Member Avatar for belalhamdy

I'm tring to develope newcamd virtual server
i have read the newcamd protocol documentation
there is some missed Points
the newcamd protocol uses 3des encryption 112bit CBC Mode
point one : what is the padding mode??
point two : what is the vector key??
another thing for example
i spyed on client server connection tring to decrypt the connection without success
if the deskey is

0102030405060708091011121314

and the first server response after connection is (after converting to hex)

277FC3F64C995D9C05A8C660DB71

and the client replyed with

00480F9F373D0E167324955DDA875E69F7234CE3DCAE6DA9237AD14CF8C03DE13E11F6FE5D070BD84C2B44CEDE3CFAB30CADCDB3300274275133C9DE2DF288A2E576A7D93C47E0AA6AC3

how to decode this client messsage

i mean what is 3des 24byte key, what is the vector key??, and what the exact data should be decoded

thanks for reply

Edited by belalhamdy
  • 4 Contributors
  • 5 Replies
  • 722 Views
  • 1 Year Discussion Span
  • Latest Post Latest Post by Zurab

Recommended Answers

All 5 Replies

Member Avatar for rubberman

Re-read the protocol? Study some implementations? Do some research? This is non-trivial stuff, and I honestly doubt that many of us could, without study, answer your questions correctly. I have implemented triple-des algorithms, but in the deep, dark past (like 20+ years ago). I can't remember all of the details...

In any case, DES is a symmetric key algorithm. The encoding key(s) are also the decoding keys. The essential problem here is the key exchange. This may help: http://en.wikipedia.org/wiki/Triple_DES

Member Avatar for belalhamdy

thanks rubberman for reply
the issue doesn't related to triple des i have studed 3des well, i'm also using 3rd party 3des library,
the issue is the newcamd protocol
newcamd protocol uses 3des with cbc mode
there is some thing named deskey(in the client configuration) should be xored with first 14 byte server response and expanded to 24 byte to encode user/password msg (first client message) buuuuuuuuuut 3des with cbc mode uses vector key (8 byte) this isn't mentioned in protocol documentation, i follow some client source code on the internet it seams to be the last 8byte in the message, i tried to decode but no luck
if any one could decode the above example it may help me to discover any mistake (vector,xoring,expanding)
thanks again for your time

Edited by belalhamdy
Member Avatar for Lucas_6

Any news about this guy? I want to implement same protocol using Javascript/Node.js and i can't find documentation explaning how this protocol works, thanks

Member Avatar for Zurab

HI,

So the first problem is that you are concatenating the client deskey part and server deskey part.
You should xor them. if your des key is 0102030405060708091011121314 and server first replyed you other 14 bytes (the server des key part) 277FC3F64C995D9C05A8C660DB71, you should xor them byte by byte.
for example in c:

for (i = 0; i < 14; i++)
        realkey[i] = clientkey[i] ^ serverkey[i];
Member Avatar for Zurab

i can't help you to decode this until u will not decode it by sourself after correcting the key, then please post the decoded bytearray here and I can explain how to extract correct data from fields.
00480F9F373D0E167324955DDA875E69F7234CE3DCAE6DA9237AD14CF8C03DE13E11F6FE5D070BD84C2B44CEDE3CFAB30CADCDB3300274275133C9DE2DF288A2E576A7D93C47E0AA6AC3

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.