Battle.net Bot Development | [VB] Sending 0x51

Author	Message	Time
Fapiko	Just guessing that somebody is going to complain about where I posted this because it has to do with the sending of a battle.net packet, or involves MBNCSUtil, or some other goofy thing like that, but I'm working with .NET so I chose to place it in the .NET forum. The problem I am having is that I keep getting the 0x101 Invalid Version response to battle.net, and I cannot figure out what I am doing wrong. I thought it might be the conversion from the byte array to messing up some of the characters in the key hash, but in the end I don't think that's the problem. Here is my sub, if you can figure out what I may be doing wrong please reply. [code] Friend Sub Send0x51(ByVal Index As Byte, ByVal ServerToken As UInteger, ByVal HashCommand As String, ByVal MPQNumber As Byte) 'see packet reference: http://bnetdocs.valhallalegends.com/content.php?Section=m&Code=4 Dim CRevision As Long Dim ClientToken As UInteger Dim Files(2) As String Dim KeyHash As String Dim HashLength() As Byte Dim Decoder As MBNCSUtil.CdKey Files(0) = Application.StartupPath & "\Hashes\W2BN\Warcraft II Bne.exe" Files(1) = Application.StartupPath & "\Hashes\W2BN\storm.dll" Files(2) = Application.StartupPath & "\Hashes\W2BN\battle.snp" CRevision = MBNCSUtil.CheckRevision.DoCheckRevision(HashCommand, Files, MPQNumber) If CRevision = 0 Then QueueAddC(Index, Color.Red, "Hashes did not pass check revision.") Exit Sub End If ClientToken = Right(GetTickCount(), 5) Decoder = MBNCSUtil.CdKey.CreateDecoder(Profiles(Index)(3)) HashLength = Decoder.GetHash(ClientToken, ServerToken) KeyHash = Decoder.GetHashCode() With PBuffer .InsertDWORD(ClientToken) .InsertDWORD(0) .InsertDWORD(CRevision) .InsertDWORD(1) .InsertDWORD(0) .InsertDWORD(Len(Profiles(Index)(3))) ' CDKey .InsertDWORD(Decoder.Product) .InsertDWORD(Decoder.Value1) .InsertDWORD(0) .InsertNonNTString(ASCII.GetString(HashLength)) .InsertNTString("") .InsertNTString("Fapiko") .SendPacket(Index, &H51) End With End Sub [/code] Also, here is the log: [code] Flappy Chat Bot v1.0 OUT [0x50]: 0000: 50 3A 00 00 00 00 00 36 38 58 49 4E 42 32 57 4F P:.....68XINB2WO 0010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0020: 00 00 00 00 00 00 00 55 53 41 00 55 6E 69 74 65 .......USA.Unite 0030: 64 20 53 74 61 74 65 73 00 d States. IN [0x25]: 0000: 25 08 00 0B 3F 2F 40 %..?/@ OUT [0x25]: 0000: 25 08 00 0B 3F 2F 40 %..?/@ IN [0x50]: 0000: 50 62 00 00 00 00 00 37 3F 3F 3F 3F 3F 24 00 00 Pb.....7?????$.. 0010: 3F 41 43 25 0B 3F 01 49 58 38 36 76 65 72 34 2E ?AC%.?IX86ver4. 0020: 6D 70 71 00 41 3D 31 30 31 32 34 33 34 32 31 38 mpq.A=1012434218 0030: 20 42 3D 31 33 39 37 36 35 39 37 31 20 43 3D 34 B=139765971 C=4 0040: 30 37 30 32 33 33 20 34 20 41 3D 41 5E 53 20 42 070233 4 A=A^S B 0050: 3D 42 2B 43 20 43 3D 43 2D 41 20 41 3D 41 2B 42 =B+C C=C-A A=A+B 0060: 00 . OUT [0x51]: 0000: 51 44 00 3F 67 00 00 00 00 00 00 3F 3F 3F 5E 01 QD.?g......???^ 0010: 00 00 00 00 00 00 00 10 00 00 00 04 00 00 00 64 .............d 0020: 48 01 00 00 00 00 00 3F 6B 05 3F 7A 3F 2D 3F 43 H.....?k?z?-?C 0030: 3F 69 3F 3F 3F 4D 76 52 11 3F 3F 00 46 61 70 69 ?i???MvR??.Fapi 0040: 6B 6F 00 ko. IN [0x51]: 0000: 51 09 00 01 01 00 00 00 Q..... [/code] [size=1][MyndFyre edit: added code tags (to remove smileys), removed packet reference and replaced with link to BnetDocs][/size]	July 3, 2006, 4:56 AM
JoeTheOdd	The second DWORD you're sending is hardcoded to 0, but it should be a CheckRevison-related value.	July 3, 2006, 7:38 AM
Myndfyr	Joe is correct; also, you're not including the EXE "description" string. This is obtained via CheckRevision.GetExeInfo(string, &string). [code] Dim ExeVer As Integer Dim ExeInfo As String ExeVer = MBNCSUtil.CheckRevision.GetExeInfo(Files(0), ByRef ExeInfo) ' Your "with PBuffer" code is modified below: With PBuffer .InsertDWORD(ClientToken) .InsertDWORD(ExeVer) .InsertDWORD(CRevision) .InsertDWORD(1) .InsertDWORD(0) .InsertDWORD(Len(Profiles(Index)(3))) ' CDKey .InsertDWORD(Decoder.Product) .InsertDWORD(Decoder.Value1) .InsertDWORD(0) .InsertNonNTString(ASCII.GetString(HashLength)) .InsertNTString(ExeInfo) .InsertNTString("Fapiko") .SendPacket(Index, &H51) End With [/code] Also, you shouldn't use Encoding.ASCII.GetString(hash) to insert the string. It's a byte array and should stay as such. With Encoding.ASCII you risk losing values greater than 0x7f, and a cursory glance at your packet log indicates that all the bytes in the hash are less than 0x7f. That's pretty surprising considering there are 20 bytes there!	July 3, 2006, 9:07 AM
Fapiko	You don't need the EXE info to successfully achieve a hashed connection to battle.net. Neither my VB6 bots nor my PHP bots ever include it, which leads me back to my previous belief that it may be the conversion from a byte array to a string that is causing the problem. How should I convert it to a string without using Encoding.ASCII? I tried Encoding.Unicode and Encoding.UTF8, but they got me IP'd. From reading previous posts on these forums, I know that MyndFire insists on people using byte arrays for their packet buffers but I would prefer to keep this one as a string for now.	July 3, 2006, 10:47 PM
Myndfyr	I suppose you could convert each to a character then a byte: [code] For i = 0 To HashLength.Length .InsertByte(CByte(HashLength(i) And &Hff)) Next [/code] Are you aware that MBNCSUtil also includes a packet buffer designed for Battle.net?	July 3, 2006, 11:05 PM
Fapiko	Well, I think I finally got it working, but now it's sending me Invalid Key every time. When I call Decoder.Key, it gives me some random string that is definatly not the key I put into it. Isn't it supposed to give me the cdkey I initialized the decoder with?	July 4, 2006, 4:42 AM
Myndfyr	No, once the key is initialized, it gives you the decoded version of the key in the Key property. I don't know any reason why you would need the physical key, though; the CdKey class gives you instance properties for the public/private/product. I'll take it under advisement, though, that the Key property should be the original string and there should be a DecodedKey property. Thanks for the feedback.	July 4, 2006, 6:55 AM
Fapiko	Well, I was really just checking to see if it was messing my key up once it got it into the decoder since I was getting the Invalid Key response from battle.net after changing my packet buffer to use a byte array. Anyways, I suppose I'll do some more testing to make sure I'm doing everything like I'm supposed to, I was just curious as to what I was supposed to be getting back from the Key property because I didn't recall reading that it gave me the decoded key in the MBNCSUtil documentation.	July 4, 2006, 9:23 PM
Myndfyr	Yeah, you were right. I forgot that I reassigned the backing store for the key property after decoding.	July 4, 2006, 11:59 PM

