Skip to content
View in the app

A better way to browse. Learn more.
ResHax

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.
Help us keep the site running.

Help Identify Compression Method

ZenHAX
in Zenhax

Featured Replies

  • Author
  • Localization

atom0s, posted Sun Dec 28, 2014 8:47 am (2326)

Hello I am looking for some assistance in determining a compression method used for a game. The game is Final Fantasy XI, and I am looking into how the packets are being compressed / decompressed. We can already manage the packet data fully with current reimplementations of what I am showing below, but as a side project of my own I am looking to try and find the original implementation of this compression method. Given how the game company has handled past games, we are certain this method is taken from some where public or a known source.

So I am trying to find anyone that may know or recognize this compression method:
Code:
/**
 * @brief Encrypts the given packet.
 *
 * @param a1 The raw packet being encrypted and compressed.
 * @param a2 The raw packet size.
 * @param a3 Unknown - Assumed to be the output buffer.
 * @param a4 Unknown - Assumed to be the output size.
 * @param a5 The compression table to use while compressing the packet. (This matches our compress.dat file.)
 */
int __cdecl Encrypt_Packet(const void *a1, unsigned int a2, int a3, unsigned int a4, int a5)
{
  int v5; // eax@1
  unsigned int v6; // edi@1
  int v7; // ecx@2
  int v8; // ebx@2
  int result; // eax@4
  unsigned int v10; // edi@7
  unsigned int i; // ecx@7

  v5 = 0;
  v6 = 0;
  if ( a2 )
  {
    while ( 1 )
    {
      v7 = *((_BYTE *)a1   v6);
      v8 = *(_DWORD *)(a5   4 * v7   1536)   v5;
      if ( v8 >= 8 * (a4 - 1) )
        break;
      Compress_Packet(a3   1, a4 - 1, v5, a5   4 * v7   512, 4u, 0, *(_DWORD *)(a5   4 * v7   1536));
        v6;
      v5 = v8;
      if ( v6 >= a2 )
        goto LABEL_4;
    }
    if ( a4 >= a2   1 )
    {
      memset((void *)a3, 0, 4 * (a4 >> 2));
      v10 = a3   4 * (a4 >> 2);
      for ( i = a4 & 3; i; --i )
        *(_BYTE *)v10   = 0;
      memcpy((void *)(a3   1), a1, 4 * (a2 >> 2));
      result = 8 * (a2   1);
      memcpy((void *)(a3   1   4 * (a2 >> 2)), (char *)a1   4 * (a2 >> 2), a2 & 3);
      *(_BYTE *)a3 = 0;
    }
    else
    {
      result = -1;
    }
  }
  else
  {
LABEL_4:
    *(_BYTE *)a3 = 1;
    result = v5   8;
  }
  return result;
}

char __cdecl Compress_Packet(int a1, unsigned int a2, int a3, int a4, unsigned int a5, unsigned int a6, int a7)
{
  unsigned int v7; // edx@2
  int i; // eax@4
  unsigned int v9; // eax@6
  char v10; // bl@6
  char result; // al@7

  if ( (unsigned int)(a3   a7   7) >> 3 > a2 || (v7 = a6, (a6   a7   7) >> 3 > a5) )
  {
    result = -1;
  }
  else
  {
    if ( a6 < a6   a7 )
    {
      for ( i = a3 - a6; ; i = a3 - a6 )
      {
        v9 = v7   i;
        v10 = (*(_BYTE *)((v9 >> 3)   a1) & ~(1 << (v9 & 7)))
              (((*(_BYTE *)((v7 >> 3)   a4) >> (v7 & 7)) & 1) << (v9 & 7));
          v7;
        *(_BYTE *)((v9 >> 3)   a1) = v10;
        if ( v7 >= a6   a7 )
          break;
      }
    }
    result = 0;
  }
  return result;
}


