Information pending...

[spirolone]

Another question for spirolone: have you discovered what's the maximum number of decks in a profile? I'd like to put a check for it.

It should be 32 (from offset 4678 to offset 12805), but I didn't try to create 32 or more decks...

[thefiremind]

I'll write here since it kinda belongs to the same topic, even if I'm not talking about DotP2015 anymore. The following link contains MOVIES_000.ZED from the new Magic Duels, iPad version. It's not encrypted, but the tools we were using cannot open it. Can you find out what they changed, spirolone?
[Link]
(I zipped it in order to save some MBs)

[spirolone]

I'll write here since it kinda belongs to the same topic, even if I'm not talking about DotP2015 anymore. The following link contains MOVIES_000.ZED from the new Magic Duels, iPad version. It's not encrypted, but the tools we were using cannot open it. Can you find out what they changed, spirolone?
[Link]
(I zipped it in order to save some MBs)

They didn't change zed file structure: problem is only in first 256 bytes of central dir of archive; likely they changed public key...

[thefiremind]

They didn't change zed file structure: problem is only in first 256 bytes of central dir of archive; likely they changed public key...

For some reason I've always thought that the ZED files where FileData.xml is plain and readable by opening them in a hex editor weren't using encryption. Well, at least we know where the problem is.

-------------------

EDIT: Something I forgot to ask yesterday: how did you find the key for DotP2015? Does it appear in a register by running the executable through a debugger? I hope you didn't have to brute-force with all the possible combinations...

[GrovyleXShinyCelebi]

How long was the key, by the way? And did you find out if the encryption was really RSA?

[spirolone]

How long was the key, by the way? And did you find out if the encryption was really RSA?

Public key contains a 256 bytes (2048 bits) modulus N and an esponent E (0x11). And yes, they use an encryption scheme based on RSA, but I don't know if it's entirely a standard one...

[GrovyleXShinyCelebi]

How long was the key, by the way? And did you find out if the encryption was really RSA?

Public key contains a 256 bytes (2048 bits) modulus N and an esponent E (0x11). And yes, they use an encryption scheme based on RSA, but I don't know if it's entirely a standard one...

So how did you actually find the key? It would take an astronomically long time to figure out 2^2048 different combinations, so did you find it listed somewhere? Or was it leaked?

[spirolone]

So how did you actually find the key? It would take an astronomically long time to figure out 2^2048 different combinations, so did you find it listed somewhere? Or was it leaked?

Luckly, game needs it to decode zed file too, so it must store it somewhere; I found it hidden in code thanks to a debugger, endurance and a bit of luck...

[GrovyleXShinyCelebi]

So how did you actually find the key? It would take an astronomically long time to figure out 2^2048 different combinations, so did you find it listed somewhere? Or was it leaked?

Luckly, game needs it to decode zed file too, so it must store it somewhere; I found it hidden in code thanks to a debugger, endurance and a bit of luck...

Well then, what do you think are the chances of us finding the code for Magic: Origins- as a matter of fact where exactly did you find the key?

[alkatraz91]

anybody can post some link of the game with all update? i was unable to download update from baido or what is the name and i found only the baido link.

[thefiremind]

anybody can post some link of the game with all update? i was unable to download update from baido or what is the name and i found only the baido link.

I have no links available and not enough upload bandwidth to upload large files in a reasonable time, but my advice is to try and use JDownloader 2 to download from Baidu. Sometimes it's terribly slow even with that, but other times you get lucky and download at full speed, I don't know why.

[alkatraz91]

anybody can post some link of the game with all update? i was unable to download update from baido or what is the name and i found only the baido link.

I have no links available and not enough upload bandwidth to upload large files in a reasonable time, but my advice is to try and use JDownloader 2 to download from Baidu. Sometimes it's terribly slow even with that, but other times you get lucky and download at full speed, I don't know why.

is working.i hope i need only the last update.i have to wait less than 1 hour
i downloaded but got error when extracting i took me more thank 3 hours to download omg

[thefiremind]

So how did you actually find the key? It would take an astronomically long time to figure out 2^2048 different combinations, so did you find it listed somewhere? Or was it leaked?

Luckly, game needs it to decode zed file too, so it must store it somewhere; I found it hidden in code thanks to a debugger, endurance and a bit of luck...

Well then, what do you think are the chances of us finding the code for Magic: Origins- as a matter of fact where exactly did you find the key?

I managed to run Magic Duels through OllyDbg 1.10 by using the HideOD plugin, but I have no idea what I'm looking for and where to look for it, so I'm bumping this topic. Is there a time-consuming task I can help with, in order to search for the key? I'm willing to spend some of my time on it if I know what I have to do. For example, I don't know if the key is presented as 512 hexadecimal numbers or a string of 256 characters (which can be converted 2 by 2 into the hexadecimal one). Seeing how and where the 2015 key was found would help me to help us.

[spirolone]

I managed to run Magic Duels through OllyDbg 1.10 by using the HideOD plugin, but I have no idea what I'm looking for and where to look for it, so I'm bumping this topic. Is there a time-consuming task I can help with, in order to search for the key? I'm willing to spend some of my time on it if I know what I have to do. For example, I don't know if the key is presented as 512 hexadecimal numbers or a string of 256 characters (which can be converted 2 by 2 into the hexadecimal one). Seeing how and where the 2015 key was found would help me to help us.

It's difficult to explain exactly how I found public key in code of Magic 2015: if I remember correctly, after Magic 2015 exe unpack real code in memory, you can find some "MOV" instructions that copy some 4-bytes integer in contiguos memory addresses. Key was stored as:

Code: Select all

30 82 01 20 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82 01 0D 00 30 82 01 08 02 82 01 01 00 C4 D0 B8 81 9C AB 92 E7 E8 7A 4D 2E 1A 7B 5C 91 1F 1D 7C F1 81 8B C8 B5 CD C9 55 37 4A 01 9E 67 98 4A 3A 26 FE 20 0D 81 87 CE AD EC 56 37 EB C0 09 CA 11 63 CC 50 16 E6 FD 59 A4 77 3D 91 AA 36 12 39 AA 16 46 2C 8A 63 FE 08 67 47 BA D9 7F 76 07 61 9A 4B FA 32 52 72 93 46 39 92 2F 1E C3 E9 4B C5 7E 23 52 C2 C7 75 46 25 54 28 84 FD E9 59 52 70 2A B9 EE 39 EB 4B F9 FB 6D 66 05 55 2C 07 19 03 88 AB D8 E4 9E 04 73 2A 2A A1 B0 07 0A 84 E8 B8 5A 68 48 59 19 B8 B6 6D 5C F5 D1 2A 31 C0 C6 5F 11 C5 69 5A 2B 3B C0 1B 90 38 51 3A 6C EB 47 89 2F 1E 67 9D 2F 7D 6F 1A 30 FE C5 26 C6 BE 19 D2 60 E8 56 8C C9 B2 07 4B 75 9B 47 3B B8 DE 7C FA B3 CC 54 0A 7D 69 34 04 96 B6 5D 45 27 4C 7A 60 2F DA 21 55 AF 24 D8 28 E7 56 EB B8 55 5D 2F 37 9A 57 DC ED 0E E3 BF 6F F8 54 38 90 A4 35 02 01 11

You can find infos about this format here:
https://msdn.microsoft.com/en-us/librar ... 85%29.aspx

May I ask you how did you manage to start Duels with OllyDbg and HideOD?

[thefiremind]

Thanks for the explanation, it's not as I hoped it would be, but at least I can try when I feel like it.

May I ask you how did you manage to start Duels with OllyDbg and HideOD?

It works only with OllyDbg 1.10, not 2.x. You install the HideOD plugin, then check all the checkboxes in its options, then debug MagicDuels.exe. Sometimes it still gives the error that would give if you don't use HideOD, but most of the times it runs.

In order to be 100% sure that nothing bad happened because of Steam, I have always debugged while using a Steam emulator. This is the one from ALI213. If you want to use it, make sure to keep a backup of the original Steam DLLs so that you can recover them when you want to come back to real Steam.

EDIT: For some reason, today it doesn't work anymore. Not sure what I did. Anyway, I still felt lost trying to meddle with the debugger, even with a slightly more accurate idea of what I'm looking for. I guess my knowledge on this field is still too limited. Even if I search for tutorials on the topic, they all assume that function names are plain... well thanks, but I know how to use a search function...