Reverse Engineering Asked by igk on July 15, 2021
I’m looking at the network traffic of a game submitting the user’s score to the high-score server. The score value seems to be obfuscated in some way.
The score is a non-negative integer, and not more than half a billion in practice. Here are some scores and their encoded forms:
0 : 4c
100 : 4d 71 06
110 : 4d 7f c6
210 : 4f bf c6
281 : 4f ba 8d b3 ba 94 4d da 9d
551 : 69 78 cd b3 bf ee 69 79 1c
878 : 66 be 8b b3 b1 14 69 d4 f6
990 : 65 74 06 b3 b2 4b 69 d1 2e
1016 : 4d 71 0d 68 22 f0 4e be b6 68
1021 : 4d 71 1c 4f 72 dd 6b b2 46 68
1208 : 4d 70 06 64 a2 cb 66 b2 4d 68
1361 : 4d 74 f6 4f 72 e2 6b b0 14
1362 : 4d 74 f6 4c 22 cd 4f b8 dc 4c
1543 : 4d 78 ee 4d c2 dd 66 b1 06 68
1673 : 4d 79 30 4d c2 c6 4e b2 6e 4e
1913 : 4d 74 0d 4d c2 d4 69 70 0d 4d d1 06 4e b1 06 4e b1 1d
2151 : 4f bf d4 4f 72 dc 4f ba 9d 6a
2816 : 4f ba 8d 68 22 dc 4d 71 30 4d 71 06 4e b1 06 4e b1 1d
3540 : 4d d8 ee 4c a2 dc 4d 7f dc 6a
3819 : 4d da 8d 67 72 c6 66 b4 1d 6a
3881 : 4d da 8b 4f 72 cd 4e b0 06 69 71 06 4e b1 06 4e b1 2e
3955 : 4d d4 14 6b 72 dd 6b b2 46 6a b4 22 65 74 22 65 74
4095 : 6a b1 22 6b 72 dc 6b b4 cd 4c
4205 : 6a b0 06 6b 72 d4 69 d8 dc 64
4274 : 6a b0 30 68 a2 dc 4d d1 06 4e
4444 : 6a b2 6e 68 a2 dc 4e be a2 68
4602 : 6a b9 06 4c 22 c6 69 71 30 68
I am certain that there is only one input variable to this encoding; the same input always gives the same output across changes of all possibly relevant variables.
This encoding is invertible; sending the encoded string to the server gets a response of the decoded score (if the decoded score is higher than the last one you submitted). Corollarily, we have an oracle.
What I’m having a hard time with is that the output length is variable in a non-monotonic way and is somewhat longer than the input.
For most particular score values, it is difficult to play in such a way to earn that score precisely, but if more pairs are needed to disambiguate, I can earn scores in an approximate range. (Otherwise I would surely have tried to earn the scores 1, 2, 3, etc.)
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP