fix walking issue in 781 protocol

2025-04-30 17:49:20 +02:00 · 2019-11-11 19:17:21 +02:00 · 2019-11-11 19:17:21 +02:00 · 5535e50562
commit 5535e50562
parent ba1409dbe6
4 changed files with 70 additions and 29 deletions
--- a/src/protocol.cpp
+++ b/src/protocol.cpp
@ -22,7 +22,6 @@
 #include "protocol.h"
 #include "outputmessage.h"
 #include "rsa.h"
-#include "xtea.h"

 extern RSA g_RSA;

@ -62,27 +61,73 @@ OutputMessage_ptr Protocol::getOutputBuffer(int32_t size)

 void Protocol::XTEA_encrypt(OutputMessage& msg) const
 {
+	const uint32_t delta = 0x61C88647;
+
 	// The message must be a multiple of 8
-	size_t paddingBytes = msg.getLength() % 8u;
+	size_t paddingBytes = msg.getLength() % 8;
 	if (paddingBytes != 0) {
 		msg.addPaddingBytes(8 - paddingBytes);
 	}

 	uint8_t* buffer = msg.getOutputBuffer();
-	xtea::encrypt(buffer, msg.getLength(), key);
+	const size_t messageLength = msg.getLength();
+	size_t readPos = 0;
+	const uint32_t k[] = { key[0], key[1], key[2], key[3] };
+	while (readPos < messageLength) {
+		uint32_t v0;
+		memcpy(&v0, buffer + readPos, 4);
+		uint32_t v1;
+		memcpy(&v1, buffer + readPos + 4, 4);
+
+		uint32_t sum = 0;
+
+		for (int32_t i = 32; --i >= 0;) {
+			v0 += ((v1 << 4 ^ v1 >> 5) + v1) ^ (sum + k[sum & 3]);
+			sum -= delta;
+			v1 += ((v0 << 4 ^ v0 >> 5) + v0) ^ (sum + k[(sum >> 11) & 3]);
+		}
+
+		memcpy(buffer + readPos, &v0, 4);
+		readPos += 4;
+		memcpy(buffer + readPos, &v1, 4);
+		readPos += 4;
+	}
 }

 bool Protocol::XTEA_decrypt(NetworkMessage& msg) const
 {
-	if (((msg.getLength() - 6) & 7) != 0) {
+	if (((msg.getLength() - 2) & 7) != 0) {
 		return false;
 	}

-	uint8_t* buffer = msg.getBuffer() + msg.getBufferPosition();
-	xtea::decrypt(buffer, msg.getLength() - 6, key);
+	const uint32_t delta = 0x61C88647;

-	uint16_t innerLength = msg.get<uint16_t>();
-	if (innerLength + 8 > msg.getLength()) {
+	uint8_t* buffer = msg.getBuffer() + msg.getBufferPosition();
+	const size_t messageLength = (msg.getLength() - 2);
+	size_t readPos = 0;
+	const uint32_t k[] = { key[0], key[1], key[2], key[3] };
+	while (readPos < messageLength) {
+		uint32_t v0;
+		memcpy(&v0, buffer + readPos, 4);
+		uint32_t v1;
+		memcpy(&v1, buffer + readPos + 4, 4);
+
+		uint32_t sum = 0xC6EF3720;
+
+		for (int32_t i = 32; --i >= 0;) {
+			v1 -= ((v0 << 4 ^ v0 >> 5) + v0) ^ (sum + k[(sum >> 11) & 3]);
+			sum += delta;
+			v0 -= ((v1 << 4 ^ v1 >> 5) + v1) ^ (sum + k[sum & 3]);
+		}
+
+		memcpy(buffer + readPos, &v0, 4);
+		readPos += 4;
+		memcpy(buffer + readPos, &v1, 4);
+		readPos += 4;
+	}
+
+	int innerLength = msg.get<uint16_t>();
+	if (innerLength > msg.getLength() - 4) {
 		return false;
 	}

