Author | Message | Time |
---|---|---|
LockesRabb | SID_AUTH_CHECK Info: [quote](DWORD) Client Token (DWORD) EXE Version (DWORD) EXE Hash (DWORD) Number of keys in this packet (BOOLEAN) Using Spawn (32-bit) For Each Key: (DWORD) Key Length (DWORD) CD key's product value (DWORD) CD key's public value (DWORD) Unknown (0) (DWORD[5]) Hashed Key Data (STRING) Exe Information (STRING) CD Key owner name[/quote] After studying the BNETDocs, I tried to code a 0x51 packet, and got stuck in the process. The Client Token was easy enough, only had to use GetTickCount() API for that one. EXE Version: Does that follow a specific format? And how can this be obtained dynamically without hard-coding it? How is a EXE Hash formatted, and how does one go about hashing an EXE? I'm assuming here that it's the Starcraft.exe that needs to be hashed... (DWORD) Number of keys in this packet Number of keys? As in number of cdkeys, or how many numbers inside the cdkey, or what? For Spawn, can I just do: .INSERTDWORD &H0 'Zero, boolean for false Or does it have to be done another way? | September 12, 2005, 1:25 AM |
l2k-Shadow | Use BNCSUtil Hashing Library to get those values... a vb example source on how to use it is also on the site. [quote](DWORD) Number of keys in this packet Number of keys? As in number of cdkeys, or how many numbers inside the cdkey, or what?[/quote] Yeah, number of cdkeys. 0x00000001 for STAR, SEXP, W2BN, D2DV, WAR3 and 0x00000002 for D2XP and W3XP. [quote] For Spawn, can I just do: .INSERTDWORD &H0 'Zero, boolean for false Or does it have to be done another way?[/quote] that works :) | September 12, 2005, 1:34 AM |
LockesRabb | So, because I'll be only using one cdkey (it being Starcraft), I should just put down: [code].InsertDWORD &H1 'only one cdkey, if two cdkeys, &H2[/code] Right? | September 12, 2005, 1:58 AM |
l2k-Shadow | Right. | September 12, 2005, 1:58 AM |
LockesRabb | Since this is a very sensitive packet to battle.net (high risk of ipban), is there a server I can test the bot on so I won't have to worry about ipban? [Edit: added to avoid double post] Oh and-- how do I know I've gotten IPBanned? Does Battle.net send a packet informing me of ipban before disconnecting? | September 12, 2005, 2:02 AM |
l2k-Shadow | No, it just disconnects you and when you attempt to connect again you'll receive winsock error 10053. | September 12, 2005, 2:16 AM |
LockesRabb | [code] ' Check server signature. If (UseNLS) Then ServerSignature = P.GetFixedString(128) If (Not nls_check_socket_signature(frmMain.WS.SocketHandle, ServerSignature)) Then Disconnect MsgBox "Server signature check failed.", vbExclamation, "Example Bot" End If End If[/code] This section errored out-- says Sub/Function not defined. nls_check_socket_signature() was the one highlighted. I decided to do some checking around, and found out there was not only no sub/function for it which means it's in bncsutil.dll, but the declaration for it also was missing. Do you by any perchance have the declaration for that particular sub? | September 12, 2005, 2:50 AM |
l2k-Shadow | This DL has all of the current declerations. BTW what packet buffer are you using? EDIT: You know, you don't have to use that declare anyway... | September 12, 2005, 3:40 AM |
LockesRabb | I'm using Dark Minion's Packet Buffer class. [quote]What's the “mpqNumber” argument in checkRevision? This is the number in the filename received in 0x50 (SID_AUTH_INFO) that looks like “IX86ver#.mpq”. You can get this number by using the extractMPQNumber function. [/quote] Why does the mpq number matter? | September 12, 2005, 3:42 AM |
