Hmm, a friend just noiticed Bnet has updated on west again.
lockdown-IX86-00.mpq to lockdown-IX86-19.mpq
Mpq's/Dll's Here: lockdown-IX86.zip
Also, the checkrevision string in 0x50 is no longer plain text. :o

Lol @ lockdown :p

S->C 0x50

[code]
0030                    ff 50 3e 00 00 00 00 00 c2 24  .......P>......$
0040  99 d3 f5 82 32 00 00 14 5a dc 72 fc c6 01 6c 6f  ....2...Z.r...lo
0050  63 6b 64 6f 77 6e 2d 49 58 38 36 2d 31 34 2e 6d  ckdown-IX86-14.m
0060  70 71 00 59 70 2e b1 94 89 af 9d f3 6f 09 d4 87  pq.Yp.......o...
0070  d5 4a f7 00                                      .J..
[/code]

C->S 0x51

[code]
0030                    ff 51 58 00 02 ae 6e 45 01 00  ...Z...QX...nE..
0040  0e 01 8b 64 2b 3c 01 00 00 00 00 00 00 00 0d 00  ...d+<..........
0050  00 00 01 00 00 00 XX XX XX XX 00 00 00 00 1f fe  ................
0060  50 f0 f2 8a 58 ee d5 b2 68 83 f5 f7 06 d2 45 36  P...X...h.....E6
0070  de 98 b3 65 9c 55 43 2a 5f 9d 9c 3a 09 39 8b e1  ...e.UC*_..:.9..
0080  7d 8f 00 6c 32 6b 2d 53 68 61 64 6f 77 00        }..l2k-Shadow.
[/code]

Packet Log! man they are really trying now. I also tried calling CheckRevision() from the actual library with BNLib.dll, but it looks like they patched that as well!

Also from testing they have put code into the dlls to check for injected libraries.

Ah, here we go again!

On a note, this is only being reported to SC/SC:BW.
All other clients are getting the regular returns.
~-~(HDX)~-~

yes, the file searches for sc-specific injected libraries.

RULED

Hopefully this'll stop the lamer flood/loading thats been going on forever

It looks like the newbs who cant code for themselves are screwed, anyone who truly knows what they're doing should be back up in a few days.

Eah looks like it.
But guys don't worry just do your best and try and figure it out.
Also the fact that all other clients seem to be unaffected, this is not the end of bots. So don't freak out like last time :P
I've got the things up in IDA right now and am poking through it.
Also some other people i know (who are A LOT better then me) are poking around to.
So NEVER FEAR! For eventually it will be figured out.
Also if my theroy is correct... It isn't that big of a change.
~-~(HDX)~-~

"\xff\xbe'\xb2\x8ft\x8e-\x9c\xb0\xd2^\xd6\x9f@\xc3"

Interesting value string there...

Finally, something new to do! ;-)

they shud have make the mpq file names all funny charecters also :P  and then randomize them

pplug114.bwl <--- = what?
did this come with the latest bw patch?

[code]S->C Dumps
0000:  FF 50 3E 00 00 00 00 00 51 1D C1 71 B1 B9 43 00  ÿP>.....QÁq±¹C.
0010:  00 55 2A BC 72 FC C6 01 6C 6F 63 6B 64 6F 77 6E  .U*¼rüÆ
lockdown
0020:  2D 49 58 38 36 2D 30 31 2E 6D 70 71 00 49 9F 62  -IX86-01.mpq.IŸb
0030:  4E 60 80 2B C9 06 31 CB 5C 6C 78 CA 4D 00        N`€+É1Ë\lxÊM...

0000:  FF 50 3E 00 00 00 00 00 C2 EC F9 F9 C5 B9 43 00  ÿP>.....ÂìùùŹC.
0010:  00 7C E3 E5 72 FC C6 01 6C 6F 63 6B 64 6F 77 6E  .|ãårüÆ
lockdown
0020:  2D 49 58 38 36 2D 31 38 2E 6D 70 71 00 7A 58 78  -IX86-18.mpq.zXx
0030:  5D D0 D3 B2 53 2E 6D F1 A0 67 C1 C4 5B 00        ]ÐÓ²S.mñ gÁÄ[...

0000:  FF 50 3E 00 00 00 00 00 E9 CE 8A F2 D1 B9 43 00  ÿP>.....éΊòѹC.
0010:  00 52 6E D0 72 FC C6 01 6C 6F 63 6B 64 6F 77 6E  .RnÐrüÆ
lockdown
0020:  2D 49 58 38 36 2D 30 39 2E 6D 70 71 00 CF 87 F2  -IX86-09.mpq.χò
0030:  49 5C A0 33 15 80 7F B7 5E D9 18 B8 28 00        I\ 3€·^Ù¸(...[/code]

Apparently they like that one single byte heh, 0x01 right befor the mpq name, I'm guessing its their way of telling which revision to use perhaps.
Are the values compressed or encrypted maybe?


Edit: added dumps.

looks like penguin plug

Edit:

yes, it is. penguin plug for starcraft v1.14, and the extension is a BWLoader file


is l)ragon using hax?

BAD

[quote author=topaz link=topic=15929.msg160352#msg160352 date=1162350732]
looks like penguin plug

Edit:

yes, it is. penguin plug for starcraft v1.14, and the extension is a BWLoader file


is l)ragon using hax?

BAD
[/quote]
No I was checking out these new dll's that file is refrenced in them.

eh, im such a cheater :(
Starcraft.exe = my BNLS atm ;o
[code]
[03:27:05] Connecting To Server..
[03:27:05] Connected To Server!
[03:27:05] Sending Client Check...
[03:27:05] Client Check Passed!
[03:27:05] Hooked Starcraft.exe...
[03:27:05] Waiting for Proxy connection to do revision...
[03:27:10] [PROXY] Accepted Connection! 0
[03:27:10] [PROXY] Client is game
[03:27:10] [PROXY] Accepted Connection! 1
[03:27:10] [PROXY] Client is ftp
[03:27:10] [PROXY] FTP Client is downloading lockdown-IX86-15.mpq (6.342kb)
[03:27:10] [PROXY] Got Revision Values Returned!
[03:27:10] Sending Revision Check...
[03:27:10] Revision Check Passed!
[/code]
Eww hewlp!

[quote author=Ringo link=topic=15929.msg160355#msg160355 date=1162351749]
eh, im such a cheater :(
Starcraft.exe = my BNLS atm ;o
[code]
[03:27:05] Connecting To Server..
[03:27:05] Connected To Server!
[03:27:05] Sending Client Check...
[03:27:05] Client Check Passed!
[03:27:05] Hooked Starcraft.exe...
[03:27:05] Waiting for Proxy connection to do revision...
[03:27:10] [PROXY] Accepted Connection! 0
[03:27:10] [PROXY] Client is game
[03:27:10] [PROXY] Accepted Connection! 1
[03:27:10] [PROXY] Client is ftp
[03:27:10] [PROXY] FTP Client is downloading lockdown-IX86-15.mpq (6.342kb)
[03:27:10] [PROXY] Got Revision Values Returned!
[03:27:10] Sending Revision Check...
[03:27:10] Revision Check Passed!
[/code]
Eww hewlp!
[/quote]

Battle.net coding isn't my speciality by any means, but you sort of made it sound bad to use starcraft.exe to do the work for you. Is it a bad idea to do so? Or does it just defeat the purpose of emulating the client?

It has several disadvantages:
[list]
[*]It only works on Windows (or Wine if you're really determined)
[*]It requires actually running Blizzard's library, which means you're executing arbitrary code on your machine without the chance to review it.
[*]It requires either automating Starcraft's logon or having a user standing by to perform every logon.
[/list]

[quote author=l)ragon link=topic=15929.msg160351#msg160351 date=1162350445]
pplug114.bwl <--- = what?
did this come with the latest bw patch?

[code]S->C Dumps
0000:  FF 50 3E 00 00 00 00 00 51 1D C1 71 B1 B9 43 00   ÿP>.....QÁq±¹C.
0010:  00 55 2A BC 72 FC C6 01 6C 6F 63 6B 64 6F 77 6E   .U*¼rüÆ
lockdown
0020:  2D 49 58 38 36 2D 30 31 2E 6D 70 71 00 49 9F 62   -IX86-01.mpq.IŸb
0030:  4E 60 80 2B C9 06 31 CB 5C 6C 78 CA 4D 00         N`€+É1Ë\lxÊM...

0000:  FF 50 3E 00 00 00 00 00 C2 EC F9 F9 C5 B9 43 00   ÿP>.....ÂìùùŹC.
0010:  00 7C E3 E5 72 FC C6 01 6C 6F 63 6B 64 6F 77 6E   .|ãårüÆ
lockdown
0020:  2D 49 58 38 36 2D 31 38 2E 6D 70 71 00 7A 58 78   -IX86-18.mpq.zXx
0030:  5D D0 D3 B2 53 2E 6D F1 A0 67 C1 C4 5B 00         ]ÐÓ²S.mñ gÁÄ[...

0000:  FF 50 3E 00 00 00 00 00 E9 CE 8A F2 D1 B9 43 00   ÿP>.....éΊòѹC.
0010:  00 52 6E D0 72 FC C6 01 6C 6F 63 6B 64 6F 77 6E   .RnÐrüÆ
lockdown
0020:  2D 49 58 38 36 2D 30 39 2E 6D 70 71 00 CF 87 F2   -IX86-09.mpq.χò
0030:  49 5C A0 33 15 80 7F B7 5E D9 18 B8 28 00         I\ 3€·^Ù¸(...[/code]

Apparently they like that one single byte heh, 0x01 right befor the mpq name, I'm guessing its their way of telling which revision to use perhaps.
Are the values compressed or encrypted maybe?


Edit: added dumps.
[/quote]

No, the leading eight bytes infront of the MPQ name is the Win32 FILETIME structure of the filetime for the MPQ.

In reference to the penguin plug file you see hardcoded in there, it's not referenced anywhere else withing the lockdown library. So, it might not be enabled yet, or might not ever get enabled. Just what a quick glance at the libraries provided by hdx looks like.

Technical overview of what CheckRevision is doing:

What has not changed:
- How it gets your version, checksum, executable information string.

What has changed:
- Everything else.

Clients affected:
STAR, SEXP, SSHR, JSTR, DRTL, DSHR

Clients unaffected (for now):

D2DV, D2XP, W2BN, WAR3, W3XP


*sigh*

ok some advanced programming theory but would this be even possible to do?:
load starcraft.exe into memory
get proc address of what loads dll/calls CheckRevision()
let starcraft.exe retrieve the checksum/exe info string
read the checksum/exe info string values from starcraft.exe's memory
send away

@ W2BN: I just think they don't care enough for W2BN. If you notice only the clients which have or could potentially have a flood/load/spam bot problem (like not using a cd key for connection) have been affected.

Honestly, I dont think there's an "easy way" around this...better start using War3 for your bots and don't be stupid and make a floodbot (for anyone out there)

I don't think that's really do-able, Shadow

This new update is gay when I try to login with the client it keeps giving me this gay error and I have nothing running where it would error out the checksum, I even reinstalled but it keeps giving me this error.
[img]http://www.bwhacks.com/forums/attachment.php?attachmentid=7302&stc=1&d=1162341396[/img]
edit:I just looked at the starcraft error log to see what was going on and this error log is pretty werid also the verison is 1.0 because I tryed reinstalling sc.

[quote]PROGRAM VERSION: 1.0.0.0
COMPUTER NAME: Owner
TIME: 11/01/06 02:43:23
INFO:

Exception code: C000001E {Invalid Lock Sequence}
An attempt was made to execute an invalid lock sequence.