Following this, this is how the compression table given to the above functions is generated:
Code:
char __cdecl sub_100D27D0(int a1, int a2)
{
  return sub_100D27F0(a1, a2, (int)&unk_1032AE18, 0x900u);
}

char __cdecl sub_100D27F0(int a1, int a2, int a3, unsigned int a4)
{
  int v5; // edi@3
  signed int v6; // ebp@3
  int v7; // eax@3
  int v8; // esi@4
  unsigned int v9; // ecx@4
  int v10; // edx@4
  bool v11; // zf@4
  int v12; // edi@5
  int v13; // eax@7
  int v14; // ecx@9
  int v15; // [sp 0h] [bp-10h]@3
  signed int v16; // [sp 4h] [bp-Ch]@3
  int v17; // [sp 8h] [bp-8h]@4
  unsigned int v18; // [sp Ch] [bp-4h]@4
  unsigned int v19; // [sp 1Ch] [bp Ch]@4
  char v20; // [sp 20h] [bp 10h]@4

  if ( a4 < 0x900 )
    return -1;
  v5 = a1;
  v6 = 1;
  v16 = 256;
  *(_DWORD *)a1 = a1   4;
  *(_DWORD *)(a1   12) = 0;
  *(_DWORD *)(*(_DWORD *)a1   4) = 0;
  v7 = a3   5;
  **(_DWORD **)a1 = 0;
  v15 = a3   5;
  do
  {
    v8 = *(_DWORD *)v5;
    v20 = *(_BYTE *)(v7 - 5);
    v9 = *(_DWORD *)v7;
    v17 = *(_DWORD *)(v7 - 4);
    v10 = 0;
    v18 = v9;
    v11 = v9 == 0;
    v19 = 0;
    if ( !v9 )
      goto LABEL_14;
    v12 = v5   20 * v6   4;
    do
    {
      if ( (unsigned __int8)sub_100D29A0(&v17, v10) )
      {
        v13 = v8   4;
        v14 = v8;
        v8 = *(_DWORD *)(v8   4);
        if ( v8 )
          goto LABEL_12;
        v8 = v12;
        *(_DWORD *)(v12   8) = v14;
      }
      else
      {
        v13 = v8;
        v8 = *(_DWORD *)v8;
        if ( v8 )
          goto LABEL_12;
        v8 = v12;
        *(_DWORD *)(v12   8) = v13;
      }
      *(_DWORD *)v12 = 0;
      *(_DWORD *)(v12   4) = 0;
        v6;
      v12  = 20;
      *(_DWORD *)v13 = v8;
LABEL_12:
      v10 = v19     1;
    }
    while ( v19 < v18 );
    v5 = a1;
    v7 = v15;
    v11 = v18 == 0;
LABEL_14:
    if ( !v11 )
      *(_BYTE *)(v8   12) = v20;
    v7  = 9;
    v11 = v16 == 1;
    v15 = v7;
    --v16;
  }
  while ( !v11 );
  return 0;
}

int __cdecl sub_100D29A0(int a1, unsigned int a2)
{
  return ((signed int)*(_BYTE *)((a2 >> 3)   a1) >> (a2 & 7)) & 1;
}


