Help Identify Compression Method

Programming related discussions related to game research
atom0s
Posts: 250
Joined: Sat Dec 27, 2014 8:49 pm

Help Identify Compression Method

Post by atom0s »

Hello I am looking for some assistance in determining a compression method used for a game. The game is Final Fantasy XI, and I am looking into how the packets are being compressed / decompressed. We can already manage the packet data fully with current reimplementations of what I am showing below, but as a side project of my own I am looking to try and find the original implementation of this compression method. Given how the game company has handled past games, we are certain this method is taken from some where public or a known source.

So I am trying to find anyone that may know or recognize this compression method:

Code: Select all

/**
 * @brief Encrypts the given packet.
 *
 * @param a1 The raw packet being encrypted and compressed.
 * @param a2 The raw packet size.
 * @param a3 Unknown - Assumed to be the output buffer.
 * @param a4 Unknown - Assumed to be the output size.
 * @param a5 The compression table to use while compressing the packet. (This matches our compress.dat file.)
 */
int __cdecl Encrypt_Packet(const void *a1, unsigned int a2, int a3, unsigned int a4, int a5)
{
  int v5; // eax@1
  unsigned int v6; // edi@1
  int v7; // ecx@2
  int v8; // ebx@2
  int result; // eax@4
  unsigned int v10; // edi@7
  unsigned int i; // ecx@7

  v5 = 0;
  v6 = 0;
  if ( a2 )
  {
    while ( 1 )
    {
      v7 = *((_BYTE *)a1 + v6);
      v8 = *(_DWORD *)(a5 + 4 * v7 + 1536) + v5;
      if ( v8 >= 8 * (a4 - 1) )
        break;
      Compress_Packet(a3 + 1, a4 - 1, v5, a5 + 4 * v7 + 512, 4u, 0, *(_DWORD *)(a5 + 4 * v7 + 1536));
      ++v6;
      v5 = v8;
      if ( v6 >= a2 )
        goto LABEL_4;
    }
    if ( a4 >= a2 + 1 )
    {
      memset((void *)a3, 0, 4 * (a4 >> 2));
      v10 = a3 + 4 * (a4 >> 2);
      for ( i = a4 & 3; i; --i )
        *(_BYTE *)v10++ = 0;
      memcpy((void *)(a3 + 1), a1, 4 * (a2 >> 2));
      result = 8 * (a2 + 1);
      memcpy((void *)(a3 + 1 + 4 * (a2 >> 2)), (char *)a1 + 4 * (a2 >> 2), a2 & 3);
      *(_BYTE *)a3 = 0;
    }
    else
    {
      result = -1;
    }
  }
  else
  {
LABEL_4:
    *(_BYTE *)a3 = 1;
    result = v5 + 8;
  }
  return result;
}

char __cdecl Compress_Packet(int a1, unsigned int a2, int a3, int a4, unsigned int a5, unsigned int a6, int a7)
{
  unsigned int v7; // edx@2
  int i; // eax@4
  unsigned int v9; // eax@6
  char v10; // bl@6
  char result; // al@7

  if ( (unsigned int)(a3 + a7 + 7) >> 3 > a2 || (v7 = a6, (a6 + a7 + 7) >> 3 > a5) )
  {
    result = -1;
  }
  else
  {
    if ( a6 < a6 + a7 )
    {
      for ( i = a3 - a6; ; i = a3 - a6 )
      {
        v9 = v7 + i;
        v10 = (*(_BYTE *)((v9 >> 3) + a1) & ~(1 << (v9 & 7)))
            + (((*(_BYTE *)((v7 >> 3) + a4) >> (v7 & 7)) & 1) << (v9 & 7));
        ++v7;
        *(_BYTE *)((v9 >> 3) + a1) = v10;
        if ( v7 >= a6 + a7 )
          break;
      }
    }
    result = 0;
  }
  return result;
}


Following this, this is how the compression table given to the above functions is generated:

Code: Select all

char __cdecl sub_100D27D0(int a1, int a2)
{
  return sub_100D27F0(a1, a2, (int)&unk_1032AE18, 0x900u);
}

char __cdecl sub_100D27F0(int a1, int a2, int a3, unsigned int a4)
{
  int v5; // edi@3
  signed int v6; // ebp@3
  int v7; // eax@3
  int v8; // esi@4
  unsigned int v9; // ecx@4
  int v10; // edx@4
  bool v11; // zf@4
  int v12; // edi@5
  int v13; // eax@7
  int v14; // ecx@9
  int v15; // [sp+0h] [bp-10h]@3
  signed int v16; // [sp+4h] [bp-Ch]@3
  int v17; // [sp+8h] [bp-8h]@4
  unsigned int v18; // [sp+Ch] [bp-4h]@4
  unsigned int v19; // [sp+1Ch] [bp+Ch]@4
  char v20; // [sp+20h] [bp+10h]@4

  if ( a4 < 0x900 )
    return -1;
  v5 = a1;
  v6 = 1;
  v16 = 256;
  *(_DWORD *)a1 = a1 + 4;
  *(_DWORD *)(a1 + 12) = 0;
  *(_DWORD *)(*(_DWORD *)a1 + 4) = 0;
  v7 = a3 + 5;
  **(_DWORD **)a1 = 0;
  v15 = a3 + 5;
  do
  {
    v8 = *(_DWORD *)v5;
    v20 = *(_BYTE *)(v7 - 5);
    v9 = *(_DWORD *)v7;
    v17 = *(_DWORD *)(v7 - 4);
    v10 = 0;
    v18 = v9;
    v11 = v9 == 0;
    v19 = 0;
    if ( !v9 )
      goto LABEL_14;
    v12 = v5 + 20 * v6 + 4;
    do
    {
      if ( (unsigned __int8)sub_100D29A0(&v17, v10) )
      {
        v13 = v8 + 4;
        v14 = v8;
        v8 = *(_DWORD *)(v8 + 4);
        if ( v8 )
          goto LABEL_12;
        v8 = v12;
        *(_DWORD *)(v12 + 8) = v14;
      }
      else
      {
        v13 = v8;
        v8 = *(_DWORD *)v8;
        if ( v8 )
          goto LABEL_12;
        v8 = v12;
        *(_DWORD *)(v12 + 8) = v13;
      }
      *(_DWORD *)v12 = 0;
      *(_DWORD *)(v12 + 4) = 0;
      ++v6;
      v12 += 20;
      *(_DWORD *)v13 = v8;
LABEL_12:
      v10 = v19++ + 1;
    }
    while ( v19 < v18 );
    v5 = a1;
    v7 = v15;
    v11 = v18 == 0;
LABEL_14:
    if ( !v11 )
      *(_BYTE *)(v8 + 12) = v20;
    v7 += 9;
    v11 = v16 == 1;
    v15 = v7;
    --v16;
  }
  while ( !v11 );
  return 0;
}

int __cdecl sub_100D29A0(int a1, unsigned int a2)
{
  return ((signed int)*(_BYTE *)((a2 >> 3) + a1) >> (a2 & 7)) & 1;
}


And the table that is being used:

Code: Select all

unsigned char raw_compression_table[2320] = {
    0x80, 0x16, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x81, 0x7E, 0x05, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x82, 0x62,
    0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x83, 0x9E, 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x84, 0xD8, 0x05, 0x00,
    0x00, 0x0B, 0x00, 0x00, 0x00, 0x85, 0x9E, 0x07, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x86, 0x58, 0x00, 0x00, 0x00, 0x0B,
    0x00, 0x00, 0x00, 0x87, 0xBE, 0x03, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x88, 0x22, 0x01, 0x00, 0x00, 0x0B, 0x00, 0x00,
    0x00, 0x89, 0x08, 0x03, 0x00, 0x00, 0x0A, 0x00, 0x00, 0x00, 0x8A, 0x40, 0x00, 0x00, 0x00, 0x0A, 0x00, 0x00, 0x00, 0x8B,
    0x80, 0x02, 0x00, 0x00, 0x0A, 0x00, 0x00, 0x00, 0x8C, 0x32, 0x01, 0x00, 0x00, 0x0A, 0x00, 0x00, 0x00, 0x8D, 0x58, 0x02,
    0x00, 0x00, 0x0A, 0x00, 0x00, 0x00, 0x8E, 0xF2, 0x05, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x8F, 0xD0, 0x01, 0x00, 0x00,
    0x0A, 0x00, 0x00, 0x00, 0x90, 0xC6, 0x01, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x91, 0x18, 0x02, 0x00, 0x00, 0x0A, 0x00,
    0x00, 0x00, 0x92, 0x50, 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x93, 0x7E, 0x03, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00,
    0x94, 0x00, 0x00, 0x00, 0x00, 0x0A, 0x00, 0x00, 0x00, 0x95, 0x72, 0x04, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x96, 0x46,
    0x07, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x97, 0x46, 0x03, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x98, 0x50, 0x02, 0x00,
    0x00, 0x0A, 0x00, 0x00, 0x00, 0x99, 0x50, 0x05, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x9A, 0x3E, 0x04, 0x00, 0x00, 0x0B,
    0x00, 0x00, 0x00, 0x9B, 0x72, 0x00, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0x9C, 0xA2, 0x02, 0x00, 0x00, 0x0B, 0x00, 0x00,
    0x00, 0x9D, 0x3E, 0x06, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0x9E, 0x0E, 0x06, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x9F,
    0x12, 0x0F, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0xA0, 0x32, 0x02, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xA1, 0x7A, 0x0C,
    0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0xA2, 0x46, 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xA3, 0x32, 0x06, 0x00, 0x00,
    0x0C, 0x00, 0x00, 0x00, 0xA4, 0x68, 0x06, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xA5, 0x52, 0x07, 0x00, 0x00, 0x0C, 0x00,
    0x00, 0x00, 0xA6, 0x1E, 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xA7, 0x46, 0x0C, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00,
    0xA8, 0xFE, 0x06, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xA9, 0x22, 0x0D, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0xAA, 0x12,
    0x04, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xAB, 0xD8, 0x09, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0xAC, 0xC6, 0x00, 0x00,
    0x00, 0x09, 0x00, 0x00, 0x00, 0xAD, 0x7A, 0x04, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0xAE, 0xD2, 0x07, 0x00, 0x00, 0x0B,
    0x00, 0x00, 0x00, 0xAF, 0xA2, 0x0C, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0xB0, 0xD2, 0x04, 0x00, 0x00, 0x0B, 0x00, 0x00,
    0x00, 0xB1, 0xE8, 0x0E, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0xB2, 0xC8, 0x06, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xB3,
    0x92, 0x0C, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0xB4, 0x92, 0x07, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xB5, 0x32, 0x0E,
    0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0xB6, 0x52, 0x05, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xB7, 0xA2, 0x09, 0x00, 0x00,
    0x0C, 0x00, 0x00, 0x00, 0xB8, 0xD2, 0x03, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xB9, 0x98, 0x05, 0x00, 0x00, 0x0C, 0x00,
    0x00, 0x00, 0xBA, 0x18, 0x01, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xBB, 0x52, 0x0F, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00,
    0xBC, 0x92, 0x03, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xBD, 0x58, 0x07, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xBE, 0x72,
    0x02, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xBF, 0x9E, 0x01, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0xC0, 0x98, 0x03, 0x00,
    0x00, 0x0A, 0x00, 0x00, 0x00, 0xC1, 0xFA, 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0xC2, 0x42, 0x00, 0x00, 0x00, 0x07,
    0x00, 0x00, 0x00, 0xC3, 0x1A, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0xC4, 0x3E, 0x0E, 0x00, 0x00, 0x0C, 0x00, 0x00,
    0x00, 0xC5, 0xD8, 0x04, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xC6, 0x0E, 0x0A, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0xC7,
    0xD8, 0x02, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xC8, 0x52, 0x08, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0xC9, 0x18, 0x05,
    0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xCA, 0x0E, 0x02, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0xCB, 0x88, 0x01, 0x00, 0x00,
    0x0B, 0x00, 0x00, 0x00, 0xCC, 0x0E, 0x00, 0x00, 0x00, 0x0A, 0x00, 0x00, 0x00, 0xCD, 0x72, 0x03, 0x00, 0x00, 0x0B, 0x00,
    0x00, 0x00, 0xCE, 0xA2, 0x03, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xCF, 0xD8, 0x03, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00,
    0xD0, 0x58, 0x0B, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0xD1, 0xC8, 0x02, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xD2, 0xD8,
    0x01, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0xD3, 0xC8, 0x04, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xD4, 0xA2, 0x04, 0x00,
