Gunz: Fingerprinting the MRS decryption algorithm

10Jul09

Whenever dealing with a Gunz client (Be it from an official server or private server), one piece of valuable information you may want to dump is the MRS decryption algorithm used. Therefore, here’s a neat little signature you can use in fingerprinting the decryption scheme:

\x56\x8B // MOV ECX, [ESP+4]
\x74\x24\x0C // MOV ESI, [ESP+C]
\x85\xF6 // TEST ESI, ESI
\x7E // JE SHORT (Missing byte)

One byte after the above signature will be the signature. Dump until a RETN instruction (0xC3) is found.

Advertisements


No Responses Yet to “Gunz: Fingerprinting the MRS decryption algorithm”

  1. Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s


%d bloggers like this: