Battle.net Bot Development | [Solved] Sending Bad 0x51

Author	Message	Time
Spilled[DW]	I'm sending an incorrect 0x51, can you spot the problem? packetlog: [code] 3 Hide Hide 123 Send 0000 FF 51 7B 00 A3 D4 26 22 34 37 32 31 00 4A 33 7F .Q{...&"4721.J3. 0010 01 00 00 00 00 00 00 00 0D 00 00 00 01 00 00 00 ................ 0020 E9 60 31 00 00 00 00 00 B9 ED 56 07 DA B3 3C EF .`1.......V...<. 0030 15 1D D7 F9 E0 01 D3 17 73 19 FC F8 FF FF FF FF ........s....... 0040 64 FD 3D 01 45 55 40 73 74 61 72 63 72 61 66 74 d.=.EU@starcraft 0050 2E 65 78 65 20 30 37 2F 30 39 2F 30 36 20 30 36 .exe 07/09/06 06 0060 3A 30 37 3A 33 37 20 31 32 31 36 35 31 32 00 53 :07:37 1216512.S 0070 70 69 6C 6C 65 64 5B 44 57 5D 00 pilled[DW]. [/code] Thanks in advance!	August 4, 2006, 7:15 AM
UserLoser	Executable version looks rather wrong, along with your checksum value.	August 4, 2006, 7:17 AM
Spilled[DW]	hrmm... i dont see how im recieving the checksum or hashdata incorrectly [code] s << cWhite << s.getTime() << cGreen << "Recieved SID_AUTH_INFO\n"; s << cWhite << s.getTime() << cGreen << "Sending SID_AUTH_CHECK\n"; key = (long )(strData + 8); unsigned long num = (long )(strData + 12); UINT verID = 0; DWORD CheckSum = 0; DWORD ClientToken = GetTickCount(); int mpqNum = 0; char exeInfo[300]; char hash = (strData + strlen( (strData + 0x18)) + 0x19); char tmp = strchr( (strData + 0x18), '.'); if (tmp) mpqNum = atoi( tmp - 1); LPCTSTR files[] = {".\\STAR\\starcraft.exe", ".\\STAR\\storm.dll", ".\\STAR\\battle.snp"}; char* mpqnum = strData+24; //csutil b; if(checkRevision(hash,files,3,mpqNum,&CheckSum) == 0) { s << cWhite << s.getTime() << cRed << "CheckRevision Failed!\n"; closesocket( wSock ); return; } int returnValue = 0; returnValue = getExeInfo(files[0],exeInfo, 300,&verID,1); if(returnValue == 0) { s << cWhite << s.getTime() << cRed << "Failed to retrieve exe information!\n"; closesocket( wSock); return; } UINT PubVal = 0, ProdID = 0; char HashData[20]; if(kd_quick(CDKey,ClientToken,key,&PubVal,&ProdID, HashData,20) == 0) { s << cWhite << s.getTime() << cRed << "Failed to decode cdkey!\n"; closesocket( wSock ); return; } [/code] Here is my code	August 4, 2006, 7:26 AM
warz	ZOMG LOL	August 4, 2006, 8:22 AM
HeRo	[quote author=warz link=topic=15488.msg156506#msg156506 date=1154679739] ZOMG LOL [/quote] What does that mean?	August 4, 2006, 8:28 AM
Myndfyr	I see you don't actually give us the code that builds your packet..... Gooooood thinking.	August 4, 2006, 10:04 AM
Spilled[DW]	[quote author=MyndFyre[vL] link=topic=15488.msg156509#msg156509 date=1154685853] I see you don't actually give us the code that builds your packet..... Gooooood thinking. [/quote] [code] p.InsertDWORD(ClientToken); p.InsertDWORD(verID); p.InsertDWORD(CheckSum); p.InsertDWORD(1); p.InsertDWORD(0); p.InsertDWORD(13); p.InsertDWORD(ProdID); p.InsertDWORD(PubVal); p.InsertDWORD(0); p.InsertNonNTString(HashData); p.InsertNTString(exeInfo); p.InsertNTString("Spilled[DW]"); p.SendBNCSPacket(wSock,0x51); [/code] Sorry about that MyndFyre warz: I posted for help fixing my problem, if your not gonna help why post? If its a stupid mistake atleast point it out before getting your immature laugh in.	August 4, 2006, 7:30 PM
UserLoser	You should be using things like strcpy. i.e. instead of: [code] char *hash = (strData + strlen( (strData + 0x18)) + 0x19); [/code] use: strcpy(hash, strData+offset); strcpy will copy the strData until it gets to a null character in the stream	August 5, 2006, 7:43 PM
warz	wow, i really dont even remember making that post. notice it's at 03:22:19 AM. my bad, but userloser brings a good point. strcpy is a good function, and even better, strncpy if you know there's an exact length. another thing you might like to clue us in on is how this is a bad example of an 0x51 packet. are you being ip banned? receiving an error response? help us help you.	August 5, 2006, 8:43 PM
Spilled[DW]	[quote author=warz link=topic=15488.msg156559#msg156559 date=1154810595] wow, i really dont even remember making that post. notice it's at 03:22:19 AM. my bad, but userloser brings a good point. strcpy is a good function, and even better, strncpy if you know there's an exact length. another thing you might like to clue us in on is how this is a bad example of an 0x51 packet. are you being ip banned? receiving an error response? help us help you. [/quote] Yes I am being ipbanned and im not recieving any response from 0x51, just connection closed after sending. UL: Thanks	August 5, 2006, 9:43 PM
Spilled[DW]	Problem solved, Sorry about the double post but wanted to post my solution. I threw a memset() call in like so: [code] char HashData[100]; memset(HashData,0x0,100); if(kd_quick(CDKey,ClientToken,key,&PubVal,&ProdID, HashData,20) == 0) { s << cWhite << s.getTime() << cRed << "Failed to decode cdkey!\n"; closesocket( wSock ); return; } [/code] How this affected it I have no idea, can someone perhaps explain ?	August 5, 2006, 10:43 PM

