[Q] Angry Birds Rio encrypts settings/highscores with AES

Goddchen · 30th March 2011, 07:37 PM

[Q] Angry Birds Rio encrypts settings/highscores with AES

Hey everyone,
i used to edit/backup my angry birds files. It worked fine with angry birds and angry birds seasons. But now with angry birds rio rovio encrypts the files with AES.
what i know so far from IDA pro:
for example GameLua::loadLuaFileToObject does
=> io::FileInputStream::read
=> lang::AESUtil::AESUtil(...)
=> lang::AESUtil::decrypt(...)

So,
are any IDA excperts here who might help me figuring out the arguments to that decrypt call( the AES key). Or do you have any ideas on how to figure out the AES key at all?

Greets, Goddchen

BlocK240 · 30th March 2011, 08:03 PM

Quote:

Originally Posted by Goddchen

Hey everyone,
i used to edit/backup my angry birds files. It worked fine with angry birds and angry birds seasons. But now with angry birds rio rovio encrypts the files with AES.
what i know so far from IDA pro:
for example GameLua::loadLuaFileToObject does
=> io::FileInputStream::read
=> lang::AESUtil::AESUtil(...)
=> lang::AESUtil::decrypt(...)

So,
are any IDA excperts here who might help me figuring out the arguments to that decrypt call( the AES key). Or do you have any ideas on how to figure out the AES key at all?

Greets, Goddchen

I'm afraid you can't decrypt an AES key with a current PC, considering it would take some good millions of years to bruteforce.
Your best bet would be finding an exploit into how the game implements this encryption, I guess.

Goddchen · 30th March 2011, 08:05 PM

sorry you might have misunderstood me.
i don't want to crack the key, i simply want to extract it. it has to be stored in the file somewhere.

dakkywantstodocrazysht · 1st April 2011, 06:01 AM

Ever tryed the old fashion way of searching addys maybe even reversing the whole game? Wait I'm a computer game hacker idk about adroid games lol sorry uhmm I'm sure you can reverse enough to find the file but then again could it possibly be stored outside of the game itself?

Sent from my Vision using XDA Premium App

Goddchen · 1st April 2011, 08:08 PM

yes that's exactly what i want to do. i have already found the file loading/saving function that use the AESUtil, but i can't figure out where the actual key is stored

Could you have a look at it if i send you the binary file?

Greets, Goddchen

dakkywantstodocrazysht · 2nd April 2011, 10:16 PM

Yeah send them all to me every one you can find and I will search away hopefully its not somthing stupidly named that throws me off...and why hack a game like this anyways?

Sent from my Vision using XDA Premium App

dakkywantstodocrazysht · 2nd April 2011, 10:18 PM

Also have you tryed opening it up with a hexeditor? I know I know billions of lines of useless numbers for what you want but there is a chance it will be labled in there somewhere

Sent from my Vision using XDA Premium App

Goddchen · 2nd April 2011, 10:21 PM

Yes i did that, and also decompiled the whole thing with IDA pro. That's why i know it's AES, because the read / write function use the AESUtil functions. But i can't figure out the address where the key is located...

dakkywantstodocrazysht · 2nd April 2011, 11:06 PM

Have you searched for aes or key I know it might sound funny but time after time I've found addys that way and and I toatally forgot that you used ida I use that to decompile dlls and mem dumps for my hacking on games...but pm me the files (idk never tryed sending files on here before so I'm not sure if its possible here if not pm for my email)

Sent from my Vision using XDA Premium App