Fault address: 0A007D88 00:00000000 *unknown*

Registers:
EAX:0A007660
EBX:00B93E3C
ECX:0001C000
EDX:0A0001A0
ESI:00B93E24
EDI:1502E3E4
CS:EIP:001B:0A007D88
SS:ESP:0023:01E4FF06 EBP:01E4FF2F
DS:0023 ES:0023 FS:0038 GS:0000
Flags:00010206
Call stack:
Address  Frame    Logical addr  Module
0A007D88 01E4FF2F 0000:00000000 *unknown*
E4FF5C00 01E4FF5C 0000:00000000 *unknown*

Stack bytes:
0x01e4ff06: 00 2f ff e4  01 ff ff ff  7f ff ff ff  7f ff ff ff  ./..............
0x01e4ff16: 7f ff ff ff  7f 01 00 00  00 00 00 00  00 b0 b0 91  ................
0x01e4ff26: 0a 48 00 00  00 b9 00 6d  6f 5c ff e4  01 00 5c ff  .H.....mo\....\.
0x01e4ff36: e4 01 ff ff  ff 7f ff ff  ff 7f ff ff  ff 7f ff ff  ................
0x01e4ff46: ff 7f 01 00  00 00 00 00  00 00 b0 b0  91 0a 48 00  ..............H.
0x01e4ff56: 00 00 b9 00  6d 6f 20 3e  b9 00 84 19  01 15 60 76  ....mo >......`v
0x01e4ff66: 00 0a 00 c0  01 00 00 40  00 00 3c 3e  b9 00 4c 3e  .......@..<>..L>
0x01e4ff76: b9 00 00 00  00 00 00 00  00 00 00 00  00 00 e4 e3  ................
0x01e4ff86: 02 15 24 3e  b9 00 58 07  b9 00 00 00  00 00 53 07  ..$>..X.......S.
0x01e4ff96: 01 15 00 00  00 00 00 00  00 00 ec ff  e4 01 00 00  ................
0x01e4ffa6: 00 00 20 3e  b9 00 ce 05  00 00 20 3e  b9 00 74 f8  .. >...... >..t.
0x01e4ffb6: 7d 19 3b d3  e7 77 00 00  00 00 00 00  00 00 00 00  }.;..w..........
0x01e4ffc6: 00 00 00 00  00 00 1e 00  00 c0 00 c0  fd 7f c0 ff  ................
0x01e4ffd6: e4 01 34 fb  e4 01 ff ff  ff ff 09 48  e9 77 b8 3d  ..4........H.w.=
0x01e4ffe6: e8 77 00 00  00 00 00 00  00 00 00 00  00 00 60 06  .w............`.
0x01e4fff6: 01 15 00 00  00 00 00 00  00 00 00 00  00 00 b8 00  ................
0x01e50006: 00 00 b8 00  00 00 e5 01  6d 6f 01 00  00 00 13 00  ........mo......
0x01e50016: 00 00 99 9f  00 00 58 00  e5 01 b0 db  e5 01 58 d6  ......X.......X.
0x01e50026: e5 01 00 00  00 00 00 10  00 00 00 f0  00 00 00 00  ................
0x01e50036: 01 00 00 00  00 00 b8 00  00 00 55 3a  5c 53 57 61  ..........U:\SWa
0x01e50046: 72 5c 6c 61  6e 67 5c 63  75 72 2e 63  70 70 00 00  r\lang\cur.cpp..
0x01e50056: 00 00 58 05  05 00 e5 01  6d 6f 05 00  80 00 80 00  ..X.....mo......
0x01e50066: 3f 3f 14 15  8e 00 e5 01  3f 3f 14 15  93 01 e5 01  ??......??......
0x01e50076: 3f 3f 14 15  99 02 e5 01  3f 3f 14 15  a0 03 e5 01  ??......??......
0x01e50086: 3f 3f 14 15  a6 04 e5 01  2a 00 2d 00  31 00 36 00  ??......*.-.1.6.
0x01e50096: 3c 00 43 00  4a 00 53 00  5e 00 69 00  74 00 7f 00  <.C.J.S.^.i.t...
0x01e500a6: 8a 00 99 00  a9 00 bb 00  cd 00 dc 00  ea 00 f6 00  ................
0x01e500b6: ff 00 01 42  93 02 42 42  92 03 42 ba  42 91 04 42  ...B..BB..B.B..B
0x01e500c6: ba ba 42 90  05 42 ba ba  ba 42 8f 01  42 44 ba 01  ..B..B...B..BD..
0x01e500d6: 42 8e 07 42  ba ba 42 ba  ba 42 8d 03  42 ba ba 81  B..B..B..B..B...
0x01e500e6: 04 42 ba ba  42 8c 03 42  ba ba 82 04  42 ba ba 42  .B..B..B....B..B
0x01e500f6: 8b 03 42 ba  ba 83 04 42  ba ba 42 8a  03 42 ba ba  ..B....B..B..B..
0x01e50106: 84 04 42 ba  ba 42 89 03  42 ba ba 85  04 42 ba ba  ..B..B..B....B..
0x01e50116: 42 88 03 42  ba ba 83 02  42 42 81 04  42 ba ba 42  B..B....BB..B..B
0x01e50126: 87 03 42 ba  ba 82 09 42  ba ba 42 42  42 ba ba 42  ..B....B..BBB..B
0x01e50136: 86 03 42 ba  ba 81 0b 42  ba 42 42 ba  ba 42 42 ba  ..B....B.BB..BB.
0x01e50146: ba 42 85 06  42 ba ba 42  ba 42 82 08  42 42 ba ba  .B..B..B.B..BB..
0x01e50156: 42 ba ba 42  84 05 42 ba  ba 75 42 85  02 42 42 44  B..B..B..uB..BBD
0x01e50166: ba 01 42 83  04 42 75 75  42 88 06 42  42 ba ba 75  ..B..BuuB..BB..u
0x01e50176: 42 82 03 42  55 42 8b 05  42 42 ba 55  42 81 02 42  B..BUB..BB.UB..B
0x01e50186: 42 8e 04 42  42 55 42 01  42 91 02 42  42 2a 00 2d  B..BBUB.B..BB*.-
0x01e50196: 00 31 00 36  00 3c 00 43  00 4a 00 53  00 5e 00 69  .1.6.<.C.J.S.^.i
0x01e501a6: 00 74 00 7f  00 8a 00 99  00 a9 00 bb  00 cd 00 dd  .t..............
0x01e501b6: 00 eb 00 f7  00 00 01 01  42 93 02 42  42 92 03 42  ........B..BB..B
0x01e501c6: ba 42 91 04  42 ba ba 42  90 05 42 ba  ba ba 42 8f  .B..B..B..B...B.
0x01e501d6: 01 42 44 ba  01 42 8e 07  42 ba ba 42  ba ba 42 8d  .BD..B..B..B..B.
0x01e501e6: 03 42 ba ba  81 04 42 ba  ba 42 8c 03  42 ba ba 82  .B....B..B..B...
0x01e501f6: 04 42 ba ba  42 8b 03 42  ba ba 83 04  42 ba ba 42  .B..B..B....B..B

Code bytes:
0x0a007d88: f0 49 2b 0a  00 00 00 00  00 00 00 00  c0 00 00 00  .I+.............[/quote]

DeTaiLs, are you running as an administrator or less-privileged user?

[quote author=MyndFyre[vL] link=topic=15929.msg160380#msg160380 date=1162371310]
DeTaiLs, are you running as an administrator or less-privileged user?
[/quote]
Lol if you looked at log it said my login name was owner which usally means admin access, but yes i am an admin account

[quote author=DeTaiLs link=topic=15929.msg160381#msg160381 date=1162371625]
[quote author=MyndFyre[vL] link=topic=15929.msg160380#msg160380 date=1162371310]
DeTaiLs, are you running as an administrator or less-privileged user?
[/quote]
Lol if you looked at log it said my login name was owner which usally means admin access, but yes i am an admin account
[/quote]

You're intentionally running as an administrator when you know that Blizzard is deploying new code that none of us have analyzed yet?  Are you crazy?!  You could easily destroy that machine with one of these downloads...


Anyway, try manually patching Starcraft before signing on.  They may have finally broken the ability to properly upgrade a v1.0 client via battle.net.

Well, with my friends program, a multi-platform bot, seemed to not have a problem logging in. So, from my first look, it turns out Battle.Net is only trying to patch the 'majority' of the programs now. However, when he connected his program, it gave a weird checkrevision response, however it still logged in. I only have minor details at the moment, but this should set a basis as to how to get around this problem.

[quote author=UserLoser link=topic=15929.msg160367#msg160367 date=1162359735]
Honestly, I dont think there's an "easy way" around this...better start using War3 for your bots and don't be stupid and make a floodbot (for anyone out there)

I don't think that's really do-able, Shadow
[/quote]

Well even if it was possible it would not be a practical method for distribution. The idea being that you would need to distribute 'Starcraft.exe' with your bot for it to work. I don't know if you remeber all that drama a few months back with stealthbot getting threatened for carrying and distributing hashes (known now to be a prank). Having a user written library that is not technically the property of blizzard.

@Kp, do you really think blizzard would do that too us? I mean they have never tried before... Worst i'd expect would be an account/cdkey ban.

[quote author=DeTaiLs link=topic=15929.msg160381#msg160381 date=1162371625]
[quote author=MyndFyre[vL] link=topic=15929.msg160380#msg160380 date=1162371310]
DeTaiLs, are you running as an administrator or less-privileged user?
[/quote]
Lol if you looked at log it said my login name was owner which usally means admin access, but yes i am an admin account
[/quote]
It said the Computer Name was Owner, not account name.  Very different things!

Can someone please either split or delete the offtopic posts in this thread, it'd be much more productive to see work pertaining to fixing this issue.

That would be nice... Also, would someone mind documenting the changes in CheckRevision? It's always nice to have a map of the territory you're going to explore, even if the map's sketchy.

I meant a plain-english documentation of what's changed on the exterior. Everyone seems to be going after a quick solution, instead of finding a way to emulate the CheckRevision correctly for as many future changes as we can guess. An accurate emulation won't have to be changed ever again if it is truly accurate. As for an older copy of Starcraft.exe, how much older? one revision down?

Maybe Battle.net will wise up and add in ChanServ like operability.

[quote author=BreW link=topic=15929.msg160443#msg160443 date=1162427468]
I'm trying to find the send 0x51 sub in starcraft.exe
It would be so much easier if my decompiler didn't suck
[/quote]
Use IDA.

W2BN is now seeing the lockdown mpqs

I'll look at it later.

This might be fun... haven't done any bot stuff in quite a while.

[quote author=rob link=topic=15929.msg160416#msg160416 date=1162419840]
I have devised a solution for logging onto bnet with the affected clients.  However, I am not going to disclose any details because I feel that battle.net is a better place without the floods/loads etc that come along with loading starcraft.  I feel that someone else may solve this issue, but I think they should use caution before releasing any information about this patch.
[/quote]

I agree with this sentiment, perhaps more due to that this seems to be an obvious antihack move.  I think that for the immediate future, I'll be declining to post my notes and implementations on what has changed.

In the event that I enable the new version check system on BNLS, the protocol specification has been updated with a new message (BNLS_VERSIONCHECKEX2) that removes the burden of parsing version check module filenames from the client.  This improves future compatibility with new version check mechanisms that may be deployed on Battle.net.  Third-party software implementing the BNLS protocol, especially third-party implementations of the server end of the BNLS protocol, should use this new message to support this (and other) future version check mechanisms that are deployed on Battle.net

The BNLS protocol specification has been updated to reflect this new message.  Please note that for the time being, support for this message has not been enabled on BNLS.

[quote author=NetNX link=topic=15929.msg160387#msg160387 date=1162398415]
@Kp, do you really think blizzard would do that too us? I mean they have never tried before... Worst i'd expect would be an account/cdkey ban.[/quote]

Probably not, but a little extra paranoia cannot hurt. :)

[Edit: add below text.]

[quote author=Warrior link=topic=15929.msg160427#msg160427 date=1162422849]
Can someone please either split or delete the offtopic posts in this thread, it'd be much more productive to see work pertaining to fixing this issue.
[/quote]

Done.  I ended up moving some posts by regulars just to keep the threading consistent.  I did not delete any posts yet.  If anyone feels their post is in the wrong thread, PM me and I'll fix it.

In theory if you were to put the correct information for each file # in the memory space for which bnet checks then it would possibly work right?

That's only part of the equasion, don't forget that the checkrevision values can't be just strings anymore.

[quote author=BreW link=topic=15929.msg160453#msg160453 date=1162434624]
That's only part of the equasion, don't forget that the checkrevision values can't be just strings anymore.
[/quote]
They're still null terminated though.

The protocol itself is exactly the same.
Its just the function that has changed.
This way blizzard does not need to patch SC or any other client they want to put the new patch on.
~-~(HDX)~-~

"The new patch?" I thought the whole point was that it wasn't a patch. :P

bad word choice....
But you get what I mean.
They Fixed things without needing a full patch.
~-~(HDX)~-~

Yes. Quite clever, actually.

No, they did use a patch. They've done it before too. They refer to it as patching on the server-side, as opposed to what is a normal "patch" to us, a clientside patch. For those who don't know (none of you?), CheckRevision is done completely independant of the game itself, except for downloading and calling it, but from a DLL downloaded over Battle.net File Transfer Protocol.

I'm not sure where my old post went, but I feel this is still constructive to ask: UserLoser, does your bot work following this patch, still?

EDIT -
If someone can get me a few packet logs of S>C 0x50, and if available, the corresponding A, B, C values for the valuestrings after decoding, that'd be nice.

You guys think war3 is next?

[quote author=Joe[x86] link=topic=15929.msg160467#msg160467 date=1162447573]
No, they did use a patch. They've done it before too. They refer to it as patching on the server-side, as opposed to what is a normal "patch" to us, a clientside patch. For those who don't know (none of you?), CheckRevision is done completely independant of the game itself, except for downloading and calling it, but from a DLL downloaded over Battle.net File Transfer Protocol.

I'm not sure where my old post went, but I feel this is still constructive to ask: UserLoser, does your bot work following this patch, still?

EDIT -
If someone can get me a few packet logs of S>C 0x50, and if available, the corresponding A, B, C values for the valuestrings after decoding, that'd be nice.
[/quote]
There is no more a, b, or c value and no more valuestring.  The string that used to be a value string is now a seed for a memory hash (basically).

[quote author=Joe[x86] link=topic=15929.msg160467#msg160467 date=1162447573]
No, they did use a patch. They've done it before too. They refer to it as patching on the server-side, as opposed to what is a normal "patch" to us, a clientside patch. For those who don't know (none of you?), CheckRevision is done completely independant of the game itself, except for downloading and calling it, but from a DLL downloaded over Battle.net File Transfer Protocol.

I'm not sure where my old post went, but I feel this is still constructive to ask: UserLoser, does your bot work following this patch, still?

EDIT -
If someone can get me a few packet logs of S>C 0x50, and if available, the corresponding A, B, C values for the valuestrings after decoding, that'd be nice.
[/quote]

You can't refer to an update as purely server-side if it requires updates be made on the client-side as well.

So, basically the change is that it requests a value in memory and expects correct information from that memory location... Effectively destroying the ability to use hacking tools that edit memory and getting rid of bots... both seem to be temporary setbacks, since you can enable hack tools after logging in... and bots will eventually spoof this somehow (i hope)....

