > 0)
{
for (i=0; i < lElements; i++)
{
BYTE decrypt = 0;
BYTE curChar = plArrayOfLongs[i];
int XKey = 0;
XKey = XORKey();
decrypt = XKey ^ curChar;
BuildDecryptKeys(&decrypt, 1);
FileName[i] = decrypt;
}
}
int XORKey()
{
int tmp;
tmp = (seed[3] & 0x0fffd) | 2;
tmp = ((tmp * (tmp ^ 1)) >> 8);
return tmp;
}
void BuildDecryptKeys(LPBYTE key, int keyLen)
{
for(int x = 0; x < keyLen; ++x)
{
BYTE curChar1 = key[x];
seed[1] = crc_table[(seed[1] & 0xff) ^ curChar1] ^ (seed[1] >> 8);
seed[2] += seed[1] & 0xff;
seed[2] = (seed[2] * 0x8088405L) + 1;
seed[3] = crc_table[((seed[2] >> 24) & 0xFF) ^ (seed[3] & 0xFF)] ^ (seed[3] >> 8);
}
}