Author

Message

Time

Fapiko

Just guessing that somebody is going to complain about where I posted this because it has to do with the sending of a battle.net packet, or involves MBNCSUtil, or some other goofy thing like that, but I'm working with .NET so I chose to place it in the .NET forum.

The problem I am having is that I keep getting the 0x101 Invalid Version response to battle.net, and I cannot figure out what I am doing wrong. I thought it might be the conversion from the byte array to messing up some of the characters in the key hash, but in the end I don't think that's the problem. Here is my sub, if you can figure out what I may be doing wrong please reply.

[code]
Friend Sub Send0x51(ByVal Index As Byte, ByVal ServerToken As UInteger, ByVal HashCommand As String, ByVal MPQNumber As Byte)
'see packet reference: http://bnetdocs.valhallalegends.com/content.php?Section=m&Code=4

Dim CRevision As Long
Dim ClientToken As UInteger
Dim Files(2) As String
Dim KeyHash As String
Dim HashLength() As Byte
Dim Decoder As MBNCSUtil.CdKey

Files(0) = Application.StartupPath & "\Hashes\W2BN\Warcraft II Bne.exe"
Files(1) = Application.StartupPath & "\Hashes\W2BN\storm.dll"
Files(2) = Application.StartupPath & "\Hashes\W2BN\battle.snp"

CRevision = MBNCSUtil.CheckRevision.DoCheckRevision(HashCommand, Files, MPQNumber)
If CRevision = 0 Then
QueueAddC(Index, Color.Red, "Hashes did not pass check revision.")
Exit Sub
End If

ClientToken = Right(GetTickCount(), 5)

Decoder = MBNCSUtil.CdKey.CreateDecoder(Profiles(Index)(3))

HashLength = Decoder.GetHash(ClientToken, ServerToken)
KeyHash = Decoder.GetHashCode()

With PBuffer
.InsertDWORD(ClientToken)
.InsertDWORD(0)
.InsertDWORD(CRevision)
.InsertDWORD(1)
.InsertDWORD(0)
.InsertDWORD(Len(Profiles(Index)(3))) ' CDKey
.InsertDWORD(Decoder.Product)
.InsertDWORD(Decoder.Value1)
.InsertDWORD(0)
.InsertNonNTString(ASCII.GetString(HashLength))
.InsertNTString("")
.InsertNTString("Fapiko")
.SendPacket(Index, &H51)
End With
End Sub
[/code]

Also, here is the log:
[code]
Flappy Chat Bot v1.0
OUT [0x50]:
0000: 50 3A 00 00 00 00 00 36 38 58 49 4E 42 32 57 4F P:.....68XINB2WO
0010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0020: 00 00 00 00 00 00 00 55 53 41 00 55 6E 69 74 65 .......USA.Unite
0030: 64 20 53 74 61 74 65 73 00 d States.

IN [0x25]:
0000: 25 08 00 0B 3F 2F 40 %..?/@

OUT [0x25]:
0000: 25 08 00 0B 3F 2F 40 %..?/@

IN [0x50]:
0000: 50 62 00 00 00 00 00 37 3F 3F 3F 3F 3F 24 00 00 Pb.....7?????$..
0010: 3F 41 43 25 0B 3F 01 49 58 38 36 76 65 72 34 2E ?AC%.?IX86ver4.
0020: 6D 70 71 00 41 3D 31 30 31 32 34 33 34 32 31 38 mpq.A=1012434218
0030: 20 42 3D 31 33 39 37 36 35 39 37 31 20 43 3D 34 B=139765971 C=4
0040: 30 37 30 32 33 33 20 34 20 41 3D 41 5E 53 20 42 070233 4 A=A^S B
0050: 3D 42 2B 43 20 43 3D 43 2D 41 20 41 3D 41 2B 42 =B+C C=C-A A=A+B
0060: 00 .

OUT [0x51]:
0000: 51 44 00 3F 67 00 00 00 00 00 00 3F 3F 3F 5E 01 QD.?g......???^
0010: 00 00 00 00 00 00 00 10 00 00 00 04 00 00 00 64 .............d
0020: 48 01 00 00 00 00 00 3F 6B 05 3F 7A 3F 2D 3F 43 H.....?k?z?-?C
0030: 3F 69 3F 3F 3F 4D 76 52 11 3F 3F 00 46 61 70 69 ?i???MvR??.Fapi
0040: 6B 6F 00 ko.

