Protocol

Vertigo edited this page Dec 31, 2017 · 12 revisions

Protocol

Packet format

ofs size contents
+00 2byte message id, see Protocol Messages
+02 3byte payload length
+05 2byte version (Doesn't appear to matter, you can use 0x00, 0x00)
+07 encrypted message

Protocol

NOTE: The Cryptography methods shown here no longer work with Clash of Clans, Boom Beach, Clash Royale or Hay Day.

  1. Server generates a key pair with crypto_box_keypair, keeps the private key secret, and puts the public key (serverkey) in libg.so.

  2. Client reads serverkey from libg.so.

  3. Client sends 10100 packet to server unencrypted.

  4. Server sends 20100 packet to client unencrypted.

    It contains only a 24 byte binary string that the client sends back to the server in packet 10101.

  5. Client generates a little-endian nonce (snonce) using randombytes-1.

    It will be used to encrypt all client->server packets after 10101.

    Note: It appears that the output of randombytes may only be decremented some of the time. I experienced a few anomalies, but as the value actually sent to the server is the important one, I didn't investigate further. This is only applicable if you are intercepting the data from randombytes and comparing it to snonce.

  6. Client generates a key pair (pk and sk) with crypto_box_keypair.

  7. Client generates nonce with blake2b using pk and serverkey.

  8. Client generates a shared key (s) with crypto_box_beforenm using sk and serverkey.

  9. Client sends 10101 packet encrypted with crypto_box_afternm using s and nonce to server.

    It is prefixed with the 24 byte binary string from packet 20100 and snonce before encryption.

    It is prefixed with pk after encryption.

  10. Server reads pk from packet 10101.

  11. Server generates nonce with blake2b using pk and serverkey.

  12. Server generates a shared key (s) with crypto_box_beforenm using its private key and pk.

  13. Server decrypts packet 10101 with crypto_box_afternm_open using s and nonce.

  14. Server reads snonce from packet 10101.

  15. Server generates a little-endian nonce (rnonce) using randombytes.

    It will be used to encrypt all server->client packets after 20104.

  16. Server generates a key pair with crypto_box_keypair.

  17. Server generates a shared key (k) using the keypair from the previous step.

  18. Server generates nonce with blake2b using snonce, pk, and serverkey.

  19. Server sends 20104 packet encrypted with crypto_box_afternm using s and nonce to client.

    It is prefixed with rnonce and k before encryption.

  20. Client generates nonce with blake2b using snonce, pk, and serverkey.

  21. Client generates a shared key (s) with crypto_box_beforenm using sk and serverkey.

  22. Client decrypts packet 20104 with crypto_box_afternm_open using s and nonce.

  23. Client reads rnonce and k from packet 20104.

  24. For all subsequent client->server packets:

    1. Both the client and server increment snonce by 2.

      Reminder: snonce is little-endian.

    2. Client encrypts packet with crypto_box_afternm using k and snonce.

    3. Server decrypts packet with crypto_box_afternm_open using k and snonce.

    For all subsequent server->client packets:

    1. Both the client and server increment rnonce by 2.

      Reminder: rnonce is little-endian.

    2. Server encrypts packet with crypto_box_afternm using k and rnonce.

    3. Client decrypts packet with crypto_box_afternm_open using k and rnonce.

You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.