release Tool: Conquer RSA DAT File Decrypt/Encrypt & Client Patcher

[cyano]

Hi all,

I've put together a set of small Python (3.6+) scripts for working with the RSA encrypted DAT files (like Server.dat) used in the client.

With these scripts, you can:

• Extract the RSA Public key from any Conquer.exe binary (5095, 5187, 5517, 5615, 6090, 6609 tested)
• Decrypt any RSA-encrypted DAT File (like Server.dat). See: https://conquer-online.github.io/wiki/files/formats/dat.html for a list.
  These scripts only work with RSA encrypted files.
• Re-encrypt modified DAT files with your own private key
• Patch the Conquer.exe binary with own public key. (5095, 5187, 5517, 5615, 6090, 6609 tested)
• Patch the Conquer.exe binary to bypass play.exe requirement (5095, 5187, 5517, 5615, 6090, 6609 tested) (optional patch, but on by default)

Ultimately, you can use these scripts to decrypt server.dat, replace with your own IP/Port, re-encrypt (with your own key) and patch the binary (with your key). However, you may still find ConquerLoader / Dragon Launcher is easier for running private servers. 

The project is here: https://github.com/Cyano-CO/conquer-rsa-patcher (possibly move to conquer-online github org in future)

For full technical details on how RSA works, see: https://conquer-online.github.io/wiki/security/rsa.html

 

Example: Modifying Server.dat

• Make sure you have Python3.6+ Installed (https://www.python.org/downloads/)
• One common dependency required, usually already installed system-wide (pip install cryptography), or use virtual env.
• As with all code, read & understand it before executing it.
• Don't use this on live binaries.
• All techniques are derived solely from publicly distributed client binaries. The extracted key is an RSA public key, public by design.

Git clone the repository https://github.com/Cyano-CO/conquer-rsa-patcher
The public key / Conquer.exe isn't included in this repository, copy Conquer.exe & Server.dat from your client directory to the script directory.

Extract the public key from the Conquer.exe binary. You can then decrypt Server.dat using:

python3 extract_key.py Conquer.exe
python3 decrypt_game_file.py Server.dat

 

This will create Server_decrypted.dat which you can to point to your own IP / Port or rename the servers. To use it in the client:

./generate_keypair.sh
python3 patch_client_binary.py Conquer.exe public_key.pem
python3 encrypt_game_file.py Server_decrypted.dat private_key.pem

Then copy Server_encrypted.dat & Conquer_modified.exe to your client directory, rename Server_encrypted.dat to Server.dat (backup the original first).

patch_client_binary also patches to skip play.exe requirement (turn off by --skip-patch-play-exe). So you can start Conquer_modified.exe directly and it should load your modified Server.dat

Thanks To

* Spirited For: https://cooldown.dev/topic/12-client-how-to-disassemble-conquer-for-reverse-engineering/
* adrian For: https://cooldown.dev/topic/19-client-using-decrypted-serverdat

Happy to answer questions or feedback on it

Edited Friday at 07:15 PM by cyano
support 5095 - 6609 (All conquer 2.0 rsa server.dat patches)

[kennylovecode]

NICE WORK!