| Author | Message | Time |
|---|---|---|
| iago | Here is a packet log of my attempt to upgrade (I'll post the important packets at the end of this): http://www.javaop.com/~iago/upgrade.txt For some reason, Battle.net doesn't respond to SID_AUTH_ACCOUNTUPGRADEPROOF. Any idea why? Isn't it supposed to send SID_AUTH_ACCOUNTLOGONPROOF back? Here are the important packets: I send SID_AUTH_ACCOUNTLOGON: [code]ff 53 2f 00 3b 5c b4 8a c5 14 19 fc 5b d4 .H.S/.;\......[. 0050 1c 9b 3b ba 99 84 7f ba 2c 8f b1 f9 c3 b5 fe 20 ..;.....,...... 0060 3f ed ea 85 a2 cf 72 6f 6e 69 73 63 6f 6f 6c 32 ?.....roniscool2 0070 00 .[/code] Battle.net tells me to upgrade: [SID_AUTH_ACCOUNTLOGON] [code]ff 53 48 00 05 00 00 00 00 00 00 00 00 00 .w.SH........... 0050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0080 00 00 00 00 00 00 00 00 00 00 ..........[/code] I send it a request to upgrade: [SID_AUTH_ACCOUNTUPGRADE] [code]ff 57 04 00 .K.W..[/code] My request is accepted, and my the server token is provided: [SID_AUTH_ACCOUNTUPGRADE] [code]ff 57 0c 00 00 00 00 00 56 2c db d9 .O.W......V,..[/code] I do the SHA1 as well as calculating s and v, then send them: [SID_AUTH_ACCOUNTUPGRADEPROOF] [code]ff 58 5c 00 9e be 7f 54 cc 8c 47 8e 74 87 .M.X\....T..G.t. 0050 b1 67 75 c9 7f cb 08 75 c4 54 84 5b 5d 98 55 d0 .gu....u.T.[].U. 0060 42 ab 45 6f 71 7f 3d 6a b6 28 d7 fa 9d 48 10 58 B.Eoq.=j.(...H.X 0070 50 c2 04 66 35 6b ce 36 db 2c a0 fc d8 50 35 65 P..f5k.6.,...P5e 0080 da 3c 4b d8 b4 1d 08 36 24 51 64 56 dc 5f 04 2a .<K....6$QdV._.* 0090 3a 1e 6e 95 06 f2 4c bd 43 81 cc de 8e 3c :.n...L.C....<[/code] ..... and get no response. Any clue why? My only thought was that they don't have it implemented, which seems silly.. | February 3, 2006, 12:03 AM |
| Skywing | You experienced this on real Battle.net? On what circumstances? (server, product, ...)? While support for upgrades is implemented on various recent Battle.net clients, the server continues to request that everybody use the old-style logon protocol. I'd be very interested if you've found a case in which the server wants you to perform an actual upgrade. Edit: Looked at your packet log. IIRC, for War3 accounts, the upgrade packets have a meaning other than that the account really needs to be upgraded. I recall somebody else (Spht perhaps?) running into this situation before, but I don't remember what the exact reason was. You might try logging in with the official client to see what it does. I don't have my notes on the War3 handler for that particular message here to check. | February 3, 2006, 12:59 AM |
| iago | I created the account using a bot and SID_CREATEACCOUNT2 and the SHA1 of my password. I did this on all 4 realms, although I don't know the specific servers. When I then connected using a regular login (SID_AUTH_ACCOUNTLOGON) and that account, it gives me the "this account must be upgraded" response. I was doing it as Warcraft 3, when I tried sending SID_AUTH_ACCOUNTLOGON with Starcraft, I was disconnected. I more or less wanted to make sure I implemented it correctly, so it was an contrived situation. You never know when they might move D2 or SC or any of those clients to NLS (unlikely, but who knows?) When I tried with the official client, I got the message, "Warcraft 3 cannot login with that account type" or something similar. It never got past SID_AUTH_ACCOUNTLOGON, it gave up after that point. | February 3, 2006, 2:59 AM |
| Skywing | Ah - I would recommend a local Battle.net server which understands SRP. That was the solution I used for testing it. It also lets you verify it against a Blizzard client as a nice bonus. I'll look into adding a message to enable a "developer mode" on BNLS to always return zero from all randomized calculations in case anyone wants to use it to verify implementations. | February 3, 2006, 3:01 AM |
| JoeTheOdd | [quote]When I tried with the official client, I got the message, "Warcraft 3 cannot login with that account type" or something similar. It never got past SID_AUTH_ACCOUNTLOGON, it gave up after that point. [/quote] Ahem, I was the one who tried with the client =p | February 3, 2006, 3:48 AM |
| iago | [quote author=Skywing link=topic=14113.msg144348#msg144348 date=1138935682] Ah - I would recommend a local Battle.net server which understands SRP. That was the solution I used for testing it. It also lets you verify it against a Blizzard client as a nice bonus. I'll look into adding a message to enable a "developer mode" on BNLS to always return zero from all randomized calculations in case anyone wants to use it to verify implementations. [/quote] I'm actually not sure how the values were derived, it was a friend of mine who did it. But the fact that it matched the change password packet seemed logical enough. And yeah, that would be a neat feature.. although this is the only thing I haven't implemented (besides WoW, but I don't see that as being terribly likely), and I'm reasonably sure it's right :) [quote author=Joe link=topic=14113.msg144349#msg144349 date=1138938497] Ahem, I was the one who tried with the client =p [/quote] True, but that wasn't particularily relevant to the conversation, so I left it out. | February 3, 2006, 4:40 AM |
| HdxBmx27 | [quote author=Skywing link=topic=14113.msg144348#msg144348 date=1138935682] I'll look into adding a message to enable a "developer mode" on BNLS to always return zero from all randomized calculations in case anyone wants to use it to verify implementations. [/quote] Please, this would be a wonderfull feature, All* of my research for Upgrading accounts has come from BNLS considering I have never encountered it in the wild. Addition of such a feature will help me greatly in conferming JBLS compliance with BNLS. ~-~(HDX)~-~ | February 3, 2006, 6:25 AM |
| iago | [quote author=HdxBmx27 link=topic=14113.msg144383#msg144383 date=1138947909] [quote author=Skywing link=topic=14113.msg144348#msg144348 date=1138935682] I'll look into adding a message to enable a "developer mode" on BNLS to always return zero from all randomized calculations in case anyone wants to use it to verify implementations. [/quote] Please, this would be a wonderfull feature, All* of my research for Upgrading accounts has come from BNLS considering I have never encountered it in the wild. Addition of such a feature will help me greatly in conferming JBLS compliance with BNLS. ~-~(HDX)~-~ [/quote] In other words, "Help me write a competitor!" :) | February 3, 2006, 4:08 PM |
| PaiD | I would like to point out that I discovered this some time ago and maybe the other topic might help Click Here | February 3, 2006, 6:16 PM |
| iago | Yeah, you "discovered" it the same way I do it. And for the record, I didn't do it by accident, I figured it out myself :-P And no, it doesn't help, I actually tried doing the upgrade but without success.. :( | February 4, 2006, 12:13 AM |
| Barabajagal | I don't usually bump old topics like this, but is that method (using createaccount2 with war3) still a capability? I'd like to get upgrading implemented in my bot, and need a way to test... | April 15, 2008, 6:34 AM |
| iago | As far as I know, there's no way to test. Back when I was playing with this (and I might have said so in this thread, I don't remember), if you tried logging on with NLS but used the old way to create an account, it would create it and kick you off. If you then tried to log into that using NLS, it would request an upgrade. I don't remember if it was actually possible to upgrade, though. So: - Connect as Warcraft 3 - Create an account the way you would on OLS (SID_CREATEACCOUNT(2?)) - Reconnect as Warcraft 3 - Send SID_AUTH_ACCOUNTLOGON with that username It should send you an upgrade request, if nothing's changed. I vaguely remember that this didn't quite work, but give it a shot. | April 15, 2008, 1:59 PM |
| Barabajagal | Yay, I'm IPBanned from Asia now. Way to go me. | April 15, 2008, 8:13 PM |
| Ribose | [quote author=Andy link=topic=14113.msg177673#msg177673 date=1208241248]I don't usually bump old topics like this, but is that method (using createaccount2 with war3) still a capability? I'd like to get upgrading implemented in my bot, and need a way to test... [/quote]Yea it is; I was just able to do it now (by changing the call to 0x53 to call 0x3D instead, and have it logon immediately after with 0x53 and not 0x3A): [code][Tuesday, April 15, 2008 4:48:06 PM] Welcome to Felbot v1.1 Dev by Joe[x86] and Ribose! [4:48:06 PM] This bot is open source. Feel free to visit the project at: http://code.google.com/p/felbot/. [4:48:06 PM] Profile Ribose.E loaded. [4:48:11 PM] [BNET] Connecting to useast.battle.net.. [4:48:12 PM] [BNET] Connected! [4:48:12 PM] [BNET] SENT BYTE 0x1 [4:48:12 PM] [BNET] SENT PACKET 0x50: 0000 ff 50 3a 00 00 00 00 00 36 38 58 49 33 52 41 57 ÿP:.....68XI3RAW 0010 15 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0020 00 00 00 00 00 00 00 00 55 53 41 00 55 6e 69 74 ........USA.Unit 0030 65 64 20 53 74 61 74 65 73 00 ed States. [4:48:12 PM] [BNET] SENT PACKET 0x25: 0000 ff 25 08 00 13 37 00 00 ÿ%...7.. [4:48:12 PM] [BNET] Requesting logon authorization.. [4:48:12 PM] [BNET] RECIEVED PACKET 0x25: 0000 ff 25 08 00 89 0a 59 83 ÿ%....Y. [4:48:12 PM] [BNET] RECIEVED PACKET 0x50: 0000 ff 50 e7 00 02 00 00 00 81 6a bb c3 7c 43 3a 00 ÿPç......j»Ã|C:. 0010 00 20 58 7d 99 cb c6 01 76 65 72 2d 49 58 38 36 . X}.ËÆ.ver-IX86 0020 2d 31 2e 6d 70 71 00 41 3d 34 30 32 33 38 34 37 -1.mpq.A=4023847 0030 37 37 37 20 42 3d 33 33 36 34 37 32 37 38 32 35 777 B=3364727825 0040 20 43 3d 33 33 35 38 30 30 31 35 31 20 34 20 41 C=335800151 4 A 0050 3d 41 2b 53 20 42 3d 42 5e 43 20 43 3d 43 5e 41 =A+S B=B^C C=C^A 0060 20 41 3d 41 2b 42 00 fd f7 3f 3f e0 15 7d 2d 63 A=A+B.ý÷??à.}-c 0070 2f b8 78 03 5c bf 25 f7 fa b0 e0 6d 92 20 50 76 /¸x.\¿%÷ú°àm. Pv 0080 86 52 cf 9a 69 86 63 a6 91 6b 67 3c 22 66 60 93 .RÏ.i.c¦.kg<"f`. 0090 cc a0 69 54 66 e7 af 49 79 ae 86 dc c3 cb 2d 6c Ì.iTfç¯Iy®.ÜÃË-l 00a0 49 77 e5 ac a9 51 37 52 bf ac 7f 2d 94 4b 61 67 Iw嬩Q7R¿¬.-.Kag 00b0 be ee 01 c5 ad e6 4e fc 1b 31 6a 10 d9 9a 26 f3 .î.ÅæNü.1j.Ù.&ó 00c0 80 0f 8d eb 32 42 8b 38 08 68 5b 6b ea ee 54 ef ...ë2B.8.h[kêîTï 00d0 87 9c 2b f1 b3 f4 21 7f f3 cb 80 3d 35 e7 5d 17 ..+ñ.ô!.óË.=5ç]. 00e0 3b 01 c5 2a 3c 55 4a ;.Å*<UJ [4:48:12 PM] [BNET] Received authorization challenge! [4:48:14 PM] [BNET] SENT PACKET 0x51: 0000 ff 51 64 00 13 37 00 00 9c 19 15 01 7a b6 75 af ÿQd..7......z¶u¯ 0010 01 00 00 00 00 00 00 00 1a 00 00 00 0e 00 00 00 ................ 0020 07 ef 70 00 00 00 00 00 e8 22 4f 91 a4 55 81 ab .ïp.....è"O.¤U.« 0030 81 2d 98 81 cb 51 d9 fb be 7d b3 d6 57 61 72 33 .-..ËQÙû.}.ÖWar3 0040 2e 65 78 65 20 37 2f 31 39 2f 30 37 20 31 38 3a .exe 7/19/07 18: 0050 34 31 3a 31 32 20 34 30 39 36 36 30 00 46 65 6c 41:12 409660.Fel 0060 62 6f 74 00 bot. [4:48:14 PM] [BNET] Answering authorization challenge.. [4:48:15 PM] [BNET] RECIEVED PACKET 0x51: 0000 ff 51 09 00 00 00 00 00 00 ÿQ....... [4:48:15 PM] [BNET] Passed authorization challenge! [4:48:15 PM] [BNET] SENT PACKET 0x53: 0000 ff 53 2f 00 7c b3 96 55 5c 45 c2 83 fd d6 c9 76 ÿS/.|..U\EÂ.ýÖÉv 0010 08 d3 33 0b ea 55 d4 a9 86 d2 06 71 ac 31 ce 04 .Ó3.êUÔ©.