#1
|
|||
|
|||
[C#] EADRM Encryptions & Few notes...
Well, first off - there are 2 major "encryptions" used in EADRM;
.PAR - the parameter file which contains the parameters the DRM itself reads, and uses together with the cipher-key found in the .DLF (the decryption information key file)... .PAR is "encrypted" with a simple Xor encryption w/key: Code:
private static byte[] Xor(byte[] orgBytes, byte[] keyBytes) { for (var i = 0; i < orgBytes.Length; i++) { orgBytes[i] = (byte)(orgBytes[i] ^ keyBytes[i % keyBytes.Length]); } return orgBytes; } .DLF is encrypted (yes, really encrypted) with AES-CBC w/zero padded IV: (also static Key by the way...) Code:
private static string AesDecrypt(this byte[] cryptText) { using (var aes = new RijndaelManaged { BlockSize = 128, KeySize = 128, Padding = PaddingMode.Zeros, Mode = CipherMode.CBC, Key = new byte[] { 0x41, 0x32, 0x72, 0x2D, 0xD0, 0x82, 0xEF, 0xB0, 0xDC, 0x64, 0x57, 0xC5, 0x76, 0x68, 0xCA, 0x09 }, IV = new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } }) { var decryptor = aes.CreateDecryptor(); var encrypted = cryptText; var planeText = new byte[encrypted.Length]; using (var memoryStream = new MemoryStream(encrypted)) { using (var cryptStream = new CryptoStream(memoryStream, decryptor, CryptoStreamMode.Read)) { cryptStream.Read(planeText, 0, planeText.Length); return Encoding.ASCII.GetString(planeText).CleanInput(); } } } } During my research towards making an unpacker for EADRM/OriginStub (without the need to patch any API's), I also discovered that there is currently 3 variations of the DRM/Stub: Quote:
Oh, and no tools will be given for this - just enjoy these few findings and write your own tools Last edited by n00b; 04-01-2016 at 03:52. Reason: Seems Command & Conquer has a slight different V2... |
The Following User Gave Reputation+1 to n00b For This Useful Post: | ||
niculaita (03-29-2016) |
The Following 6 Users Say Thank You to n00b For This Useful Post: | ||
chessgod101 (03-29-2016), e0qs (05-22-2016), gsaralji (12-10-2016), tonyweb (12-17-2016), zeytunak (03-31-2016) |
|
|