Author

Message

Time

Spilled[DW]

I'm sending an incorrect 0x51, can you spot the problem?

packetlog:
[code]
3 Hide Hide 123 Send
0000 FF 51 7B 00 A3 D4 26 22 34 37 32 31 00 4A 33 7F .Q{...&"4721.J3.
0010 01 00 00 00 00 00 00 00 0D 00 00 00 01 00 00 00 ................
0020 E9 60 31 00 00 00 00 00 B9 ED 56 07 DA B3 3C EF .`1.......V...<.
0030 15 1D D7 F9 E0 01 D3 17 73 19 FC F8 FF FF FF FF ........s.......
0040 64 FD 3D 01 45 55 40 73 74 61 72 63 72 61 66 74 d.=.EU@starcraft
0050 2E 65 78 65 20 30 37 2F 30 39 2F 30 36 20 30 36 .exe 07/09/06 06
0060 3A 30 37 3A 33 37 20 31 32 31 36 35 31 32 00 53 :07:37 1216512.S
0070 70 69 6C 6C 65 64 5B 44 57 5D 00 pilled[DW].
[/code]

Thanks in advance!

August 4, 2006, 7:15 AM

UserLoser

Executable version looks rather wrong, along with your checksum value.

August 4, 2006, 7:17 AM

Spilled[DW]

hrmm... i dont see how im recieving the checksum or hashdata incorrectly

[code]
s << cWhite << s.getTime() << cGreen << "Recieved SID_AUTH_INFO\n";
s << cWhite << s.getTime() << cGreen << "Sending SID_AUTH_CHECK\n";
key = *(long *)(strData + 8);
unsigned long num = *(long *)(strData + 12);
UINT verID = 0;
DWORD CheckSum = 0;
DWORD ClientToken = GetTickCount();
int mpqNum = 0;
char exeInfo[300];
char *hash = (strData + strlen( (strData + 0x18)) + 0x19);
char *tmp = strchr( (strData + 0x18), '.');
if (tmp)
mpqNum = atoi( tmp - 1);
LPCTSTR files[] = {".\\STAR\\starcraft.exe", ".\\STAR\\storm.dll", ".\\STAR\\battle.snp"};
char* mpqnum = strData+24;
//csutil b;
if(checkRevision(hash,files,3,mpqNum,&CheckSum) == 0)
{
s << cWhite << s.getTime() << cRed << "CheckRevision Failed!\n";
closesocket( wSock );
return;
}

int returnValue = 0;
returnValue = getExeInfo(files[0],exeInfo, 300,&verID,1);
if(returnValue == 0)
{
s << cWhite << s.getTime() << cRed << "Failed to retrieve exe information!\n";
closesocket( wSock);
return;
}

