Last night and this morning I spent a little time and figured out how Battle.net's server signatures work.  It's a simple RSA decryption, r = s[sup]k[/sup] % n, where n is a 128-byte constant, k is a 4-byte constant, and s is the 128-byte signature.  See this document for more details:

http://www.javaop.com/~iago/ServerSig.html

Silly blizzard. Good job iago. :)

I.e. it's a RSA signature... Might be good to add that ;)

Yeah, I should. I updated the document:
- Now mentions RSA a couple times
- Now has a sample implementation

And incidentally, this won't help people create pirate servers (that'll work with the actual game client) unless somebody feels like brute-forcing Blizzard's private key :P

[22:33] iago: So if you had every atom in the Universe, and all the time in the Universe, you still couldn't brute force the key :)

You've wasted you time you nub!!!!!! <3

Incidentally, if you're wondering why they pad it with 0xBB, think about this.  As a signed byte, 0xBB is -69.  I think somebody as blizzard has a dirty mind :)

The character &HBB is also the >> symbol.

[quote author=Networks link=topic=10965.msg104626#msg104626 date=1111297068]
[22:33] iago: So if you had every atom in the Universe, and all the time in the Universe, you still couldn't brute force the key :)

You've wasted you time you nub!!!!!! <3
[/quote]

Actually if you had an infinite amount of time, at some point a monkey on a type writer would crack it  :P

0xBB isn't any standard character.  Anything over 0x7F isn't standard.  I still think they like the -69 :)

Lenny -- I didn't say infinite time I said all the time in the Universe.  Something like 50 billion years.

[quote author=Lenny link=topic=10965.msg104642#msg104642 date=1111300735]
[quote author=Networks link=topic=10965.msg104626#msg104626 date=1111297068]
[22:33] iago: So if you had every atom in the Universe, and all the time in the Universe, you still couldn't brute force the key :)

You've wasted you time you nub!!!!!! <3
[/quote]

Actually if you had an infinite amount of time, at some point a monkey on a type writer would crack it  :P
[/quote]

nah...the monkey would die, maybe several billion monkeys.

[quote author=Networks link=topic=10965.msg104685#msg104685 date=1111331343]
nah...the monkey would die, maybe several billion monkeys.
[/quote]

You're thinking way too small.  A billion is nothing when we're talking about 1024-bit encryption. 

I guessed and got it right :D
lmao

[quote author=iago link=topic=10965.msg104686#msg104686 date=1111332342]
[quote author=Networks link=topic=10965.msg104685#msg104685 date=1111331343]
nah...the monkey would die, maybe several billion monkeys.
[/quote]

You're thinking way too small.  A billion is nothing when we're talking about 1024-bit encryption. 
[/quote]

Oh right we went over this 1 billion to the power of 1 billion? (that might be medium)

That's a little too big :P

It's on the order of 10**300 possible keys :P

There I cracked it:
--------------------------------


Oh wait, that was my mom's wedding goblet. Sorry I thought we were tallking about drinking cups.

~Tagban

[shameless plug]
BNCSutil is now capable of verifying server signatures.
[/shameless plug]

[quote author=shadypalm88 link=topic=10965.msg104741#msg104741 date=1111370073]
[shameless plug]
BNCSutil is now capable of verifying server signatures.
[/shameless plug]
[/quote]

[shameless plug]
It was totally because of me:
(15:56:38) iagox86: I have a job for you! :)
(15:56:51) IonWSEric: oh?
(15:56:58) iagox86: You should add the code to authenticate the server's signature to BNCSUtil
(15:57:06) iagox86: the 128-byte signature it sends in 0x50
[/shameless plug]

I take full 100% credit.  So there. :P