Cryptography
This article explains the cryptography present in GTA SA & IV.
Contents
GTA San Andreas
Hashing Algorithms
CRC32
San Andreas only uses the JAMCRC variation of the original CRC32 hashing algorithm. In JAMCRC bits of the final result are not inverted. It is mainly used for fast string comparison throughout the whole executable and also for GXT keys to speed up the binary search at runtime.
The original C++ implementation of GTA SA's CRC32 hashing algorithm class can be displayed as follows:
class CKeyGen
{
private:
// Precalculated table of 256 CRC32 hash keys computed according to the polynomial 0xEDB88320.
static const unsigned int keyTable[] = // 0x008CD068
{
0x00000000, 0x77073096, 0xEE0E612C, 0x990951BA, 0x076DC419, 0x706AF48F, 0xE963A535, 0x9E6495A3,
0x0EDB8832, 0x79DCB8A4, 0xE0D5E91E, 0x97D2D988, 0x09B64C2B, 0x7EB17CBD, 0xE7B82D07, 0x90BF1D91,
0x1DB71064, 0x6AB020F2, 0xF3B97148, 0x84BE41DE, 0x1ADAD47D, 0x6DDDE4EB, 0xF4D4B551, 0x83D385C7,
0x136C9856, 0x646BA8C0, 0xFD62F97A, 0x8A65C9EC, 0x14015C4F, 0x63066CD9, 0xFA0F3D63, 0x8D080DF5,
0x3B6E20C8, 0x4C69105E, 0xD56041E4, 0xA2677172, 0x3C03E4D1, 0x4B04D447, 0xD20D85FD, 0xA50AB56B,
0x35B5A8FA, 0x42B2986C, 0xDBBBC9D6, 0xACBCF940, 0x32D86CE3, 0x45DF5C75, 0xDCD60DCF, 0xABD13D59,
0x26D930AC, 0x51DE003A, 0xC8D75180, 0xBFD06116, 0x21B4F4B5, 0x56B3C423, 0xCFBA9599, 0xB8BDA50F,
0x2802B89E, 0x5F058808, 0xC60CD9B2, 0xB10BE924, 0x2F6F7C87, 0x58684C11, 0xC1611DAB, 0xB6662D3D,
0x76DC4190, 0x01DB7106, 0x98D220BC, 0xEFD5102A, 0x71B18589, 0x06B6B51F, 0x9FBFE4A5, 0xE8B8D433,
0x7807C9A2, 0x0F00F934, 0x9609A88E, 0xE10E9818, 0x7F6A0DBB, 0x086D3D2D, 0x91646C97, 0xE6635C01,
0x6B6B51F4, 0x1C6C6162, 0x856530D8, 0xF262004E, 0x6C0695ED, 0x1B01A57B, 0x8208F4C1, 0xF50FC457,
0x65B0D9C6, 0x12B7E950, 0x8BBEB8EA, 0xFCB9887C, 0x62DD1DDF, 0x15DA2D49, 0x8CD37CF3, 0xFBD44C65,
0x4DB26158, 0x3AB551CE, 0xA3BC0074, 0xD4BB30E2, 0x4ADFA541, 0x3DD895D7, 0xA4D1C46D, 0xD3D6F4FB,
0x4369E96A, 0x346ED9FC, 0xAD678846, 0xDA60B8D0, 0x44042D73, 0x33031DE5, 0xAA0A4C5F, 0xDD0D7CC9,
0x5005713C, 0x270241AA, 0xBE0B1010, 0xC90C2086, 0x5768B525, 0x206F85B3, 0xB966D409, 0xCE61E49F,
0x5EDEF90E, 0x29D9C998, 0xB0D09822, 0xC7D7A8B4, 0x59B33D17, 0x2EB40D81, 0xB7BD5C3B, 0xC0BA6CAD,
0xEDB88320, 0x9ABFB3B6, 0x03B6E20C, 0x74B1D29A, 0xEAD54739, 0x9DD277AF, 0x04DB2615, 0x73DC1683,
0xE3630B12, 0x94643B84, 0x0D6D6A3E, 0x7A6A5AA8, 0xE40ECF0B, 0x9309FF9D, 0x0A00AE27, 0x7D079EB1,
0xF00F9344, 0x8708A3D2, 0x1E01F268, 0x6906C2FE, 0xF762575D, 0x806567CB, 0x196C3671, 0x6E6B06E7,
0xFED41B76, 0x89D32BE0, 0x10DA7A5A, 0x67DD4ACC, 0xF9B9DF6F, 0x8EBEEFF9, 0x17B7BE43, 0x60B08ED5,
0xD6D6A3E8, 0xA1D1937E, 0x38D8C2C4, 0x4FDFF252, 0xD1BB67F1, 0xA6BC5767, 0x3FB506DD, 0x48B2364B,
0xD80D2BDA, 0xAF0A1B4C, 0x36034AF6, 0x41047A60, 0xDF60EFC3, 0xA867DF55, 0x316E8EEF, 0x4669BE79,
0xCB61B38C, 0xBC66831A, 0x256FD2A0, 0x5268E236, 0xCC0C7795, 0xBB0B4703, 0x220216B9, 0x5505262F,
0xC5BA3BBE, 0xB2BD0B28, 0x2BB45A92, 0x5CB36A04, 0xC2D7FFA7, 0xB5D0CF31, 0x2CD99E8B, 0x5BDEAE1D,
0x9B64C2B0, 0xEC63F226, 0x756AA39C, 0x026D930A, 0x9C0906A9, 0xEB0E363F, 0x72076785, 0x05005713,