@ -92,7 +137,7 @@ bool Protocol::XTEA_decrypt(NetworkMessage& msg) const

 bool Protocol::RSA_decrypt(NetworkMessage& msg)
 {
-	if ((msg.getLength() - msg.getBufferPosition()) < 128) {
+	if ((msg.getLength() - msg.getBufferPosition()) != 128) {
 		return false;
 	}

@ -107,4 +152,4 @@ uint32_t Protocol::getIP() const
 	}

 	return 0;
-}
+}
--- a/src/protocol.h
+++ b/src/protocol.h
@ -1,6 +1,6 @@
 /**
- * Tibia GIMUD Server - a free and open-source MMORPG server emulator
- * Copyright (C) 2019 Sabrehaven and Mark Samman <mark.samman@gmail.com>
+ * The Forgotten Server - a free and open-source MMORPG server emulator
+ * Copyright (C) 2016  Mark Samman <mark.samman@gmail.com>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@ -21,12 +21,11 @@
 #define FS_PROTOCOL_H_D71405071ACF4137A4B1203899DE80E1

 #include "connection.h"
-#include "xtea.h"

 class Protocol : public std::enable_shared_from_this<Protocol>
 {
 public:
-	explicit Protocol(Connection_ptr connection) : connection(connection) {}
+	explicit Protocol(Connection_ptr connection) : connection(connection), key(), encryptionEnabled(false), rawMessages(false) {}
 	virtual ~Protocol() = default;

 	// non-copyable
@ -72,10 +71,12 @@ protected:
 	void enableXTEAEncryption() {
 		encryptionEnabled = true;
 	}
-	void setXTEAKey(xtea::key key) {
-		this->key = std::move(key);
+	void setXTEAKey(const uint32_t* key) {
+		memcpy(this->key, key, sizeof(*key) * 4);
 	}

+	void XTEA_encrypt(OutputMessage& msg) const;
+	bool XTEA_decrypt(NetworkMessage& msg) const;
 	static bool RSA_decrypt(NetworkMessage& msg);

 	void setRawMessages(bool value) {
@ -83,19 +84,14 @@ protected:
 	}

 	virtual void release() {}
-
-private:
-	void XTEA_encrypt(OutputMessage& msg) const;
-	bool XTEA_decrypt(NetworkMessage& msg) const;
-
 	friend class Connection;

 	OutputMessage_ptr outputBuffer;
-
+private:
 	const ConnectionWeak_ptr connection;
-	xtea::key key;
-	bool encryptionEnabled = false;
-	bool rawMessages = false;
+	uint32_t key[4];
+	bool encryptionEnabled;
+	bool rawMessages;
 };

 #endif
--- a/src/protocolgame.cpp
+++ b/src/protocolgame.cpp
@ -247,13 +247,13 @@ void ProtocolGame::onRecvFirstMessage(NetworkMessage& msg)
 		return;
 	}

-	xtea::key key;
+	uint32_t key[4];
 	key[0] = msg.get<uint32_t>();
 	key[1] = msg.get<uint32_t>();
 	key[2] = msg.get<uint32_t>();
 	key[3] = msg.get<uint32_t>();
 	enableXTEAEncryption();
-	setXTEAKey(std::move(key));
+	setXTEAKey(key);

 	if (operatingSystem >= CLIENTOS_OTCLIENT_LINUX) {
 		NetworkMessage opcodeMessage;
--- a/src/protocollogin.cpp
+++ b/src/protocollogin.cpp
@ -128,13 +128,13 @@ void ProtocolLogin::onRecvFirstMessage(NetworkMessage& msg)
 		return;
 	}

-	xtea::key key;
+	uint32_t key[4];
 	key[0] = msg.get<uint32_t>();
 	key[1] = msg.get<uint32_t>();
 	key[2] = msg.get<uint32_t>();
 	key[3] = msg.get<uint32_t>();
 	enableXTEAEncryption();
-	setXTEAKey(std::move(key));
+	setXTEAKey(key);

 	if (version < CLIENT_VERSION_MIN || version > CLIENT_VERSION_MAX) {
 		std::ostringstream ss;