shout | [quote author=Kyro link=topic=12781.msg127820#msg127820 date=1126496576] Why does the mpq number matter? [/quote] The MPQ number is which IX86Ver?.dll to emulate. | September 12, 2005, 3:45 AM |
l2k-Shadow | [quote author=Shout link=topic=12781.msg127821#msg127821 date=1126496713] [quote author=Kyro link=topic=12781.msg127820#msg127820 date=1126496576] Why does the mpq number matter? [/quote] The MPQ number is which IX86Ver?.dll to emulate. [/quote] In more understandable words, Battle.net assigns you a .dll file with which to use CheckRevision(). There are 8 dlls and each has it's own unique checksum key. BNCSUtil, however, has all of these 8 checksum keys inside itself, so by the MPQ number, you're telling it which one to use. | September 12, 2005, 3:53 AM |
LockesRabb | Alright, got it. I'm curious about something: [code] ' Check server signature. If (UseNLS) Then ServerSignature = P.GetFixedString(128) If (Not nls_check_socket_signature(frmMain.WS.SocketHandle, ServerSignature)) Then Disconnect MsgBox "Server signature check failed.", vbExclamation, "Example Bot" End If End If[/code] Why check the server signature? | September 12, 2005, 4:05 AM |
l2k-Shadow | I think it's to make sure that the server is authentic bnet server, there is no use for it really. | September 12, 2005, 4:44 AM |
LockesRabb | [code]'SID_AUTH_CHECK Public Sub P0x51(ServerToken As Long, Ix86verfilename As String, ChecksumFormula As String) AddC vbMagenta, "Assembling 0x51 SID_AUTH_CHECK Packet..." Dim ClientToken As Long Dim EXEVersion As Long Dim EXEHash As Long Dim KeyLen As Long Dim CDKeyProductValue As Long Dim CDKeyPublicValue As Long Dim HashedKeyData As Long Dim EXEInformation As String Dim CDKeyOwnerName As String Dim EXEPath As String, DLLPath As String, ThirdPath As String EXEPath = ProgHashPath & ProgFileName DLLPath = ProgHashPath & DLLFileName ThirdPath = ProgHashPath & ThirdFileName ClientToken = GetTickCount() EXEVersion = getExeInfo(EXEPath, EXEInfo) mpqNumber = extractMPQNumber(Ix86verfilename) ' Perform revision check operations. If (checkRevision(ChecksumFormula, EXEPath, DLLPath, ThirdPath, mpqNumber, Checksum) = False) Then DMBot.BNET.Close Call DMBot.BNET_Close AddC vbRed, "CheckRevision failed." Exit Sub End If AddC vbMagenta, "Done." 'Now data for the packet has been gathered, 'begin assembling the packet End Sub[/code] How does that look so far? Any errors? | September 12, 2005, 4:46 AM |
l2k-Shadow | Looks good so far :) | September 12, 2005, 4:58 AM |
LockesRabb | Excellent, I'll begin coding the packet assemblement. Thanks! | September 12, 2005, 5:10 AM |
JoeTheOdd | September 12, 2005, 6:20 AM | |
LockesRabb | TestBNCS Server Checks: Server: joe.x86labs.org Owner: Joe[x86] Status: Nonoperational Notes: Joe[x86] *did* warn it's not a 24/7 server, so he has an excuse. Server: TheHague.Shacknet.nu Owner: Trance Status: Nonoperational Server: 68.39.37.231/usnorth.no-ip.org Owner: Remain Status: Nonoperational Server: Pyroserver.no-ip.org Owner: BNCSFan (Guest) Status: Nonoperational :( | September 12, 2005, 6:47 AM |
JoeTheOdd | Try hdx.no-ip.org | September 12, 2005, 8:15 AM |