    0x00, 0x0C, 0x00, 0x00, 0x00, 0xD5, 0x80, 0x04, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xD6, 0xE8, 0x06, 0x00, 0x00, 0x0C,
    0x00, 0x00, 0x00, 0xD7, 0x50, 0x01, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xD8, 0x98, 0x0D, 0x00, 0x00, 0x0C, 0x00, 0x00,
    0x00, 0xD9, 0x98, 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xDA, 0x22, 0x05, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0xDB,
    0x68, 0x04, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xDC, 0xC8, 0x01, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0xDD, 0x08, 0x02,
    0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xDE, 0xD0, 0x03, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0xDF, 0xC8, 0x03, 0x00, 0x00,
    0x0B, 0x00, 0x00, 0x00, 0xE0, 0x98, 0x0C, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0xE1, 0x9E, 0x05, 0x00, 0x00, 0x0B, 0x00,
    0x00, 0x00, 0xE2, 0xD8, 0x06, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0xE3, 0x52, 0x01, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00,
    0xE4, 0xD0, 0x0B, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0xE5, 0xD8, 0x07, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xE6, 0x98,
    0x04, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0xE7, 0x58, 0x05, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xE8, 0x52, 0x00, 0x00,
    0x00, 0x0C, 0x00, 0x00, 0x00, 0xE9, 0xA2, 0x07, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xEA, 0xC8, 0x09, 0x00, 0x00, 0x0C,
    0x00, 0x00, 0x00, 0xEB, 0x12, 0x07, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0xEC, 0xD0, 0x07, 0x00, 0x00, 0x0B, 0x00, 0x00,
    0x00, 0xED, 0x58, 0x03, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0xEE, 0x50, 0x04, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xEF,
    0xF2, 0x01, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0xF0, 0x92, 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xF1, 0x92, 0x04,
    0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0xF2, 0x98, 0x01, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xF3, 0xF2, 0x09, 0x00, 0x00,
    0x0C, 0x00, 0x00, 0x00, 0xF4, 0xC8, 0x07, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xF5, 0x72, 0x08, 0x00, 0x00, 0x0C, 0x00,
    0x00, 0x00, 0xF6, 0x72, 0x06, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xF7, 0xA2, 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00,
    0xF8, 0x7E, 0x01, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xF9, 0x80, 0x05, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xFA, 0x46,
    0x02, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0xFB, 0x7E, 0x04, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0xFC, 0x7A, 0x00, 0x00,
    0x00, 0x0B, 0x00, 0x00, 0x00, 0xFD, 0x9E, 0x09, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0xFE, 0x3E, 0x00, 0x00, 0x00, 0x0B,
    0x00, 0x00, 0x00, 0xFF, 0xA2, 0x01, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00,
    0x00, 0x01, 0x0A, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x02, 0x2E, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x03,
    0x4E, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x04, 0x26, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x05, 0xC0, 0x01,
    0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x06, 0x5E, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x07, 0x8E, 0x00, 0x00, 0x00,
    0x08, 0x00, 0x00, 0x00, 0x08, 0x48, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x09, 0x68, 0x01, 0x00, 0x00, 0x09, 0x00,
    0x00, 0x00, 0x0A, 0x66, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x0B, 0x46, 0x01, 0x00, 0x00, 0x0A, 0x00, 0x00, 0x00,
    0x0C, 0xC0, 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x0D, 0xF2, 0x03, 0x00, 0x00, 0x0A, 0x00, 0x00, 0x00, 0x0E, 0x06,
    0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x0F, 0x1E, 0x01, 0x00, 0x00, 0x0A, 0x00, 0x00, 0x00, 0x10, 0x00, 0x01, 0x00,
    0x00, 0x09, 0x00, 0x00, 0x00, 0x11, 0x88, 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x12, 0xFE, 0x03, 0x00, 0x00, 0x0A,
    0x00, 0x00, 0x00, 0x13, 0x7E, 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x14, 0xBE, 0x01, 0x00, 0x00, 0x0A, 0x00, 0x00,
    0x00, 0x15, 0x04, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x16, 0x30, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x17,
    0x92, 0x01, 0x00, 0x00, 0x0A, 0x00, 0x00, 0x00, 0x18, 0x3A, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x19, 0x72, 0x01,
    0x00, 0x00, 0x0A, 0x00, 0x00, 0x00, 0x1A, 0x22, 0x03, 0x00, 0x00, 0x0A, 0x00, 0x00, 0x00, 0x1B, 0xD0, 0x00, 0x00, 0x00,
    0x0A, 0x00, 0x00, 0x00, 0x1C, 0x0E, 0x05, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x1D, 0x08, 0x01, 0x00, 0x00, 0x0A, 0x00,
    0x00, 0x00, 0x1E, 0xE8, 0x01, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x1F, 0xFE, 0x04, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00,
    0x20, 0xBE, 0x07, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x21, 0x40, 0x01, 0x00, 0x00, 0x0A, 0x00, 0x00, 0x00, 0x22, 0x12,
    0x02, 0x00, 0x00, 0x0A, 0x00, 0x00, 0x00, 0x23, 0x32, 0x00, 0x00, 0x00, 0x0A, 0x00, 0x00, 0x00, 0x24, 0x0E, 0x01, 0x00,
    0x00, 0x0B, 0x00, 0x00, 0x00, 0x25, 0x50, 0x03, 0x00, 0x00, 0x0A, 0x00, 0x00, 0x00, 0x26, 0x46, 0x06, 0x00, 0x00, 0x0B,
    0x00, 0x00, 0x00, 0x27, 0x88, 0x03, 0x00, 0x00, 0x0A, 0x00, 0x00, 0x00, 0x28, 0x7E, 0x06, 0x00, 0x00, 0x0B, 0x00, 0x00,
    0x00, 0x29, 0x20, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x2A, 0xC8, 0x05, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x2B,
    0xFE, 0x02, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x2C, 0xA2, 0x06, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x2D, 0x7A, 0x01,
    0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x2E, 0x72, 0x07, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x2F, 0xBE, 0x00, 0x00, 0x00,
    0x0B, 0x00, 0x00, 0x00, 0x30, 0x52, 0x03, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x31, 0x7E, 0x07, 0x00, 0x00, 0x0B, 0x00,
    0x00, 0x00, 0x32, 0x1E, 0x04, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x33, 0x80, 0x03, 0x00, 0x00, 0x0A, 0x00, 0x00, 0x00,
    0x34, 0xD0, 0x06, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x35, 0x12, 0x03, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x36, 0x40,
    0x06, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x37, 0xD2, 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x38, 0x7E, 0x0C, 0x00,
    0x00, 0x0C, 0x00, 0x00, 0x00, 0x39, 0xB2, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x3A, 0xD8, 0x0E, 0x00, 0x00, 0x0C,
    0x00, 0x00, 0x00, 0x3B, 0xFA, 0x07, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x3C, 0xD2, 0x02, 0x00, 0x00, 0x0B, 0x00, 0x00,
    0x00, 0x3D, 0x98, 0x02, 0x00, 0x00, 0x0A, 0x00, 0x00, 0x00, 0x3E, 0xE8, 0x02, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x3F,
    0xF2, 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x40, 0x5A, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x41, 0x7A, 0x02,
    0x00, 0x00, 0x0A, 0x00, 0x00, 0x00, 0x42, 0x1E, 0x07, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x43, 0x28, 0x00, 0x00, 0x00,
    0x07, 0x00, 0x00, 0x00, 0x44, 0xD2, 0x01, 0x00, 0x00, 0x0A, 0x00, 0x00, 0x00, 0x45, 0x08, 0x06, 0x00, 0x00, 0x0B, 0x00,
    0x00, 0x00, 0x46, 0x1E, 0x06, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x47, 0xA2, 0x05, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00,
    0x48, 0xFE, 0x05, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x49, 0x0E, 0x07, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x4A, 0x92,
    0x02, 0x00, 0x00, 0x0A, 0x00, 0x00, 0x00, 0x4B, 0x12, 0x01, 0x00, 0x00, 0x0A, 0x00, 0x00, 0x00, 0x4C, 0x02, 0x00, 0x00,
    0x00, 0x07, 0x00, 0x00, 0x00, 0x4D, 0x18, 0x03, 0x00, 0x00, 0x0A, 0x00, 0x00, 0x00, 0x4E, 0x3E, 0x01, 0x00, 0x00, 0x09,
    0x00, 0x00, 0x00, 0x4F, 0xC6, 0x03, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x50, 0x18, 0x00, 0x00, 0x00, 0x0A, 0x00, 0x00,
    0x00, 0x51, 0x32, 0x07, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x52, 0x9E, 0x06, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x53,
    0x52, 0x04, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x54, 0xFE, 0x01, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x55, 0x68, 0x00,
    0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x56, 0xE8, 0x00, 0x00, 0x00, 0x0A, 0x00, 0x00, 0x00, 0x57, 0x40, 0x02, 0x00, 0x00,
    0x0B, 0x00, 0x00, 0x00, 0x58, 0xFA, 0x03, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x59, 0xD0, 0x02, 0x00, 0x00, 0x0B, 0x00,
    0x00, 0x00, 0x5A, 0x7E, 0x02, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x5B, 0xD8, 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00,
    0x5C, 0xC6, 0x05, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x5D, 0x08, 0x04, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x5E, 0xBE,
    0x04, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x5F, 0x10, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x60, 0x9E, 0x04, 0x00,
    0x00, 0x0B, 0x00, 0x00, 0x00, 0x61, 0x08, 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x62, 0x3E, 0x02, 0x00, 0x00, 0x0B,
    0x00, 0x00, 0x00, 0x63, 0x58, 0x01, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x64, 0x38, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00,
    0x00, 0x65, 0xC8, 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x66, 0xBE, 0x06, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x67,
    0x22, 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x68, 0x1E, 0x02, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x69, 0x68, 0x02,
    0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x6A, 0x9E, 0x02, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x6B, 0x52, 0x02, 0x00, 0x00,
    0x0B, 0x00, 0x00, 0x00, 0x6C, 0xD2, 0x06, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x6D, 0x0E, 0x03, 0x00, 0x00, 0x0B, 0x00,
    0x00, 0x00, 0x6E, 0x1E, 0x03, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x6F, 0x00, 0x02, 0x00, 0x00, 0x0A, 0x00, 0x00, 0x00,
    0x70, 0x12, 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x71, 0xBE, 0x02, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x72, 0x58,
    0x04, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x73, 0xFA, 0x01, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x74, 0x88, 0x05, 0x00,
    0x00, 0x0B, 0x00, 0x00, 0x00, 0x75, 0x32, 0x03, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x76, 0x80, 0x01, 0x00, 0x00, 0x0B,
    0x00, 0x00, 0x00, 0x77, 0xFA, 0x05, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x78, 0x40, 0x03, 0x00, 0x00, 0x0B, 0x00, 0x00,
    0x00, 0x79, 0xC6, 0x07, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x7A, 0x80, 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x7B,
    0x52, 0x06, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x7C, 0x46, 0x04, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0x7D, 0x9E, 0x03,
    0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x7E, 0x40, 0x07, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x7F, 0xFE, 0x00, 0x00, 0x00,
    0x0B, 0x00, 0x00, 0x00, 0x25, 0x64, 0x7D, 0x3B, 0x0A, 0x00, 0x00, 0x00, 0x25, 0x64, 0x2C, 0x0A, 0x00, 0x00, 0x00, 0x00 
};


