Reputation: 1
Decrypting UDP Packets from Game with Known Key
I'm trying to decrypt UDP packets for a multiplayer video game. When loading into a game session, a DTLS handshake occurs where, in Wireshark, I usually see the Client and Server agree on ChaCha20 Poly1305 encryption. The game actually live logs a "key" in a log file, which is 32 bytes long hex-coded, along with an HMAC and IV. At this point I'm not sure what to do. I tried decrypting individual messages in Python with some cryptography libraries but I realized that might be silly upon learning DTLS, or at least TLS packets, cannot be decrypted independently. I know I can possibly have Wireshark point to a file or add a key to live decrypt something, but have not had luck doing so. I started this process from basically no knowledge on internet security protocols or cryptography and have learned a lot but am at a standstill, and just want to make sure I'm not far off-base here.
Wireshark screenshot of handshake
Upvotes: 0
Views: 2463
Answers (1)
Reputation: 1858
It depends on what the game is actually writing to the file. Wireshark has support for decrypting TLS/DTLS using the RSA private key, the premaster secret or master secret. If the log file contains the premaster or master secret, then you should be able to shoe-horn it into wireshark, and decrypt the stream from there.
If it isn't, then you'll need to work out what it actually is first, and then it's a bit more of a manual job to get at the data.
Upvotes: 0
Related Questions
- Decrypting QUIC UDP Payloads in Wireshark
- Decrypt TLS traffic from mobile application
- Decrypting SSL/TLS traffic from a app with Wireshark
- Getting coordinates of pellets in a browser-game (data from UDP) - wireshark
- How to distinguish a DTLS packet from TCP, UDP packet
- Decrypt TLS (Diffie–Hellman) messages using Wireshark?
- DTLS implementation in UDP broadcast
- Sending encrypted data with UDP - Openssl c++
- Suggestions on decoding the UDP packets
- UDP packet encryption