The curious thing is that the encryption algorithm they're using is only applied every 2 bytes, leaving half of a file unchanged. It's hard to explain, so here's a side-by-side comparison of one the files before and after the update:
There are some instances where the 2 bytes rule doesn't apply, but maybe it's a coincidence? Anyway, at first I thought the game was performing a simple XOR cipher with a 4-byte key like XX XX 00 00, but I've tried to brute force it with no results. While I can find some keys that work for the first 4 bytes of a file, it doesn't work for the rest.
Some other thing I noticed is that identical files (prior to this update) are no longer identical. They are encrypted differently, which means the game doesn't use the same key for every file. It's unlikely that the developer is storing 1000+ keys inside the game's executable, so I think they derive each key at runtime based on the file's name or some other factor.
The header of the file compression format the game uses (KOM) hasn't changed at all. I can unpack and repack a KOM file without touching the LUAs inside and the game still recognizes them perfectly. The game also doesn't crash if I change a single non important byte of a file, like, say, part of a string, so I'm sure there's no checksum verification going on.
I would really appreciate some pointers on what to look out for next. Unfortunately, I don't know much about reverse engineering. I could probably work out a script to reverse the encryption if I knew what algorithm they're using, but that's about it.
---
Relevant links:
Files:
KOM utils (pick any):
- QuickBMS extraction script for KOM files (Grand Chase Classic uses the V.0.3 variant)
- Python 2.7 unpacker/repacker script for KOM files (when prompted for KOM version, type 3)
- KOM unpacker/repacker program (made for an old version of Elsword, but still works for Grand Chase Classic)
Crypto stuff:
