fix walking issue in 781 protocol

src/protocol.cpp

@@ -22,7 +22,6 @@
 #include "protocol.h"
 #include "outputmessage.h"
 #include "rsa.h"
-#include "xtea.h"
 
 extern RSA g_RSA;
 
@@ -62,27 +61,73 @@ OutputMessage_ptr Protocol::getOutputBuffer(int32_t size)
 
 void Protocol::XTEA_encrypt(OutputMessage& msg) const
 {
+	const uint32_t delta = 0x61C88647;
+
 	// The message must be a multiple of 8
-	size_t paddingBytes = msg.getLength() % 8u;
+	size_t paddingBytes = msg.getLength() % 8;
 	if (paddingBytes != 0) {
 		msg.addPaddingBytes(8 - paddingBytes);
 	}
 
 	uint8_t* buffer = msg.getOutputBuffer();
-	xtea::encrypt(buffer, msg.getLength(), key);
+	const size_t messageLength = msg.getLength();
+	size_t readPos = 0;
+	const uint32_t k[] = { key[0], key[1], key[2], key[3] };
+	while (readPos < messageLength) {
+		uint32_t v0;
+		memcpy(&v0, buffer + readPos, 4);
+		uint32_t v1;
+		memcpy(&v1, buffer + readPos + 4, 4);
+
+		uint32_t sum = 0;
+
+		for (int32_t i = 32; --i >= 0;) {
+			v0 += ((v1 << 4 ^ v1 >> 5) + v1) ^ (sum + k[sum & 3]);
+			sum -= delta;
+			v1 += ((v0 << 4 ^ v0 >> 5) + v0) ^ (sum + k[(sum >> 11) & 3]);
+		}
+
+		memcpy(buffer + readPos, &v0, 4);
+		readPos += 4;
+		memcpy(buffer + readPos, &v1, 4);
+		readPos += 4;
+	}
 }
 
 bool Protocol::XTEA_decrypt(NetworkMessage& msg) const
 {
-	if (((msg.getLength() - 6) & 7) != 0) {
+	if (((msg.getLength() - 2) & 7) != 0) {
 		return false;
 	}
 
-	uint8_t* buffer = msg.getBuffer() + msg.getBufferPosition();
+	const uint32_t delta = 0x61C88647;
-	xtea::decrypt(buffer, msg.getLength() - 6, key);
 
-	uint16_t innerLength = msg.get<uint16_t>();
+	uint8_t* buffer = msg.getBuffer() + msg.getBufferPosition();
-	if (innerLength + 8 > msg.getLength()) {
+	const size_t messageLength = (msg.getLength() - 2);
+	size_t readPos = 0;
+	const uint32_t k[] = { key[0], key[1], key[2], key[3] };
+	while (readPos < messageLength) {
+		uint32_t v0;
+		memcpy(&v0, buffer + readPos, 4);
+		uint32_t v1;
+		memcpy(&v1, buffer + readPos + 4, 4);
+
+		uint32_t sum = 0xC6EF3720;
+
+		for (int32_t i = 32; --i >= 0;) {
+			v1 -= ((v0 << 4 ^ v0 >> 5) + v0) ^ (sum + k[(sum >> 11) & 3]);
+			sum += delta;
+			v0 -= ((v1 << 4 ^ v1 >> 5) + v1) ^ (sum + k[sum & 3]);
+		}
+
+		memcpy(buffer + readPos, &v0, 4);
+		readPos += 4;
+		memcpy(buffer + readPos, &v1, 4);
+		readPos += 4;
+	}
+
+	int innerLength = msg.get<uint16_t>();
+	if (innerLength > msg.getLength() - 4) {
 		return false;
 	}
 
@@ -92,7 +137,7 @@ bool Protocol::XTEA_decrypt(NetworkMessage& msg) const
 
 bool Protocol::RSA_decrypt(NetworkMessage& msg)
 {
-	if ((msg.getLength() - msg.getBufferPosition()) < 128) {
+	if ((msg.getLength() - msg.getBufferPosition()) != 128) {
 		return false;
 	}
 

src/protocol.h

@@ -1,6 +1,6 @@
 /**
- * Tibia GIMUD Server - a free and open-source MMORPG server emulator
+ * The Forgotten Server - a free and open-source MMORPG server emulator
- * Copyright (C) 2019 Sabrehaven and Mark Samman <mark.samman@gmail.com>
+ * Copyright (C) 2016  Mark Samman <mark.samman@gmail.com>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -21,12 +21,11 @@
 #define FS_PROTOCOL_H_D71405071ACF4137A4B1203899DE80E1
 
 #include "connection.h"
-#include "xtea.h"
 
 class Protocol : public std::enable_shared_from_this<Protocol>
 {
 public:
-	explicit Protocol(Connection_ptr connection) : connection(connection) {}
+	explicit Protocol(Connection_ptr connection) : connection(connection), key(), encryptionEnabled(false), rawMessages(false) {}
 	virtual ~Protocol() = default;
 
 	// non-copyable
@@ -72,10 +71,12 @@ protected:
 	void enableXTEAEncryption() {
 		encryptionEnabled = true;
 	}
-	void setXTEAKey(xtea::key key) {
+	void setXTEAKey(const uint32_t* key) {
-		this->key = std::move(key);
+		memcpy(this->key, key, sizeof(*key) * 4);
 	}
 
+	void XTEA_encrypt(OutputMessage& msg) const;
+	bool XTEA_decrypt(NetworkMessage& msg) const;
 	static bool RSA_decrypt(NetworkMessage& msg);
 
 	void setRawMessages(bool value) {
@@ -83,19 +84,14 @@ protected:
 	}
 
 	virtual void release() {}
-
-private:
-	void XTEA_encrypt(OutputMessage& msg) const;
-	bool XTEA_decrypt(NetworkMessage& msg) const;
-
 	friend class Connection;
 
 	OutputMessage_ptr outputBuffer;
-
+private:
 	const ConnectionWeak_ptr connection;
-	xtea::key key;
+	uint32_t key[4];
-	bool encryptionEnabled = false;
+	bool encryptionEnabled;
-	bool rawMessages = false;
+	bool rawMessages;
 };
 
 #endif

src/protocolgame.cpp

@@ -247,13 +247,13 @@ void ProtocolGame::onRecvFirstMessage(NetworkMessage& msg)
 		return;
 	}
 
-	xtea::key key;
+	uint32_t key[4];
 	key[0] = msg.get<uint32_t>();
 	key[1] = msg.get<uint32_t>();
 	key[2] = msg.get<uint32_t>();
 	key[3] = msg.get<uint32_t>();
 	enableXTEAEncryption();
-	setXTEAKey(std::move(key));
+	setXTEAKey(key);
 
 	if (operatingSystem >= CLIENTOS_OTCLIENT_LINUX) {
 		NetworkMessage opcodeMessage;

src/protocollogin.cpp

@@ -128,13 +128,13 @@ void ProtocolLogin::onRecvFirstMessage(NetworkMessage& msg)
 		return;
 	}
 
-	xtea::key key;
+	uint32_t key[4];
 	key[0] = msg.get<uint32_t>();
 	key[1] = msg.get<uint32_t>();
 	key[2] = msg.get<uint32_t>();
 	key[3] = msg.get<uint32_t>();
 	enableXTEAEncryption();
-	setXTEAKey(std::move(key));
+	setXTEAKey(key);
 
 	if (version < CLIENT_VERSION_MIN || version > CLIENT_VERSION_MAX) {
 		std::ostringstream ss;