(TimeAttack)Nexon's Cert with revoke list(Valid until 6/9/11)

[xx404xx]

To be honest all of the key's to nexon's castle *should* have been found AGES ago,But i guess all the the injector/dll Hack's delayed the interest in something like this.

Btw just to let you all know,there's also a nice little buffer overflow in the wild for more than 1 nexon game ATM.(Has to do with NXMESSENGER VULNERABILITIES APPARENTLY)

So here i am announcing the start of a new project ill be working on,kicking it off with (The release of the file attached) ,not finished yet,And for any one wishing to have a pwn off,here is the only rule to this contest, you have to defeat the encryption itself(Not PWN it with an Overflow/Exploit/Bypass).

You have all of 14 day's to obtain all of the proper Signing Key's/Info .If someone does this successfully They can sign there own REVOKE LIST, allowing the whitelisting/de-whitelisting of even Nexon's own key pair to stop them from running there arb. code at login,so we can be sure no ban's will result from this.If we find the trusted key's before they are revoked we can sign are own revoke list, the nexon TRUSTED CONTENT system will be BROKEN FOREVER when this happen's(AKA:NO EASY SOLUTION FOR NEXON THIS TIME)

The valid cert is attached to this thread for those wishing to download it.

In order to even have a chance at using this you'll need the Nexon Algorithm's,that is posted in my threadhttps://www.mpgh.net/forum/207-combat...blic-keys.html

//Some Important key's regarding the CRYPTO/ALGO of content(Used in the cert system)

KeyID=97 d0 6b a8 26 70 c8 a1 3f 94 1f 08 2d c4 35 9b a4 a1 1e f2

Signature Algo=sha1RSA

Signature Hash Algo=sha1

This cert is only active for another 14 day's,but go ahead and have a look around anyway.Provide's the revoke list for C.A. So now you can check if it's revoked.The new cert will likely be issued on or after September 6th,the last day the cert i posted is valid.It will expire on September 6 4:00:02 AM.

https://www.virustotal.com/file-scan/...c63-1314121093

If anyone has any question's feel free to contact me Via Pm/This Thread.

[[MPGH]Disturbed]

File is clean.

[Obama]

File is clean.

Can you be trusted?

[xx404xx]

I can also confirm that this is clean.....It's a cert file,you still need the stuff from the key's/algo's thread,and it's certainly not complete.The real problem here is we go back to square one on reversing as soon as this key pair Usage Period expire's,But if you find the key before it's revoked,we can write are own white list to tell NEXON to disable it's own protection.This is the "Fail",and there's actually not even that much work needed to be done to get this "Fail" Running ATM. Basically all you need to do is change your Key to a value you know,and then customize them sig's to your custom one's,then accordingly revoke NEXON'S most recent/older Signing key .Using an undisclosed white list exploit ANYONE with proper knowledge/Revering of VERISIGN can sign a 100% "VALID" cert,Current problem is that we do not have the "Master" key so we cant sign the thing's that would have to replace the shit we revoke.Any idea's?

PS:Hint:You would have to build your Own Nexon client by reversing C.A's functionality,building,then resign your client with there key's-your patched key's.

[.::SCHiM::.]

there's also a nice little buffer overflow in the wild for more than 1 nexon game ATM.(Has to do with NXMESSENGER VULNERABILITIES APPARENTLY)

outb4:msf> (/pentest/windows/games/NXMESSENGER)

Unless it's only local ;)

[Reimy]

-.-' that's clean??

[_Fk127_]

-.-' that's clean??

Yeah, it is clean, I downloaded it.
@Reimy

[Xlilzoosk8rX]

hmm,
this is really fucking hard XP
i got like 2 lines in an hour
i dont think that just one person alone can do this in 14 days,
there should be a team for this, ill gladly join it and help

[JustinFatalx]

Seems this died...

[silentkoga]

I don't really understand what the point of this thread is... What exactly is this for? can someone please explain that to me?

[-Bl00d-]

I don't really understand what the point of this thread is... What exactly is this for? can someone please explain that to me?

to build private servers to play on mostly

[silentkoga]

to build private servers to play on mostly

how would you go about doing this? and what exactly can you do thats different?