AES Encryption

Programming related discussions related to game research
TheFool
Posts: 4
Joined: Sat Apr 14, 2018 9:01 am

AES Encryption

Post by TheFool »

Am working on a project, which decrypts game files while retaining their structure. For that I need to decrypt AES 256 which by far none of the libraries available on internet were able to do properly due to AESBlockSize differences or Xor padding differences. QuickBMS's decrypt function works perfectly but it's too much intermingled with its command line. Can I get the function for AES256 or preferably AES which is used in QuickBMS. Any language might do :ugeek:
aluigi
Site Admin
Posts: 12984
Joined: Wed Jul 30, 2014 9:32 pm

Re: AES Encryption

Post by aluigi »

First you need to specify what "encryption" command is used in quickbms.
Once you know the exact type of aes (there are many), key and ivec (if it's not ecb) then you have only to use the right library for your programming language.
TheFool
Posts: 4
Joined: Sat Apr 14, 2018 9:01 am

Re: AES Encryption

Post by TheFool »

I traced it back to zip_aes_ctx with 256 bits key, which am not sure if am right or wrong. For current case, am trying to make it work for UE4's SAO:FB, which uses key as follows:

Code: Select all

h67GrjX2aGMgrAQeNwf9VmCYbt50ylJFeP3rIhbxh4e9bZXnqm8sbvEjWGOi6rgs
aluigi
Site Admin
Posts: 12984
Joined: Wed Jul 30, 2014 9:32 pm

Re: AES Encryption

Post by aluigi »

zip_aes is used only for ZIP archives.
I asked about the exact encryption command or the whole bms script
TheFool
Posts: 4
Joined: Sat Apr 14, 2018 9:01 am

Re: AES Encryption

Post by TheFool »

aluigi
Site Admin
Posts: 12984
Joined: Wed Jul 30, 2014 9:32 pm

Re: AES Encryption

Post by aluigi »

UE4 uses a simple AES 256 ecb, which means it uses no ivec while the key is 32 bytes long.
It's a very common implementation with plenty of libraries and stand-alone codes supporting it.
TheFool
Posts: 4
Joined: Sat Apr 14, 2018 9:01 am

Re: AES Encryption

Post by TheFool »

I see, thanks for answering, just one more question, the key provided which I posted earlier, its 64 bytes long, not 32 bytes, does that mean it needs to be trimmed or parsed?
aluigi
Site Admin
Posts: 12984
Joined: Wed Jul 30, 2014 9:32 pm

Re: AES Encryption

Post by aluigi »

yes, the script does that automatically with the "32" of the encryption command
atom0s
Posts: 250
Joined: Sat Dec 27, 2014 8:49 pm

Re: AES Encryption

Post by atom0s »

Some language choices since you said 'any language':

- C# - Has AES encryption built into the .NET framework, all the options for proper config are there for things such as the mode and padding sizes etc.
-- https://msdn.microsoft.com/en-us/librar ... l(v=vs.110).aspx
-- https://msdn.microsoft.com/en-us/librar ... d(v=vs.110).aspx

- C/C++ - There are thousands of implementations of AES around the web. The more common practice in major end products would be to use OpenSSL. If you are unsure how to use it or are not interested in large dependencies like it, you can find any slim AES implementation though.
-- https://www.openssl.org/
-- https://github.com/BrianGladman/aes (I've personally used this one in some of my projects, works great.)
-- https://github.com/kokke/tiny-AES-c
-- https://github.com/calccrypto/Encryptions
-- http://users.physik.fu-berlin.de/~jtt/AES256/

- Java - Not my preference in languages but there are implementations for it as well all over the web, such as:
-- https://docs.oracle.com/javase/7/docs/a ... ipher.html (Built into the Java namespaces.)
-- https://github.com/poanchen/AES

- PHP - If you are looking for web related implementations:
-- You can implement the OpenSSL plugin for php: http://php.net/manual/en/book.openssl.php
-- You can implement via the mcrypt_encrypt/mcrypt_decrypt functions on older php versions: http://php.net/manual/en/function.mcrypt-encrypt.php

- NodeJS - For more modern web usage:
-- Built into NodeJS: https://nodejs.org/api/crypto.html
-- https://www.npmjs.com/package/nodejs-aes256
-- https://www.npmjs.com/package/aes256

And so on. Easily found tons more with Google. There are plenty of implementations of this around the web.

If you want to see how QuickBMS does it, you can download the source code of it here: http://aluigi.altervista.org/papers/quickbms_src.zip
(It uses OpenSSL mainly in a lot of instances at first glance.)