ZenHAX

Free Game Research Forum | Official QuickBMS support | twitter @zenhax | SSL HTTPS://zenhax.com
It is currently Mon Jun 21, 2021 4:19 pm

All times are UTC




Post new topic  Reply to topic  [ 5 posts ] 
Author Message
PostPosted: Fri Apr 23, 2021 7:08 am 

Joined: Fri Apr 23, 2021 6:26 am
Posts: 2
Introduction

Hi! as the topic we going to discuss.. i have able to obtain Minecraft Windows 10 encrypted Marketplace textures. The textures is obtained by grabbing token using Wireshark. Anyway, we're not gonna talk about "how to obtain" but the main topic is.. how we can decrypt minecraft encrypted packs?

Its really common, Marketplace prices is mostly over-charged for over simple things.. from Skinpacks, Worlds, and even Persona Skin Cosmetics especially anything regarding the skins. :roll:

Problematic

Minecraft Windows 10 using JWT or Json Web Token based with HS256 Algorithm. They used this new algorithm recently in 1.16 updates.. i suppose? Minecraft no longer using .zipe algorithm but rather they using JWT and verify the packs using signatures.json that also being encrypted. From the cache folder, you cant really see the content even though its on .png or .json format. The cache file is located at : %USERPROFILE%\AppData\Local\Packages\*Microsoft*Minecraft*\LocalState\PremiumCache

Inside the Premium Cache, there's going to be 3 folders inside. 1. Persona, 2. Skinpacks, 3. Resources (Texture Pack). If you look closely, every-single one of them have "signatures.json" even on resources pack. Enough the roots, lets get into the main idea. Since i have been able to pick on of their textures assets, we probably can do some search for in-game decrypter function or even using hash file to get the key-algorithm they used? Here im going to provide both textures. 1 is encrypted, and another is decrypted readable png that can be read by any photo viewer/editor or etc. I also going to provide some "Minecraft.Windows.exe" from the retail version 1.16, hoping to get some in-depth area.

As because they used JWT, the token can be readed here : https:https://jwt.io/ . I can achieve the token is more likely easier to decipher since its a free marketplace content that yet also encrypted. The assets i was able to get is Persona Pumpkin piece from Headware section from Persona Skin Editor / Profile.

[Encrypted Asset]
Image 1 : https://drive.google.com/file/d/1kNAtUO2j1n_nibe4254LblDnjqIneHwX/view?usp=sharing
Image 2 : https://drive.google.com/file/d/146Yni2XrneL0G2DVx4vhxUuxjq-x98U4/view?usp=sharing

[Decrypted Asset]
Image 1 : https://drive.google.com/file/d/1-4SR32NJFilBHalpDPCJuzmc7R2l1Pju/view?usp=sharing
Image 2 : https://drive.google.com/file/d/1GYhLs9LjVxeKrcpgEGnRA55Q-IU5ekzE/view?usp=sharing

[MC Retail Exe] : https://drive.google.com/file/d/1bA2u7ihT8eBRWLxH6BRxKy4RHp19BqZQ/view?usp=sharing
[Data Set] : https://drive.google.com/drive/folders/1z6hkNumx3RSmpCdr13i8Y7YCIf6BF-CW?usp=sharing


Top
   
PostPosted: Mon Apr 26, 2021 7:27 pm 

Joined: Mon Apr 26, 2021 7:26 pm
Posts: 1
how do you trace jwt/token using wireshark?


Top
   
PostPosted: Tue Apr 27, 2021 3:39 am 

Joined: Fri Apr 23, 2021 6:26 am
Posts: 2
AgentB wrote:
how do you trace jwt/token using wireshark?


Wireshark contain Signature Packet. Basicly when you unlock Marketplace content, the transaction between Public Key and Private Key happen with in client and not server because its how JWT works. Wireshark Raw Signature packet may encrypted so you gotta catch up what's happening using debugging. Not all packet is encrypted though, but most of them are. As i said on the thread, you most likely easier to capture the signature if you collect free content. So the conclusion is, the handshake pretty much client sided and its a good thing.


Top
   
PostPosted: Sat May 22, 2021 4:37 pm 

Joined: Sat Mar 27, 2021 7:07 am
Posts: 3
Lutzynth wrote:
Wireshark contain Signature Packet. Basicly when you unlock Marketplace content, the transaction between Public Key and Private Key happen with in client and not server because its how JWT works. Wireshark Raw Signature packet may encrypted so you gotta catch up what's happening using debugging. Not all packet is encrypted though, but most of them are. As i said on the thread, you most likely easier to capture the signature if you collect free content. So the conclusion is, the handshake pretty much client sided and its a good thing.


Can you tell me in more detail how to decrypt the texture?


Top
   
PostPosted: Wed Jun 02, 2021 8:35 pm 

Joined: Wed Jun 02, 2021 8:24 pm
Posts: 1
is it basically just converting the jsons and pngs or is it more complicated


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 5 posts ] 

All times are UTC


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Powered by phpBB® Forum Software © phpBB Limited