Quote:
Originally Posted by toro
as i say before currently i found 2 version of hardlock.sys. one version has no enc\dec algo and one version has. can you tell me about version 0, is it the same as uncrypted version?
|
Right. Simply check +0xBA field and if it's zero skip decrypt.
Quote:
Originally Posted by toro
however my problem is to distinguish between crypted an uncrypted packets in runtime. my approach is to test the seed, if it is 0 then packet is not crypted and if is not 0 then packet crypted in 2 level is it true?
|
If +0xBA field not zero then decrypt first layer (common for both version) and then decrypt each field.