How to add RSA Encryption to Your Server

A tutorial made by GXLXY.

What is RSA encryption?

RSA is one of the first public-key algorithm that is used throughout some RuneScape Private Servers but highly underestimated and not used enough. It is fairly difficult, to crack. RSA is used by JaGex along with the Isaac algorithm.

Why add RSA?

Most RuneScape Private Servers are attacked maliciously by either spam bots, cheat clients, or other forms of software that can completely kill morals. RSA encryption will stop most, if not all of it. The algorithm is also known to stop the sniffing of client data.

How to add RSA?

First of all, you will need to generate public and private keys. Public keys are for server-sided implementation and private keys are for client-sided implementation. If your public keys are leaked, then it defeats the purpose of adding them in the first place. A method use to generate these keys are by using this tool.

Below is the following way to add RSA client sided:

Open Stream.java (other names: JagexBuffer.java, Buffer.java, RSBuffer.java) and find:

	public void doKeys() {
		int i = currentOffset;
		currentOffset = 0;
		byte abyte0[] = new byte[i];
		readBytes(i, 0, abyte0);
		BigInteger biginteger2 = new BigInteger(abyte0);
		BigInteger biginteger3 = biginteger2/* .modPow(biginteger, biginteger1) */;
		byte abyte1[] = biginteger3.toByteArray();
		currentOffset = 0;
		writeByte(abyte1.length);
		writeBytes(abyte1, abyte1.length, 0);
	}

Replace:

		BigInteger biginteger3 = biginteger2/* .modPow(biginteger, biginteger1) */;

With:

		BigInteger biginteger3 = biginteger2.modPow(RSA_EXPONENT, RSA_MODULUS);

Place your RSA public keys at the top of the java file and client-sided is done.

Below is the following way(s) to add RSA server sided:

Open RS2LoginProtocolDecoder (other names: RS2LoginDecoder, LoginDecoder) and find:

						if(loginEncryptPacketSize != (in.get() & 0xff)) {
							System.out.println("Encrypted size mismatch.");
							session.close();
							return false;
						}

Beneath it should be something like:

						if((in.get() & 0xff) != 10) {
							System.out.println("Encrypted id != 10.");
							session.close();
							return false;
						}

Replace that with:

                        byte[] encryptionBytes = new byte[loginEncryptPacketSize];
                        in.get(encryptionBytes);
                        ByteBuffer rsaBuffer = ByteBuffer.wrap(new BigInteger(encryptionBytes)
                                .modPow(RSA_EXPONENT, RSA_MODULUS).toByteArray());
						if((rsaBuffer.get() & 0xff) != 10) {
							System.out.println("Encrypted id != 10.");
							session.close();
							return false;
						}

Then you want to replace every “in” to rsaBuffer, example:

int uid = in.getInt();

To:

int uid = rsaBuffer.getInt();

Last, place your RSA private keys at the top.

Created by -