Also, I'm sure they'll eventually change all these over like they did for the old-new ver-ix86-# naming.

Also #2, it doesn't update on the client side. It just downloads different files than it did before. Since the files are never stored for longer than it takes to run them, they're not part of the program, thus, not updated. I guess it's actually a matter of opinion, and NOT IMPORTANT.

It's an update, christ. The reason it does not require any physical changes to the game files is because they just incorporated it into the existing logon method. The a, b and c values, as well as the value string, are all gone like MyndFyre said. They took out the value string, and replaced it with this so called seed value. CheckRevision is still exported, and still called in the same manner that it used to be.

[quote author=RealityRipple link=topic=15929.msg160473#msg160473 date=1162449429]
Also, it doesn't update on the client side. It just downloads different files than it did before. Since the files are never stored for longer than it takes to run them, they're not part of the program, thus, not updated. I guess it's actually a matter of opinion, and NOT IMPORTANT.
[/quote]

The client only downloads the checkrevision files if one does not currently exist in BNCache.dat or if the one that does exist is outdated.

So we just need to spoof that CheckRevision correctly. Then if/when they change it again, we'll just wait around some more, have the same discussions on it again, and eventually spoof it correctly, too. Isn't there a more accurate way to spoof these things?

And like i said, IT'S NOT IMPORTANT IF IT'S AN UPDATE OR NOT.

Some more things of note:
It would seem that No-CD cracks will no longer work, as they edit certain values in Storm.dll. These values are now checked as part of the CheckRevision, so they fail. The only way to play without a CD is with a mounted ISO.
Hacks can no longer be turned on until after you log in to Battle.net. Same reason as above.
It doesn't make sense that they'd only check on login, but it will hinder some people... SC supposedly has warden inside it now, and the new CheckRevision gets rid of the ability to disable warden through editing a value (similar to the no-cd). It follows that they most likely will update d2 and war3 soon.

It's interesting to log in and see how empty channels are...

If I can throw my 2-cents in, when one of you do create a solution please don't open-source it. I'm not suggesting just keep it to yourself, but possibly hand it to trusted few or something (Hdx, Ringo, w/e). This has solved a lot of the flooding issues with battle.net and it would be nice to see that these bots do not come back.

@DeTails: ws2_32.dll is the library for Winsock 2. I'm not sure about the erroring.

[quote author=FrOzeN link=topic=15929.msg160479#msg160479 date=1162454156]
If I can throw my 2-cents in, when one of you do create a solution please don't open-source it. I'm not suggesting just keep it to yourself, but possibly hand it to trusted few or something (Hdx, Ringo, w/e). This has solved a lot of the flooding issues with battle.net and it would be nice to see that these bots do not come back.

@DeTails: ws2_32.dll is the library for Winsock 2. I'm not sure about the erroring.
[/quote]

Yeesh, have I been absent from the bot 'market' so long that those are the examples of "trusted few?" Eeek.

Anyways, I think most if not all of the people I expect might be able to figure this out in a timely fashion share that sentiment. Although most of them probably don't care by this point. Or it was trivial enought that they've already solved it.

[quote author=Zakath link=topic=15929.msg160481#msg160481 date=1162455050]
[quote author=FrOzeN link=topic=15929.msg160479#msg160479 date=1162454156]
..., but possibly hand it to trusted few or something (Hdx, Ringo, w/e). ...
[/quote]

Yeesh, have I been absent from the bot 'market' so long that those are the examples of "trusted few?" Eeek.

Anyways, I think most if not all of the people I expect might be able to figure this out in a timely fashion share that sentiment. Although most of them probably don't care by this point. Or it was trivial enought that they've already solved it.
[/quote]I specifically picked two people who I'd considered would be trusted with it, and are probably* just short of the knowledge to be able to solve this themselves.

I just think it would be best, as a community we are able to share knowledge around as well as preventing the abuse of it. I'm avoiding listing all the names who'd I'd consider as I wouldn't consider myself as someone here in the position of making that decision, as many of you would probably agree with. I'm also trying to keep it concise without making it look as if I'm thinking too far ahead as we don't currently* have that knowledge, just trying to assure when it is attained that it doesn't popup everywhere suddenly and then lead to abuse.

This thread went from being interesting, and productive, to being horribly off-topic and wasteful.

To get this back on the right track, anyone have some sample seed values to be passed to CheckRevision?

[quote author=warz link=topic=15929.msg160499#msg160499 date=1162503223]
To get this back on the right track, anyone have some sample seed values to be passed to CheckRevision?
[/quote]

I answered your question before you asked it

"\xff\xbe'\xb2\x8ft\x8e-\x9c\xb0\xd2^\xd6\x9f@\xc3"

Edit:

and here's some more, and the MPQ it corresponds to:

\x90_&}^\x1a\xd2\xcc\x1d6\xa9\xa7~o3] lockdown-IX86-02.mpq
\xd5\xf3\xf8G\xac)&\x04\xdd@\x98OS\xd1e\x1a lockdown-IX86-08.mpq
\xba}\xce\x01\x83\xb5\xe1\xec\x04u\xd3g\xcd\xb0S\xf6 lockdown-IX86-02.mpq
\xa9\x8c\xf7\xf7\xdbYu\xafdb\x8f\xdbt\xb7+ lockdown-IX86-04.mpq
\xf5\xaa\x9eTpv\xbe0\xd3\xeca\xbe\xb75\x9a\xca lockdown-IX86-12.mpq
\xef\xfc\xbc\xe1\xa1#\xbef)s|x`B\xd7\xcf lockdown-IX86-04.mpq
\x0f\xd6\xbd\xfb\x93\x0c\t\xf9r\x82\x10g\xaa\xca\xbfl lockdown-IX86-02.mpq
\xdc\x85\x06\x13a\xb9\xdf\xce\\v\x82\xf0}\x05\xbe\xc4 lockdown-IX86-18.mpq

You surely do have some crazy looking string values there. :-P
These are the two I've been working with...

char seed00[] = { 0xAD, 0x09, 0xEA, 0xB3, 0x63, 0x41, 0x98, 0xA2, 0xF8, 0xE2, 0xA8, 0xB3, 0x99, 0xC2, 0xCB, 0xB2, 0x00 };
char seed13[] = { 0xD8, 0x85, 0xA8, 0x15, 0x91, 0x23, 0x10, 0x26, 0x2D, 0x22, 0x55, 0xC3, 0x91, 0x62, 0x37, 0xD9, 0x00 };

[code]00
A3 10 AD 4F 97 A7 F6 A4 9B DE 5E F5 5B 3D B5 EF 00
CE 4F F8 EC 20 AC 60 D2 A3 63 A9 2A CA 80 A3 6B 00

05
3B 04 51 FF 6E 79 AF 9C EA 87 A7 8C ED A2 EB AB 00

06
B8 27 1E DD AD 58 26 1A 69 60 80 CD 3C 98 1B F0 00
82 7A 8B 92 A1 86 23 20 53 7F 71 93 21 B0 57 8E 00

08
5E C8 9C 82 92 3F 4A 83 AA 8F 25 93 91 38 CC 73 00
B7 1C 98 62 DC F9 E1 FC 38 35 D3 B6 B4 82 DD E3 00

10
3B EB 99 F4 B8 E1 09 0E 4C D6 BB 33 B2 EB 6B C4 00

14
AC 10 BB 6E 52 B3 36 C2 6E E4 16 C4 8F F0 64 2E 00

15
DC 98 46 72 D2 1F 11 E4 E1 EF 05 E5 92 EE DD 3A 00

19
5B 3F FF B0 7D 7D 8E F8 27 7B CF 81 08 31 CA 7F 00[/code]

I stopped getting values because it appears to be a waste of time.

warz, im me.

[quote author=Ersan link=topic=15929.msg160511#msg160511 date=1162512833]
Can you morons please shut the fuck about that crap, this thread is about reversing the new changes.

Yes, you can download the mpq from bnftp and extract the dll and run the function, but this requires starcraft to be running for you to connect your bot and is not good enough.
[/quote]

It requires Starcraft to be running? This also means that you could just hook starcraft.exe as Ringo did, correct? Or did something just fly right over my head?

You can't hook Starcraft until after it logs in (old NBBot style, anyone?) because the new check revision examines the memory.  If you download, extract, and run the check revision from BNFTP with Starcraft open, it will work fine.  Then you can close Starcraft.  What would be nice is to find a way to just logon without needing Starcraft open at all.

[quote author=rabbit link=topic=15929.msg160514#msg160514 date=1162515739]
You can't hook Starcraft until after it logs in (old NBBot style, anyone?) because the new check revision examines the memory.  If you download, extract, and run the check revision from BNFTP with Starcraft open, it will work fine.  Then you can close Starcraft.  What would be nice is to find a way to just logon without needing Starcraft open at all.
[/quote]
Dump starcrafts memory to a file.

C'mon guys, think about this for a minute. If you're receiving this seed value from bnet, and it's known that the exact value from bnet is passed to checkrevision without being modified, and checkrevision returns values based on this seed - doesn't it sound probable that the problem here is not the seed value? The problem lies in what checkrevision does, and certain functions it calls to check certain things - what's storm 350, anyone?

The seed value most likely only affects the returned values. For example, it probably uses this seed for certain calculations within checkrevision.

[quote author=Ersan link=topic=15929.msg160511#msg160511 date=1162512833]
Can you morons please shut the fuck about that crap, this thread is about reversing the new changes.

Yes, you can download the mpq from bnftp and extract the dll and run the function, but this requires starcraft to be running for you to connect your bot and is not good enough.
[/quote]

No...Starcraft does not have to be running.  There is a way to do this.

With a stock lockdown MPQ?

I tried calling the lib when starcraft was running but it didn't work. returned 0 for checksum

This is a packet log from the client.

[code]
HIDDEN  HIDDEN 62  Recv 
0000  FF 50 3E 00 00 00 00 00 C3 3E B8 E3 73 74 2F 00    .P>......>..st/.
0010  00 09 EF C0 72 FC C6 01 6C 6F 63 6B 64 6F 77 6E    ....r...lockdown
0020  2D 49 58 38 36 2D 30 33 2E 6D 70 71 00 CA 55 DB    -IX86-03.mpq..U.
0030  69 B3 E5 DA 54 D7 D9 5F 5B 2C D1 E4 B1 00          i...T.._[,....
[/code]

This is a packet log from a bot.

[code]
HIDDEN  HIDDEN  62  Recv 
0000  FF 50 3E 00 00 00 00 00 EF E1 1D 69 75 76 05 00    .P>........iuv..
0010  00 09 EF C0 72 FC C6 01 6C 6F 63 6B 64 6F 77 6E    ....r...lockdown
0020  2D 49 58 38 36 2D 30 33 2E 6D 70 71 00 BF E9 2D    -IX86-03.mpq...-
0030  1E CF 67 D7 49 82 18 AF 46 23 F1 B7 29 00          ..g.I...F#..).
[/code]

Not sure if this is helpful to anyone, but if it is than here ya go.

[quote author=Ersan link=topic=15929.msg160543#msg160543 date=1162529418]
With a stock lockdown MPQ?
[/quote]

No, I think I've already mentioned hooking certain API calls. This checkrevision uses both unicode and ansi versions of getmodulefilename, and uses getmodulehandle.

You can logon using PMAC, in case anyone doesn't know...  This is the 'super secret solution' everyone is going on about.  This is also how SBFix.exe works.  You need mac hashes though, good luck finding them.

Whether they're going to patch pmac or not, I have no idea.  I don't think they're having big problems with cheaters on mac.

[quote author=Ersan link=topic=15929.msg160556#msg160556 date=1162563872]
You can logon using PMAC, in case anyone doesn't know...  This is the 'super secret solution' everyone is going on about.  This is also how SBFix.exe works.  You need mac hashes though, good luck finding them.

Whether they're going to patch pmac or not, I have no idea.  I don't think they're having big problems with cheaters on mac.
[/quote]

Yeah. I'm not surprised that all the "1337" bot building kiddies couldn't figure it out and decided to change the login to "PMAC"... nobody posted an open source solution yet!

Problem, Ersan: When they realize that the number of PMAC clients outnumber their X86 clients, they'll catch on and patch it! :P

[quote author=Newby link=topic=15929.msg160557#msg160557 date=1162564939]
[quote author=Ersan link=topic=15929.msg160556#msg160556 date=1162563872]
You can logon using PMAC, in case anyone doesn't know...  This is the 'super secret solution' everyone is going on about.  This is also how SBFix.exe works.  You need mac hashes though, good luck finding them.

Whether they're going to patch pmac or not, I have no idea.  I don't think they're having big problems with cheaters on mac.
[/quote]

Yeah. I'm not surprised that all the "1337" bot building kiddies couldn't figure it out and decided to change the login to "PMAC"... nobody posted an open source solution yet!

Problem, Ersan: When they realize that the number of PMAC clients outnumber their X86 clients, they'll catch on and patch it! :P
[/quote]

O_o why not XMAC?

Because I'd assume osx-x86 addresses memory in the same fashion that windows does so it'll be easier for them to patch.

Savior was on a pvpgn server, this is obvious.

Has anyone started reversing the new checkrevision or are we pretending using mac is a valid solution?

I don't see how it wouldn't be considered as a valid solution, at least temporarily. But, Savior was not on a PVPgn server. I can promise you his account was banned, and it was on USEast in the channel Op Legacy. Why do you have to be so stubborn?

