| Author | Message | Time |
|---|---|---|
| Jaquio | Alright, as I said in another post I went through and re-did all my packets since I had a new class that would make it easier. Because I was using stuff like.. "Mid(Data, blah, blah)" the blahs were not numbers not actual blahs. :P Anyways, Hdx had given me a class with removedword and such. So I re-did my packets using them, however after doing so my 0x3E quit working for some reason.. Could someone tell me exactly what is wrong with this.. [code] 1 70.106.238.227:1352 63.161.183.205:9367 17 Send 0000 11 00 0E 4A 61 71 20 42 6F 74 20 76 31 2E 30 30 ...Jaq Bot v1.00 0010 00 . 2 63.161.183.205:9367 70.106.238.227:1352 7 Recv 0000 07 00 0E 73 32 EF C2 ...s2.. 3 70.106.238.227:1352 63.161.183.205:9367 7 Send 0000 07 00 0F 37 17 56 D7 ...7.V. 4 63.161.183.205:9367 70.106.238.227:1352 7 Recv 0000 07 00 0F 01 00 00 00 ....... 5 70.106.238.227:1352 63.161.183.205:9367 7 Send 0000 07 00 10 04 00 00 00 ....... 6 63.161.183.205:9367 70.106.238.227:1352 11 Recv 0000 0B 00 10 04 00 00 00 0B 00 00 00 ........... 7 70.106.238.227:1353 63.241.83.109:6112 59 Send 0000 01 FF 50 3A 00 00 00 00 00 36 38 58 49 56 44 32 ..P:.....68XIVD2 0010 44 0B 00 00 00 00 00 00 00 00 00 00 00 80 04 00 D............... 0020 00 33 10 00 00 33 10 00 00 55 53 41 00 55 6E 69 .3...3...USA.Uni 0030 74 65 64 20 53 74 61 74 65 73 00 ted States. 8 63.241.83.109:6112 70.106.238.227:1353 8 Recv 0000 FF 25 08 00 3F 45 2F CC .%..?E/. 9 63.241.83.109:6112 70.106.238.227:1353 99 Recv 0000 FF 50 63 00 00 00 00 00 F1 21 0F 2A 2B 80 0E 00 .Pc......!.*+... 0010 00 AC 41 43 25 0B C5 01 49 58 38 36 76 65 72 35 ..AC%...IX86ver5 0020 2E 6D 70 71 00 41 3D 32 36 34 34 33 38 36 37 36 .mpq.A=264438676 0030 20 42 3D 38 39 35 34 37 37 39 35 39 20 43 3D 32 B=895477959 C=2 0040 37 36 33 34 36 36 36 36 20 34 20 41 3D 41 5E 53 76346666 4 A=A^S 0050 20 42 3D 42 2B 43 20 43 3D 43 5E 41 20 41 3D 41 B=B+C C=C^A A=A 0060 5E 42 00 ^B. 10 70.106.238.227:1352 63.161.183.205:9367 73 Send 0000 49 00 09 04 00 00 00 05 00 00 00 41 3D 32 36 34 I..........A=264 0010 34 33 38 36 37 36 20 42 3D 38 39 35 34 37 37 39 438676 B=8954779 0020 35 39 20 43 3D 32 37 36 33 34 36 36 36 36 20 34 59 C=276346666 4 0030 20 41 3D 41 5E 53 20 42 3D 42 2B 43 20 43 3D 43 A=A^S B=B+C C=C 0040 5E 41 20 41 3D 41 5E 42 00 ^A A=A^B. 11 63.161.183.205:9367 70.106.238.227:1352 50 Recv 0000 32 00 09 01 00 00 00 00 0B 00 01 83 62 5A 7F 47 2...........bZ.G 0010 61 6D 65 2E 65 78 65 20 30 38 2F 31 37 2F 30 35 ame.exe 08/17/05 0020 20 30 31 3A 31 31 3A 34 33 20 32 31 32 35 38 32 01:11:43 212582 0030 34 00 4. 14 70.106.238.227:1353 63.241.83.109:6112 110 Send 0000 FF 25 08 00 00 00 00 00 FF 51 66 00 30 D1 E4 3D .%.......Qf.0..= 0010 00 0B 00 01 83 62 5A 7F 01 00 00 00 00 00 00 00 .....bZ......... 0020 10 00 00 00 06 00 00 00 08 7B C1 00 00 00 00 00 .........{...... 0030 89 1E 5A 9A 50 3A 20 AD 94 8F 91 E7 4C F6 2D C9 ..Z.P: .....L.-. 0040 7A DC EA B5 47 61 6D 65 2E 65 78 65 20 30 38 2F z...Game.exe 08/ 0050 31 37 2F 30 35 20 30 31 3A 31 31 3A 34 33 20 32 17/05 01:11:43 2 0060 31 32 35 38 32 34 00 4A 61 71 75 69 6F 00 125824.Jaquio. 15 63.241.83.109:6112 70.106.238.227:1353 9 Recv 0000 FF 51 09 00 00 00 00 00 00 .Q....... 16 70.106.238.227:1352 63.161.183.205:9367 28 Send 0000 1C 00 0B 09 00 00 00 02 00 00 00 XX XX XX XX XX ...........XXXXX 0010 XX XX XX XX 30 D1 E4 3D F1 21 0F 2A XXXX0..=.!.* 17 63.161.183.205:9367 70.106.238.227:1352 23 Recv 0000 17 00 0B D7 1B 2F 36 58 8B DC 81 DC 6A 9D E4 70 ...../6X....j..p 0010 E1 71 D3 67 4D 41 79 .q.gMAy 18 70.106.238.227:1353 63.241.83.109:6112 51 Send 0000 FF 14 08 00 74 65 6E 62 FF 2D 04 00 FF 3A 27 00 ....tenb.-...:'. 0010 30 D1 E4 3D F1 21 0F 2A D7 1B 2F 36 58 8B DC 81 0..=.!.*../6X... 0020 DC 6A 9D E4 70 E1 71 D3 67 4D 41 79 4A 61 71 75 .j..p.q.gMAyJaqu 0030 69 6F 00 io. 19 63.241.83.109:6112 70.106.238.227:1353 22 Recv 0000 FF 2D 16 00 00 08 16 BF E9 50 C3 01 69 63 6F 6E .-.......P..icon 0010 73 2E 62 6E 69 00 s.bni. 20 63.241.83.109:6112 70.106.238.227:1353 8 Recv 0000 FF 3A 08 00 00 00 00 00 .:...... 21 70.106.238.227:1353 63.241.83.109:6112 4 Send 0000 FF 40 04 00 .@.. 22 63.241.83.109:6112 70.106.238.227:1353 51 Recv 0000 FF 40 33 00 00 00 00 00 01 00 00 00 01 00 00 00 .@3............. 0010 55 53 57 65 73 74 00 52 65 61 6C 6D 20 66 6F 72 USWest.Realm for 0020 20 74 68 65 20 55 53 20 57 65 73 74 20 43 6F 61 the US West Coa 0030 73 74 00 st. 23 70.106.238.227:1352 63.161.183.205:9367 27 Send 0000 1B 00 0B 08 00 00 00 02 00 00 00 70 61 73 73 77 ...........passw 0010 6F 72 64 30 D1 E4 3D F1 21 0F 2A ord0..=.!.* 24 63.161.183.205:9367 70.106.238.227:1352 23 Recv 0000 17 00 0B 30 17 F9 02 8E 0F 2F 3A 98 E4 5C A9 30 ...0...../:..\.0 0010 D7 53 C3 31 44 31 5D .S.1D1] 25 70.106.238.227:1353 63.241.83.109:6112 31 Send 0000 FF 3E 1F 00 30 17 F9 02 8E 0F 2F 3A 98 E4 5C A9 .>..0...../:..\. 0010 30 D7 53 C3 31 44 31 5D 55 53 57 65 73 74 00 0.S.1D1]USWest. 26 63.241.83.109:6112 70.106.238.227:1353 12 Recv 0000 FF 3E 0C 00 30 17 F9 02 01 00 00 80 .>..0....... [/code] That is a packet log of an attempt to log onto a realm.. If you need the code I will post it, but perhaps someone could tell me what is wrong with that.. | March 8, 2006, 8:19 AM |
| Ringo | [quote author=Jaquio link=topic=14460.msg147877#msg147877 date=1141805941] [code] 25 70.106.238.227:1353 63.241.83.109:6112 31 Send 0000 FF 3E 1F 00 30 17 F9 02 8E 0F 2F 3A 98 E4 5C A9 .>..0...../:..\. 0010 30 D7 53 C3 31 44 31 5D 55 53 57 65 73 74 00 0.S.1D1]USWest. 26 63.241.83.109:6112 70.106.238.227:1353 12 Recv 0000 FF 3E 0C 00 30 17 F9 02 01 00 00 80 .>..0....... [/code] [/quote] At a quick glance, isnt the realm password hash ment to be 5 DWORD's? [EDIT] [quote author=Jaquio link=topic=14460.msg147877#msg147877 date=1141805941] [code] 12 70.106.238.227:1352 63.161.183.205:9367 24 Send 0000 18 00 01 F1 21 0F 2A XX XX XX XX XX XX XX XX XX ....!.*XXXXXXXXX 0010 XX XX XX XX XX XX XX 00 XXXXXXX. 13 63.161.183.205:9367 70.106.238.227:1352 47 Recv 0000 2F 00 01 01 00 00 00 ......................[/code] [/quote] Aside, wouldnt it be best to also blank out the decoded cdkey in the recv packet? Or not include them at all unless needed? | March 8, 2006, 9:05 AM |
| Jaquio | Heh, didn't know you could reverse the decoded CDKey.. O_o.. Anyways, I removed that from my packet log. Ok, here is the code for sending the password hash. [code] Case &H40 'Debug.Print "Recv'd:0x40" With DB .SetData Data .StripHeader .rDWORD .rDWORD .rDWORD strBNetRealm = .rNTString HType = 3 With PB .InsertDWORD &H8 .InsertDWORD &H2 .InsertNonNTString "password" .InsertDWORD ClientToken .InsertDWORD ServerToken .SendBNLSPacket &HB End With End With [/code] Here is how I handle the data. [code] ElseIf HType = 3 Then With DB .SetData Data .StripBNLSHeader End With With PB .InsertNonNTString DB.rVOID(5 * 4) .InsertNTString strBNetRealm .SendPacket &H3E End With End If [/code] Now.. what exactly is wrong with the code? Also, is there anything else I should post? | March 8, 2006, 9:31 AM |
| Ringo | [quote author=Jaquio link=topic=14460.msg147880#msg147880 date=1141810315] Heh, didn't know you could reverse the decoded CDKey.. O_o [/quote] Clicky :) [quote author=Jaquio link=topic=14460.msg147880#msg147880 date=1141810315] Here is how I handle the data. [code] ElseIf HType = 3 Then With DB .SetData Data .StripBNLSHeader End With With PB .InsertNonNTString DB.rVOID(5 * 4) .InsertNTString strBNetRealm .SendPacket &H3E End With End If [/code] Now.. what exactly is wrong with the code? Also, is there anything else I should post? [/quote] Ye, like i said there is ment to be 5 DWORDs of hashed data, but in your 0x3E packet log, you only have 5 in total (Wheres the client token?!?) [code] With PB .InsertDWORD ClientToken .InsertNonNTString DB.rVOID(5 * 4) .InsertNTString strBNetRealm .SendPacket &H3E End With [/code] Its worth checking bnet docs when your unsure of somthing like this. Hope this helps | March 8, 2006, 10:25 AM |
| Jaquio | [quote author=Ringo link=topic=14460.msg147882#msg147882 date=1141813527] [quote author=Jaquio link=topic=14460.msg147880#msg147880 date=1141810315] Heh, didn't know you could reverse the decoded CDKey.. O_o [/quote] Clicky :) [/quote] Hehe, that is pretty cool. But what would be the exact point of it? Lol, why would you need to decode a cdkey? [quote author=Ringo link=topic=14460.msg147882#msg147882 date=1141813527] [quote author=Jaquio link=topic=14460.msg147880#msg147880 date=1141810315] Here is how I handle the data. [code] ElseIf HType = 3 Then With DB .SetData Data .StripBNLSHeader End With With PB .InsertNonNTString DB.rVOID(5 * 4) .InsertNTString strBNetRealm .SendPacket &H3E End With End If [/code] Now.. what exactly is wrong with the code? Also, is there anything else I should post? [/quote] Ye, like i said there is ment to be 5 DWORDs of hashed data, but in your 0x3E packet log, you only have 5 in total (Wheres the client token?!?) [/quote] Erm, you have to add the clienttoken into it? I mean, SID_LOGONREALMEX(0x3E) says nothing about it. Just cookie,hashed realm password and realm title. I had just noticed the cookie dword, I thought it was optional. [quote author=Ringo link=topic=14460.msg147882#msg147882 date=1141813527] [code] With PB .InsertDWORD ClientToken .InsertNonNTString DB.rVOID(5 * 4) .InsertNTString strBNetRealm .SendPacket &H3E End With [/code] Its worth checking bnet docs when your unsure of somthing like this. Hope this helps [/quote] I tried what you had suggested and now instead of getting 0x80000001(Realm is unavailable) I get 0x80000002(Realm logon failed). I take it, it is from inserting the ClientToken where the cookie was supposed to go? Or is it something else? | March 8, 2006, 10:38 AM |
| Ringo | [quote author=Jaquio link=topic=14460.msg147883#msg147883 date=1141814333] Hehe, that is pretty cool. But what would be the exact point of it? Lol, why would you need to decode a cdkey? [/quote] If you ment encode, so you can generate d2/w2 cdkeys from product, public and private value. [quote author=Jaquio link=topic=14460.msg147883#msg147883 date=1141814333] I tried what you had suggested and now instead of getting 0x80000001(Realm is unavailable) I get 0x80000002(Realm logon failed). I take it, it is from inserting the ClientToken where the cookie was supposed to go? Or is it something else? [/quote] Hm? Well, if its no longer saying realm unavalible, the realm can now see your chosen realm name, as its now at the right offset. The only thing left to be causeing it now, is the hash and tokens used. If your useing your client token as the "cookie" when you request BNLS hash the realm password, then you have to put it as the "cookie" in 0x3E bnet packet, other wise bnet will compute a hash differnt to yours, resullting in the realm failed responce. | March 8, 2006, 10:55 AM |
| Jaquio | [quote author=Ringo link=topic=14460.msg147885#msg147885 date=1141815307] [quote author=Jaquio link=topic=14460.msg147883#msg147883 date=1141814333] Hehe, that is pretty cool. But what would be the exact point of it? Lol, why would you need to decode a cdkey? [/quote] If you ment encode, so you can generate d2/w2 cdkeys from product, public and private value. [/quote] No I did mean decode, because you said I shouldn't put the decoded CDKey in the log. So what you made, decodes and encodes right? Edit: Oh nevermind I understand now, someone could take the decoded cdkey then re-encode it then have it, right? [quote author=Ringo link=topic=14460.msg147885#msg147885 date=1141815307] [quote author=Jaquio link=topic=14460.msg147883#msg147883 date=1141814333] I tried what you had suggested and now instead of getting 0x80000001(Realm is unavailable) I get 0x80000002(Realm logon failed). I take it, it is from inserting the ClientToken where the cookie was supposed to go? Or is it something else? [/quote] Hm? Well, if its no longer saying realm unavalible, the realm can now see your chosen realm name, as its now at the right offset. The only thing left to be causeing it now, is the hash and tokens used. If your useing your client token as the "cookie" when you request BNLS hash the realm password, then you have to put it as the "cookie" in 0x3E bnet packet, other wise bnet will compute a hash differnt to yours, resullting in the realm failed responce. [/quote] See that is the thing, I am not sending a cookie at all when I hash the data. For BNLS_HASHDATA(0x0B) cookie is only used for a cookie hash, therefore I don't need to sned the cookie if I am double hashing the realm password. I have never used my client token as cookie for anything in my code, so wouldn't need to use it as a cookie to respond with. So I am not sure what the heck I am doing wrong, when I had it working once before... [code] 21 70.106.238.227:3928 63.240.202.127:6112 4 Send 0000 FF 40 04 00 .@.. 22 63.240.202.127:6112 70.106.238.227:3928 51 Recv 0000 FF 40 33 00 00 00 00 00 01 00 00 00 01 00 00 00 .@3............. 