And the table that is being used:
Code:
unsigned char raw_compression_table[2320] = {
    0x80, 0x16, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x81, 0x7E, 0x05, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x82, 0x62,
    0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x83, 0x9E, 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x84, 0xD8, 0x05, 0x00,
    0x00, 0x0B, 0x00, 0x00, 0x00, 0x85, 0x9E, 0x07, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x86, 0x58, 0x00, 0x00, 0x00, 0x0B,
    0x00, 0x00, 0x00, 0x87, 0xBE, 0x03, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x88, 0x22, 0x01, 0x00, 0x00, 0x0B, 0x00, 0x00,
    0x00, 0x89, 0x08, 0x03, 0x00, 0x00, 0x0A, 0x00, 0x00, 0x00, 0x8A, 0x40, 0x00, 0x00, 0x00, 0x0A, 0x00, 0x00, 0x00, 0x8B,
    0x80, 0x02, 0x00, 0x00, 0x0A, 0x00, 0x00, 0x00, 0x8C, 0x32, 0x01, 0x00, 0x00, 0x0A, 0x00, 0x00, 0x00, 0x8D, 0x58, 0x02,
    0x00, 0x00, 0x0A, 0x00, 0x00, 0x00, 0x8E, 0xF2, 0x05, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x8F, 0xD0, 0x01, 0x00, 0x00,
    0x0A, 0x00, 0x00, 0x00, 0x90, 0xC6, 0x01, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x91, 0x18, 0x02, 0x00, 0x00, 0x0A, 0x00,
    0x00, 0x00, 0x92, 0x50, 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x93, 0x7E, 0x03, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00,
    0x94, 0x00, 0x00, 0x00, 0x00, 0x0A, 0x00, 0x00, 0x00, 0x95, 0x72, 0x04, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x96, 0x46,
    0x07, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x97, 0x46, 0x03, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x98, 0x50, 0x02, 0x00,
    0x00, 0x0A, 0x00, 0x00, 0x00, 0x99, 0x50, 0x05, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x9A, 0x3E, 0x04, 0x00, 0x00, 0x0B,
    0x00, 0x00, 0x00, 0x9B, 0x72, 0x00, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0x9C, 0xA2, 0x02, 0x00, 0x00, 0x0B, 0x00, 0x00,
    0x00, 0x9D, 0x3E, 0x06, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0x9E, 0x0E, 0x06, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x9F,
    0x12, 0x0F, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0xA0, 0x32, 0x02, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xA1, 0x7A, 0x0C,
    0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0xA2, 0x46, 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xA3, 0x32, 0x06, 0x00, 0x00,
    0x0C, 0x00, 0x00, 0x00, 0xA4, 0x68, 0x06, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xA5, 0x52, 0x07, 0x00, 0x00, 0x0C, 0x00,
    0x00, 0x00, 0xA6, 0x1E, 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xA7, 0x46, 0x0C, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00,
    0xA8, 0xFE, 0x06, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xA9, 0x22, 0x0D, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0xAA, 0x12,
    0x04, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xAB, 0xD8, 0x09, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0xAC, 0xC6, 0x00, 0x00,
    0x00, 0x09, 0x00, 0x00, 0x00, 0xAD, 0x7A, 0x04, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0xAE, 0xD2, 0x07, 0x00, 0x00, 0x0B,
    0x00, 0x00, 0x00, 0xAF, 0xA2, 0x0C, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0xB0, 0xD2, 0x04, 0x00, 0x00, 0x0B, 0x00, 0x00,
    0x00, 0xB1, 0xE8, 0x0E, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0xB2, 0xC8, 0x06, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xB3,
    0x92, 0x0C, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0xB4, 0x92, 0x07, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xB5, 0x32, 0x0E,
    0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0xB6, 0x52, 0x05, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xB7, 0xA2, 0x09, 0x00, 0x00,
    0x0C, 0x00, 0x00, 0x00, 0xB8, 0xD2, 0x03, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xB9, 0x98, 0x05, 0x00, 0x00, 0x0C, 0x00,
    0x00, 0x00, 0xBA, 0x18, 0x01, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xBB, 0x52, 0x0F, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00,
    0xBC, 0x92, 0x03, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xBD, 0x58, 0x07, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xBE, 0x72,
    0x02, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xBF, 0x9E, 0x01, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0xC0, 0x98, 0x03, 0x00,
    0x00, 0x0A, 0x00, 0x00, 0x00, 0xC1, 0xFA, 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0xC2, 0x42, 0x00, 0x00, 0x00, 0x07,
    0x00, 0x00, 0x00, 0xC3, 0x1A, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0xC4, 0x3E, 0x0E, 0x00, 0x00, 0x0C, 0x00, 0x00,
    0x00, 0xC5, 0xD8, 0x04, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xC6, 0x0E, 0x0A, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0xC7,
    0xD8, 0x02, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xC8, 0x52, 0x08, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0xC9, 0x18, 0x05,
    0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xCA, 0x0E, 0x02, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0xCB, 0x88, 0x01, 0x00, 0x00,
    0x0B, 0x00, 0x00, 0x00, 0xCC, 0x0E, 0x00, 0x00, 0x00, 0x0A, 0x00, 0x00, 0x00, 0xCD, 0x72, 0x03, 0x00, 0x00, 0x0B, 0x00,
    0x00, 0x00, 0xCE, 0xA2, 0x03, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xCF, 0xD8, 0x03, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00,
    0xD0, 0x58, 0x0B, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0xD1, 0xC8, 0x02, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xD2, 0xD8,
    0x01, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0xD3, 0xC8, 0x04, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xD4, 0xA2, 0x04, 0x00,
