Advertisement

UDP Application Layer Data Integrity Checker

Started by August 20, 2018 05:53 PM
2 comments, last by Jony Roger 6 years, 3 months ago

Hello. I've been analysing one game's udp communication and I need help to identify which type of data integrity/anti-tamper is being used here. I would like to understand and implement my own. Here is the explanation:

UDP packet Data example:
7d 65 00 02 00 00 06 00 00 00 00 00 00 00

After analysing hundreds of packets, I've found that the second byte (offset 0001 : 0x65) is the data integrity checker. It's always the same value for the same UDP Data and can be the same for different UDP Data since it is just one byte, so there is only 128 possibilities since the value never goes above 0x7F (Range 0x00 to 0x7F (0 to 127)).

Please, someone knows what type of algorithm can check UDP Data with just one byte and the value is always between 0x00 - 0x7F? I can't debbug the application.

Thanks in advanced.

Best regards.

 

There are tons of algorithms that can generate a one-byte checksum. Algorithms include:

  1. Checksums: add up all the bytes (or some permutation of the bytes) and perhaps perturb the result
  2. CRC: calculate an 8-bit CRC, or some bigger CRC and drop all but 8 bits of the value.
  3. XOR: take the XOR of all values, potentially with a rotation in between each byte
  4. Linear congruential generators: Each step, multiply your seed with one prime, and add the value of the next byte
  5. Any other hash function, where you end up dropping all but 8 bits (or 7 bits, even.)

Without the source code of the application, you have to make guesses about what could be going on, and verify those guesses against that data that you have. Sometimes, writing code that tests various parameters against various algorithms and sees how close it can get may be helpful. There really is no "magic bullet" here.

To get you started: If you start with the first value (0x7D) and subtract all the other values, you get 0x10. Do you get that same result for all other data packets you have? If so, you have the algorithm there.

enum Bool { True, False, FileNotFound };
Advertisement

Thanks for your reply. Now I have a clue on how to proceed from here. Gonna test all and choose which one is the best for my solution based on performance. Thanks!

This topic is closed to new replies.

Advertisement