PMAC hashes for SC: (exe.hfd = starcraft.exe, dll1.hfd = storm.dll, dll2.hfd = battle.snp)
www.energydl.com/shadow/hfdler/STAR/
PMAC hashes for W2: (exe.hfd = Warcraft II BNE.exe, dll1.hfd = storm.dll, dll2.hfd = battle.snp)
www.energydl.com/shadow/hfdler/W2BN/

(I extracted these from the .sit files on blizzard's pub ftp)

As was said before, it is not likely that blizzard will patch the mac version, due to the fact that technically no public mac hacks are really out there, and this was an anti-hack move not an anti-bot move. So I guess it is a valid solution until blizzard gets humongous amount of sand in their vagina.

EDIT: I will also be attempting to get the hashes for the other affected clients as well.

Why PMAC, not XMAC? As Ersan said, it will be easier to patch XMAC, and also more users are on XMAC nowadays. So if Blizzard is concerned with patching the mac checkrevision, they will most likely do XMAC first. Also, i don't think w2/d1 clients have version for XMAC...?

EXEInfo
[code]W2BN:
    EXEInfo = "Warcraft II BNE 05/17/106 15:00:00 931587"
    EXEVersion = 825372722
STAR:
    EXEInfo = "Starcraft 05/17/106 15:00:00 1597754"
    EXEVersion = 1229482313[/code]

[quote author=l2k-Shadow link=topic=15929.msg160573#msg160573 date=1162581739]
PMAC hashes for SC: (exe.hfd = starcraft.exe, dll1.hfd = storm.dll, dll2.hfd = battle.snp)
www.energydl.com/shadow/hfdler/STAR/
PMAC hashes for W2: (exe.hfd = Warcraft II BNE.exe, dll1.hfd = storm.dll, dll2.hfd = battle.snp)
www.energydl.com/shadow/hfdler/W2BN/

(I extracted these from the .sit files on blizzard's pub ftp)

As was said before, it is not likely that blizzard will patch the mac version, due to the fact that technically no public mac hacks are really out there, and this was an anti-hack move not an anti-bot move. So I guess it is a valid solution until blizzard gets humongous amount of sand in their vagina.

EDIT: I will also be attempting to get the hashes for the other affected clients as well.

Why PMAC, not XMAC? As Ersan said, it will be easier to patch XMAC, and also more users are on XMAC nowadays. So if Blizzard is concerned with patching the mac checkrevision, they will most likely do XMAC first. Also, i don't think w2/d1 clients have version for XMAC...?
[/quote]
Dosen't PMAC still use the old checkrevision.

yes.. that's the whole point.

[quote author=l2k-Shadow link=topic=15929.msg160593#msg160593 date=1162600189]
yes.. that's the whole point.
[/quote]
By old I mean yobguls old.

[quote author=BreW link=topic=15929.msg160595#msg160595 date=1162600270]
shadow, i hope you know both XMAC and PMAC use the same checkrevision
the whole reason of him posting was to point out that XMAC is more likely to get patched because of it's ablility to read memory (unlike PMAC)
[/quote]

you're repeating after people, again.

[quote author=BreW link=topic=15929.msg160595#msg160595 date=1162600270]
shadow, i hope you know both XMAC and PMAC use the same checkrevision
[/quote]
no shit? -- it's different files but they do the same thing.
[quote author=BreW link=topic=15929.msg160595#msg160595 date=1162600270]
the whole reason of him posting was to point out that XMAC is more likely to get patched because of it's ablility to read memory (unlike PMAC)
[/quote]
i'm sure it can read memory, ersan said he thinks it is easier to port the IX86 to XMAC because they read the memory in the same fashion.

you need to learn how to process given information.

well im sure if anything if they do check webpages it would be from the people that whine about it on the blizzard forums.

  Even if so, I think www.bwhacks.com is one of the most popular battle.net hack websites around full of all sorts of forums about programming, reverse engineering battle.net ect.. let alone full public hack releases. =\
people even whine about that site on the battle.net forums and there still up. so i really don't see why they would even look these forums if they havent even took that one down. ;\

  But still in my opinion (wether right or wrong) I don't see any reason why a rep would even care to see what other people are talking about, its not like its there JOB to search websites, or like anyone would actually wanna do some extra work for there company and be like "THESE KIDS ON THIS FORUM ARE MAKIN BOTS, LETS BAN THEM!" lol.

  i dunno anymore... im sorta out of it at the moment... don't mind me.

[quote author=BaDaSs link=topic=15929.msg160574#msg160574 date=1162583938]
EXEInfo
[code]W2BN:
    EXEInfo = "Warcraft II BNE 05/17/106 15:00:00 931587"
    EXEVersion = 825372722
STAR:
    EXEInfo = "Starcraft 05/17/106 15:00:00 1597754"
    EXEVersion = 1229482313[/code]
[/quote]
Exicutable version of War2 bne can be figured out better than that.
eg.
Last 4 bytes of war2's pmac exe
0x01020002
can be easly turned into
0x31323032
which = 825372722 in dec

Does anyone have the ver-PMAC-?.mpq files? I'd like them please.

[quote author=inner.de link=topic=15929.msg160604#msg160604 date=1162606006]
Does anyone have the ver-PMAC-?.mpq files? I'd like them please.
[/quote]

Battle.net has them, download them.

Side note ->>
    EXEVersion = 1229482313

Are these values right?
If they are do any of you see an obvious way to calculate sc's version value?
Assumeing it also use's the last 4 bytes
SC:
0x00001401

[quote author=inner.de link=topic=15929.msg160604#msg160604 date=1162606006]
Does anyone have the ver-PMAC-?.mpq files? I'd like them please.
[/quote]

http://advancedcontent.net/topaz/etc/ver-PMAC-n.zip
http://advancedcontent.net/topaz/etc/ver-XMAC-n.zip
http://advancedcontent.net/topaz/etc/ver-IX86-n.zip
http://advancedcontent.net/topaz/etc/lockdown-IX86-n.zip

http://advancedcontent.net/topaz/etc/lockdown-IX86-n-d.zip

Edit: Included lockdown-IX86-n.zip and its dlls.

bnftp
[code]echo off
mkdir lockdown-IX86-##.mpq
cd lockdown-IX86-##.mpq
"../bnftp" uswest.battle.net lockdown-IX86-00.mpq
"../bnftp" uswest.battle.net lockdown-IX86-01.mpq
"../bnftp" uswest.battle.net lockdown-IX86-02.mpq
"../bnftp" uswest.battle.net lockdown-IX86-03.mpq
"../bnftp" uswest.battle.net lockdown-IX86-04.mpq
"../bnftp" uswest.battle.net lockdown-IX86-05.mpq
"../bnftp" uswest.battle.net lockdown-IX86-06.mpq
"../bnftp" uswest.battle.net lockdown-IX86-07.mpq
"../bnftp" uswest.battle.net lockdown-IX86-08.mpq
"../bnftp" uswest.battle.net lockdown-IX86-09.mpq
"../bnftp" uswest.battle.net lockdown-IX86-10.mpq
"../bnftp" uswest.battle.net lockdown-IX86-11.mpq
"../bnftp" uswest.battle.net lockdown-IX86-12.mpq
"../bnftp" uswest.battle.net lockdown-IX86-13.mpq
"../bnftp" uswest.battle.net lockdown-IX86-14.mpq
"../bnftp" uswest.battle.net lockdown-IX86-15.mpq
"../bnftp" uswest.battle.net lockdown-IX86-16.mpq
"../bnftp" uswest.battle.net lockdown-IX86-17.mpq
"../bnftp" uswest.battle.net lockdown-IX86-18.mpq
"../bnftp" uswest.battle.net lockdown-IX86-19.mpq

cd ..
mkdir ver-IX86-#.mpq
cd ver-IX86-#.mpq
"../bnftp" uswest.battle.net ver-IX86-0.mpq
"../bnftp" uswest.battle.net ver-IX86-1.mpq
"../bnftp" uswest.battle.net ver-IX86-2.mpq
"../bnftp" uswest.battle.net ver-IX86-3.mpq
"../bnftp" uswest.battle.net ver-IX86-4.mpq
"../bnftp" uswest.battle.net ver-IX86-5.mpq
"../bnftp" uswest.battle.net ver-IX86-6.mpq
"../bnftp" uswest.battle.net ver-IX86-7.mpq


cd ..
mkdir ver-PMAC-#.mpq
cd ver-PMAC-#.mpq
"../bnftp" uswest.battle.net ver-PMAC-0.mpq
"../bnftp" uswest.battle.net ver-PMAC-1.mpq
"../bnftp" uswest.battle.net ver-PMAC-2.mpq
"../bnftp" uswest.battle.net ver-PMAC-3.mpq
"../bnftp" uswest.battle.net ver-PMAC-4.mpq
"../bnftp" uswest.battle.net ver-PMAC-5.mpq
"../bnftp" uswest.battle.net ver-PMAC-6.mpq
"../bnftp" uswest.battle.net ver-PMAC-7.mpq


cd ..
mkdir ver-XMAC-#.mpq
cd ver-XMAC-#.mpq
"../bnftp" uswest.battle.net ver-XMAC-0.mpq
"../bnftp" uswest.battle.net ver-XMAC-1.mpq
"../bnftp" uswest.battle.net ver-XMAC-2.mpq
"../bnftp" uswest.battle.net ver-XMAC-3.mpq
"../bnftp" uswest.battle.net ver-XMAC-4.mpq
"../bnftp" uswest.battle.net ver-XMAC-5.mpq
"../bnftp" uswest.battle.net ver-XMAC-6.mpq
"../bnftp" uswest.battle.net ver-XMAC-7.mpq

cd ..[/code]
~-~(HDX)~-~

This thread has been successfully transformed into the mac logon method thread. Fun.

[quote author=BreW link=topic=15929.msg160619#msg160619 date=1162610624]
it's the only thing we've got atm
[/quote]

Hmm, well, he seems to have said something that I actually agree with to an extent.

The Mac logon is currently the method that seems to be most popular to solving the current problem. However, a few others have apparently solved the problem without using the Mac logon as their solution. Although this is a method popularly being used, it should be known that we should not become dependent on it. Use it while you can, and in the meantime continue to work on a real solution.

Okay: I'v quit decompiling starcraft.exe, because doesn't help whatsoever with anything, and just proves how much of an idiot I am. the patch is server side, or otherwise we would have to download a new patch (d'oh). HOWEVER this means the connection seqence of hasn't changed to that great of an extent of which would warrant a client side patch, and if starcraft.exe can do it without a patch, I'm sure we can too. If you think about it, decompiling starcraft may still help.

[quote author=topaz link=topic=15929.msg160609#msg160609 date=1162607956]
[quote author=inner.de link=topic=15929.msg160604#msg160604 date=1162606006]
Does anyone have the ver-PMAC-?.mpq files? I'd like them please.
[/quote]

http://advancedcontent.net/topaz/etc/ver-PMAC-n.zip
http://advancedcontent.net/topaz/etc/ver-XMAC-n.zip
http://advancedcontent.net/topaz/etc/ver-IX86-n.zip
http://advancedcontent.net/topaz/etc/lockdown-IX86-n.zip

http://advancedcontent.net/topaz/etc/lockdown-IX86-n-d.zip

Edit: Included lockdown-IX86-n.zip and its dlls.

[/quote]
Any chance you have the .dll's for PMAC?

here you go, extracted files:
www.energydl.com/shadow/hfdler/ver-PMAC.zip
www.energydl.com/shadow/hfdler/ver-XMAC.zip

Can I just clarify - as far as I can tell from reading these threads, there is no public update for BNLS-enabled bots as yet?

[quote author=Logitech link=topic=15929.msg160647#msg160647 date=1162626635]
Can I just clarify - as far as I can tell from reading these threads, there is no public update for BNLS-enabled bots as yet?
[/quote]

You can log on using PMAC hashes. As for IX86, we are currently working on this.

very intresting topic indeed.

With more guesses and a few more trial and errors then you can get somewhere.

[quote author=Spilled link=topic=15929.msg160648#msg160648 date=1162627706]
[quote author=Logitech link=topic=15929.msg160647#msg160647 date=1162626635]
Can I just clarify - as far as I can tell from reading these threads, there is no public update for BNLS-enabled bots as yet?
[/quote]

You can log on using PMAC hashes. As for IX86, we are currently working on this.
[/quote]

Ok, thanks. My bot does not use local hashing though, so I may just wait patiently hoping that BNLS is publically updated. Then again, I may have a long wait?

you could logon diablo2 for the mean time using bnls (It's not that hard to ask somone for a d2 key is it)
I'm sure it won't take more than a few weeks to update bnls properly.

Hdx swapped his JBLS to use mac hashes, www.jbls.org

Note that using Mac verchecks with the BNLS protocol will break compatibility with BNLS, if and when BNLS has the new version check support enabled.

BNLS doesn't currently support mac in versioncheck, does it?

And why is the lockdown-IX86-XX.mpq timestamp necessary for determining checkrevision, shouldn't bnls have the timestamps already?

Unless you anticipate different versions of the mpq with the same filename but that doesn't make sense because of BNCache.dat (Blizzard wouldn't release an mpq with a conflicting filename in the event that a client uses the cache'd version and fails, i think?)

[quote author=dope link=topic=15960.msg160663#msg160663 date=1162651151]
you could logon diablo2 for the mean time using bnls (It's not that hard to ask somone for a d2 key is it)
I'm sure it won't take more than a few weeks to update bnls properly.
[/quote]

BNLS is working with D2 right now?

yes I'm logged on Europe with d2 on BNLS.

