~Seraphim wrote:DobarParshut wrote:so, basically, there is nothing to do

anyway, thanks guys!

Well if you want to get technical, the stats files were encrypted with a rather weak algorithm ( if you can even call that an algorithm ) so you can _technically_ brute force the decryption.

Basically there's 2^32 possible combinations you can try.

https://github.com/teknogods/TeknoMW3Read this to find out how stats files were encrypted. You can decrypt them by simply running it through the decryption function with every possible lower SteamID ( 00000000 - FFFFFFFF )

FWIW, I'll leave what I found out after I quickly glanced over the code, in case anybody decides to do this:

1. The function you're targeting is SteamDataCrypto (steam_api_emu_misc.cpp)

2. The encryption function seems like a stream cipher, so both encryption and decryption use the same function (TL;DR stream ciphers generate a bunch of values based on the key and then usually XOR the input against that, so generating the same values and XORing again decrypts the encrypted data)

3. The implementation is... laughable, without being too mean. I recommend rewriting it if your goal is to attack the crypto, for several reasons; one of them being the "if", which can be dumbed down to a single expression, which could help analyzing the function. (branches are never nice when translating crypto code to math)

4. There is a side-channel attack which, in the worst case, reduces the key space to ((2**32 - 1) / 4). However, in practice, the actual keyspace is reduced to less than 5% of the worst case scenario, making this concrete example

*extremely* easy to crack. However, I'll leave that as an exercise to the reader. :-)