|
OK,
Since we are no longer keeping Hardlock information particularly private anymore ;-).
The Hardlock envelope uses the undocumented API function 0xE to decrypt its code sections, this is just a simple cipher of an 8 byte encrypted block into an 8 byte decryption key, (which is then cycled through the data). Fn 0xE is not the API HL_CODE(), but it is based on it, you can recover HL_CODE() from toro's emulator (he has chosen not to implement function 0xE) however even function 0xE's make up is no great secret any longer.
Function 0xE's security is based around 3 16-bit seeds (again see toro's post), without any knowledge i.e. a Hardlock dump this gives a theoretical strength of 2^48, this is beyond the realms of a single desktop attack and most probably any known plaintext attacks as well, however significant computing power could probably break it from a known good encrypt/decrypt response.
This means that without an original Hardlock you have pretty much no hope of successfully decrypting the envelope.
Regards
CrackZ.
|