[quote author=Ersan link=topic=15960.msg160669#msg160669 date=1162659806]
BNLS doesn't currently support mac in versioncheck, does it?

And why is the lockdown-IX86-XX.mpq timestamp necessary for determining checkrevision, shouldn't bnls have the timestamps already?

Unless you anticipate different versions of the mpq with the same filename but that doesn't make sense because of BNCache.dat (Blizzard wouldn't release an mpq with a conflicting filename in the event that a client uses the cache'd version and fails, i think?)
[/quote]

It's possible.  If the client does a strict equality check, it will recognize that the cached version is too new and download an older versioning library instead.  Even if it doesn't (i.e. it checks "age(cached) >= age(proposed)"), Blizzard might have different libraries on different clusters.  As long as clients stay on a single cluster, there'd be no problems.

[quote author=Ersan link=topic=15960.msg160669#msg160669 date=1162659806]
BNLS doesn't currently support mac in versioncheck, does it?

And why is the lockdown-IX86-XX.mpq timestamp necessary for determining checkrevision, shouldn't bnls have the timestamps already?

Unless you anticipate different versions of the mpq with the same filename but that doesn't make sense because of BNCache.dat (Blizzard wouldn't release an mpq with a conflicting filename in the event that a client uses the cache'd version and fails, i think?)
[/quote]

BNLS always uses the PC version check files, and all BNLS clients expect to receive version check data for PC version check files.  Switching it over to Mac would be a gross protocol violation with severe backwards compatibility implications.

The reason why the filetime and filename shall be sent to BNLS is so that BNLS always has the same amount of information that a real Battle.net-enabled game would get from Battle.net.  This allows for the ability to update BNLS (without altering any BNLS clients) to compensate for things that have previously required client-side changes to BNLS-enabled emulator clients.  It is primarily intended as a future-compatibility mechanism for any later changes made to the system by Blizzard.

What format is the timestamp in?

A count of 100-nanosecond intervals since Jan 01, 1601 UTC that is divided into two 32-bit halves.  You should be able to directly copy this data when sending it to BNLS.

You could've said FILETIME

Oh it's in 0x50 s->c, nevermind all that.

Just a little note, I don't want to start a big argument.
But 95% of my userbase is Stealthbot... So for the time being WC2, SC, D1, and SSHR report the mac revison.
Once we figure out how to implement the new lockdown-IX86 crev, I will revert everything back to IX86 files.
Tho, I will continue to support Power PC and OSX version checks along side IX86 in 0x1A. I don't see how this would break some backward compatibility.  (Yes it would make the user have to make a choice to use only my server for pmac connections... but I don't see a problem with that, but this is no more then adding more products)

Also, quick question? What would BNLS do when it encounters a PMAC/XMAC archive? just return failed?
On a lighter note: I have been working on lockdown... and i'm getting a better understanding, yet i'm still far off.
~-~(HDX)~-~

Yeah are you going to support PMAC/XMAC archives in 0x1A?

Not initially, as there is no reason to support them.  I may create a mechanism to request the Mac vercheck files, but I do not at present want to maintain both PC and Mac filesets.

[quote author=warz link=topic=15960.msg160617#msg160617 date=1162609875]
This thread has been successfully transformed into the mac logon method thread. Fun.
[/quote]

You honestly didn't have faith in anyone here (besides a few) actually solving this, did you?

BNLS support for the PC version check files is expected to be released today.

Client authors are encouraged to review the new BNLS_VERSIONCHECKEX2 message in the official protocol specification, which is the recommended way to use the new version check system.

For a select few products, BNLS will enable a compatibility mode where it will attempt to make a best guess as to which version check system is used (for the old messages supplying a dll version number).  It is recommended that clients transition to the new message for maximum future compatibility, however.  The new message will allow BNLS to adjust for any future changes to the version check system with a minimum chance of BNLS clients needing modifications.

Please note that at this time, there is no support for using the Mac version check files with BNLS.  The PC version check files are sufficient for use with BNLS, and there is no reason to maintain three parallel sets of version check files when one will suffice.

Therefore, any clients using BNLS should continue to assume that they are receiving version check data for the PC products and not Mac products.  As a result, I cannot recommend the use of third party servers that do not conform to the BNLS protocol and supply version check data for products associated with the wrong platform, as this is a breaking change that negatively impacts backwards compatibility with existing clients.

[quote author=Newby link=topic=15960.msg160689#msg160689 date=1162665642]
[quote author=warz link=topic=15960.msg160617#msg160617 date=1162609875]
This thread has been successfully transformed into the mac logon method thread. Fun.
[/quote]

You honestly didn't have faith in anyone here (besides a few) actually solving this, did you?
[/quote]

I think that he's more concerned with the work ethic than the actual ability to produce.

Skywing: You shouldn't be treating a filetime as a ULONGLONG, it can sometimes fault because of misaligned pointers when casting from filetime to ulonglong and it's not really correct.

It is treated as two 32-bit halves by BNLS.

k your doc says (ULONGLONG) Timestamp for version check archive.

[quote author=Lord[nK] link=topic=15960.msg160698#msg160698 date=1162672425]
I think that he's more concerned with the work ethic than the actual ability to produce.
[/quote]

I meant that, too, in a way; I guess I meant both. Everybody gave up once they found a kludge. I didn't expect anybody to actually know how to solve it.

They're content with a crappy solution, versus an elegant, efficient, "correct" (I suppose that's a good word) solution.

[quote author=Newby link=topic=15960.msg160708#msg160708 date=1162683601]
[quote author=Lord[nK] link=topic=15960.msg160698#msg160698 date=1162672425]
I think that he's more concerned with the work ethic than the actual ability to produce.
[/quote]

I meant that, too, in a way; I guess I meant both. Everybody gave up once they found a kludge. I didn't expect anybody to actually know how to solve it.

They're content with a crappy solution, versus an elegant, efficient, "correct" (I suppose that's a good word) solution.
[/quote]
Actually I believe a few people have allready figured it out, its just a matter of weather or not they deside to post it or keep it to themselves.

Edit:
Also, supporting other login types should not be considered incorrect.

[quote author=l)ragon link=topic=15960.msg160712#msg160712 date=1162685300]
Actually I believe a few people have allready figured it out, its just a matter of weather or not they deside to post it or keep it to themselves.
[/quote]

I meant "Everyone" as in everyone that is working to post a solution. I don't mean people like Skywing, UserLoser, etc., people who are smart enough to figure it out and won't post a solution. (Or in the case of Skywing, just updates BNLS.)

[quote author=l)ragon link=topic=15960.msg160712#msg160712 date=1162685300]
Edit:
Also, supporting other login types should not be considered incorrect.
[/quote]

I never said it was "incorrect," but you're not on a PMAC architecture, so you're reporting false information. A bot is supposed to emulate the client as closely as possible, correct?

No, I have not givin up on reversing the new function.
I jsut don't have the skills or experiance to do it. (I've got a few things, nothing good)
So no, not EVERYONE has stoped working on it.
As for reporting diffrent architectures..... This goes into the whole "How much do you wana do correctly" debate.
Theres people out there that JUST  want to get it working, no matter how far away from the client it is.
Then theres people like me who emulate the client almost exactly, I acutally do everything EXACTLY like D1 does it for my D1 connection. (That includes reporting things that are no longer used on bnet, downloaidng, extracting, and useing the dll, etc..) Now it no longer works.

It all depends on how much you want to do.
~-~(HDX)~-~

Skywang you gonna enable that anytime soon?

[quote author=Hdx link=topic=15960.msg160716#msg160716 date=1162686445]
Theres people out there that JUST  want to get it working, no matter how far away from the client it is.
[/quote]

That would include 90% of the Battle.net bot developers here. ::)

Support for the new-style lockdown version check mechanism is in the process of being deployed to BNLS.  Functionality for Starcraft/Brood War is currently enabled, and War2 is to come as I get access to a working installation.

Although you can continue to access the version check feature for these products using the old-style version check messages (BNLS_VERSIONCHECK, BNLS_VERSIONCHECKEX), it is highly recommended that you upgrade to BNLS_VERSIONCHECKEX2 as quickly as possible.  BNLS_VERSIONCHECKEX2 allows BNLS to decide which version check mechanism to use, instead of guessing that it is always enabled for Starcraft / Brood War.  This allows maximum future compatibility with any later changes to the version check system.

I'm gonna pretend replaced didn't say all that...

@Skywing:
Hey whaddya know it works.

What do you need from the war2 installation?

[quote author=replaced link=topic=15960.msg160744#msg160744 date=1162704266]
can we get a non-bnls solution here?
I don't want the days when you HAD to load stealthbot to load a damn war3 bot up since bnls wants control.

Now who here has the power mac sc hash files?  ;D

If i don't see this posted on here soon, i'll run a damn emulator just to get these hash files!  Or buy a powermac on ebay.

Now, do the 0-7 pmac files give out different solutions than the ix86 counterparts?
[/quote]

You are welcome to reverse engineer a complete implementation of the new vercheck mechanism, or a way to call the Blizzard code, if you so desire.

If you do not want to do that, then BNLS is an option that is available to you.

Given that the system appears to be designed to stop certain types of game hacks, I do not feel that it would be in the general public interest to release details as to how the new system works.  As a result, I would like to retain the ability to block access to things like game hacks that might try to use BNLS to avoid detection.

But BNLS doesn't require an account to use now, so how would you go about blocking an application that uses BNLS?

[quote author=Ersan link=topic=15960.msg160749#msg160749 date=1162705822]
But BNLS doesn't require an account to use now, so how would you go about blocking an application that uses BNLS?
[/quote]
IPBan, most likely.

[quote author=Ersan link=topic=15960.msg160749#msg160749 date=1162705822]
But BNLS doesn't require an account to use now, so how would you go about blocking an application that uses BNLS?
[/quote]
In the event that there became a major publicly distributed hack utilizing BNLS, it would not be too terribly difficult to reenable account-based access checks, or simply disallow the account/password combination that such a hack might use.

Keep in mind that Skywing is under no obligation to keep BNLS accessible at all, or under the terms you're used to.  He could switch it back to requiring accounts, ban accounts which have been compromised, make BNLS a private venture (i.e. accounts required + accounts issued only to close friends), or shut it down entirely.  None of those options would be particularly effective if he just released a working implementation which can pass a lockdown check.

I just thought of something: Have we reversed the algorithm, yet, or is that the problem? If I'm correct in thinking that the problem is not being able to associate the MPQ name with a seed, we could download and extract the DLL, and assuming the memory pointer is always in the same place in the DLL, we could just read that out of the DLL (much like a keysniffer read the game data MPQ's) and then have the algorithm implemented in our program, or in a library like bncsutil.

Support for Warcraft II BNE is live as well.  JSTR should be operable as well.

[quote author=Skywing link=topic=15960.msg160755#msg160755 date=1162706874]
Support for Warcraft II BNE is live as well.  JSTR should be operable as well.
[/quote]
SSHR?

[quote author=l)ragon link=topic=15960.msg160757#msg160757 date=1162710551]
[quote author=Skywing link=topic=15960.msg160755#msg160755 date=1162706874]
Support for Warcraft II BNE is live as well.  JSTR should be operable as well.
[/quote]
SSHR?
[/quote]

BNLS has never supported SSHR

Using the same lockdown library that brood war is using at the time, and passing it the same 'seed' value that brood war is using at that time, should checkrevision called from a test application produce the same checksum value as the brood war one produced?

[quote author=UserLoser link=topic=15960.msg160758#msg160758 date=1162712672]
[quote author=l)ragon link=topic=15960.msg160757#msg160757 date=1162710551]
[quote author=Skywing link=topic=15960.msg160755#msg160755 date=1162706874]
Support for Warcraft II BNE is live as well.  JSTR should be operable as well.
[/quote]
SSHR?
[/quote]

BNLS has never supported SSHR
[/quote]
Should probably put some thought to it now then.

Why? Is SSHR allowed into public channels again?

[quote author=warz link=topic=15960.msg160764#msg160764 date=1162723855]
Why? Is SSHR allowed into public channels again?
[/quote]
No its got that same checkrevision now.

But, who cares? SSHR serves little to no purpose.

[quote author=warz link=topic=15960.msg160766#msg160766 date=1162725318]
But, who cares? SSHR serves little to no purpose.
[/quote]
Maybe when someone wants to create something that doesn't require a cd key it does.

SSHR needs a CD-Key.

hah, just a little bit of reverse engineering humor here. it's 7 AM, about, and I've been at this for awhile, and I came across this..

[code]
7377615A  |. 3D ADDBBAFF    CMP EAX, FFBADBAD
[/code]

uh uh! bad bad! :-P

[quote author=rabbit link=topic=15960.msg160769#msg160769 date=1162730145]
SSHR needs a CD-Key.
[/quote]

wrong.

[quote author=warz link=topic=15960.msg160760#msg160760 date=1162714570]
Using the same lockdown library that brood war is using at the time, and passing it the same 'seed' value that brood war is using at that time, should checkrevision called from a test application produce the same checksum value as the brood war one produced?
[/quote]

Probably not.  The whole point of this new library is to catch modifications to Brood War's memory, so it is highly likely that the library will checksum the memory of whatever process you run it in, rather than just check Brood War's files like legacy CheckRevision did (ignoring the legacy CheckRevision hack for finding the executable).  While it may not be a complete checksum, it will probably cover important portions of memory, such as the Warden code, and maybe some of the more popular cheats.  Therefore, you need to mimic at least those portions of Brood War's address space in order to get the correct result.  Determining what those portions are, what to put in them, and how to convince lockdown to check them instead of you (since it will probably not react well to being called in the wrong process) is left as an exercise to the reader. :)

Bear in mind, I haven't even gotten around to disassembling the DLLs yet.  I am simply speculating based on observed results.