Thanks in advance to anyone that reads or responds.
Top
aluigi
Site Admin
Posts: 12984
Joined: Wed Jul 30, 2014 9:32 pm

Re: Help Identify Compression Method

Post by aluigi »

At a first look I don't see a compression function. It seems an obfuscation because the output size seems to remain the same (it's morning so I may be wrong).
One simple test you can try to understand if it's a known compression algorithm is using the quickbms compression scanner on the decrypted packet and checking if there is a result that is the same of the one obtained after the decompression:
viewtopic.php?f=4&t=23
Top
atom0s
Posts: 250
Joined: Sat Dec 27, 2014 8:49 pm

Re: Help Identify Compression Method

Post by atom0s »

aluigi wrote:At a first look I don't see a compression function. It seems an obfuscation because the output size seems to remain the same (it's morning so I may be wrong).
One simple test you can try to understand if it's a known compression algorithm is using the quickbms compression scanner on the decrypted packet and checking if there is a result that is the same of the one obtained after the decompression:
viewtopic.php?f=4&t=23


The game uses a slightly modified version of Blowfish for the packet encryption, afterward the packets are "compressed" with the above information.
Our current implementation assumes this is some sort of zlib method. Here is how we currently implement the functions:
https://github.com/DarkstarProject/dark ... blowfish.h
https://github.com/DarkstarProject/dark ... owfish.cpp
https://github.com/DarkstarProject/dark ... mon/zlib.h
https://github.com/DarkstarProject/dark ... n/zlib.cpp

However from looking over zlib I feel like our guess is wrong and that this is some other type of compression since it does not seem to look any bit like zlib.
Top
aluigi
Site Admin
Posts: 12984
Joined: Wed Jul 30, 2014 9:32 pm

Re: Help Identify Compression Method

Post by aluigi »

I remain of the idea that this is an obfuscation.
The compress function creates a compressed stream which is lot bigger than the original.
For example an input of 144 random alphabetic chars is 1492 bytes compressed.


*edit*
I have attached the zlib.cpp used for my tests, it creates a z.dat and unz.dat.

P.S.: I tried also to invert the functions and removing the first byte, but then the second function (zlib_compress in this case) will fail.
Top

Return to “Code Talk”