UINT PubVal = 0, ProdID = 0;
char HashData[20];
if(kd_quick(CDKey,ClientToken,key,&PubVal,&ProdID, HashData,20) == 0)
{
s << cWhite << s.getTime() << cRed << "Failed to decode cdkey!\n";
closesocket( wSock );
return;
}
[/code]

Here is my code

August 4, 2006, 7:26 AM

warz

ZOMG LOL

August 4, 2006, 8:22 AM

HeRo

[quote author=warz link=topic=15488.msg156506#msg156506 date=1154679739]
ZOMG LOL
[/quote]
What does that mean?

August 4, 2006, 8:28 AM

Myndfyr

I see you don't actually give us the code that builds your packet..... Gooooood thinking.

August 4, 2006, 10:04 AM

Spilled[DW]

[quote author=MyndFyre[vL] link=topic=15488.msg156509#msg156509 date=1154685853]
I see you don't actually give us the code that builds your packet..... Gooooood thinking.
[/quote]

[code]
p.InsertDWORD(ClientToken);
p.InsertDWORD(verID);
p.InsertDWORD(CheckSum);
p.InsertDWORD(1);
p.InsertDWORD(0);
p.InsertDWORD(13);
p.InsertDWORD(ProdID);
p.InsertDWORD(PubVal);
p.InsertDWORD(0);
p.InsertNonNTString(HashData);
p.InsertNTString(exeInfo);
p.InsertNTString("Spilled[DW]");
p.SendBNCSPacket(wSock,0x51);
[/code]

Sorry about that MyndFyre

warz: I posted for help fixing my problem, if your not gonna help why post? If its a stupid mistake atleast point it out before getting your immature laugh in.

August 4, 2006, 7:30 PM

UserLoser

You should be using things like strcpy.

i.e. instead of:
[code]
char *hash = (strData + strlen( (strData + 0x18)) + 0x19);
[/code]

use:
strcpy(hash, strData+offset);

strcpy will copy the strData until it gets to a null character in the stream

August 5, 2006, 7:43 PM

warz

wow, i really dont even remember making that post. notice it's at 03:22:19 AM. my bad, but userloser brings a good point. strcpy is a good function, and even better, strncpy if you know there's an exact length. another thing you might like to clue us in on is how this is a bad example of an 0x51 packet. are you being ip banned? receiving an error response? help us help you.

August 5, 2006, 8:43 PM

Spilled[DW]

[quote author=warz link=topic=15488.msg156559#msg156559 date=1154810595]
wow, i really dont even remember making that post. notice it's at 03:22:19 AM. my bad, but userloser brings a good point. strcpy is a good function, and even better, strncpy if you know there's an exact length. another thing you might like to clue us in on is how this is a bad example of an 0x51 packet. are you being ip banned? receiving an error response? help us help you.
[/quote]

Yes I am being ipbanned and im not recieving any response from 0x51, just connection closed after sending.

UL: Thanks

August 5, 2006, 9:43 PM

Spilled[DW]

Problem solved, Sorry about the double post but wanted to post my solution. I threw a memset() call in like so:

[code]
char HashData[100];
memset(HashData,0x0,100);
if(kd_quick(CDKey,ClientToken,key,&PubVal,&ProdID, HashData,20) == 0)
{
s << cWhite << s.getTime() << cRed << "Failed to decode cdkey!\n";
closesocket( wSock );
return;
}
[/code]

How this affected it I have no idea, can someone perhaps explain ?

August 5, 2006, 10:43 PM

Valhalla Legends Forums Archive | Battle.net Bot Development | [Solved] Sending Bad 0x51