coc-proxy
coc-proxy copied to clipboard
clugh
v9 encryption
This is a continuation of the other v9 encryption thread that was closed because the kids were spamming it.
To recap the state of where we are with that, we can update the client_globals.csv property USE_PEPPER_CRYPTO to false and this will cause the client to send/receive messages using the old RC4 encryption. This can be used to communicate with private servers and Ficture7 indicates that it can be used to connect to the live server (at least I think that's what he was saying).
I'm still working to reverse the normal encryption, but could use direction from people more accustomed to to disassembly using IDA Pro.
What methods are people using to get IDA running against this? x86 or ARM? Any emulators that are debuggable? I've gotten it to attach to a process running on a physical ARM device , but IDA (at least version 6.8) doesn't support breakpoints on ARM devices. I figured the general idea would be to drop a breakpoint when the RC4 key address is read (I would switch it to RC4 mode where I know the key's address) and then walk the stack backwards to find where it branches from the "normal" encryption to RC4.
maybe https://stackoverflow.com/questions/38477795/how-to-use-connect-adb-with-emulator-like-memu-bluestacks-nox-app-player .Btw could you DM me on discord knightking10#6482
I don't think the live server accepts messages using the old encryption - at least I can't get it to work at all. Anyhow, if the live server can still accept connections with USE_PEPPER_CRYPTO set to false, then why can't that be used as a MITM anyways, just disregarding the new version? I doubt they'd leave that big of a security loophole, given that they're obviously actively working against modders.
Yeah, they modified the server to no longer accept the RC4 messages. I guess the encryption type was passed as part of the handshake (10100) message, but I never verified it.
Ladies, please, ladies, calm down. I don't understand why you people want the crypto soo baaad, what are you going to do with it ? Nothing, trash. So please, ladies, get the fuck out of my property
Your property, BeekanYildiz? Seriously? You get off our discussion thread.
- Berkan*
- We are already on the live servers with the old crypto. How do you think we got this far?
I don't know and I don't care how you got this far, if you're not willing to share then you shouldn't be here. Why the heck do you need to come here to brag about getting servers with the old crypto first? It isn't "your" crypto and it isn't "your" thread. GTFO.
This is the last drama related message I'm going to post here, because I don't want to fill this thread with unrelated drama too, for the future ones reading. For your information, I admin a network of a lot of clans, and use the crypto to automate the gathering of war weight data - I don't think there's anyone but me that's working on a non-vanilla client, rather than a non-vanilla server. There's more uses to the Clash protocol than y'alls' little world of modded servers.
"For your information, I admin a network of a lot of clans, and use the crypto to automate the gathering of war weight data - I don't think there's anyone but me that's working on a non-vanilla client, rather than a non-vanilla server. There's more uses to the Clash protocol than y'alls' little world of modded servers."
There is also a difference between making $0 and $1,000 🤷 ¯_(ツ)_/¯
Anyways, I'm done talking to jealous people. Good luck with the updated crypto lmao.
Is anyone working on it? We got a group on discord, if you want to join us i'll start dig this afternoon. Do we have any info about the new crypto? I red the old issue and someone said they could concatenate keys in runtime but im not that sure they are doing like this.
I've been poking at it daily with a haphazard combination of Flex and Frida and manually working out what obfuscated name does what, but with honestly no "real" progress as I don't have any formal RE experience and don't have IDA haha, just have loads of creativity and time. I'd love to join the Discord group though
We have some discoveries!! Nice to have a frida in! I can use it quite good too! Ping me on discord
I've made a little headway as well. Add me to the discord if you don't mind. zyxwvuts#4660