SmashManiac

Secret room

Recommended Posts

Nah i dont think brute force is the way to go.

I'm still curious if we are supposed to find the pass in the game or in the gamefiles.

I remember i printed out the stringtables to read throw em on carrides and stuff like that, but after the first two pages i droped the idea.

The chance that I will hit it is pretty low i think. i dont know much about cryptographie.

But i will give it another chance for sure.

Share this post


Link to post
Share on other sites
Nah i dont think brute force is the way to go.

I'm still curious if we are supposed to find the pass in the game or in the gamefiles.

I remember i printed out the stringtables to read throw em on carrides and stuff like that, but after the first two pages i droped the idea.

The chance that I will hit it is pretty low i think. i dont know much about cryptographie.

But i will give it another chance for sure.

Brute forcing a password is a perfectly valid method of real world hacking :)

Share this post


Link to post
Share on other sites

There is still potential in dictionary attacks. I know Netrix tried it previously, but he appeared to have limited his attempt to a single word with mixed capitalization. My guess is that whatever this password is, it's probably a short sentence with correct grammar. I wouldn't be surprised if a dictionary generated from the in-game strings exclusively would be sufficient for the job.

Also, I just had another idea: is it possible to deduce an AES-256 key if we already know a chuck of the original data big enough to cover the key length? Based on the Lua source code and the game files, if we assume that the original SecretRoom.lua is compiled and was done so at the same location than the encrypted version, then I believe the first 69 bytes would be:

1B 4C 75 61 51 00 01 04 04 04 08 00 2A 00 00 00

40 44 61 74 61 2F 43 6F 6E 74 65 6E 74 2F 53 65

63 72 65 74 2F 52 6F 6F 6D 73 2F 53 65 63 72 65

74 52 6F 6F 6D 2E 6C 75 61 00 00 00 00 00 00 00

00 00 00 00 02

Share this post


Link to post
Share on other sites

I was going through all of my old folders to organize my data and I came across the files related to this. For brute forcing, I did only try single words with symbols and numbers. I didn't get around to trying proper sentences from the game's strings. There are quite a bit of strings within the game files though so I don't know how long it will take to try up to even just 3 word sentences. I'll at least make an attempt though I do agree that this is almost certainly not the intended way to solve it.

Share this post


Link to post
Share on other sites

Just a quickie: that sentence from the "messed up glyphs" puzzle (something like quick brown wizards something something), was that tried as a password?

Share this post


Link to post
Share on other sites

You are talking about this line: "THE FIVE BOXING WIZARDS JUMP QUICKLY" It doesn't work as the password.

Share this post


Link to post
Share on other sites

Netrix, can you share the script you're using for bruteforcing?

Also, I just had an idea watching keybounce's stream. There's a few empty chests in the game. I originally thought it was unfinished content, but it is possible it's a hint for the secret room somehow.

Share this post


Link to post
Share on other sites

Idea.

 

I was thinking about the wishes that Smash had me use after completing the game, to get the encrypted secret room book.

 

What if the decryption key is one of those wish strings?

 

We've got a number of "useless" things in the game to consider, such as a treasure chest that has nothing in it. What if the chest itself is the decryption string -- or more accurately, the wish name that refers to that chest?

Share this post


Link to post
Share on other sites

So, just played through the game and tried to decrypt secret.lua

I got nothin'.

I'd glad to see this is still active as of last month, though, do you folks have any methods of attack or any progress?

Share this post


Link to post
Share on other sites

The only idea I have is that "wish string" that I mentioned before.

No one has yet figured out a solution.

 

 

Share this post


Link to post
Share on other sites
On 4/1/2017 at 6:21 PM, SmashManiac said:

Netrix, can you share the script you're using for bruteforcing?

Also, I just had an idea watching keybounce's stream. There's a few empty chests in the game. I originally thought it was unfinished content, but it is possible it's a hint for the secret room somehow.

Since any in-game script would be incredibly slow and useless for brute forcing, I'm using a C program that uses the same decryption process as the game that I've highly optimized. I can try about 6 million passwords per second, but if the password has special characters, has 8 or more characters, or is more than 3 words in length, it is practically impossible to brute force with current technology. Maybe some day in the future when we have quantum computing it will be possible to break the encryption, but it doesn't look like it will be any time soon. I've been busy recently but maybe at some point I'll package what I have so other people can play with it.

11 hours ago, 0xffe3 said:

So, just played through the game and tried to decrypt secret.lua

I got nothin'.

I'd glad to see this is still active as of last month, though, do you folks have any methods of attack or any progress?

I've just tried brute forcing and various guesses that other people have made.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now