Ò.q¬1Î. 0020 3b 0b 34 09 52 69 62 6f 73 65 2d 35 2e 31 00 ;.4.Ribose-5.1. [4:48:15 PM] [BNET] Authenticating with logon credentials.. [4:48:15 PM] [BNET] RECIEVED PACKET 0x53: 0000 ff 53 48 00 05 00 00 00 00 00 00 00 00 00 00 00 ÿSH............. 0010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0040 00 00 00 00 00 00 00 00 ........ [4:48:15 PM] [BNET] Authentication failed. Account requires upgrade! [4:48:15 PM] [BNET] SENT PACKET 0x57: 0000 ff 57 04 00 ÿW.. [4:48:15 PM] [BNET] Attempting to upgrade account.. [4:48:15 PM] [BNET] RECIEVED PACKET 0x57: 0000 ff 57 0c 00 00 00 00 00 e0 49 bf 6f ÿW......àI¿o [4:48:15 PM] [BNET] Upgrade request valid! [4:48:15 PM] [BNET] SENT PACKET 0x58: 0000 ff 58 5c 00 13 37 00 00 d4 1b 32 88 81 aa 3b 69 ÿX\..7..Ô.2..ª;i 0010 64 a1 2b 76 1b ef 14 a2 77 ea 3e bc 8a 88 e4 88 d¡+v.ï.¢wê>...ä. 0020 91 6b 17 fa 83 72 19 24 ef 20 df 9b 7a ef bc 45 .k.ú.r.$ï ß.zï.E 0030 a4 b1 16 25 61 e3 34 d2 d9 43 b7 7d 74 ec ed 30 ¤±.%aã4ÒÙC·}tìí0 0040 98 33 db 82 e6 cd 85 d3 ab c7 42 89 25 7d d8 64 .3Û.æÍ.Ó«ÇB.%}Ød 0050 cd 25 fc fa f7 7b 5e a3 3c 08 fa ea Í%üú÷{^£<.úê [4:48:15 PM] [BNET] Proving account upgrade..[/code] It doesn't respond still. [quote author=Andy link=topic=14113.msg177695#msg177695 date=1208290414] Yay, I'm IPBanned from Asia now. Way to go me. [/quote]I got IP'd a few times, however its not as bad as an IPBan for messing up 0x51 badly. I just tried the account with the client. Here's the client's response: "The account specified is not supported by WarCraft III. Please select 'Create New Account' and choose a new name and password." Great, looks like its not implemented. Don't create your accounts with 0x3D on WarCraft III. :o | April 15, 2008, 8:50 PM |
| Barabajagal | Oh, my IP was cause I sent LogonResponse2 right after createaccount2... And... what do you mean it's not implemented? Only problem I've got is how to generate the ACCOUNTUPGRADEPROOF send packet... I'm trying to use BNLS to figure out exactly what to send it, but every time I send 0x08, I get disconnected. | April 15, 2008, 9:18 PM |
| Ribose | [quote author=Andy link=topic=14113.msg177699#msg177699 date=1208294281] Oh, my IP was cause I sent LogonResponse2 right after createaccount2... And... what do you mean it's not implemented?[/quote] I meant WarCraft III doesn't attempt to upgrade it, so obviously the whole upgrade system doesn't seem to be enabled (so then the Battle.net side not responding wouldn't be surprising). | April 15, 2008, 9:23 PM |
| Barabajagal | Just cause the client doesn't work doesn't mean the server can't do it. Have you tried packet logging to see what the client actually does? | April 15, 2008, 9:32 PM |
| Ribose | [quote author=Andy link=topic=14113.msg177701#msg177701 date=1208295121] Just cause the client doesn't work doesn't mean the server can't do it. Have you tried packet logging to see what the client actually does? [/quote]Since WPE doesn't recognize WarCraft III I can't =[. When I tried Ethereal (someone directed me to it) the installer is corrupt or something. But, I'd assume that WarCraft III just recieves response 0x05 and says oops! and gives me the message box I described. If you have a packet logger that works, link me. :/ Sending 0x58 doesn't IPBan me (my other bot stays online) or give me an error code or simply disconnect me when it's in this format: (DWORD) client token (BYTE[20]) old password hash (BYTE[32]) NLS salt (s) (BYTE[32]) NLS verifier (v) but why wouldn't it respond (iago's question as well). | April 15, 2008, 10:27 PM |
| Barabajagal | Mm.. Then ya, it's probably disabled. Still, I'd like to add support for it. [s]How are the salt and verifier generated? I don't know much of anything about NLS.[/s] Nevermind. Stupid question. And Ethereal's always worked for me... I dunno. | April 15, 2008, 10:33 PM |
