//--------------------------------------------------------------------------- unsigned int PPEngine::Encode(byte *dest, word type) { dword offsets[] = { 15, 14, 12, 9, 5, 0 }; dword hashData = Call16( serverMapSync, clientSync, clientAccId, type ); unsigned int packetLength = 0; int iterations = 5; // pad_2 for( int iter = 0; iter <= iterations; iter++) { packetLength = (1 + inputKeys.GetSize()) * 4; dword intCtr = 5; byte *writePtr = pktBuffer + 4; for( unsigned int pass = 0; pass < inputKeys.GetSize(); pass++ ) { dword magic = ((intCtr * (dword)pass) + (hashData - offsets[iter])) % 0x27; packetLength += magic; intCtr += 3; writePtr += (4 + magic); *((dword*)writePtr - 1) = inputKeys[pass] + iter - 5; } } pktBuffer[2] = (byte)packetLength; *(word*)pktBuffer = (word)type; // Reset input keys for next generation inputKeys.Reset(); memcpy(dest, pktBuffer, packetLength); return packetLength; }
//--------------------------------------------------------------------------- void PPEngine::Decode(byte *src, unsigned int keys) { // Reset output keys outputKeys.Reset(); dword hashData = Call16( serverMapSync, clientSync, clientAccId, *(word*)src ); dword intCtr = 5; byte *readPtr = src + 4; for( unsigned int pass = 0; pass < keys; pass++ ) { dword magic = ((intCtr * (dword)pass) + hashData) % 0x27; intCtr += 3; readPtr += (4 + magic); outputKeys.Add( *((dword*)readPtr - 1) ); } }
VOID Int32Call(IN PCALLBACK16 Context, IN BYTE IntNumber) { /* * TODO: This function has almost the same code as RunCallback16. * Something that may be nice is to have a common interface to * build the trampoline... */ PUCHAR TrampolineBase = (PUCHAR)FAR_POINTER(Context->TrampolineFarPtr); PUCHAR Trampoline = TrampolineBase; UCHAR OldTrampoline[INT16_TRAMPOLINE_SIZE]; DPRINT("Int32Call(0x%02X)\n", IntNumber); ASSERT(Context->TrampolineSize == INT16_TRAMPOLINE_SIZE); /* Save the old trampoline */ ((PULONGLONG)&OldTrampoline)[0] = ((PULONGLONG)TrampolineBase)[0]; /* Build the generic entry-point for 16-bit calls */ if (IntNumber == 0x03) { /* We are redefining for INT 03h */ *Trampoline++ = 0xCC; // Call INT 03h /** *Trampoline++ = 0x90; // nop **/ } else { /* Normal interrupt */ *Trampoline++ = 0xCD; // Call INT XXh *Trampoline++ = IntNumber; } UnSimulate16(Trampoline); /* Perform the call */ Call16(HIWORD(Context->TrampolineFarPtr), LOWORD(Context->TrampolineFarPtr)); /* Restore the old trampoline */ ((PULONGLONG)TrampolineBase)[0] = ((PULONGLONG)&OldTrampoline)[0]; }