Player is protected with CypherGuard (
You must be registered to see the links
) before it actually loads the flash files.
Authenticates with a Tomcat server on
You must be registered to see the links
Code:
POST /simon/servlet/CypherServer HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: DLsite Secure Application Kicker/1.0.1.0 (Windows; Windows NT 6.1.7600 x64; SX58; en)
Host: virgo.cypherlicense.com
Content-Length: 114
Connection: Keep-Alive
Cache-Control: no-cache
data=<?xml version="1.0" encoding="UTF-8" standalone="no" ?>
<cypherinfo>
<request>OPEN</request>
</cypherinfo>
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Length: 889
Date: Tue, 08 May 2012 23:11:25 GMT
<?xml version="1.0" encoding="UTF-8"?><cypherinfo><serviceinfo><serviceid>BF6629BB-9956-4935-AE1B-B2FAC2E35A4D</serviceid></serviceinfo><publickey>30820120300..snip..20111</publickey><serviceflags>1</serviceflags><hardwareinfo>16</hardwareinfo><algorithm>Rijndael</algorithm><mode>CBC</mode><keylength>16</keylength></cypherinfo>
POST /simon/servlet/CypherServer HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: DLsite Secure Application Kicker/1.0.1.0 (Windows; Windows NT 6.1.7600 x64; SX58; en)
Host: virgo.cypherlicense.com
Content-Length: 1375
Connection: Keep-Alive
Cache-Control: no-cache
data=<?xml version="1.0" encoding="UTF-8" standalone="no" ?>
<cypherinfo>
<request>AUTHURL</request>
<iv>A47001E4..snip..06318</iv>
<sessionkey>64238..snip..2FCCE7773</sessionkey>
<encrypteddata>552DC8..snip..91F9A10</encrypteddata>
</cypherinfo>
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Tue, 08 May 2012 23:11:25 GMT
<?xml version="1.0" encoding="UTF-8"?><cypherinfo><result>success</result><description>0</description><iv>4830..snip..D187E</iv><encrypteddata>DDD79..snip..726F0F</encrypteddata></cypherinfo>
So it opens a session, does public key exchange, send out some data and gets a result.
DLL's are hardened against reverse engineering.
Of course, the easiest thing is to do a memory dump on a computer the game is running on, then fishing out the unencrypted flash files.
Otherwise you have to do a man-in-the-middle attack, since the server is giving out WAY to much information to keep the stream secure. Also, it might be possible to emulate the server and specify a 'NULL' encryption algorithm, making all of the data plain text.
But to be honest, that's WAY to much effort for a flash game that's not even that good in my opinion.
Again, easiest way, dump the memory on a machine that it is actually running on.