A game's homemade crypto fell to a DIY supercomputer
2 days ago
- #cryptography
- #security
- #reverse-engineering
- The article details breaking the custom RSA encryption in Tower Unite's AGC (Authoritative Game Coordinator) by factoring a 509-bit key using distributed computing with friends' gaming PCs and CADO-NFS.
- Three main crypto vulnerabilities were found: a weak key generator limited to 258-bit keys via a prime table, a static 509-bit key shipped in the binary, and a decrypt routine leaking uninitialized heap memory.
- After reporting, Pixeltail replaced the homemade RSA with secp256k1 and libsodium within two weeks, adding forward secrecy but leaving a server authentication gap, allowing potential MITM attacks.
- The attack demonstrated how hand-rolled crypto fails, emphasizing the importance of using audited libraries, memory-safe languages, and proper authentication alongside encryption.
- Lessons include avoiding custom crypto, ensuring memory safety in cryptographic code, using appropriate primitives like ECDH, and recognizing that encryption without authentication is insufficient.