Reverse Engineering BlackCipher
Author: f-ve
The goal of rebecca is to look at how BlackCipher functions. This is an opened source project to create a transparency of BlackCipher. Any exploits on bypassing BlackCipher will be documented for the greater good of the community in the /notes/ folder. Exploits gathered will help prevent third parties from profiting from open source information. The project here uses the GNU License. Any usage found not agreeing to these standards are in violation.
(GNU GPL or GPL) is a widely used free software license, which guarantees end users the freedom to run, study, share and modify the software. The license was originally written by Richard Stallman of the Free Software Foundation (FSF) for the GNU Project, and grants the recipients of a computer program the rights of the Free Software Definition. The GPL is a copyleft license, which means that derivative work can only be distributed under the same license terms. This is in distinction to permissive free software licenses, of which the BSD licenses and the MIT License are widely used examples. GPL was the first copyleft license for general use.
BlackCipher is the new anti hack security application developed by Nexon. After, ditching HackShield, Nexon has been looking at following Webzen's model of publishing XignCode. Nexon decided to make their own version, Nexon Game Security. NGS, or better known as BlackCipher however, like XignCode, is a threat to personal privacy while gaming. BlackCipher while running, can be seen scanning, logging, and sending notes about anything you are doing on your computer to Nexon's servers. It will log ip addresses, workgroups, windows versions, passwords, network credentials, hardware, hosts, libraries, current tabs in browsers, windows dialog, files, and more.
An intrusive logging system is however a bad idea. BlackCipher uses Crypto++'s RSA to encrypt files and communications. Hijacking a target application with Crypto++ RSA can be seen in my other project captain-hook. The dangers of this security is stealing logs and data collected by BlackCipher. It is possible for malicious threat groups in the hacking and gaming communities to start appearing and terrorizing the communities. Popular sites like (gamersoul.com, gamekiller.net) could gather a large amount of information about clients computers in a illegal manner to gain additional profits from users in the game.