From fff92b16ed4da89baea6db6fd04cf0fffe3c8790 Mon Sep 17 00:00:00 2001
From: Andrew Gutekanst <andrew.gutekanst@gmail.com>
Date: Sat, 22 Feb 2020 11:20:52 -0500
Subject: [PATCH] Add bruteforce fallback for out-of-sync crypto

---
 network/crypt_conn.go | 33 +++++++++++++++++++++++++--------
 1 file changed, 25 insertions(+), 8 deletions(-)

diff --git a/network/crypt_conn.go b/network/crypt_conn.go
index 7cce26d37..6aeedad8e 100644
--- a/network/crypt_conn.go
+++ b/network/crypt_conn.go
@@ -1,6 +1,7 @@
 package network
 
 import (
+	"encoding/hex"
 	"errors"
 	"fmt"
 	"io"
@@ -16,17 +17,16 @@ type CryptConn struct {
 	readKeyRot                  uint32
 	sendKeyRot                  uint32
 	sentPackets                 int32
+	prevRecvPacketCombinedCheck uint16
 	prevSendPacketCombinedCheck uint16
 }
 
 // NewCryptConn creates a new CryptConn with proper default values.
 func NewCryptConn(conn net.Conn) *CryptConn {
 	cc := &CryptConn{
-		conn:                        conn,
-		readKeyRot:                  995117,
-		sendKeyRot:                  995117,
-		sentPackets:                 0,
-		prevSendPacketCombinedCheck: 0,
+		conn:       conn,
+		readKeyRot: 995117,
+		sendKeyRot: 995117,
 	}
 	return cc
 }
@@ -41,8 +41,6 @@ func (cc *CryptConn) ReadPacket() ([]byte, error) {
 		return nil, err
 	}
 
-	//fmt.Printf("Header: %s\n", hex.Dump(headerData))
-
 	// Parse the data into a usable struct.
 	cph, err := NewCryptPacketHeader(headerData)
 	if err != nil {
@@ -65,10 +63,29 @@ func (cc *CryptConn) ReadPacket() ([]byte, error) {
 	if cph.Check0 != check0 || cph.Check1 != check1 || cph.Check2 != check2 {
 		fmt.Printf("got c0 %X, c1 %X, c2 %X\n", check0, check1, check2)
 		fmt.Printf("want c0 %X, c1 %X, c2 %X\n", cph.Check0, cph.Check1, cph.Check2)
+		fmt.Printf("headerData:\n%s\n", hex.Dump(headerData))
+		fmt.Printf("encryptedPacketBody:\n%s\n", hex.Dump(encryptedPacketBody))
+
+		// Attempt to bruteforce it.
+		fmt.Println("Crypto out of sync? Attempting bruteforce")
+		for key := byte(0); key < 255; key++ {
+			out, combinedCheck, check0, check1, check2 = crypto.Decrypt(encryptedPacketBody, 0, &key)
+			//fmt.Printf("Key: 0x%X\n%s\n", key, hex.Dump(out))
+			if cph.Check0 == check0 && cph.Check1 == check1 && cph.Check2 == check2 {
+				fmt.Printf("Bruceforce successful, override key: 0x%X\n", key)
+
+				// Try to fix key for subsequent packets?
+				//cc.readKeyRot = (uint32(key) << 1) + 999983
+
+				cc.prevRecvPacketCombinedCheck = combinedCheck
+				return out, nil
+			}
+		}
+
 		return nil, errors.New("decrypted data checksum doesn't match header")
 	}
 
-	_ = combinedCheck
+	cc.prevRecvPacketCombinedCheck = combinedCheck
 	return out, nil
 }