forked from openrs2/openrs2
Signed-off-by: Graham <gpe@openrs2.org>
parent
bb18fc7d50
commit
b5b943f7b6
@ -0,0 +1,75 @@ |
|||||||
|
# Cryptography |
||||||
|
|
||||||
|
## ISAAC |
||||||
|
|
||||||
|
[ISAAC][isaac] is a cryptographically-secure pseudorandom number generator. By |
||||||
|
combining its output with addition/subtraction, the client uses it as a stream |
||||||
|
cipher to encrypt the opcodes of packets. |
||||||
|
|
||||||
|
It was implemented to break packet injection bots, such as AutoRune. While |
||||||
|
using ISAAC in this manner only provides confidentiality, and not authenticity |
||||||
|
or integrity, if the opcodes are tampered with the packet lengths will no |
||||||
|
longer be in sync between the client and server. This causes one or both of the |
||||||
|
endpoints to read garbage opcodes, though the garbage opcodes may happen to |
||||||
|
match valid packets for a while. Eventually, one or both endpoints will detect |
||||||
|
an invalid packet and close the connection. |
||||||
|
|
||||||
|
## RSA |
||||||
|
|
||||||
|
[RSA][rsa] is an asymmetric encryption and signature algorithm. The client uses |
||||||
|
it to protect the user's password and the session's symmetric key during the |
||||||
|
login process. |
||||||
|
|
||||||
|
In later revisions, the JS5 master index is signed with Jagex's private key. |
||||||
|
This change was made around the time the native libraries were moved into the |
||||||
|
cache, ensuring that Jagex's code-signed applet could not be used to run |
||||||
|
arbitrary native code if an attacker tampers with the JS5 connection. This |
||||||
|
change was probably required by Jagex's certificate authority. |
||||||
|
|
||||||
|
Jagex used a 512-bit RSA key when build 550 was released, and due to the size |
||||||
|
of the output buffer in the client, the maximum key size is 1,008 bits. Both of |
||||||
|
these sizes are considered insecure by modern standards, and Jagex's 512-bit |
||||||
|
private key was factored in 2016. |
||||||
|
|
||||||
|
Textbook RSA is used, rather than a secure padding scheme, which leads to |
||||||
|
[several weaknesses][textbook-rsa]. |
||||||
|
|
||||||
|
## SHA-1 |
||||||
|
|
||||||
|
[SHA-1][sha1] is a cryptographic hash function. It is used to verify the |
||||||
|
integrity of the game's code. SHA-1 is no longer secure. |
||||||
|
|
||||||
|
## XTEA |
||||||
|
|
||||||
|
[XTEA][xtea] is a symmetric block cipher. It is primarily used to encrypt |
||||||
|
location files in the cache, reportedly to prevent bots from performing |
||||||
|
path-finding across the entire map - the server only provides keys for a |
||||||
|
location file when the player is within or adjacent to it. |
||||||
|
|
||||||
|
It is used in [Electronic codebook (ECB)][ecb] mode. ECB is theoretically |
||||||
|
insecure, however, as the location files are compressed before encryption it is |
||||||
|
difficult to make use of this insecurity in practice. |
||||||
|
|
||||||
|
The location files do not contain padding, and therefore the last 0-7 bytes are |
||||||
|
leaked. This has no practical impact as they only contain a portion of the gzip |
||||||
|
or bzip2 trailer. |
||||||
|
|
||||||
|
It is also used (in ECB mode, but with padding) to encrypt the player's email |
||||||
|
address in the create account packet, with the symmetric key encrypted with RSA. |
||||||
|
XTEA is used as email addresses may sometimes be too long to be encrypted |
||||||
|
directly by Jagex's 512-bit RSA key. |
||||||
|
|
||||||
|
## Whirlpool |
||||||
|
|
||||||
|
[Whirlpool][whirlpool] is a cryptographic hash function. It is not used in |
||||||
|
build 550, however, it is included here for completeness as it is supported by |
||||||
|
OpenRS2's cache library. It is used to verify the integrity of native libraries |
||||||
|
stored in the cache. |
||||||
|
|
||||||
|
[ecb]: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Electronic_codebook_(ECB) |
||||||
|
[isaac]: https://burtleburtle.net/bob/rand/isaacafa.html |
||||||
|
[rsa]: https://en.wikipedia.org/wiki/RSA_(cryptosystem) |
||||||
|
[sha1]: https://en.wikipedia.org/wiki/SHA-1 |
||||||
|
[textbook-rsa]: https://en.wikipedia.org/wiki/RSA_(cryptosystem)#Attacks_against_plain_RSA |
||||||
|
[whirlpool]: https://en.wikipedia.org/wiki/Whirlpool_(hash_function) |
||||||
|
[xtea]: https://en.wikipedia.org/wiki/XTEA |
Loading…
Reference in new issue