Or you can do what we do currently and spoof API functions when you run the DLL.  I'd rather someone figure out how to reverse the checksum algorithm though...

[quote author=l2k-Shadow link=topic=15960.msg160777#msg160777 date=1162742245]
[quote author=rabbit link=topic=15960.msg160769#msg160769 date=1162730145]
SSHR needs a CD-Key.
[/quote]

wrong.
[/quote]Then why does my SSHR case have a key on it and the installer ask for a key?

maybe you just need a cdkey to install sshr on your computer, but when logging onto bnet; it doesnt check the cdkey. ?
hence why you dont need a cdkey
¿?

[quote author=rabbit link=topic=15960.msg160793#msg160793 date=1162754277]
[quote author=l2k-Shadow link=topic=15960.msg160777#msg160777 date=1162742245]
[quote author=rabbit link=topic=15960.msg160769#msg160769 date=1162730145]
SSHR needs a CD-Key.
[/quote]

wrong.
[/quote]Then why does my SSHR case have a key on it and the installer ask for a key?
[/quote]
You have a case for Starcraft Shareware?

I just download it from the internet.  No key involved.

[quote author=MyndFyre[vL] link=topic=15960.msg160798#msg160798 date=1162755515]
[quote author=rabbit link=topic=15960.msg160793#msg160793 date=1162754277]
[quote author=l2k-Shadow link=topic=15960.msg160777#msg160777 date=1162742245]
[quote author=rabbit link=topic=15960.msg160769#msg160769 date=1162730145]
SSHR needs a CD-Key.
[/quote]

wrong.
[/quote]Then why does my SSHR case have a key on it and the installer ask for a key?
[/quote]
You have a case for Starcraft Shareware?
[/quote]

IIRC, you can install it from the original StarCraft CD.

So, when is anyone going to start reverse-engineering the new versioning files (lockdown) that battle.net has integrated?  All I see is people ranting about how "they've got some work done" or "We're trying our best" or "blah blah blah I own I'm gonna solve it, blah blah blah lets do this" lol.  How about you mofos crack open IDA and start deadlisting/debugging!

[quote author=Lord[nK] link=topic=15960.msg160800#msg160800 date=1162755902]
[quote author=MyndFyre[vL] link=topic=15960.msg160798#msg160798 date=1162755515]
[quote author=rabbit link=topic=15960.msg160793#msg160793 date=1162754277]
[quote author=l2k-Shadow link=topic=15960.msg160777#msg160777 date=1162742245]
[quote author=rabbit link=topic=15960.msg160769#msg160769 date=1162730145]
SSHR needs a CD-Key.
[/quote]

wrong.
[/quote]Then why does my SSHR case have a key on it and the installer ask for a key?
[/quote]
You have a case for Starcraft Shareware?
[/quote]

IIRC, you can install it from the original StarCraft CD.
[/quote]
A spawned copy of Starcraft is not equivalent to the shareware version of Starcraft.

[quote author=TheMinistered link=topic=15960.msg160805#msg160805 date=1162757426]
So, when is anyone going to start reverse-engineering the new versioning files (lockdown) that battle.net has integrated? All I see is people ranting about how "they've got some work done" or "We're trying our best" or "blah blah blah I own I'm gonna solve it, blah blah blah lets do this" lol. How about you mofos crack open IDA and start deadlisting/debugging!
[/quote]

I have been at it for a while.a good place to start comparing your own call to broodwar's call is storm.350. Storm.350 returns two important values when broodwar call it. Calling it from your own client won't even correctly complete a call to storm.350, because it looks like it requires two different buffer values to be initialized, and ready to be used. Also, it nulls out an area that if I remember correctly, is about 108 bytes long, in memory, and places some values here based on a call to a direct draw function. If you use skywing's ScWnd, youll notice that ScWnd hooks this funcntion, and you will need to follow the hook to the direct draw function.

The two values storm.350 returns that look important are a dword value that doesn't change until you reboot your computer, which is what makes me suspect it's one of these 'memory hashes' i have been hearing about. It also returns 0x280. Both of these return values are used later in CheckRevision which is why simply telling lockdown that storm.350 returns success, when it really returns failure, does not work.

I have found the function that actually calculates this memory specific dword value, but have not yet looked at what it does. That's a project for today. It is a direct draw function though, and from what I remember looking at a couple of hours ago before I went to sleep, the direct draw function required to calculate this value is passed one argument - a dword that looks to be an address but I don't remember if I checked to see what was at that address or not. :-X It takes this address, and I think adds 0x840 to it, and then does some other interesting operations to do, and the final result points to this dword value that the function returns.

I'm not sure if this is even a quality solution, because using this function to fake results from storm.350 would require us to LoadLibrary(ddraw.dll). Maybe that's not so bad, but then again, it'd probably be best to write your own implementation at some point.

I'm going to watch the dallas cowboys game, then continue working on this some more. Hope this information helps somebody. :-p

[quote author=MyndFyre[vL] link=topic=15960.msg160798#msg160798 date=1162755515]
[quote author=rabbit link=topic=15960.msg160793#msg160793 date=1162754277]
[quote author=l2k-Shadow link=topic=15960.msg160777#msg160777 date=1162742245]
[quote author=rabbit link=topic=15960.msg160769#msg160769 date=1162730145]
SSHR needs a CD-Key.
[/quote]

wrong.
[/quote]Then why does my SSHR case have a key on it and the installer ask for a key?
[/quote]
You have a case for Starcraft Shareware?

I just download it from the internet.  No key involved.
[/quote]It was bundled with my Warcraft II BNE when I bought it.

[quote author=MyndFyre[vL] link=topic=15960.msg160798#msg160798 date=1162755515]
[quote author=rabbit link=topic=15960.msg160793#msg160793 date=1162754277]
[quote author=l2k-Shadow link=topic=15960.msg160777#msg160777 date=1162742245]
[quote author=rabbit link=topic=15960.msg160769#msg160769 date=1162730145]
SSHR needs a CD-Key.
[/quote]

wrong.
[/quote]Then why does my SSHR case have a key on it and the installer ask for a key?
[/quote]
You have a case for Starcraft Shareware?

I just download it from the internet.  No key involved.
[/quote]
I have a cd and case for mine, no key as he's saying though lol.

That reminds me -- you can still log onto Battle.net with Skywing's DxWnd loaded -- so I guess it doesn't hash every dll in memory..

AFAIK it hashes the section which is used for injection, while DxWnd hooks into the DirectX section of memory.

Doesn't it scan the memory changed by the well-known hacks and plugins (such as no-cd cracks, and PenguinPlug)

[quote author=rabbit link=topic=15960.msg160865#msg160865 date=1162825331]
AFAIK it hashes the section which is used for injection, while DxWnd hooks into the DirectX section of memory.
[/quote]
Which is a loaded dll, which is what I said.  "I guess it doesn't hash every dll in memory"

I don't see it hashing many dll's at all. Infact, the only thing I see it doing is making sure some video related buffer matches that of battlenet's provided comparison (more or less). Maybe there is more to this than just in-game hack protection.

I think Blizzard really is watching these boards, Warrior (who hosts my FTP) received a DMCA takedown notice for the mpqs I posted a few days ago. Also, Ringo's geocities link to the files is gone.

[quote author=topaz link=topic=15960.msg160873#msg160873 date=1162857192]
I think Blizzard really is watching these boards, Warrior (who hosts my FTP) received a DMCA takedown notice for the mpqs I posted a few days ago. Also, Ringo's geocities link to the files is gone.
[/quote]


I would be happy to host any files you guys might have. Since afterall the servers i use are non-us friendly and don't care about american companies.

I'm tempted to host 'em on a foreign server that doesn't fuck with feds. They'd simply laugh and say "fuck yourself."

[quote author=Newby link=topic=15960.msg160875#msg160875 date=1162857514]
I'm tempted to host 'em on a foreign server that doesn't fuck with feds. They'd simply laugh and say "fuck yourself."
[/quote]

As i stated i would be happy to host them for you guys.

12 seconds later. I didn't catch that ::).

Did this change affect diablo 2 now?

[quote author=heRo link=topic=15960.msg160880#msg160880 date=1162863897]
Did this change affect diablo 2 now?
[/quote]
No.

[quote author=Skywing link=topic=15960.msg160743#msg160743 date=1162703690]
Although you can continue to access the version check feature for these products using the old-style version check messages (BNLS_VERSIONCHECK, BNLS_VERSIONCHECKEX), it is highly recommended that you upgrade to BNLS_VERSIONCHECKEX2 as quickly as possible.  BNLS_VERSIONCHECKEX2 allows BNLS to decide which version check mechanism to use, instead of guessing that it is always enabled for Starcraft / Brood War.  This allows maximum future compatibility with any later changes to the version check system.
[/quote]

Can anyone give me some pointers on this? At the moment I can connect to bnet, but I get a lot of '(0x0101) Game version unrecognized' errors, which makes it rather hit or miss.

I've looked on bnetdocs but I can't see that's been updated to take this into account.

Would appreciate any advice.

Thanks,

Use BNLS. Bnetdocs will be updated at some point.

I am using BNLS. It's with BNLS that I am getting these errors, intermittently.

[quote author=Logitech link=topic=15960.msg160930#msg160930 date=1162891714]
I am using BNLS. It's with BNLS that I am getting these errors, intermittently.
[/quote]
Perhaps you are not sending the full dll version to BNLS (or MPQ filename with BNLS_VERSIONCHECKEX2)?  Remember that there are two digits now.

Good job, Skywing and anyone else who helped.

[quote author=heRo link=topic=15960.msg160880#msg160880 date=1162863897]
Did this change affect diablo 2 now?
[/quote]
From what I've seen, the new .dll file doesn't support Diablo 2 or Warcraft 3, which is a good sign.  Of course, it wouldn't be terribly hard for them to roll a different lockdown .dll for those..

Someone send me them, I'll host it today on a Malaysian server. You know my AIM, I'll be waiting.

[quote author=Skywing link=topic=15960.msg160938#msg160938 date=1162913943]
[quote author=Logitech link=topic=15960.msg160930#msg160930 date=1162891714]
I am using BNLS. It's with BNLS that I am getting these errors, intermittently.
[/quote]
Perhaps you are not sending the full dll version to BNLS (or MPQ filename with BNLS_VERSIONCHECKEX2)?  Remember that there are two digits now.
[/quote]

Thanks. I think the problem's in here, right?

[code]

Case &H50
mpqname = Mid(data, InStr(LCase(data), "mpq") - 2, 5)
HASH = Mid(data, InStr(data, "mpq") + 4, Len(data) - 2)
mpqname = Val(Mid(mpqname, 1, 1))
server = Val("&h" & StrToHex(StrReverse(Mid(data, 9, 4))))
InsertDWORD GetBNLSByte()
InsertDWORD CLng(mpqname)
InsertNTString HASH
sendBNLSPacket &H9[/code]

That is indeed where you are extracting the archive number, incorrectly.
The new lockdown MPQs are 2 digets, whereis you're only sending one.
Try extracting the full archive name, and then retrieving the number based off of that (Remamber the formats are: PRODver#.mpq ver-PROD-#.mpq lockdown-PROD-##.mpq)
~-~(HDX)~-~

I don't understand why BNLS_VERSIONCHECKEX2 only supports those products that have been affected with the lockdown issue. Why not make the packet support all the clients and let BNLS decide what values to throw back based on whether the product is still compliant with the old login procedure or the new login procedure with the updated check revision.

It's going to be a headache later on if D2 switches and we all have to change our if statements so it supports the new one. I don't see what's wrong with keeping the old bnls version check for older clients and letting the new one take over so our bots remain as versatile to future updates for other products that change.

I understand you already made the packet format and people may hate to change their bot once again to comply with it but I think it's in our best interests later on so the headache doesn't occur again and we aren't sitting around with bots that don't work for war3, d2.

If I am wrong, I am wrong but that's my take. Feel free to make things more clear for me.

[quote author=Hdx link=topic=15960.msg160945#msg160945 date=1162919052]
That is indeed where you are extracting the archive number, incorrectly.
The new lockdown MPQs are 2 digets, whereis you're only sending one.
Try extracting the full archive name, and then retrieving the number based off of that (Remamber the formats are: PRODver#.mpq ver-PROD-#.mpq lockdown-PROD-##.mpq)
~-~(HDX)~-~
[/quote]


Thanks, I'll look again at my code and let you know how I go.

[quote author=Networks link=topic=15960.msg160946#msg160946 date=1162919398]
I don't understand why BNLS_VERSIONCHECKEX2 only supports those products that have been affected with the lockdown issue. Why not make the packet support all the clients and let BNLS decide what values to throw back based on whether the product is still compliant with the old login procedure or the new login procedure with the updated check revision.

It's going to be a headache later on if D2 switches and we all have to change our if statements so it supports the new one. I don't see what's wrong with keeping the old bnls version check for older clients and letting the new one take over so our bots remain as versatile to future updates for other products that change.

I understand you already made the packet format and people may hate to change their bot once again to comply with it but I think it's in our best interests later on so the headache doesn't occur again and we aren't sitting around with bots that don't work for war3, d2.

If I am wrong, I am wrong but that's my take. Feel free to make things more clear for me.
[/quote]
You are wrong.  BNLS_VERSIONCHECKEX2 supports all products.  If diablo 2 changes MPQ's and you are using BNLS_VERSIONCHECKEX2 you would be sending the entire mpq filename, not the number, as well as the product ID (and file timestamp), so the people who run BNLS can update it server side.