| Ribose | [quote author=Andy link=topic=14113.msg177706#msg177706 date=1208298838] Mm.. Then ya, it's probably disabled. Still, I'd like to add support for it. How are the salt and verifier generated? I don't know much of anything about NLS. And Ethereal's always worked for me... I dunno. [/quote] [s]The salt and verifier is the (BYTE[64]) (or (DWORD[16])) that you send in SID_AUTH_ACCOUNTCREATE, or SID_AUTH_ACCOUNTCHANGEPROOF. Looking at BNETDocs' documentation on BNLS, I'd do: [BNLS] C -> S 0x04 BNLS_CREATEACCOUNT (since it appears to return the s + v) [BNLS] S -> C 0x04 (store the 64 bytes) [BNET] C -> S 0x58 (DWORD) Client token (BYTE[20]) old password hash (BYTE[64]) NLS s + v (the 64 bytes)[/s] lol, you answered it yourself before I posted I guess... | April 15, 2008, 11:00 PM |
| Barabajagal | Wait, is it for the new password or the old one? Seems like it should be the new one to me... And just in case anyone else happens to be doing this in the future, here's some easy-to-steal example code: [code]Public Sub SID_Send_AUTH_ACCOUNTUPGRADEPROOF(ByVal SToken As Long) Dim UpNLS As Long Dim BufLen As Long Dim Buffer As String Dim S As String Dim V As String BufLen = &H41 + Len(Config.Username) Buffer = String$(BufLen, vbNullChar) UpNLS = nls_init(UCase$(Config.Username), UCase$(Config.Password)) nls_account_create UpNLS, Buffer, BufLen nls_free UpNLS S = Left$(Buffer, &H20) V = Mid$(Buffer, &H21, &H20) BNCSPacket.ClearOutbound BNCSPacket.InsertDWORD ClientToken BNCSPacket.InsertString DoubleHashPassword(LCase$(Config.Password), ClientToken, SToken) BNCSPacket.InsertString S BNCSPacket.InsertString V AddQueue BNCSPacket.SendBNCSPacket(SID_AUTH_ACCOUNTUPGRADEPROOF) End Sub[/code] | April 15, 2008, 11:04 PM |
| Ribose | [quote author=Andy link=topic=14113.msg177710#msg177710 date=1208300697] And just in case anyone else happens to be doing this in the future, here's some easy-to-steal example code: [code]Public Sub SID_Send_AUTH_ACCOUNTUPGRADEPROOF(ByVal SToken As Long) Dim UpNLS As Long Dim BufLen As Long Dim Buffer As String Dim S As String Dim V As String BufLen = &H41 + Len(Config.Username) Buffer = String$(BufLen, vbNullChar) UpNLS = nls_init(UCase$(Config.Username), UCase$(Config.Password)) nls_account_create UpNLS, Buffer, BufLen nls_free UpNLS S = Left$(Buffer, &H20) V = Mid$(Buffer, &H21, &H20) BNCSPacket.ClearOutbound BNCSPacket.InsertDWORD ClientToken BNCSPacket.InsertString DoubleHashPassword(LCase$(Config.Password), ClientToken, SToken) BNCSPacket.InsertString S BNCSPacket.InsertString V AddQueue BNCSPacket.SendBNCSPacket(SID_AUTH_ACCOUNTUPGRADEPROOF) End Sub[/code] [/quote] Lol... you leave easy-to-steal stuff everywhere. :P And, yea, that's basically my code (except that is VB, and uses BNLS). | April 15, 2008, 11:36 PM |
| Barabajagal | Hmm? It doesn't use BNLS. | April 15, 2008, 11:51 PM |
| iago | iirc, I documented the packet: http://www.javaop.com/~ron/documents/SRP.html Never tested it, but me and Maddox reversed it. | April 16, 2008, 2:06 AM |
| Barabajagal | Might wanna add (for new password) next to s and v for ACCOUNTUPGRADEPROOF then. And it doesn't matter anyway cause the packet isn't responded to... Except maybe on private servers. | April 16, 2008, 2:15 AM |
| Ribose | [quote author=iago link=topic=14113.msg177721#msg177721 date=1208311590] iirc, I documented the packet: http://www.javaop.com/~ron/documents/SRP.html Never tested it, but me and Maddox reversed it. [/quote]Oh, well, it's not documented in BnetDocs (it looks like someone just was too lazy to finish that part/left it with only the server response), and I didn't know where your notes were. :o | April 21, 2008, 1:46 AM |
| Barabajagal | Mm... speaking of Documentation, I think I'll add SID_ACCOUNTUPGRADEPROOF C>S to Bnetdocs.org. | April 21, 2008, 2:38 AM |