1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. Hey Guest, UCS 0.7.4.0 is now available. Get it now for FREE here
    Dismiss Notice
  3. Hi there Guest ! Are you a uploader and you are looking for a way to earn from your uploads? uploadify is a file hosting platform that provides you the possibility to earn from your download without the annoying surveys. Free 10 Gb Space!
    Dismiss Notice
  4. Hey Guest, It is hard to setup a server, that is why there is a documentation to help you here
    Dismiss Notice

[Packets]Decryption

Discussion in 'Clash of Clans Underground' started by AsH.H6, Jan 2, 2016.

  1. Hey guys
    anyone know how to decrypt clash of clans 7.156+ or 7.56 packets?using python scripts in clanner's cocdp?
    or anyone can give me any example code or theory for decrypting coc packets?
     
    Luca tiziani likes this.
  2. Its easiest to decrypt using your own scripts. the first two packets are literally less than 12 lines of ((reusable)) code to decrypt them.
     
  3. im just asking it to help make a proxy(which i will give it to you if you want)
    you did the decryption?
    what is encryption type or methods?can you help me?
     
  4. no one can help?
     
  5. The entire process is documented in the cocdp Wiki. If you've already read through it, but are still having trouble, tell us what you've tried and share your work, and we'll try to point you in the right direction.
     
  6. #6 AsH.H6, Jan 14, 2016
    Last edited: Jan 14, 2016
    well i written a complete proxy and ported cocdp into python 3
    the proxy gets encrypted packets from client and i want to decryt them.but functions in cocdecoder.py requred data,name,format(which i know it is in cocmessages)
    so i cant call functions...
    what do i need to do before i call functions?
    please see https://github.com/clanner/cocdp/issues/17
    for example i have this :
    how can i get it encrpted with codes and cocdp functions?
     
  7. #7 clugh, Jan 14, 2016
    Last edited: Jan 14, 2016
    From the wiki:

    There must have been some weird formatting issue, as basekey was missing from the part about skipping bytes.

    So following along with that, here are the steps:

    1. Initialize an RC4 stream with basekey+"nonce" using the function provided in rc4.py.
    2. Skip len(basekey+"nonce") bytes in your key stream (see xorstream.py for an example of this).
    3. The critical bit that seems to be missing from the wiki is to XOR your payload against the key stream (see the old scramble function from cocutils.py for an example of how to do it).
    Give that a shot, then we'll go from there.

    Note that the packet structure changed a bit from 7.65 to 7.156, and cocdp was never updated with those changes, so be aware that you'll need to get those updated as you go along, since you appear to be using 7.156. The Login packet just has a few new bytes at the end, so it shouldn't break your decode function too badly.

    Also note that people can hijack your account using the login packet, so if the one above is from a real account on a public server (Supercell or otherwise), you might was to edit it out. It also contains your Device ID, OpenUDID, and Google Advertising ID, if you're paranoid about personal identity security.
     
  8. #8 AsH.H6, Jan 14, 2016
    Last edited: Jan 14, 2016
    Thanks,ill check it out and try it.
    and about login Packet i gave:
    its on my own local host(the server) and doesnt have anything inside so it doesnt have anything special in it... but have edited.thanks for reminding

    Edit:
    i have switched to client 7.65
    looks like usc is crashing client version 7.65 after AvatarStramDataMessage
     
  9. So,it looks like my function for Xor the pay load is not working...i will give the code tomorrow and i would be happy if you help!

    btw,do you have your proxy in python?
     
  10. #10 clugh, Jan 16, 2016
    Last edited: Jan 16, 2016
    Be sure to skip the packet header when you XOR the data. Here's an initial login packet with fake data for you to use so you can post your output:

    Code:
    27750000fd0007023e12ad5da487ec2fb389f8f8af6ea6b7d3f37c1685cf8a86f26f56935065a63adcf3216df4166cd072c62c983dc011e66247533e643f0dfb3d4e5c7b5b12a4296e26316df6be455b8b9ec60e1057aa4ff0a2148b7e8760c4c2a17e5a726f6e6eccc08b4f345b101390fb133afcf2e6351de55abdaf825df29f5c92298a8425908c489f582476e29adeb94c607831edc7f92192909560c03f749394428c22201415c2d2a7197879c60b2bc2f23328915e9277e51f5ef55a7532234ad67d70529f788705ea5b36f4dee0ae7e505d683e5328aa503df600391a55dd74c367e47c7b314ca1a46c790eac6e0d8f8b28510d974850f0e60e9893b48e7fd675
    If you run xorstream.py from cocdp, you'll see the expected output for the first 512 bytes of your key stream. Using the packet above as an example, the first 8 bytes (which are the user id) are
    Code:
    02 3e 12 ad 5d a4 87 ec
    , which XORed against the first 8 bytes of the key stream
    Code:
    02 3e 12 ac f6 69 68 ed
    yields
    Code:
    00 00 00 01 ab cd ef 01
    .

    And yes, my proxy is built on top of Twisted in Python.
     
  11. would you mind sharing your proxy or at least share a simple(but not complete)code for the 3rd part?
    i mean i have completed other parts and i will send a gist of my proxy and if you want , please help me because any help is very appreciated!
    gist link:
    https://gist.github.com/madl-ash/c61f94ca1d1eb5f0f596
     
  12. or can you just give me any servers or other proxys for coc 7 in python maybe?
     
  13. There are several different ways to handle it. Using the example I gave before, here's the relevant line from the scramble() function in cocutils.py:

    Code:
    return "".join(chr(ord(c)^(prng.getbyte()&byte100)) for c in serverrandom)
    You would just replace (prng.getbyte()&byte100) with [your keystream].next() and serverrandom with your packet.

    And you've already found my proxy on Github, though you'll have to retrofit it for 7.x.
     
  14. your project is very nice but unfotunately,i cant open it:
    Code:
    Traceback (most recent call last):
      File "E:/Projects/coc proxy/coc-proxy-master/proxy.py", line 4, in <module>
        from coc.server.endpoint import CoCServerEndpoint
      File "E:\Projects\coc proxy\coc-proxy-master\coc\server\endpoint.py", line 1, in <module>
        from twisted.internet.endpoints import TCP4ServerEndpoint
      File "C:\Python34\lib\site-packages\twisted\internet\endpoints.py", line 34, in <module>
        from twisted.internet.stdio import StandardIO, PipeAddress
      File "C:\Python34\lib\site-packages\twisted\internet\stdio.py", line 30, in <module>
        from twisted.internet import _win32stdio
    ImportError: cannot import name '_win32stdio'
    using python3.4.3 and latest libs of twisted,pynacl and...

    btw,and as far as i know,your proxy is made for client 8.xx:
    do you have it for client version 7.xx please?
    because i dont know much abuot twisted,pynacl and ... its takes me time to convert it to something using socket module in python or anything .....
    please help me(fixing error) or give client 7.xx to me, i just fix any bug it has.
    thanks for you best support from the first of this thread till now,you helped me alot to understand the coc encryption untill now,and i really dont know how to thank you for this help.
     
  15. @^^ What Operating System are you running? The proxy he made is built for windows, so running OS X, Linux or the such would require some changes in it internally.

    Also, I believe it was written in 2.7.11 x64. @clugh please correct me if I am incorrect.
     
  16. In theory, the proxy should be cross platform. In practice, getting the required modules to function in Windows can be problematic. I don't run it in Windows, so I can't really provide support for it in Windows.

    I don't have a 7.x compatible version of the proxy that I can share. Retrofitting the 8.x one isn't something I'm interested in doing. I can answer any specific questions, but I won't be performing any of the work.

    As for Python version, it requires at least Python 3.5. The first result in Google for the above provided error message indicates that Twisted doesn't yet support Python 3 in Windows. If you convert all of the bytes.hex() functions to use something like binascii.hexlify(), it might work on 2.7, but I made no special effort to make it backwards compatible. I would suggest running it in a Ubuntu Server VM in Virtualbox.
     
  17. of course it is not written in python 2.7,its crystal clear from the syntax and functions.

    oh thats ok...
    so i will run it on ubuntu (vmware) with python 3.5 and then give the feedback
    and i dont want you to do any type of work for writing it in client 7... i just thought you had client 7 before you did 8 decryption...
    the helping and answers you give to me is very enough for me.
    refitting it should be easy for client 7 because as far as i know the client 8 encryption is more complicated and harder in comparison to client 7.isnt it?
    if im wrong please correct me.

    btw, after i did that three steps you told me before,what should i do now?
    do you know how to encrypt it back too?
     
  18. Assuming you've XORed the entire payload, then the packet is now decrypted. What you do with the decrypted packets is up to you. You'll presumably want to decode them with cocdecoder.py.

    Create a second keystream and XOR the data again to re-encrypt it.
     
  19. @ash I build my everything from scratch, so I only looked at one or two scripts, all of which looked out similar to 2711.

    @clugh If you're running Linux, then 99% of modules will work on OS X, but only ~75 on windows.
     
  20. Twisted definitely works on Windows in Python 2, and last week's release of PyNaCl provides binary wheels for Windows, so it isn't far from working there. And like I said before, if the bytes.hex() functions were replaced with binascii.hexlify(), it might be awfully close to working in Python 2.7.
     

Share This Page