0x95BF4A82, 0xE2B87A14, 0x7BB12BAE, 0x0CB61B38, 0x92D28E9B, 0xE5D5BE0D, 0x7CDCEFB7, 0x0BDBDF21,
0x86D3D2D4, 0xF1D4E242, 0x68DDB3F8, 0x1FDA836E, 0x81BE16CD, 0xF6B9265B, 0x6FB077E1, 0x18B74777,
0x88085AE6, 0xFF0F6A70, 0x66063BCA, 0x11010B5C, 0x8F659EFF, 0xF862AE69, 0x616BFFD3, 0x166CCF45,
0xA00AE278, 0xD70DD2EE, 0x4E048354, 0x3903B3C2, 0xA7672661, 0xD06016F7, 0x4969474D, 0x3E6E77DB,
0xAED16A4A, 0xD9D65ADC, 0x40DF0B66, 0x37D83BF0, 0xA9BCAE53, 0xDEBB9EC5, 0x47B2CF7F, 0x30B5FFE9,
0xBDBDF21C, 0xCABAC28A, 0x53B39330, 0x24B4A3A6, 0xBAD03605, 0xCDD70693, 0x54DE5729, 0x23D967BF,
0xB3667A2E, 0xC4614AB8, 0x5D681B02, 0x2A6F2B94, 0xB40BBE37, 0xC30C8EA1, 0x5A05DF1B, 0x2D02EF8D
};
public:
// Hash a string till the specified number of characters.
static unsigned int GetKey(const char *pString, int iSize) // 0x0053CED0
{
unsigned int uiHash = 0xFFFFFFFF;
for(int i = 0; i < iSize; i++)
uiHash = keyTable[(unsigned char)uiHash ^ *pString++] ^ (uiHash >> 8);
return uiHash;
}
// Hash a string till a null-terminator is found.
static unsigned int GetKey(const char *pString) // 0x0053CF00
{
unsigned int uiHash = 0xFFFFFFFF;
while(*pString)
uiHash = keyTable[(unsigned char)uiHash ^ *pString++] ^ (uiHash >> 8);
return uiHash;
}
// Hash a string till a null-terminator is found by converting lowercase characters to uppercase.
static unsigned int GetUppercaseKey(const char *pString) // 0x0053CF30
{
unsigned int uiHash = 0xFFFFFFFF;
while(*pString)
uiHash = keyTable[(unsigned char)uiHash ^ toupper(*pString++)] ^ (uiHash >> 8);
return uiHash;
}
// Append a string to the hash key of a previously hashed string.
static unsigned int AppendStringToKey(unsigned int uiHash, const char *pString) // 0x0053CF70
{
while(*pString)
uiHash = keyTable[(unsigned char)uiHash ^ *pString++] ^ (uiHash >> 8);
return uiHash;
}
};
GTA IV
Hashing Algorithms
GTA IV relies on many different hash algorithms work its operation, each for a different purpose. GTA IV's new usage of hashing has allowed it to explore a more binary focused way of hiding data in files, and strings away from plain sight.
SHA1
The SHA1 hashing algorithm is used when comparing the files in versions 1.0 and 1.0.1. This check was later removed in 1.0.2.
This section is incomplete. You can help by fixing and expanding it.
CRC32
The Cyclic Redundancy Check 32 bit hashing algorithm is used in the GXT file to match text codes with their counterparts. A C++ implementation of GTA IV's CRC32 hashing algorithm can be displayed as follows:
unsigned int CRC32(char* text)
{
size_t textLen = strlen(text);
int i = 0;
unsigned int retHash = 0;
if(text[0] == '"')
i = 1;
for(i;i<textLen;i++)
{
char ctext = text[i];
if(ctext == '"')
break;
if(ctext - 65 > 25)
{
if(ctext == '\\')
ctext = '/';
}
else ctext += 32;
retHash = (1025 * (retHash + ctext) >> 6) ^ 1025 * (retHash + ctext);
}
return 32769 * (9 * retHash ^ (9 * retHash >> 11));
}
As you can see it differs from most common hashing algorithms in the way it handles text (by not including " or \ characters). Also usually entry name strings in GXT text archives are stored in upper case, so it may be useful to convert them before creating the hash.