    0x00, 0x0C, 0x00, 0x00, 0x00, 0xD5, 0x80, 0x04, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xD6, 0xE8, 0x06, 0x00, 0x00, 0x0C,
    0x00, 0x00, 0x00, 0xD7, 0x50, 0x01, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xD8, 0x98, 0x0D, 0x00, 0x00, 0x0C, 0x00, 0x00,
    0x00, 0xD9, 0x98, 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xDA, 0x22, 0x05, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0xDB,
    0x68, 0x04, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xDC, 0xC8, 0x01, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0xDD, 0x08, 0x02,
    0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xDE, 0xD0, 0x03, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0xDF, 0xC8, 0x03, 0x00, 0x00,
    0x0B, 0x00, 0x00, 0x00, 0xE0, 0x98, 0x0C, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0xE1, 0x9E, 0x05, 0x00, 0x00, 0x0B, 0x00,
    0x00, 0x00, 0xE2, 0xD8, 0x06, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0xE3, 0x52, 0x01, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00,
    0xE4, 0xD0, 0x0B, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0xE5, 0xD8, 0x07, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xE6, 0x98,
    0x04, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0xE7, 0x58, 0x05, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xE8, 0x52, 0x00, 0x00,
    0x00, 0x0C, 0x00, 0x00, 0x00, 0xE9, 0xA2, 0x07, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xEA, 0xC8, 0x09, 0x00, 0x00, 0x0C,
    0x00, 0x00, 0x00, 0xEB, 0x12, 0x07, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0xEC, 0xD0, 0x07, 0x00, 0x00, 0x0B, 0x00, 0x00,
    0x00, 0xED, 0x58, 0x03, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0xEE, 0x50, 0x04, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xEF,
    0xF2, 0x01, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0xF0, 0x92, 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xF1, 0x92, 0x04,
    0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0xF2, 0x98, 0x01, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xF3, 0xF2, 0x09, 0x00, 0x00,
    0x0C, 0x00, 0x00, 0x00, 0xF4, 0xC8, 0x07, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xF5, 0x72, 0x08, 0x00, 0x00, 0x0C, 0x00,
    0x00, 0x00, 0xF6, 0x72, 0x06, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xF7, 0xA2, 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00,
    0xF8, 0x7E, 0x01, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xF9, 0x80, 0x05, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xFA, 0x46,
    0x02, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xFB, 0x7E, 0x04, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0xFC, 0x7A, 0x00, 0x00,
    0x00, 0x0B, 0x00, 0x00, 0x00, 0xFD, 0x9E, 0x09, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0xFE, 0x3E, 0x00, 0x00, 0x00, 0x0B,
    0x00, 0x00, 0x00, 0xFF, 0xA2, 0x01, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00,
    0x00, 0x01, 0x0A, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x02, 0x2E, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x03,
    0x4E, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x04, 0x26, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x05, 0xC0, 0x01,
    0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x06, 0x5E, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x07, 0x8E, 0x00, 0x00, 0x00,
    0x08, 0x00, 0x00, 0x00, 0x08, 0x48, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x09, 0x68, 0x01, 0x00, 0x00, 0x09, 0x00,
    0x00, 0x00, 0x0A, 0x66, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x0B, 0x46, 0x01, 0x00, 0x00, 0x0A, 0x00, 0x00, 0x00,
    0x0C, 0xC0, 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x0D, 0xF2, 0x03, 0x00, 0x00, 0x0A, 0x00, 0x00, 0x00, 0x0E, 0x06,
    0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x0F, 0x1E, 0x01, 0x00, 0x00, 0x0A, 0x00, 0x00, 0x00, 0x10, 0x00, 0x01, 0x00,
    0x00, 0x09, 0x00, 0x00, 0x00, 0x11, 0x88, 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x12, 0xFE, 0x03, 0x00, 0x00, 0x0A,
    0x00, 0x00, 0x00, 0x13, 0x7E, 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x14, 0xBE, 0x01, 0x00, 0x00, 0x0A, 0x00, 0x00,
    0x00, 0x15, 0x04, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x16, 0x30, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x17,
    0x92, 0x01, 0x00, 0x00, 0x0A, 0x00, 0x00, 0x00, 0x18, 0x3A, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x19, 0x72, 0x01,
    0x00, 0x00, 0x0A, 0x00, 0x00, 0x00, 0x1A, 0x22, 0x03, 0x00, 0x00, 0x0A, 0x00, 0x00, 0x00, 0x1B, 0xD0, 0x00, 0x00, 0x00,
    0x0A, 0x00, 0x00, 0x00, 0x1C, 0x0E, 0x05, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x1D, 0x08, 0x01, 0x00, 0x00, 0x0A, 0x00,
    0x00, 0x00, 0x1E, 0xE8, 0x01, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x1F, 0xFE, 0x04, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00,
    0x20, 0xBE, 0x07, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x21, 0x40, 0x01, 0x00, 0x00, 0x0A, 0x00, 0x00, 0x00, 0x22, 0x12,
    0x02, 0x00, 0x00, 0x0A, 0x00, 0x00, 0x00, 0x23, 0x32, 0x00, 0x00, 0x00, 0x0A, 0x00, 0x00, 0x00, 0x24, 0x0E, 0x01, 0x00,
    0x00, 0x0B, 0x00, 0x00, 0x00, 0x25, 0x50, 0x03, 0x00, 0x00, 0x0A, 0x00, 0x00, 0x00, 0x26, 0x46, 0x06, 0x00, 0x00, 0x0B,
    0x00, 0x00, 0x00, 0x27, 0x88, 0x03, 0x00, 0x00, 0x0A, 0x00, 0x00, 0x00, 0x28, 0x7E, 0x06, 0x00, 0x00, 0x0B, 0x00, 0x00,
    0x00, 0x29, 0x20, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x2A, 0xC8, 0x05, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x2B,
