https://wiki.swganh.org/index.php?action=history&feed=atom&title=Packet%3AEncryptionPacket:Encryption - Revision history2026-04-07T02:15:05ZRevision history for this page on the wikiMediaWiki 1.26.4https://wiki.swganh.org/index.php?title=Packet:Encryption&diff=1670&oldid=prevSnow at 00:42, 9 December 20062006-12-09T00:42:45Z<p></p>
<p><b>New page</b></p><div>SWG uses a XOR Mask encryption based off the value of the CRCSeed exhanged in the Session Reply packet. <br />
All the data between the SOE Opcode and CRC value are encrypted. <br />
If the packet does not contain any SOE Protocol, it is encrypted between the 1st byte and the CRC value. XOR is a simple bitwise <br />
operation on 2 numbers, know as an exclusive-or, when ONLY 1 bit is 1, results in a 1. This is it's truth table.<br />
<br />
A B C<br />
0 0 0<br />
0 1 1<br />
1 0 1<br />
1 1 0<br />
<br />
For more information on the XOR operator, use Google.<br />
<br />
Here are code samples of the Encrypt() and Decrypt() functions.<br />
<br />
//PROTOTYPES<br />
<br />
void Decrypt(char *pData,unsigned short nLength, unsigned int nCrcSeed);<br />
void Encrypt(char *pData,unsigned short nLength,unsigned int nCRCSeed);<br />
<br />
//DECRYPT<br />
<br />
void Decrypt(char *pData,unsigned short nLength,unsigned int nCrcSeed)<br />
{<br />
nLength-=4;<br />
unsigned int *Data = (unsigned int*)(pData+2);<br />
short block_count = (nLength / 4);<br />
short byte_count = (nLength % 4);<br />
unsigned int itemp;<br />
for(short count = 0;count<block_count;count++)<br />
{<br />
itemp = *Data;<br />
*Data ^= nCrcSeed;<br />
nCrcSeed = itemp;<br />
Data++;<br />
}<br />
pData = (char*)Data;<br />
for(short count = 0;count<byte_count;count++)<br />
{<br />
*pData ^= nCrcSeed;<br />
pData++;<br />
}<br />
}<br />
<br />
<br />
//ENCRYPT<br />
<br />
void Encrypt(char *pData, unsigned short nLength,unsigned int nCrcSeed)<br />
{<br />
nLength-=4;<br />
unsigned int *Data = (unsigned int*)(pData+2);<br />
short block_count = (nLength / 4);<br />
short byte_count = (nLength % 4);<br />
unsigned int itemp;<br />
for(short count = 0;count<block_count;count++)<br />
{<br />
*Data ^= nCrcSeed;<br />
nCrcSeed = *Data;<br />
Data++;<br />
}<br />
pData = (char*)Data;<br />
for(short count = 0;count<byte_count;count++)<br />
{<br />
*pData ^= (char)nCrcSeed;<br />
pData++;<br />
}<br />
}<br />
<br />
Encryption Explained:<br />
<br />
It begins by adjusting the pointer and data length to exclude the SOE Opcode and CRC Value at the beginning and end of the packet.<br />
Then the number of "blocks" or 4 byte chunks of data are calculated. Then a remainder of bytes are calculated. <br />
The algorithm uses a for loop to go through each chunk, <br />
and then each remaining byte of the packet to encrypt/decrypt.<br />
The algorithm stats off by using the CRCSeed as the first mask value to do the XOR operation against.<br />
For encryption, the resulted data is then set as the new mask. For decryption, the original data is copied, <br />
then the XOR operation occures, and the <br />
copy of the encrypted data is set as the new mask.<br />
This recurses for EACH "block" of data.<br />
When it gets down to the remainder, the first byte of the last mask is XOR'd against each individual remaining byte until the process <br />
becomes completed. <br />
<br />
<br />
The following is a step by step example on an arbitrarily made-up packet.<br />
<br />
00 09 00 01 00 02 AB 43 E3 D5 00 FF 00 11 45 32 76 43 D4 F1 00 AB CD<br />
<br />
First we know the first 2 bytes are the SOE opcode 0x09 (data on channel 00) So we ignore this as we need it to identify the packet.<br />
We also ignore the last two because it is for the CRC value. The remainder is what needs to be encrypted (or decrypted in another case).<br />
<br />
<br />
Say our Key is (1D 4E 32 87)<br />
this will also act as our first mask.<br />
<br />
So, taking the first 4 bytes after the SOE opcode (00 01 00 02)<br />
00 01 00 02 XOR<br />
1D 4E 32 87<br />
-------------<br />
1D 4F 32 85<br />
<br />
So the beginning of the new packet is 00 09 1D 4F 32 85<br />
Now we take the result as our new mask and xor the next 4 bytes<br />
AB 43 E3 D5 XOR<br />
1D 4F 32 85<br />
-------------<br />
B6 0C D1 50<br />
<br />
New packet so far: 00 09 1D 4F 32 85 B6 0C D1 50<br />
New mask: B6 0C D1 50<br />
00 FF 00 11 XOR<br />
B6 0C D1 50<br />
------------<br />
B6 F3 D1 41<br />
<br />
New packet so far: 00 09 1D 4F 32 85 B6 0C D1 50 B6 F3 D1 41<br />
New mask: B6 F3 D1 41<br />
45 32 76 43 XOR<br />
B6 F3 D1 41<br />
-------------<br />
F3 C1 A7 02<br />
<br />
New packet so far: 00 09 1D 4F 32 85 B6 0C D1 50 B6 F3 D1 41 F3 C1 A7 02<br />
New mask: F3 C1 A7 02<br />
<br />
Now that we are out of full 4 byte blocks, we xor each last byte with the first byte in our “key” <br />
<br />
D4 F1 00 XOR This is done in a separate loop, and per byte, so D4 xor F3, then F1 <br />
F3 F3 F3 xor F3, then 0E xor F3. And the results are all appended to our packet<br />
--------- <br />
27 02 F3<br />
<br />
Final Encrypted Packet: 00 09 1D 4F 32 85 B6 0C D1 50 B6 F3 D1 41 F3 C1 A7 02 27 02 F3 AB CD<br />
<br />
Decryption would be the reverse of the encryption process.<br />
Encryption is applied AFTER Compression, but BEFORE a CRC value is appended.<br />
<br />
<br />
VERY IMPORTANT NOTE:<br />
After the discovery of stand-alone SWG Packets (Outside of SOE protocol), the encryption and decryption algorithms <br />
have a slight difference in how they adjust for the CRC/SOE opcode. Stand alone SWG Packets are encrypted between the <br />
first byte and the CRC value. SOE protocol'd packets are encrypted between the SOE Opcode(2nd byte) and the CRC value.<br />
The actual code should account for this however the explaination will not. <br />
TODO:Update the Code - Xeno</div>Snow