Yolo encryption keys
This commit is contained in:
parent
a3e32f95a6
commit
1d62abc9f8
Binary file not shown.
Before Width: | Height: | Size: 1.4 KiB |
Binary file not shown.
Before Width: | Height: | Size: 4.8 KiB |
|
@ -14,7 +14,7 @@ import binascii
|
|||
from Crypto.Cipher import DES3
|
||||
|
||||
|
||||
KEY = b"" # Check the DES section for this
|
||||
KEY = b"?I'llB2c.YouXXXeMeHaYpy!"
|
||||
_KEY = bytes(i * 2 for i in KEY) # Preprocess the key
|
||||
|
||||
ALPHABET = "0123456789ABCDEFGHJKLMNPRSTUWXYZ"
|
||||
|
@ -253,13 +253,11 @@ card[15] = <a href="#checksum">checksum(card)</a></code></pre>
|
|||
<h2 id="des">The DES scheme used</h2>
|
||||
<p>For whatever reason, Bemani decided that IDs should be encrypted. Thankfully however they used triple DES, which
|
||||
almost certainly has an existing implementation in your language of choice. It is triple DES, in CBC mode, with
|
||||
a totally null <code>IV</code>. The key is quite easy to find if you hit the right binaries with
|
||||
<code>strings</code>. <span style="color: white">Alternatively, check the source of this page.</span> The key
|
||||
contains characters that are all within the ASCII range. Before we can use it with DES, the value of every byte
|
||||
needs doubled. This was presumably done to give the values more range, but I sincerely doubt it adds any
|
||||
additional security.
|
||||
a totally null <code>IV</code>. The encryption key is <code>?I'llB2c.YouXXXeMeHaYpy!</code>. The key consists of
|
||||
characters that are all within the ASCII range. Before we can use it with DES, the value of every byte needs
|
||||
doubled. This was presumably done to give the values more range, but I sincerely doubt it adds any additional
|
||||
security.
|
||||
</p>
|
||||
<!-- soundvoltex.dll:0x102d3e2d -->
|
||||
<details>
|
||||
<summary>I'm curious how Bemani implemented this in their own code!</summary>
|
||||
<p>Curiosity is a great thing. Unfortunately, this is code that is implement within the game specific DLL files.
|
||||
|
|
|
@ -1,7 +0,0 @@
|
|||
{% extends "konami.html" %}
|
||||
{% block title %}Curious flags{% endblock %}
|
||||
{% block body %}
|
||||
<br>
|
||||
<img src="{{ROOT}}/images/flags/xeai.png" class="graphic">
|
||||
<img src="{{ROOT}}/images/flags/card.png" class="graphic">
|
||||
{% endblock %}
|
|
@ -17,7 +17,7 @@
|
|||
<li><code>s:\mxgdeliver.exe {appboot.platformid} {appboot.gameid} {appboot.networkaddr} {appboot.keyid}</code></li>
|
||||
<li><code>C:\WINDOWS\system32\regini.exe S:\default_regset.txt</code></li>
|
||||
<li><code>c:\System\Execute\mxsegaboot.exe</code></li>
|
||||
<!-- Investigate amDongleSetAuthConfig->FUN_00412ae0 -->
|
||||
<!-- TODO: Investigate amDongleSetAuthConfig->FUN_00412ae0 -->
|
||||
</ul>
|
||||
|
||||
{% endblock %}
|
|
@ -56,8 +56,8 @@ uint32_t prng() {
|
|||
trying to roll your own!
|
||||
</p>
|
||||
</details>
|
||||
<p>Our per-packet key is then generated using <code>md5(seconds | salt | ENC_KEY)</code>. Identifying
|
||||
<code>ENC_KEY</code> is left as an exercise for the reader, however should not be especially challenging.
|
||||
<p>Our per-packet key is then generated using <code>md5(seconds | salt | ENC_KEY)</code>. <code>ENC_KEY</code> is
|
||||
currently <code>69d74627d985ee2187161570d08d93b12455035b6df0d8205df5</code> for all games.
|
||||
</p>
|
||||
<details>
|
||||
<summary>Source code details</summary>
|
||||
|
|
Loading…
Reference in New Issue