0010 55 53 45 61 73 74 00 52 65 61 6C 6D 20 66 6F 72 USEast.Realm for 0020 20 74 68 65 20 55 53 20 45 61 73 74 20 43 6F 61 the US East Coa 0030 73 74 00 st. 23 70.106.238.227:3927 63.161.183.205:9367 27 Send 0000 1B 00 0B 08 00 00 00 02 00 00 00 05 55 4A 43 B9 ............UJC. 0010 E9 A6 09 70 61 73 73 77 6F 72 64 ...password 24 63.161.183.205:9367 70.106.238.227:3927 23 Recv 0000 17 00 0B A4 5D 0C 88 FD B4 71 B4 38 1B 8C F6 38 ....]....q.8...8 0010 26 37 25 D1 51 10 00 &7%.Q.. 25 70.106.238.227:3928 63.240.202.127:6112 35 Send 0000 FF 3E 23 00 05 55 4A 43 A4 5D 0C 88 FD B4 71 B4 .>#..UJC.]....q. 0010 38 1B 8C F6 38 26 37 25 D1 51 10 00 55 53 45 61 8...8&7%.Q..USEa 0020 73 74 00 st. 26 63.240.202.127:6112 70.106.238.227:3928 12 Recv 0000 FF 3E 0C 00 05 55 4A 43 02 00 00 80 .>...UJC.... [/code] A new packet log using the client token as the cookie for sending to SID_LOGONREALMEX(0x3E)... | March 8, 2006, 11:03 AM |
| Ringo | [quote author=Jaquio link=topic=14460.msg147886#msg147886 date=1141815802] Edit: Oh nevermind I understand now, someone could take the decoded cdkey then re-encode it then have it, right? [/quote] yep. [quote author=Jaquio link=topic=14460.msg147886#msg147886 date=1141815802] [code] 23 70.106.238.227:3927 63.161.183.205:9367 27 Send 0000 1B 00 0B 08 00 00 00 02 00 00 00 05 55 4A 43 B9 ............UJC. 0010 E9 A6 09 70 61 73 73 77 6F 72 64 ...password [/code] [/quote] Because........ HINT | March 8, 2006, 11:12 AM |
| Jaquio | [quote author=Ringo link=topic=14460.msg147888#msg147888 date=1141816324] [quote author=Jaquio link=topic=14460.msg147886#msg147886 date=1141815802] Edit: Oh nevermind I understand now, someone could take the decoded cdkey then re-encode it then have it, right? [/quote] yep. [/quote] That is pretty cool, your really smart.. :o [quote author=Ringo link=topic=14460.msg147888#msg147888 date=1141816324] [quote author=Jaquio link=topic=14460.msg147886#msg147886 date=1141815802] [code] 23 70.106.238.227:3927 63.161.183.205:9367 27 Send 0000 1B 00 0B 08 00 00 00 02 00 00 00 05 55 4A 43 B9 ............UJC. 0010 E9 A6 09 70 61 73 73 77 6F 72 64 ...password [/code] [/quote] Because........ HINT [/quote] Were you pointing out this fact... "the client key and server key DWORDs must be specified in the request after the data."... If so, that is what fixed it.. lmao. I was not thinking about the order of data.. Not sure why.. Thanks Ringo, I love yous!.. :P Have fun. EDIT: Err, nvm.. It seems that I recv'd back 0x3E with the information but.. I think the IP Address may be wrong because it is doing nothing at all after recving 0x3E, it is supposed to connect to the realm ip and then send MCP_STARTUP(0x01).. [code] 23 70.106.238.227:4159 63.161.183.205:9367 27 Send 0000 1B 00 0B 08 00 00 00 02 00 00 00 70 61 73 73 77 ...........passw 0010 6F 72 64 7E E5 67 43 C4 39 0F E5 ord~.gC.9.. 24 63.161.183.205:9367 70.106.238.227:4159 23 Recv 0000 17 00 0B 5E 69 E6 E8 B9 39 DF 9E 39 22 67 73 C9 ...^i...9..9"gs. 0010 07 A7 AA 09 18 B7 78 ......x 25 70.106.238.227:4160 63.240.202.126:6112 35 Send 0000 FF 3E 23 00 7E E5 67 43 5E 69 E6 E8 B9 39 DF 9E .>#.~.gC^i...9.. 0010 39 22 67 73 C9 07 A7 AA 09 18 B7 78 55 53 45 61 9"gs.......xUSEa 0020 73 74 00 st. 26 63.240.202.126:6112 70.106.238.227:4160 85 Recv 0000 FF 3E 55 00 7E E5 67 43 3B FF 65 D8 3F F0 CA 7E .