Cracking Egg, Inc.'s ei_hash_v2 function

[StupidRepo]

Hey! I'm trying to make a server reimplementation for a game called Egg, Inc.

The game has a protobuf message called `AuthenticatedMessage`, which contains a `message` field and a `code` field. In previous versions of the game, the `code` field used a v1 hash (which I have cracked) but the newer versions use an 'ei_hash_v2' function which I have no idea how to reverse-engineer as a) I have limited C++ knowledge and Assembly + Ghidra knowledge b) it's confusing asf. The game doesn't use unity btw, so all stuff is in libegginc.so.

 

When the game sends a message to the server, it expects the server to send an AuthenticatedMessage back with a (I believe) SHA-256 hash of the bytes from the 'message' field, in the 'code' field. Not sure how or where, but the game will also generate a v2 hash from the 'message' field and compared it to the one sent back, discarding the AuthenticatedMessage if it doesn't match. This is why it's crucial to reverse this hash because otherwise the game just ignores invalid responses...

As previously mentioned, the game used to use the old v1 hash which I have already cracked but now it uses v2. If someone could figure out how v2 hashes, and can reimplement it successfully, please let me know how!

 

Game uses Google's pairipcore, so dynamic debugging goes right out of the window unless there is another method.

You can find the latest, or older versions, of the .proto file extracted from the game on this person's GitHub if needed.

 

Figured I'd ask this here as GameGuardian can do memory editing stuff (will try it on Egg, Inc. in a sec to see what I can do)

(Here is a authenticatedmessage serialised to JSON if you're lazy)

{
  "message": { // pretend this was a list instead of an array. idk why it isn't an array.
    "0": 16,
    "1": 68,
    "2": 24,
    "3": 2,
    "4": 34,
    "5": 18,
    "6": 69,
    "7": 73,
    "8": 54,
    "9": 52,
    "10": 56,
    "11": 50,
    "12": 57,
    "13": 49,
    "14": 54,
    "15": 48,
    "16": 54,
    "17": 55,
    "18": 51,
    "19": 55,
    "20": 55,
    "21": 49,
    "22": 53,
    "23": 50,
    "24": 42,
    "25": 16,
    "26": 100,
    "27": 102,
    "28": 50,
    "29": 50,
    "30": 54,
    "31": 57,
    "32": 101,
    "33": 98,
    "34": 56,
    "35": 48,
    "36": 102,
    "37": 48,
    "38": 51,
    "39": 51,
    "40": 100,
    "41": 98,
    "42": 50,
    "43": 0,
    "44": 58,
    "45": 0,
    "46": 66,
    "47": 57,
    "48": 10,
    "49": 18,
    "50": 69,
    "51": 73,
    "52": 54,
    "53": 52,
    "54": 56,
    "55": 50,
    "56": 57,
    "57": 49,
    "58": 54,
    "59": 48,
    "60": 54,
    "61": 55,
    "62": 51,
    "63": 55,
    "64": 55,
    "65": 49,
    "66": 53,
    "67": 50,
    "68": 16,
    "69": 68,
    "70": 26,
    "71": 6,
    "72": 49,
    "73": 46,
    "74": 51,
    "75": 52,
    "76": 46,
    "77": 50,
    "78": 34,
    "79": 6,
    "80": 49,
    "81": 49,
    "82": 49,
    "83": 51,
    "84": 48,
    "85": 49,
    "86": 42,
    "87": 7,
    "88": 65,
    "89": 78,
    "90": 68,
    "91": 82,
    "92": 79,
    "93": 73,
    "94": 68,
    "95": 50,
    "96": 2,
    "97": 71,
    "98": 66,
    "99": 58,
    "100": 2,
    "101": 101,
    "102": 110,
    "103": 64,
    "104": 0
  },
  "code": "5ef1374b6459bac4026fbaf20342be9af4c1f98dde393ce351bd63cab8ca8b36", // this is the v2 hash
  "version": 68
}

Edited March 29 by StupidRepo
clarification