Author Topic: No Key is Needed to Decrypt AGI.EXE  (Read 749 times)

0 Members and 1 Guest are viewing this topic.

Offline AGKorson

No Key is Needed to Decrypt AGI.EXE
« on: March 26, 2019, 06:34:27 PM »
I was poking around the AGI Wiki, and came across an entry talking about different tools used to decrypt the AGI file in Sierra games. And I'm surprised to see that there a pervasive, mistaken belief that in order to decrypt the file you need a copy of the key from the notorious hidden track of original Sierra disks (either from an original disk, or made available from some other source).

That is NOT TRUE.

The key is already in the encrypted file. The MSDOS executable for AGI includes a large chunk of bytes near the beginning that are all zeros, specifically including from bytes 257 to 384. Since the encryption is a simple XOR function, the corresponding bytes in the encrypted file are exactly the entire key for the third iteration of decryption. To determine the original key, just rotate the value  of those bytes three bits back to the left. You don't need anything other than the encrypted file.

I created a small app that did this years ago. I think I shared it on MegaTokyo, but of course that's long since gone. The app is still available though, and is also bundled with the latest version of WinAGI. It will quickly and easily decrypt any AGI file without needing any original disk or key string.
« Last Edit: March 26, 2019, 06:39:10 PM by AGKorson »



Offline Collector

Re: No Key is Needed to Decrypt AGI.EXE
« Reply #1 on: March 26, 2019, 08:18:43 PM »
Cold Turkey seems to have realized this as his AGI DiskFree Decryptor works with just copies of the contents of the game disks and does not need to read the keydisks themselves.

http://agiwiki.sierrahelp.com/index.php?title=AGI_DiskFree_Decryptor
KQII Remake Pic

Offline AGKorson

Re: No Key is Needed to Decrypt AGI.EXE
« Reply #2 on: March 26, 2019, 09:58:30 PM »
His program stores a copy of the entire key track from the original Sierra disks. The key track was the same on all disks; the offset was the only thing different. His program uses the offset found in the loader (SIERRA.COM) and then gets the key from the stored key data. If you don't have the loader, his program won't work.

But you don't need the loader; everything you need is in the encrypted file itself, as I described above. The tool I wrote will decrypt the AGI file whether you have the loader or not.

Offline Collector

Re: No Key is Needed to Decrypt AGI.EXE
« Reply #3 on: March 26, 2019, 11:08:56 PM »
Add it to the Wiki.
KQII Remake Pic

Offline lskovlun

Re: No Key is Needed to Decrypt AGI.EXE
« Reply #4 on: March 27, 2019, 02:42:04 PM »
Ah, a known plaintext attack. Neat find. I'd have thought the copyright string would be another good candidate, but it's just a bit too short.

Offline Collector

Re: No Key is Needed to Decrypt AGI.EXE
« Reply #5 on: November 16, 2019, 08:20:15 AM »
I stumbled across this again and was wondering if you still have the source for this tool. I would be curious to take a look at it.
KQII Remake Pic

Offline AGKorson

Re: No Key is Needed to Decrypt AGI.EXE
« Reply #6 on: November 17, 2019, 03:12:26 AM »
I stumbled across this again and was wondering if you still have the source for this tool. I would be curious to take a look at it.

Sure thing. Here it is:

It's a VB6 project, but only uses one form, and has no complex objects or controls. Should be pretty straightforward to understand.

Let me know if you have any questions.

Offline Collector

Re: No Key is Needed to Decrypt AGI.EXE
« Reply #7 on: November 17, 2019, 09:25:07 AM »
Thanks
KQII Remake Pic


SMF 2.0.14 | SMF © 2017, Simple Machines
Simple Audio Video Embedder

Page created in 0.094 seconds with 22 queries.