[quote author=Logitech link=topic=15960.msg160948#msg160948 date=1162919916]Thanks, I'll look again at my code and let you know how I go.
[/quote]
I would suggest you switch to BNLS_CHECKVERSIONEX2 to ensure future compatibility.

[quote author=Networks link=topic=15960.msg160946#msg160946 date=1162919398]
I don't understand why BNLS_VERSIONCHECKEX2 only supports those products that have been affected with the lockdown issue. Why not make the packet support all the clients and let BNLS decide what values to throw back based on whether the product is still compliant with the old login procedure or the new login procedure with the updated check revision.

It's going to be a headache later on if D2 switches and we all have to change our if statements so it supports the new one. I don't see what's wrong with keeping the old bnls version check for older clients and letting the new one take over so our bots remain as versatile to future updates for other products that change.

I understand you already made the packet format and people may hate to change their bot once again to comply with it but I think it's in our best interests later on so the headache doesn't occur again and we aren't sitting around with bots that don't work for war3, d2.

If I am wrong, I am wrong but that's my take. Feel free to make things more clear for me.
[/quote]

It should work for all supported products.

[quote author=Hdx link=topic=15960.msg160945#msg160945 date=1162919052]
That is indeed where you are extracting the archive number, incorrectly.
The new lockdown MPQs are 2 digets, whereis you're only sending one.
Try extracting the full archive name, and then retrieving the number based off of that (Remamber the formats are: PRODver#.mpq ver-PROD-#.mpq lockdown-PROD-##.mpq)
~-~(HDX)~-~
[/quote]

So, I need to extract the following information and send back the full name, ie:

(for SEXP/PC) - 'lockdown-IX86-xx.mpq'
Whereas right now, I'm just sending one mpq digit.

Is that right?

[quote author=Logitech link=topic=15960.msg160997#msg160997 date=1162990010]
So, I need to extract the following information and send back the full name, ie:

(for SEXP/PC) - 'lockdown-IX86-xx.mpq'
Whereas right now, I'm just sending one mpq digit.

Is that right?
[/quote]
The protocol spec has the details.  Basically, you need the timestamp for the MPQ (the two ULONG values immediately prior to the MPQ name), and the name of the MPQ.

Ok, thanks. That makes sense.

Well, not sure if anyone is even interested in this anymore, but I've been at it for awhile, and have finally got my dll to properly reproduce checkrevision's version and checksum output. After all this work, just thought I'd let this thread know. :)

[img]http://www.torque.ircds.darkstarllc.com/images/positiveresults.png[/img]

[quote author=warz link=topic=15960.msg161514#msg161514 date=1164105724]
Well, not sure if anyone is even interested in this anymore, but I've been at it for awhile, and have finally got my dll to properly reproduce checkrevision's version and checksum output. After all this work, just thought I'd let this thread know. :)

[img]http://www.torque.ircds.darkstarllc.com/images/positiveresults.png[/img]
[/quote]
Share the knowledge?!

Brad Paisley? Damn you're a fag.

As for releasing info, I hereby support warz releasing it. That way, Blizzard can fix it right away (much like the PMAC "solution") and you can all work even harder to get it working. :)

To speed that process up, release a DLL with VB6.0 example code.

Yeah, I bet they'll get right on it.

[quote author=Newby link=topic=15960.msg161546#msg161546 date=1164154150]
Brad Paisley? Damn you're a fag.

As for releasing info, I hereby support warz releasing it. That way, Blizzard can fix it right away (much like the PMAC "solution") and you can all work even harder to get it working. :)

To speed that process up, release a DLL with VB6.0 example code.
[/quote]

rofl. unfortunate truth =(

Pathetic

[quote author=UserLoser link=topic=15960.msg161549#msg161549 date=1164155646]
Pathetic
[/quote]

Elaborate, Mr. MVP. You should be setting an example, not (what seems to be) criticizing warz' work.

I think he was criticizing the people (read: you) asking for code that does everything for them.

Partly yes.
~-~(HDX)~-~

[quote author=Ersan link=topic=15960.msg161553#msg161553 date=1164160843]
I think he was criticizing the people (read: you) asking for code that does everything for them.
[/quote]

Haha. Did the sarcasm not come through in my message?

I've got a question: how do I code VB6 in Linux?

[quote author=Newby link=topic=15960.msg161555#msg161555 date=1164161053]I've got a question: how do I code VB6 in Linux?
[/quote]
Sadly, you cannot =/.

It is a Windows-only language. Notice it says Microsoft Visual Basic 6.0, Microsoft Visual Basic 2005, etc.
Microsoft isn't into the whole 'cross-platform' thing.
I'd like to see you try to code/execute VB programs in WINE. :)

[quote author=ZergMasterI link=topic=15960.msg161558#msg161558 date=1164161445]
[quote author=Newby link=topic=15960.msg161555#msg161555 date=1164161053]I've got a question: how do I code VB6 in Linux?
[/quote]
Sadly, you cannot =/.
[/quote]

...

[quote author=ZergMasterI link=topic=15960.msg161558#msg161558 date=1164161445]
[quote author=Newby link=topic=15960.msg161555#msg161555 date=1164161053]I've got a question: how do I code VB6 in Linux?[/quote]
I'd like to see you try to code/execute VB programs in WINE. :)
[/quote]

You can run them from WINE. I've done it.

[quote author=Newby link=topic=15960.msg161559#msg161559 date=1164161644]
[quote author=ZergMasterI link=topic=15960.msg161558#msg161558 date=1164161445]
[quote author=Newby link=topic=15960.msg161555#msg161555 date=1164161053]I've got a question: how do I code VB6 in Linux?
[/quote]
Sadly, you cannot =/.
[/quote]

...
[/quote]
ROFL, wow http://dictionary.reference.com/browse/sarcasm THX!

[quote author=Newby link=topic=15960.msg161559#msg161559 date=1164161644]
[quote author=ZergMasterI link=topic=15960.msg161558#msg161558 date=1164161445]
[quote author=Newby link=topic=15960.msg161555#msg161555 date=1164161053]I've got a question: how do I code VB6 in Linux?
[/quote]
Sadly, you cannot =/.
[/quote]

...
[/quote]
LOL!!

[quote author=ZergMasterI link=topic=15960.msg161558#msg161558 date=1164161445]
[quote author=Newby link=topic=15960.msg161555#msg161555 date=1164161053]I've got a question: how do I code VB6 in Linux?
[/quote]
Sadly, you cannot =/.

It is a Windows-only language. Notice it says Microsoft Visual Basic 6.0, Microsoft Visual Basic 2005, etc.
Microsoft isn't into the whole 'cross-platform' thing.
I'd like to see you try to code/execute VB programs in WINE. :)
[/quote]

You can write VB code just fine on Linux.  You just cannot run it without the aid of WINE or a real Windows system.

I'm not too sure if I'll be releasing much of anything, atm. I'll gladly help others out if I see you're trying on your own, though.

[quote author=Newby link=topic=15960.msg161550#msg161550 date=1164159325]
[quote author=UserLoser link=topic=15960.msg161549#msg161549 date=1164155646]
Pathetic
[/quote]

Elaborate, Mr. MVP. You should be setting an example, not (what seems to be) criticizing warz' work.
[/quote]

Nothing I said was towards warz in anyway, he worked hard on this and deserves some respect.  It's pathetic that immediately people (not saying any names) are asking for it so they can add it to their bots

So I came accross a loader using BNLS today, Skywing should make it private -_-;;

I think this would be a good time to reenable a certain authentication system

bnls needs a logon delay. something like 3 logins in one or two minutes results in a period of 10 minutes in which you cannot use bnls' authentication messages.

I think many of you over exaggerate on the effect bots have had on channels BEFORE lockdown was even implemented, just look at the past year and barely anyones been loading.  Most likely someone winbotting / trying to get originals.

[quote author=replaced link=topic=15960.msg161714#msg161714 date=1164355444]
I think many of you over exaggerate on the effect bots have had on channels BEFORE lockdown was even implemented, just look at the past year and barely anyones been loading.  Most likely someone winbotting / trying to get originals.
[/quote]

yeah and you're talking out of your ass. My channel has been loaded about 3-4 days per week before lockdown and I actually have the loader that uses BNLS and someone loaded our channel with it yesterday. I would also like to point out that this loader is really crappy and makes a new connection to BNLS per bot instead of just sending it CheckRevision requests from one connection. But yeah I definitely think there should be a limit of requests per IP or an auth system.

I hope it's not my bot :(

mine does that because you can specify different bnls servers on a per-bot basis (for compatibility), maybe that loader thing does too.

[quote author=Ersan link=topic=15960.msg161720#msg161720 date=1164387644]
I hope it's not my bot :(

mine does that because you can specify different bnls servers on a per-bot basis (for compatibility), maybe that loader thing does too.
[/quote]

no it's not your bot, and there is no other bnls server that works with lockdown other than skywing's.

I know.

[code]Public Function CHECKREV()

Dim vData As String
Dim ex2Buf As String
Dim ft As String
Dim mp As String
Dim cf As String
Dim Result As Long
Dim DATAlen As Integer
Dim bne As New BNLSEngine

Dim dataTEMP As String

dataTEMP = Data

DATAlen = Len(dataTEMP)
DATAlen = DATAlen - 20
dataTEMP = Mid$(dataTEMP, 20, DATAlen)
dataTEMP = dataTEMP & Chr$(0)

    Result = bne.BNLS_VERSIONCHECKEX2("RATS", dataTEMP, BNLSchckver)
    If Result <> 1 Then
        'Failed
        'possible error codes.
    End If

    BNLSchckver = Mid$(BNLSchckver, 12, 20)
    Set bne = Nothing



Send0x51 Index

end function[/code]




some1 help me, heres packet log

7  x.x.x.x:6112  192.168.0.100:26007  62  Recv 
0000  FF 50 3E 00 00 00 00 00 BF 4D 70 8C 0F 5C 56 00    .P>......Mp..\V.
0010  00 6E BC DE 72 FC C6 01 6C 6F 63 6B 64 6F 77 6E    .n..r...lockdown
0020  2D 49 58 38 36 2D 31 35 2E 6D 70 71 00 D1 C2 A1    -IX86-15.mpq....
0030  6C 61 E3 FE 48 35 FA 41 0E A3 56 1E D3 00          la..H5.A..V...

8  192.168.0.100:26008  63.161.183.205:9367  58  Send 
0000  3A 00 1A 01 00 00 00 00 00 00 00 00 00 00 00 DE    :...............
0010  72 FC C6 01 6C 6F 63 6B 64 6F 77 6E 2D 49 58 38    r...lockdown-IX8
0020  36 2D 31 35 2E 6D 70 71 00 D1 C2 A1 6C 61 E3 FE    6-15.mpq....la..
0030  48 35 FA 41 0E A3 56 1E D3 00                      H5.A..V...

9  63.161.183.205:9367  192.168.0.100:26008  40  Recv 
0000  28 00 1A 01 00 00 00 01 00 0E 01 D5 C7 0C 39 35    (.............95
0010  7E 6B 08 48 17 DB 1E 0A AD D0 17 B8 38 3F E6 00    ~k.H........8?..
0020  00 00 00 00 CF 00 00 00                            ........

11  192.168.0.100:26004  x.x.x.x:6112  58  Send 
0000  FF 51 3A 00 01 00 00 00 00 00 00 00 0D 00 00 00    .Q:.............
0010  02 00 00 00 E1 30 1F 00 00 00 00 00 C7 C4 A3 9C    .....0..........
0020  EE 47 D3 F7 93 F2 35 8A BC 1A C6 24 01 24 66 7B    .G....5....$.$f{
0030  00 66 47 57 66 4F 47 61 4C 00                      .NAMEY.


it don't work no matter what i do, help me pls.





SECOND PACKET LOG WITH MODIFIED PROG


12  xxxx:6112  192.168.0.100:27335  70  Recv 
0000  FF 25 08 00 D6 8F 01 67 FF 50 3E 00 00 00 00 00    .%.....g.P>.....
0010  F9 D2 38 FA 9E 6A 24 00 00 EA E4 C6 72 FC C6 01    ..8..j$.....r...
0020  6C 6F 63 6B 64 6F 77 6E 2D 49 58 38 36 2D 30 35    lockdown-IX86-05
0030  2E 6D 70 71 00 84 9C 44 C9 46 64 2E DE FD 0B DF    .mpq...D.Fd.....
0040  5C BC AD 5F D0 00                                  \.._..

13  192.168.0.100:27339  63.161.183.205:9367  58  Send 
0000  3A 00 1A 01 00 00 00 00 00 00 00 00 00 00 00 C6    :...............
0010  72 FC C6 01 6C 6F 63 6B 64 6F 77 6E 2D 49 58 38    r...lockdown-IX8
0020  36 2D 30 35 2E 6D 70 71 00 84 9C 44 C9 46 64 2E    6-05.mpq...D.Fd.
0030  DE FD 0B DF 5C BC AD 5F D0 00                      ....\.._..

14  63.161.183.205:9367  192.168.0.100:27339  40  Recv 
0000  28 00 1A 01 00 00 00 01 00 0E 01 7C E0 43 D3 51    (..........|.C.Q
0010  CB 5D 98 A9 17 0D A9 D5 71 B3 7C FA 47 E8 69 00    .]......q.|.G.i.
0020  00 00 00 00 CF 00 00 00                            ........

