I’m still trying to figure out the authtoken…. but also working on the stats.

The record data:

3MRWZ0gyumuH4kUwtnVck2idXKbvVwTjWXCek+CYtlgQy8zk+wCGKch5zlZjRddLlAEy
VwJ5C6qPcSqOITNsSGx2M35OA3CAktNrshI2DTBMlDE_ElZGH8JVmbUH7gfOJp9hhC+7
BEC6z1TghszCo+1FM42HUekj4EKceXCFPtowQXBMfuT5AZ7r90pHfI6Ap1+fky6WBg12n
zbf

The key:

raGs+_oQweAPILx1RyCTWFhUMp0XqgZ9S54kdlNY2H3n6VtEbBfD7iJzOucKv8jm

After researching different encryption algorithms, I’m currently thinking this is AES. Why? Because when python’s base64.urlsafe_b64decode is applied to the key string, it becomes 48 bytes. AES encrypt/decrypt engine can be initialized by a 32 byte key and a 16 byte IV. 32+16 = 48. Also, random Google’ing shows me that GameSpy has employed AES in the past for encrypting authtoken in an older game. And consider that GameSpy hasn’t changed much of anything between the old games and newer Wii games.

Here’s some python code I tried. Assume key & record equal the values mentioned above:

import base64
from Crypto.Cipher import AES

secret = base64.urlsafe_b64decode(key) #This results in 48 bytes.

decryptedstats = (AES.new(secret[:32],AES.MODE_CBC,secret[32:])).decrypt(record)

print decryptedstats

This doesn’t yield the results I was looking for, but I’m thinking something like this is the solution. Remember from my previous post, that I am now SURE that key value is correct because removing it prevents the game from decrypting/encrypting the stats correctly. The fact that the results of decoding fit so nicely into the AES engine that GameSpy has used before further keeps me on this path. Also remember from my previous decrypting-stats post, that I know what scores this record string gives me. I expect to find the values 8032, 3214, 2091 and 831 inside the decrypted data. The values might be stores as ascii strings, or as hex(big or little endian).

So yeah… that’s where I’m at here. Now back to hunting for authtoken information.