LockesRabb | @Joe- hdx.no-ip.org didn't respond to my bot either. Asia, USWest, USEast, Europe all responded to my bot. So I assume hdx.no-ip.org is also nonoperational. @Everyone-- warning- this is a long post. Done coding the C->S 0x51 Packet Sub and the 0x51 handler. Please, if alright with you, look at the sub and tell me if it looks good, and if there's any flaws. If you see any way I can improve on it, I'm always open to suggestions! [code]'SID_AUTH_CHECK Public Sub P0x51(ServerToken As Long, Ix86verfilename As String, ChecksumFormula As String) AddC vbMagenta, "Assembling 0x51 SID_AUTH_CHECK Packet..." Dim ClientToken As Long Dim EXEVersion As Long Dim EXEHash As Long Dim NumberOfKeys As Long Dim KeyLen As Long Dim CDKeyProductValue As Long Dim CDKeyPublicValue As Long Dim HashedKeyData As Long Dim EXEInformation As String Dim CDKeyOwnerName As String Dim EXEPath As String, DLLPath As String, ThirdPath As String EXEPath = ProgHashPath & ProgFileName DLLPath = ProgHashPath & "storm.dll" ThirdPath = ProgHashPath & "battle.snp" ClientToken = GetTickCount() EXEVersion = getExeInfo(EXEPath, EXEInfo) mpqNumber = extractMPQNumber(Ix86verfilename) ' Perform revision check operations. If (checkRevision(ChecksumFormula, EXEPath, DLLPath, ThirdPath, mpqNumber, Checksum) = False) Then DMBot.BNET.Close Call DMBot.BNET_Close AddC vbRed, "CheckRevision failed." Exit Sub End If 'Decode the main CD-key. decoder = kd_create(bnetcdkey, Len(bnetcdkey)) If (decoder = -1) Then DMBot.BNET.Close Call DMBot.BNET_Close AddC vbRed, "Failed to decode your CD-key." Exit Sub End If ' Calculate key hash. HashLength = kd_calculateHash(decoder, ClientToken, ServerToken) If (HashLength = 0) Then DMBot.BNET.Close Call DMBot.BNET_Close AddC vbRed, "Failed to hash your CD-key." Exit Sub End If ' Retrieve key hash. KeyHash = String$(HashLength, vbNullChar) ' Initialize buffer. Call kd_getHash(decoder, KeyHash) AddC vbMagenta, "Done gathering data, finalizing assembly..." 'Now data for the packet has been gathered, 'begin assembling the packet With PacketBuf .InsertDWORD ClientToken 'Client Token .InsertDWORD EXEVersion 'EXE Version .InsertDWORD Checksum 'EXE Hash .InsertDWORD &H1 'only one cdkey, if two cdkeys, &H2 .InsertDWORD &H0 'Spawn = False .InsertDWORD Len(bnetcdkey) 'CDKey Length .InsertDWORD kd_product(decoder) 'CD key's product value .InsertDWORD kd_val1(decoder) 'CD key's public value .InsertDWORD 0 'Unknown, just put zero .InsertNonNTString KeyHash 'Hashed Key Data .InsertString EXEInfo 'EXE Info .InsertString "Don Cullen" 'CDKey owner. .SendPacket DMBot.BNET, &H51 'Send 0x51 packet End With ' Release the key decoder. Call kd_free(decoder) AddC vbMagenta, "0x51 SID_AUTH_CHECK packet sent." End Sub[/code] Also, if you have time, check out my 0x50 and 0x51 response handler and give me your thoughts- I worked all day on those two packets, and would appreciate input on them: [code] Case &H50 AddC vbYellow, "BNET: Gimme your cdkey. And who are you?" Dim LogonType As Long Dim ServerToken As Long Dim UDPValue As Long Dim MPQFileTime As String Dim Ix86verfilename As String Dim ValueString As String LogonType = PktDeBuf.rDWORD ServerToken = PktDeBuf.rDWORD UDPValue = PktDeBuf.rDWORD MPQFileTime = PktDeBuf.rFILETIME(True) Ix86verfilename = PktDeBuf.rNTString ValueString = PktDeBuf.rNTString AddC vbWhite, ValueString If LogonType = &H0 Then AddC vbWhite, "LogonType = STAR/SEXP/D2DV/D2XP" ElseIf LogonType = &H1 Then AddC vbWhite, "LogonType = War3Beta" ElseIf LogonType = &H2 Then AddC vbWhite, "Logon Type = War3" Else AddC vbRed, "Unrecognized logon type var: " & LogonType End If 'Now send 0x51 'Call P0X51(ServerToken, Ix86verfilename, ValueString) AddC vbYellow, "DMBot: There ya go. Happy?" BNETDiscReq = True DMBot.BNET.Close DumpPacket (PacketData) AddC vbWhite, "Forced Disconnect to avoid ipban since we haven't done 0x51 yet." Call DMBot.BNET_Close Exit Sub Case &H51 AddC vbYellow, "BNET: Well..." 