Harry Potter: Hogwarts Mystery encrypted JSON files

Extraction and unpacking of game archives and compression, encryption, obfuscation, decoding of unknown files
merulasnyde
Posts: 1
Joined: Wed Jul 03, 2019 4:50 pm

Harry Potter: Hogwarts Mystery encrypted JSON files

Post by merulasnyde »

I'm looking for help trying to decrypt data files for the game Hogwarts Mystery.
Some of them already come as plain JSON files but most of them can't be read normally

When the list of files is received from the game's server, attached to the filenames and MD5 checksums of the decompiled files (which is also part of the filename) is the following string
"546f6f206561737920736f206661722ed6cda565a46d266534da32a92d23659acae5a4c1fe4731b7f1f7d377517f3bbb"
with the name "cksAESKeys"
I'm sure this string or part of it could be useful to decrypt the files but I'm not sure how.

Included are a few of these encrypted files, any help or advice would be greatly appreciated.
LokiReborn
Posts: 190
Joined: Fri Aug 26, 2016 3:11 pm

Re: Harry Potter: Hogwarts Mystery encrypted JSON files

Post by LokiReborn »

merulasnyde wrote:I'm looking for help trying to decrypt data files for the game Hogwarts Mystery.
Some of them already come as plain JSON files but most of them can't be read normally

When the list of files is received from the game's server, attached to the filenames and MD5 checksums of the decompiled files (which is also part of the filename) is the following string
"546f6f206561737920736f206661722ed6cda565a46d266534da32a92d23659acae5a4c1fe4731b7f1f7d377517f3bbb"
with the name "cksAESKeys"
I'm sure this string or part of it could be useful to decrypt the files but I'm not sure how.

Included are a few of these encrypted files, any help or advice would be greatly appreciated.


I tried decrypting the files a few different ways with that info but wasn't able to get it to work, 546F6F206561737920736F206661722E is "Too easy so far." which could be the Key, I tried using the other bytes as 128 & 256 bit blocks in ECB,CBC,CFB and couldn't get valid data with any of the combinations. I think you'd need to look at the executable to see how it's using the info to decrypt them honestly.