One At A Time Hash
The One At A Time hashing function was originally created by Bob Jenkins. A C++ implementation can be found here and at Wikipedia.
unsigned int oneAtATimeHash(char* inpStr)
{
unsigned int value = 0,temp = 0;
for(size_t i=0;i<strlen(inpStr);i++)
{
char ctext = tolower(inpStr[i]);
temp = hashchr;
temp += value;
value = temp << 10;
temp += value;
value = temp >> 6;
value ^= temp;
}
temp = value << 3;
temp += value;
unsigned int temp2 = temp >> 11;
temp = temp2 ^ temp;
temp2 = temp << 15;
value = temp2 + temp;
if(value < 2) value += 2;
return value;
}
A JavaScript implementation can be run without special tools in a web browser's console.
function oneAtATimeHash(key) {
var hash = 0;
for (var i = 0; i < key.length; ++i) {
hash += key.charCodeAt(i);
hash += (hash << 10);
hash ^= (hash >>> 6);
}
hash += (hash << 3);
hash ^= (hash >>> 11);
hash += (hash << 15);
return (hash >>> 0).toString(16);
}
Encryption Algorithms
AES
The encryption algorithm used for RPF, IMG and SCO files is the Advanced Encryption Standard (AES) in the following configuration:
- block size: 128 bit (16 byte)
- key size: 256 bit (32 byte)
- cypher mode: electronic code book (ECB)
- repetitions: 16 times
That means all encrypted data (the cyphertext) can be split up into 16 byte blocks and decrypted independently. Decryption is done by executing the AES-128 decrypt routine 16x on each data block. If the last block is smaller than 16 byte, it is left unencrypted in Rockstar's archives.
Key
The 256 bit key necessary to decrypt the cyphertext can be retrieved from gtaiv.exe
at the following file offsets:
Game Version | Offset |
---|---|
1.0 US | 0xA94204 |
1.0.1 US | 0xB607C4 |
1.0.2 US | 0xB56BC4 |
1.0.3 US | 0xB75C9C |
1.0.4 US | 0xB7AEF4 |
1.0.6 US | 0xBE6540 |
1.0.7 US | 0xBE7540 |
1.0.0.1 RUS | 0xB5B65C |
1.0.1.1 RUS | 0xB569F4 |
And from eflc.exe
:
Game Version | Offset |
---|---|
1.1.1 US | 0xC705E0 |
1.1.2 US | 0xBEF028 |
The key is the same for all game versions on all platforms (PC, XBOX 360, PS3). You may want to use the following SHA1 hash to verify the correctness of the retrieved key:
DE A3 75 EF 1E 6E F2 22 3A 12 21 C2 C5 75 C4 7B F1 7E FA 5E
NOTE: This is not the cypher key! ^
It is recommended to leave modified archives unencrypted.
Example
Program code to decrypt data from GTA IV could look like this:
AES_set_decrypt_key(key, 256, context);
for (int i = 0; i < (int) (data_size/16); i++) {
void *p = (void *) (data_offset + i*16); // the pointer to the current block
for (int j = 1; j <= 16; j++) // 16 (pointless) repetitions
AES_decrypt_block(p, p, context);
}
See also: Decryption routine in SparkIV (C#, GPL)
Legal Issues
[1] Since the United States complying with WIPO treaties, they created the Digital Millenium Copyright Act in order to bring their copyright laws up to date in the emerging digital world. A key point in this act is the Anti-cirumvention clauses which tell us that it is against the law to break copyright protection mechanisms (even if it is for legal purposes). The MPAA have used this power in the past to sue the makers of De-CSS (The copy protection scheme used in early DVD's). The AES Key that Rockstar used in GTA IV is technically an anti-circumvention measure and so cannot be posted here lest GTAMods Wiki be subject to legal ramifications. However since it is available in GTA IV's own binary a lot of people have just read it directly out of the actual executable (the offsets are posted in the section above). This doesn't only apply to people in the United States though, plenty of other countries have made their own legislation to the same effect, and many others have signed Free Trade Agreements with the United States that shoehorn the necessary DMCA provisions into the countries own legislation. Countries that have taken part in Free Trade Agreements include Australia, South Korea and The United Kingdom.
Although other laws contradict this. For example in most countries reverse engineering for the purpose of interoperability (what most people who use the key try to achieve) transcends the anti-circumvention measures proposed by the DMCA. Although the legal issue still remains unclear most modders and site owners choose to be on the side of caution.
External links
Links to detailed explanations of the several hash and encryption algorithms on wikipedia:
Grand Theft Auto IV | |
---|---|
File Formats | .dat • .gxt • .ide • .img • .ipl • .nod • .sco • .rpf • .rrr • .wad • .wbd/.wbn • .wdd • .wdr • .wft • .whm • .wpl • .wtd |
Documentation | Audio • Bink Video • Cryptography • Cutscenes • GXT Text • Image listing • Keycodes • Map Listing • Native functions • Paths • Radar Blips • Radio Stations • Saves • Scenarios • VTable • Weapons |
Tools | ASI Loader • ENBSeries • G-Texture • GIMS IV • Ingame WPL Editor • IV Needle • OpenIV • SparkIV • XLiveLess • WPL Manager • X Mod Installer Alice • C++ Script Hook • .NET Script Hook • Scocl |
Tutorials | Importing Textures with OpenIV • Importing Textures with SparkIV |
Modifications | GTA Connected • Gostown IV • Four Multiplayer • IV Multiplayer • CitizenMP:IV Reloaded |
Useful links | Community portal • Discussion forums • Modding forums • Mods on GTAGarage.com |