Decrypting/decoding something

[Nineshadow]

For those wondering what this is,it's a save file for a game.Nothing serious.

 

This is the original : 

.H3siaXNNdXRlZCI6dHJ1ZSwiY2FzaCI6Mi45NzgxODc5EjUzMTM1MjlFKzg5LCJ0b3RhbENgIBA2LjY5NzU5NjEyNTgwNTE4ReABIAhQcmV2aW91c0NgKA8xLjY5NDA5NDYyMzA0NDc5oEkfaW1lc3RhbXAiOjE0MDgwMTIyMjEuMDgxNzIsImFuZ2UDbEludiAhGG9ycyI6MS45NTIyOTMwNzMzOTAyNkUrMzngByUFU3BlbnQiIJYENzc4MDBAAAM2NzY0ICkDNCwidiAaAnVyZSBJA1t7Imkg6QYibGVtb24iIEMCbW91QDYfMjkwMCwiY3VycmVudFRpbWUiOjAuMDE3NzM3ODc4NTcHOTY2Nzh9LHuAPQRuZXdzIuABPAQxNDI4LOAKPAg5MzY3MzAyOTEhAAA04AA8A2NhciLgAzsBNDDgCngJODc4MjMwNjkyOCGDADbgADsFcGl6emEi4AI9AjU0MOALPQw5NTM0ODMwODYwNzk04AA9BWRvbnV0IuACPQI2NDDgCT0OMjAxODI4MTU4NDYwNTU34AA9A3NocmkhruACPiAkACzgCPYNMjExMTYzNjMzNTAzMDLgAD0GaG9ja2V5IuACPQA54QpxDjEwOTc2NzQwNDg1MDU3MuAAPQRtb3ZpZeACPAQyMDAwLOAHeg4yNTA4Njg5MTMyNTE5MDfgADwEYmFuayLgAXgDMjMwMOAIOw43MDU5MDIyMzEzOTE1MTbgADsDb2lsIuACOgI2MDDgBjoENi4xMjMh3hIxNDc5NTU2NH1dLCJtYW5hZ2Vygm4HX190eXBlX18idANSdW5WIl4iiQBNgCEJIiwiX192YWx1ZUAfAXsi4gGaAV9t4AAhB3B1cmNoYXNlIrZDoAB9QJvgKFRCseBHUyLI4EdSYt/gR1Ri9uBHVIMN4EdVAGhjJeBHVQFtbyM94EdUQ1XgR1MjbeAhUgJBY2NFuwNhbnRN4wArAF/jCE1AUgFhY8ApI3DjFk7gHVVg/OBJVgFtb0Go4ElXAGiCVuBJWKMF4ElYg7PgSVeEYOBJVyULBHdhc2hf4ElZZbngSVZpAABf4BVXCV0sInVwZ3JhZGXmCMqmxwFVcGAeACLmEccAMSAb4xZy4BpLYQTgPUohqeA+SYJL4D2Vgu/gPUujlOA9TKQ64D1MAW1vRN/gPUtlguA9SkYj4BpJCUV2ZXJ5dGhpbmfiE/YFZ2xvYmFs4BtP4hr3g6UAMuNBQ+A9SkND4D1Jg0PgPUuDQ+A9S6ND4D1Mo0PgPUwBbW9DQ+A9S2ND4D1KQ0PgGknjJEPgGk8BQUnjE4twR+NEigAz40GK4D1KQ4rgPUmDiuA9S4OK4D1Lo4rgPUyjiuA9TAFtb0OK4D1LAGIwpOA+SkOK4BqU4ySK4BpP4xuK4xrR5yAVADTjQYrgPUpDiuA9SYOK4D1Lg4rgPUujiuA9TKOK4D1MAW1vQ4rgPUtjiuA9SkOK4BpJ4ySK4BpP4xuK4xrR4yCKADXjQYrgPUpDiuA9SYOK4D1Lg4rgPUujiuA9TKOK4D1MAW1vQ4rgPUtjiuA9SkOK4BpJ4x2KilgCc2Fj6htc4xuNQErnGhzgH0rjGtzgJ+jkGnbgJ1LhGo4CQnV5pIUAc+sT6ANzd2Fw4RuK4CNO4RqO4CNO4RqS4CNO4RqO4CNO4UaKADbmGRDgI50AN+BFTgA44EVOADngRU4BMTDgRk8AMeBGTwAy4BlP5CcJ4hov4B1SAGeTfeIazqRW5BNVdnXgGprgGkpIkOA9SYiQ4D1LiJDgPUuokOA9TKiQ4D1MAW1vSJDgPUsAYk+m4D1KSJDgPUmWJeAaS+MkQ+AaT+Ia+GND5Rq/4BpKQ0PgPUmDQ+A9S4ND4D1Lo0PgPUyjQ+A9TAFtb0ND4D1LY0PgPUpDQ+A9SYND4D1LYvPoGmTiHvPgPUmC8+A9S4Lz4D1LovPgPUyi8+A9TAFtb0Lz4D1LYvPgPUpC8+A9SYLz4BpL5iQ34xpD4CRP4Bqf7CNLATEz6hm+4CRPADTgRk8ANeBGTwA24EZPADfgRk8AOOBGTwA54EVPATIw4EZPADHgRk8AMuAZT+Mkb+4azuAkTwAx7hrP4CVQ7hrQ4CVQ7kDRAGeOfuRHYwEyM+EZ4+QjswEyNOAZT+ElQeUaBPQfu+ZHP+UbUOAl7OUMUR9dLCJnYW1lVmVyc2lvbiI6MS41LCJvbmVEYXlXYXJwcwdVc2VkIjowfQ==|a9635ff4c66bfa23a92653cfa880a7ba

Now,I tried base64 and it decoded some of it :

{"isMuted":true,"cash":2.97818795313529E+89,"totalC` 6.69759612580518E PreviousC`(1.69409462304479Iimestamp":1408012221.08172,"angelInv !ors":1.95229307339026E+39%Spent" 77800@6764 )4,"v ure I[{"i "lemon" Cmou@62900,"currentTime":0.0177378785796678},{=news"<1428,<936730291!4<car";40x	8782306928!6;pizza"=540=9534830860794=donut"=640	=201828158460557=shri!> $,21116363350302=hockey"=9q109767404850572=movie<2000,z250868913251907<bank"x2300;705902231391516;oil":600:6.123!14795564}],"managern__type__"tRunV"^"M!	","__value@{"_m!purchase"C}@(TBGS"GRbGTbGTGUhc%GUmo#=GTCUGS#m!RAccEantM+_M@Rac)#pNU`IVmoAIWhVIXIXIW`IW%wash_IYeIVi_W	],"upgradeʦUp`"1 rKa=J!>IK==K=L:=LmoD=Ke=JF#I	EverythingglobalO2AC=JCC=IC=KC=KC=LC=LmoCC=KcC=JCCI$COAIpGD3A=JC=I=K=K=L=LmoC=Kb0>JC$O 4A=JC=I=K=K=L=LmoC=Kc=JCI$O 5A=JC=I=K=K=L=LmoC=Kc=JCIXsac\@JJ'v'RBuysswap#N#N#N#NF6#7EN8EN9EN10FO1FO2O'	/Rg}ΤVUvuJH=I=K=K=L=LmoH=KbO=JH=I%K$COcCJCC=IC=KC=KC=LC=LmoCC=KcC=JCC=IC=Kbd=I=K=K=L=LmoB=Kb=JB=IK$7C$O#K13$O4FO5FO6FO7FO8FO9EO20FO1FO2O$o$O1%P%P@g~Gc23#24O%AG?P%Q],"gameVersion":1.5,"oneDayWarpsUsed":0}~_:vۮwqFm

However,that's clearly not all of it.There's obviously something else being used.And I also couldn't help to notice the dot at the beginning of the encrypted/encoded file,which is not what base64 encoding would leave behind.

My guess is that there's different encoding techniques used across the code.

 

I tried editing what I could decrypt and import it into the game and it told me the save was invalid.This makes my assumptions even more plausible.I guess it checks MD5 checksum of the text compressed and decompressed and you know the drill...

 

Any ideas? 

I guess I could try decompiling the game itself.

[scarylabcat]

You can try offsets. In most cases saved games and such are not made to be unbreakable, just hard enough, so that most people give up. Offsets are easy way to do it. Let's say that you have a byte array that representing the save game, you can add the length of the array to all the bytes of the array. They may overflow but that's ok, then save it and when you read it just subtract the length of the array from every byte. All these little tricks are no match for the skilled cracker but nevertheless make it harder for the rest of us to break the code.

 

You can try offsets for some parts of the string.

 

About the hashing, the game must store the hashed values somewhere... try decoding some of the settings files... 

[Nineshadow]

You can try offsets. In most cases saved games and such are not made to be unbreakable, just hard enough, so that most people give up. Offsets are easy way to do it. Let's say that you have a byte array that representing the save game, you can add the length of the array to all the bytes of the array. They may overflow but that's ok, then save it and when you read it just subtract the length of the array from every byte. All these little tricks are no match for the skilled cracker but nevertheless make it harder for the rest of us to break the code.

 

You can try offsets for some parts of the string.

 

About the hashing, the game must store the hashed values somewhere... try decoding some of the settings files... 

I did some tests...

Turns out the save file also uses LZF compression.

There's still a portion encoded...