    0xFE, 0x02, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x2C, 0xA2, 0x06, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x2D, 0x7A, 0x01,
    0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x2E, 0x72, 0x07, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x2F, 0xBE, 0x00, 0x00, 0x00,
    0x0B, 0x00, 0x00, 0x00, 0x30, 0x52, 0x03, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x31, 0x7E, 0x07, 0x00, 0x00, 0x0B, 0x00,
    0x00, 0x00, 0x32, 0x1E, 0x04, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x33, 0x80, 0x03, 0x00, 0x00, 0x0A, 0x00, 0x00, 0x00,
    0x34, 0xD0, 0x06, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x35, 0x12, 0x03, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x36, 0x40,
    0x06, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x37, 0xD2, 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x38, 0x7E, 0x0C, 0x00,
    0x00, 0x0C, 0x00, 0x00, 0x00, 0x39, 0xB2, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x3A, 0xD8, 0x0E, 0x00, 0x00, 0x0C,
    0x00, 0x00, 0x00, 0x3B, 0xFA, 0x07, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x3C, 0xD2, 0x02, 0x00, 0x00, 0x0B, 0x00, 0x00,
    0x00, 0x3D, 0x98, 0x02, 0x00, 0x00, 0x0A, 0x00, 0x00, 0x00, 0x3E, 0xE8, 0x02, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x3F,
    0xF2, 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x40, 0x5A, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x41, 0x7A, 0x02,
    0x00, 0x00, 0x0A, 0x00, 0x00, 0x00, 0x42, 0x1E, 0x07, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x43, 0x28, 0x00, 0x00, 0x00,
    0x07, 0x00, 0x00, 0x00, 0x44, 0xD2, 0x01, 0x00, 0x00, 0x0A, 0x00, 0x00, 0x00, 0x45, 0x08, 0x06, 0x00, 0x00, 0x0B, 0x00,
    0x00, 0x00, 0x46, 0x1E, 0x06, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x47, 0xA2, 0x05, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00,
    0x48, 0xFE, 0x05, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x49, 0x0E, 0x07, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x4A, 0x92,
    0x02, 0x00, 0x00, 0x0A, 0x00, 0x00, 0x00, 0x4B, 0x12, 0x01, 0x00, 0x00, 0x0A, 0x00, 0x00, 0x00, 0x4C, 0x02, 0x00, 0x00,
    0x00, 0x07, 0x00, 0x00, 0x00, 0x4D, 0x18, 0x03, 0x00, 0x00, 0x0A, 0x00, 0x00, 0x00, 0x4E, 0x3E, 0x01, 0x00, 0x00, 0x09,
    0x00, 0x00, 0x00, 0x4F, 0xC6, 0x03, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x50, 0x18, 0x00, 0x00, 0x00, 0x0A, 0x00, 0x00,
    0x00, 0x51, 0x32, 0x07, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x52, 0x9E, 0x06, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x53,
    0x52, 0x04, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x54, 0xFE, 0x01, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x55, 0x68, 0x00,
    0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x56, 0xE8, 0x00, 0x00, 0x00, 0x0A, 0x00, 0x00, 0x00, 0x57, 0x40, 0x02, 0x00, 0x00,
    0x0B, 0x00, 0x00, 0x00, 0x58, 0xFA, 0x03, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x59, 0xD0, 0x02, 0x00, 0x00, 0x0B, 0x00,
    0x00, 0x00, 0x5A, 0x7E, 0x02, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x5B, 0xD8, 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00,
    0x5C, 0xC6, 0x05, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x5D, 0x08, 0x04, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x5E, 0xBE,
    0x04, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x5F, 0x10, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x60, 0x9E, 0x04, 0x00,
    0x00, 0x0B, 0x00, 0x00, 0x00, 0x61, 0x08, 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x62, 0x3E, 0x02, 0x00, 0x00, 0x0B,
    0x00, 0x00, 0x00, 0x63, 0x58, 0x01, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x64, 0x38, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00,
    0x00, 0x65, 0xC8, 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x66, 0xBE, 0x06, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x67,
    0x22, 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x68, 0x1E, 0x02, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x69, 0x68, 0x02,
    0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x6A, 0x9E, 0x02, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x6B, 0x52, 0x02, 0x00, 0x00,
    0x0B, 0x00, 0x00, 0x00, 0x6C, 0xD2, 0x06, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x6D, 0x0E, 0x03, 0x00, 0x00, 0x0B, 0x00,
    0x00, 0x00, 0x6E, 0x1E, 0x03, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x6F, 0x00, 0x02, 0x00, 0x00, 0x0A, 0x00, 0x00, 0x00,
    0x70, 0x12, 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x71, 0xBE, 0x02, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x72, 0x58,
    0x04, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x73, 0xFA, 0x01, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x74, 0x88, 0x05, 0x00,
    0x00, 0x0B, 0x00, 0x00, 0x00, 0x75, 0x32, 0x03, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x76, 0x80, 0x01, 0x00, 0x00, 0x0B,
    0x00, 0x00, 0x00, 0x77, 0xFA, 0x05, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x78, 0x40, 0x03, 0x00, 0x00, 0x0B, 0x00, 0x00,
    0x00, 0x79, 0xC6, 0x07, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x7A, 0x80, 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x7B,
    0x52, 0x06, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x7C, 0x46, 0x04, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0x7D, 0x9E, 0x03,
    0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x7E, 0x40, 0x07, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x7F, 0xFE, 0x00, 0x00, 0x00,
    0x0B, 0x00, 0x00, 0x00, 0x25, 0x64, 0x7D, 0x3B, 0x0A, 0x00, 0x00, 0x00, 0x25, 0x64, 0x2C, 0x0A, 0x00, 0x00, 0x00, 0x00 
};