>U.~.gC;.e.?..~ 0010 60 3F 0E 00 3F F0 CA 94 17 E0 00 00 00 00 00 00 `?..?........... 0020 08 7B C1 06 C0 8B D9 D3 56 44 32 44 36 38 58 49 .{......VD2D68XI 0030 3F F0 CA 7E 33 10 00 00 AC 27 0B BE 88 80 D7 54 ?..~3....'.....T 0040 4B 6A DC 2C 6E CE BD 5D 84 1C CF 09 4A 61 71 75 Kj.,n..]....Jaqu 0050 69 6F 00 02 F9 io... [/code] There is a new Packet Log. I think everything is correct.. EDIT(Again): I just found out, I recv this from my WinSock. [code] Error 10060 Description:The attempt to connect timed out [/code] So.. bad IP Address I take it? | March 8, 2006, 11:23 AM |
| Jaquio | Erm, bump? Not sure if their allowed. But I have editted my post and the views haven't moved since I have. Anyways, can anyone help? | March 9, 2006, 2:03 AM |
| Infamous | What are you sending after you receive 0x3E? | March 9, 2006, 2:22 AM |
| Jaquio | [quote author=teK link=topic=14460.msg147956#msg147956 date=1141870933] What are you sending after you receive 0x3E? [/quote] I am not sending nothing, I get the realms IPAddr and try to connect with winsock. I recv this error from winsock when trying to connect to the decoded IPAddr. [code] Error 10060 Description:The attempt to connect timed out [/code] It won't connect to the realm for some reason. I think I am getting the data wrong or making the server right. Here is my MakeServ function. [code] Public Function MakeServ(Data As String) As String Dim strIP(1 To 4) As String strIP(1) = Asc(Mid(Data, 1, 1)) strIP(2) = Asc(Mid(Data, 2, 1)) strIP(3) = Asc(Mid(Data, 3, 1)) strIP(4) = Asc(Mid(Data, 4, 1)) MakeServ = Join(strIP, ".") End Function [/code] And here is what I send to the function. [code] Case &H3E Dim lngCookie As Long, lngStatus As Long, lngPort As Long 'Debug.Print "Recv'd:0x3E" With DB .SetData Data .StripHeader lngCookie = .rDWORD lngStatus = .rDWORD If lngStatus = &H80000001 Or lngStatus = &H80000002 Then Select Case lngStatus Case &H80000001 AddChat vbLtGreen2, D2Red, "Realm is unavailable!" Case &H80000002 AddChat vbLtGreen2, D2Red, "Realm logon failed!" End Select frmMain.wsBnls.Close frmMain.wsBnet.Close Exit Sub End If strMCPP1 = .rVOID(2 * 4) ServIp = .rDWORD lngPort = .rDWORD strMCPP2 = .rVOID(12 * 4) strBNCSUN = .rNTString strMCPChunks = MakeDWORD(lngCookie) & MakeDWORD(lngStatus) & strMCPP1 & strMCPP2 frmMain.wsRealm.Close frmMain.wsRealm.Connect MakeServ(ServIp), 6112 End With [/code] Also, the above packetlog is what I recv back. Am I doing something wrong? Edit: Nevermind I always end up fixing my own mistakes somehow... I forgot to return the string ServIP into a dword then send it through the function. All works fine now.. Sorry for all the trouble.. | March 9, 2006, 3:11 AM |
| UserLoser | [quote] [code] If lngStatus = &H80000001 Or lngStatus = &H80000002 Then Select Case lngStatus Case &H80000001 AddChat vbLtGreen2, D2Red, "Realm is unavailable!" Case &H80000002 AddChat vbLtGreen2, D2Red, "Realm logon failed!" [/code] [/quote] Wtf | March 9, 2006, 4:46 AM |
| Jaquio | What?... | March 9, 2006, 4:52 AM |
| HdxBmx27 | He's asking why you have an if statement. Take that out and use a full select case. ~-~(HDX)~-~ | March 9, 2006, 4:55 AM |