IN [0x51]:
0000: 51 09 00 01 01 00 00 00 Q.....
[/code]

[size=1][MyndFyre edit: added code tags (to remove smileys), removed packet reference and replaced with link to BnetDocs][/size]

July 3, 2006, 4:56 AM

JoeTheOdd

The second DWORD you're sending is hardcoded to 0, but it should be a CheckRevison-related value.

July 3, 2006, 7:38 AM

Myndfyr

Joe is correct; also, you're not including the EXE "description" string. This is obtained via CheckRevision.GetExeInfo(string, &string).

[code]
Dim ExeVer As Integer
Dim ExeInfo As String

ExeVer = MBNCSUtil.CheckRevision.GetExeInfo(Files(0), ByRef ExeInfo)

' Your "with PBuffer" code is modified below:
With PBuffer
.InsertDWORD(ClientToken)
.InsertDWORD(ExeVer)
.InsertDWORD(CRevision)
.InsertDWORD(1)
.InsertDWORD(0)
.InsertDWORD(Len(Profiles(Index)(3))) ' CDKey
.InsertDWORD(Decoder.Product)
.InsertDWORD(Decoder.Value1)
.InsertDWORD(0)
.InsertNonNTString(ASCII.GetString(HashLength))
.InsertNTString(ExeInfo)
.InsertNTString("Fapiko")
.SendPacket(Index, &H51)
End With
[/code]

Also, you shouldn't use Encoding.ASCII.GetString(hash) to insert the string. It's a byte array and should stay as such. With Encoding.ASCII you risk losing values greater than 0x7f, and a cursory glance at your packet log indicates that all the bytes in the hash are less than 0x7f. That's pretty surprising considering there are 20 bytes there!

July 3, 2006, 9:07 AM

Fapiko

You don't need the EXE info to successfully achieve a hashed connection to battle.net. Neither my VB6 bots nor my PHP bots ever include it, which leads me back to my previous belief that it may be the conversion from a byte array to a string that is causing the problem. How should I convert it to a string without using Encoding.ASCII? I tried Encoding.Unicode and Encoding.UTF8, but they got me IP'd. From reading previous posts on these forums, I know that MyndFire insists on people using byte arrays for their packet buffers but I would prefer to keep this one as a string for now.

July 3, 2006, 10:47 PM

Myndfyr

I suppose you could convert each to a character then a byte:
[code]
For i = 0 To HashLength.Length
.InsertByte(CByte(HashLength(i) And &Hff))
Next
[/code]

Are you aware that MBNCSUtil also includes a packet buffer designed for Battle.net?

July 3, 2006, 11:05 PM

Fapiko

Well, I think I finally got it working, but now it's sending me Invalid Key every time. When I call Decoder.Key, it gives me some random string that is definatly not the key I put into it. Isn't it supposed to give me the cdkey I initialized the decoder with?

July 4, 2006, 4:42 AM

Myndfyr

No, once the key is initialized, it gives you the decoded version of the key in the Key property. I don't know any reason why you would need the physical key, though; the CdKey class gives you instance properties for the public/private/product.

I'll take it under advisement, though, that the Key property should be the original string and there should be a DecodedKey property. Thanks for the feedback.

July 4, 2006, 6:55 AM

Fapiko

Well, I was really just checking to see if it was messing my key up once it got it into the decoder since I was getting the Invalid Key response from battle.net after changing my packet buffer to use a byte array. Anyways, I suppose I'll do some more testing to make sure I'm doing everything like I'm supposed to, I was just curious as to what I was supposed to be getting back from the Key property because I didn't recall reading that it gave me the decoded key in the MBNCSUtil documentation.

July 4, 2006, 9:23 PM

Myndfyr

Yeah, you were right. I forgot that I reassigned the backing store for the key property after decoding.

July 4, 2006, 11:59 PM

Valhalla Legends Forums Archive | Battle.net Bot Development | [VB] Sending 0x51