Thanks in advance to anyone that reads or responds.
  • Author
  • Localization

aluigi, posted Sun Dec 28, 2014 11:01 am (2332)

At a first look I don't see a compression function. It seems an obfuscation because the output size seems to remain the same (it's morning so I may be wrong).
One simple test you can try to understand if it's a known compression algorithm is using the quickbms compression scanner on the decrypted packet and checking if there is a result that is the same of the one obtained after the decompression:
viewtopic.php?f=4&t=23
  • Author
  • Localization

atom0s, posted Mon Dec 29, 2014 1:38 am (2369)

aluigi wrote:
At a first look I don't see a compression function. It seems an obfuscation because the output size seems to remain the same (it's morning so I may be wrong).
One simple test you can try to understand if it's a known compression algorithm is using the quickbms compression scanner on the decrypted packet and checking if there is a result that is the same of the one obtained after the decompression:
viewtopic.php?f=4&t=23


The game uses a slightly modified version of Blowfish for the packet encryption, afterward the packets are "compressed" with the above information.
Our current implementation assumes this is some sort of zlib method. Here is how we currently implement the functions:
https://github.com/DarkstarProject/dark ... blowfish.h
https://github.com/DarkstarProject/dark ... owfish.cpp
https://github.com/DarkstarProject/dark ... mon/zlib.h
https://github.com/DarkstarProject/dark ... n/zlib.cpp

However from looking over zlib I feel like our guess is wrong and that this is some other type of compression since it does not seem to look any bit like zlib.
  • Author
  • Localization

aluigi, posted Mon Dec 29, 2014 9:12 am (2376)

I remain of the idea that this is an obfuscation.
The compress function creates a compressed stream which is lot bigger than the original.
For example an input of 144 random alphabetic chars is 1492 bytes compressed.


*edit*
I have attached the zlib.cpp used for my tests, it creates a z.dat and unz.dat.

P.S.: I tried also to invert the functions and removing the first byte, but then the second function (zlib_compress in this case) will fail.

test.zip

Guest
This topic is now closed to further replies.
Go to topic listing

Account

Navigation

Search

Search

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.