'They got authenication info Dim BNETResponse As Long BNETResponse = PktDeBuf.rDWORD Select Case BNETResponse Case &H0 'OK. AddC vbYellow, "BNET: Fine, I'll accept that..." Case &H100 DMBot.BNET.Close AddC vbRed, "BNET: Nope. Jeez, your game version is old! Update it, dude! Bye..." Call DMBot.BNET_Close DumpPacket (PacketData) Exit Sub Case &H101 DMBot.BNET.Close AddC vbRed, "BNET: Nope. Invalid game version. Bye." Call DMBot.BNET_Close DumpPacket (PacketData) Exit Sub Case &H102 DMBot.BNET.Close AddC vbRed, "BNET: Nope. Your game needs to be downgraded. Bye." Call DMBot.BNET_Close DumpPacket (PacketData) Exit Sub Case &H200 DMBot.BNET.Close AddC vbWhite, "BNET: Nope. Invalid CDKey. Bye." Call DMBot.BNET_Close DumpPacket (PacketData) Exit Sub Case &H201 strTMP = rNTString() DMBot.BNET.Close If LenB(strTMP) > 0 Then AddC vbWhite, "BNET: Dude, " & strTMP & "'s using your CDKey! Sorry... Bye." Else AddC vbWhite, "BNET: Dude, someone's using your CDKey! Sorry... Bye." End If DumpPacket (PacketData) Call DMBot.BNET_Close Exit Sub Case &H202 DMBot.BNET.Close AddC vbWhite, "BNET: Dude- that CDKey's banned and ain't welcome to BNET! Bye!" Call DMBot.BNET_Close DumpPacket (PacketData) Exit Sub Case &H203 DMBot.BNET.Close AddC vbWhite, "BNET: LOL dude- that CDKey's for a different game! Heh, bye!" Call DMBot.BNET_Close DumpPacket (PacketData) Exit Sub Case &H210 DMBot.BNET.Close AddC vbWhite, "BNET: Invalid Expansion CDKey! Sorry, ain't letting you in! Bye!" Call DMBot.BNET_Close DumpPacket (PacketData) Exit Sub Case &H211 strTMP = rNTString() DMBot.BNET.Close If LenB(strTMP) > 0 Then AddC vbWhite, "BNET: Dude, " & strTMP & "'s using your Expansion CDKey! Sorry... Bye." Else AddC vbWhite, "BNET: Dude, someone's using your Expansion CDKey! Sorry... Bye." End If DumpPacket (PacketData) Call DMBot.BNET_Close Exit Sub Case &H212 DMBot.BNET.Close AddC vbWhite, "BNET: Dude- that Expansion CDKey's banned and ain't welcome to BNET! Bye!" Call DMBot.BNET_Close DumpPacket (PacketData) Exit Sub Case &H213 DMBot.BNET.Close AddC vbWhite, "BNET: LOL dude- that Expansion CDKey's for a different game! Heh, bye!" Call DMBot.BNET_Close DumpPacket (PacketData) Exit Sub Case CLng("&H" & VerByte) DMBot.BNET.Close AddC vbWhite, "BNET: Nope. Invalid VerByte, never heard of it. Bye." Call DMBot.BNET_Close DumpPacket (PacketData) Exit Sub Case Else DMBot.BNET.Close AddC vbWhite, "BNET: SID_AUTH_CHECK failed for an unknown reason." AddC vbWhite, "BNET: Maybe it's because I don't like you? LOL! Bye..." DumpPacket (PacketData) Call DMBot.BNET_Close Exit Sub End Select[/code] Everything look good? I plan on testing the bot on Asia.Battle.net tomorrow, and if it works, I plan on getting to work on sending and handling the 0x3A packet, and if that goes smoothly, I'll move onto the 0x14 and 0x0A packets. I'll check your posts in response to this first thing after class BEFORE I test bot- I want you guys, if you guys don't mind, to confirm the code looks safe enough to not get me ipbanned before I test it. If you guys are willing to look it over, it'd be much appreciated-- if not, thanks for your time anyway! Thanks to everyone who has helped me to learn so much as to get this far!!! ;D | September 12, 2005, 8:29 AM |
shout | Note on style, you should not use 'P0x51' as a function name, it will make it harder to read and maintain. [quote author=Kyro link=topic=12781.msg127848#msg127848 date=1126513741] [code] AddC vbYellow, "DMBot: There ya go. Happy?" [/code] [/quote] DMBot!? | September 12, 2005, 12:23 PM |
LockesRabb | DM = Demented Minds, DM is abbrev of that. For proof, www.dementedminds.org , and here's the source for a script coded for DM: http://www.doncullen.net/bnetphp.txt . My DM aka is Kyro[DM]. I realize this is confusing, since there's also a DMBot by Dark Minion, so I'm renaming bot to something else, like DementedBot or something. Not sure of name. I left it to DMBot for now, until I get the basic functionalities completed. [Edit: fixed links] As for P0x51, it's easy for me to read, so that isn't really a problem. When I see P0x51, I automatically think Packet 0x51. And besides, I originally wanted: Private Sub 0x51(vars, here) 'yadda yadda End Sub But VB doesn't allow sub/function names to start with numbers. Other than style, do u see any bugs/errors/flaws? I'm going to hit the shower and head out--- gotta catch bus in half hour for college class. Will check back here after class. Thanks for the input so far. | September 12, 2005, 1:10 PM |
HdxBmx27 | My server is up, I sjut took it down cuz after 12 weeks.. without a SINGLE login. It looked kind of pointless. But its back up now for your testing purposes. Have fun. Only thing is, BNLS dosent work for the latest SC patch, Nither does my JBLS server report the correct ver for testBNCS ... but it does for normal BNCS.. I'll look into it tonight ~-~(HDX)~-~ | September 12, 2005, 2:12 PM |
LockesRabb | My bot doesn't use BNLS, so it's no problem. Thanks! That'll let me test my bot without worrying about getting ipbanned for a screw up in coding process... Heh. I just tested my bot on Asia.battle.net, and Europe.battle.net, apparently it works fine without any problems. But if you don't mind, I'd love some input on my code, I'm always looking for ways to improve it... I plan on using your server for testing my bot, you can feel free to shut it off after a few weeks if you want- by then, I should have the basic stuff done, and can relax and not worry about an ipban. Thanks! [Edited to avoid double posting] This might interest you, I just told my bot to connect to hdx.no-ip.org, it connected fine, but my vb program crashed when it tried to send the 0x51 packet. Now get this, I just checked my code to see why- apparently it's setting the socket to hdx.no-ip.org, when it should stay BNET (the name of my winsock is BNET), and the packet ID that it's being told to sent is 81. I'm like, WTH, there shouldn't be a packet 0x81, so I checked my code-- I don't have any 0x81 packet code in there?!? So why is it trying to send that one? I also checked all lines that sent packets- they all correctly state for SendPacket to use the BNET winsock, and also all correctly state the right packet... This is very unusual... What I don't get is, why does it work for asia.battle.net, and europe.battle.net (haven't tested on uswest nor useast- wanted to hold off on that until I'm danged sure my code is safe), but crashes when it tries to connect to hdx.no-ip.org? | September 12, 2005, 2:17 PM |