16  192.168.0.100:27335  xxx:6112  74  Send 
0000  FF 25 08 00 00 00 00 00 FF 51 42 00 D2 02 96 49    .%.......QB....I
0010  00 00 00 00 01 00 00 00 00 00 00 00 0D 00 00 00    ................
0020  02 00 00 00 F1 30 1F 00 00 00 00 00 DD C0 FA 80    .....0..........
0030  B1 4C 0E 5A 1B D8 35 33 61 7D 9D 05 94 59 F8 8A    .L.Z..53a}...Y..
0040  00 6D 6F 72 7A 76 41 44 76 00                      .NAMEY.

your 0x51 is wrong.

[quote author=replaced link=topic=15960.msg161798#msg161798 date=1164522665]
some1 help me, heres packet log

7  x.x.x.x:6112  192.168.0.100:26007  62  Recv 
0000  FF 50 3E 00 00 00 00 00 BF 4D 70 8C 0F 5C 56 00    .P>......Mp..\V.
0010  00 6E BC DE 72 FC C6 01 6C 6F 63 6B 64 6F 77 6E    .n..r...lockdown
0020  2D 49 58 38 36 2D 31 35 2E 6D 70 71 00 D1 C2 A1    -IX86-15.mpq....
0030  6C 61 E3 FE 48 35 FA 41 0E A3 56 1E D3 00          la..H5.A..V...

8  192.168.0.100:26008  63.161.183.205:9367  58  Send 
0000  3A 00 1A 01 00 00 00 00 00 00 00 00 00 00 00 DE    :...............
0010  72 FC C6 01 6C 6F 63 6B 64 6F 77 6E 2D 49 58 38    r...lockdown-IX8
0020  36 2D 31 35 2E 6D 70 71 00 D1 C2 A1 6C 61 E3 FE    6-15.mpq....la..
0030  48 35 FA 41 0E A3 56 1E D3 00                      H5.A..V...

9  63.161.183.205:9367  192.168.0.100:26008  40  Recv 
0000  28 00 1A 01 00 00 00 01 00 0E 01 D5 C7 0C 39 35    (.............95
0010  7E 6B 08 48 17 DB 1E 0A AD D0 17 B8 38 3F E6 00    ~k.H........8?..
0020  00 00 00 00 CF 00 00 00                            ........

11  192.168.0.100:26004  x.x.x.x:6112  58  Send 
0000  FF 51 3A 00 01 00 00 00 00 00 00 00 0D 00 00 00    .Q:.............
0010  02 00 00 00 E1 30 1F 00 00 00 00 00 C7 C4 A3 9C    .....0..........
0020  EE 47 D3 F7 93 F2 35 8A BC 1A C6 24 01 24 66 7B    .G....5....$.$f{
0030  00 66 47 57 66 4F 47 61 4C 00                      .NAMEY.


it don't work no matter what i do, help me pls.

[/quote]Why are you only sending 5 bytes?
~-~(HDX)~-~

what do you mean im only sending 5 bytes?  Why doesn't the bnet docs say how many bytes to send to avoid this confusion?

I think the problem is because my version is blank, where do you get the version from?


h/o i seen what u put in bold let me show u why im sending 5 bytes

here


dataTEMP = Data

DATAlen = Len(dataTEMP)
DATAlen = DATAlen - 20
dataTEMP = Mid$(dataTEMP, 20, DATAlen)
dataTEMP = dataTEMP & Chr$(0)

ULONGULONGs are the same things as filetimes, 8 bytes.
You're only sending 5.....
poke
~-~(HDX)~-~
[Edit]Use this
~-~(HDX)~-~

I don't understand?  how would i use it? 

where would version and the exehash be in this?

0000  28 00 1A 01 00 00 00 01 00 0E 01 AF FC 0C 38 A8    (.............8.
0010  6A 3C D6 C6 51 68 93 39 80 0C BB 42 3D 7D 76 00    j<..Qh.9...B=}v.
0020  00 00 00 00 CF 00 00 00                            ........

[code]Dim pdBuff as new clsBuff
  Dim Success as long, Version as long, Checksum as long, Statstring as String, Cookie as long, VerByte as long
  with pdBuff
    .All        = InPacket0x1AData
    .Pop 3      'Remove BNLS Header
    Success    = .DWORD
    If Not Success Then Exit Sub
    Version    = .DWORD
    Checksum    = .DWORD
    Statstring  = .ntString
    Cookie      = .DWORD
    VerByte    = .DWORD
  End With[/code]
Simple, and much cleaner.
~-~(HDX)~-~

[quote author=replaced link=topic=15960.msg161798#msg161798 date=1164522665]
[code]Public Function CHECKREV()

Dim vData As String
Dim ex2Buf As String
Dim ft As String
Dim mp As String
Dim cf As String
Dim Result As Long
Dim DATAlen As Integer
Dim bne As New BNLSEngine

Dim dataTEMP As String

dataTEMP = Data

DATAlen = Len(dataTEMP)
DATAlen = DATAlen - 20
dataTEMP = Mid$(dataTEMP, 20, DATAlen)
dataTEMP = dataTEMP & Chr$(0)

    Result = bne.BNLS_VERSIONCHECKEX2("RATS", dataTEMP, BNLSchckver)
    If Result <> 1 Then
        'Failed
        'possible error codes.
    End If

    BNLSchckver = Mid$(BNLSchckver, 12, 20)
    Set bne = Nothing



Send0x51 Index

end function[/code]




some1 help me, heres packet log

7  x.x.x.x:6112  192.168.0.100:26007  62  Recv 
0000  FF 50 3E 00 00 00 00 00 BF 4D 70 8C 0F 5C 56 00    .P>......Mp..\V.
0010  00 6E BC DE 72 FC C6 01 6C 6F 63 6B 64 6F 77 6E    .n..r...lockdown
0020  2D 49 58 38 36 2D 31 35 2E 6D 70 71 00 D1 C2 A1    -IX86-15.mpq....
0030  6C 61 E3 FE 48 35 FA 41 0E A3 56 1E D3 00          la..H5.A..V...

8  192.168.0.100:26008  63.161.183.205:9367  58  Send 
0000  3A 00 1A 01 00 00 00 00 00 00 00 00 00 00 00 DE    :...............
0010  72 FC C6 01 6C 6F 63 6B 64 6F 77 6E 2D 49 58 38    r...lockdown-IX8
0020  36 2D 31 35 2E 6D 70 71 00 D1 C2 A1 6C 61 E3 FE    6-15.mpq....la..
0030  48 35 FA 41 0E A3 56 1E D3 00                      H5.A..V...

9  63.161.183.205:9367  192.168.0.100:26008  40  Recv 
0000  28 00 1A 01 00 00 00 01 00 0E 01 D5 C7 0C 39 35    (.............95
0010  7E 6B 08 48 17 DB 1E 0A AD D0 17 B8 38 3F E6 00    ~k.H........8?..
0020  00 00 00 00 CF 00 00 00                            ........

11  192.168.0.100:26004  x.x.x.x:6112  58  Send 
0000  FF 51 3A 00 01 00 00 00 00 00 00 00 0D 00 00 00    .Q:.............
0010  02 00 00 00 E1 30 1F 00 00 00 00 00 C7 C4 A3 9C    .....0..........
0020  EE 47 D3 F7 93 F2 35 8A BC 1A C6 24 01 24 66 7B    .G....5....$.$f{
0030  00 66 47 57 66 4F 47 61 4C 00                      .NAMEY.


it don't work no matter what i do, help me pls.





SECOND PACKET LOG WITH MODIFIED PROG


12  xxxx:6112  192.168.0.100:27335  70  Recv 
0000  FF 25 08 00 D6 8F 01 67 FF 50 3E 00 00 00 00 00    .%.....g.P>.....
0010  F9 D2 38 FA 9E 6A 24 00 00 EA E4 C6 72 FC C6 01    ..8..j$.....r...
0020  6C 6F 63 6B 64 6F 77 6E 2D 49 58 38 36 2D 30 35    lockdown-IX86-05
0030  2E 6D 70 71 00 84 9C 44 C9 46 64 2E DE FD 0B DF    .mpq...D.Fd.....
0040  5C BC AD 5F D0 00                                  \.._..

13  192.168.0.100:27339  63.161.183.205:9367  58  Send 
0000  3A 00 1A 01 00 00 00 00 00 00 00 00 00 00 00 C6    :...............
0010  72 FC C6 01 6C 6F 63 6B 64 6F 77 6E 2D 49 58 38    r...lockdown-IX8
0020  36 2D 30 35 2E 6D 70 71 00 84 9C 44 C9 46 64 2E    6-05.mpq...D.Fd.
0030  DE FD 0B DF 5C BC AD 5F D0 00                      ....\.._..

14  63.161.183.205:9367  192.168.0.100:27339  40  Recv 
0000  28 00 1A 01 00 00 00 01 00 0E 01 7C E0 43 D3 51    (..........|.C.Q
0010  CB 5D 98 A9 17 0D A9 D5 71 B3 7C FA 47 E8 69 00    .]......q.|.G.i.
0020  00 00 00 00 CF 00 00 00                            ........

16  192.168.0.100:27335  xxx:6112  74  Send 
0000  FF 25 08 00 00 00 00 00 FF 51 42 00 D2 02 96 49    .%.......QB....I
0010  00 00 00 00 01 00 00 00 00 00 00 00 0D 00 00 00    ................
0020  02 00 00 00 F1 30 1F 00 00 00 00 00 DD C0 FA 80    .....0..........
0030  B1 4C 0E 5A 1B D8 35 33 61 7D 9D 05 94 59 F8 8A    .L.Z..53a}...Y..
0040  00 6D 6F 72 7A 76 41 44 76 00                      .NAMEY.
[/quote]




[code]                                    vData = dllFileTime & mpqName & Chr(0) & HashCommand & Chr(0)
                                    cvResult = bne.BNLS_VERSIONCHECKEX2("RATS", dataTEMP, BNLSchckver)
                                    If cvResult = 1 Then
                                        BNLSchckver = MID(BNLSchckver, 8)
                                        ExeInfo = Right(vOut, Len(BNLSchckver) - 8)
                                        VersionAndChecksumCombined = Left(BNLSchckver, 8)
                                    Else
                                        'failed
                                    End If[/code]
Here, I still need to fix that function a little seeing as I forgot to chop the header values recieved from BNLS.

[quote author=warz link=topic=15960.msg161710#msg161710 date=1164351780]
bnls needs a logon delay. something like 3 logins in one or two minutes results in a period of 10 minutes in which you cannot use bnls' authentication messages.
[/quote]

And then when a legit user loads up four bots..

I've actually loaded up that many bots for some legit reason, but I can't remember what it was. I think it was Clan DKe, Op [vL], Op x86.. and something else. But yeah, you can have more than three legit connections.

[quote author=l2k-Shadow link=topic=15960.msg161719#msg161719 date=1164387195]
[quote author=replaced link=topic=15960.msg161714#msg161714 date=1164355444]
I think many of you over exaggerate on the effect bots have had on channels BEFORE lockdown was even implemented, just look at the past year and barely anyones been loading.  Most likely someone winbotting / trying to get originals.
[/quote]

yeah and you're talking out of your ass. My channel has been loaded about 3-4 days per week before lockdown and I actually have the loader that uses BNLS and someone loaded our channel with it yesterday. I would also like to point out that this loader is really crappy and makes a new connection to BNLS per bot instead of just sending it CheckRevision requests from one connection. But yeah I definitely think there should be a limit of requests per IP or an auth system.
[/quote]

If Skywing wants to do anything, it's of course his decision what should be done, but I don't think we need any kind of limit of requests per IP used. If someone decides to use a mass loading bot or some flooding bot that uses BNLS, they can easily use different proxies for each account causing a limit per IP to become useless. I think an auth system would be a nice idea.

[quote author=replaced link=topic=15960.msg161803#msg161803 date=1164523728]
I don't understand?  how would i use it? 

where would version and the exehash be in this?

0000  28 00 1A 01 00 00 00 [color=Red]01 00 0E 01[/color] [color=Pink]AF FC 0C 38[/color] A8    (.............8.
0010  6A 3C D6 C6 51 68 93 39 80 0C BB 42 3D 7D 76 00    j<..Qh.9...B=}v.
0020  00 00 00 00 CF 00 00 00                            ........
[/quote]
Red = Exe Version
Pink = Exe Hash

edit: Make sure ur carrying over the things u declare so it gets picked up where it needs to be picked up at, otherwise it will be blank

now im no longer getting ipbanned from bnet lols.  However I keep on getting the invalid game version error, i guess ill check to see whats wrong now  :-[

edit: i've noticed that my EXEversion is always the same value of 17694721 in long.


6  x.x.x.x:6112  192.168.0.100:30477  62  Recv 
0000  FF 50 3E 00 00 00 00 00 36 74 97 41 EC 0A 4D 00    .P>.....6t.A..M.
0010  00 44 47 C9 72 FC C6 01 6C 6F 63 6B 64 6F 77 6E    .DG.r...lockdown
0020  2D 49 58 38 36 2D 30 36 2E 6D 70 71 00 F3 DB BD    -IX86-06.mpq....
0030  C0 54 0C 88 44 CD C8 DA 49 9E 30 75 D5 00          .T..D...I.0u..

7  192.168.0.100:30576  63.161.183.205:9367  61  Send 
0000  3D 00 1A 01 00 00 00 00 00 00 00 00 00 00 00 00    =...............
0010  44 47 C9 72 FC C6 01 6C 6F 63 6B 64 6F 77 6E 2D    DG.r...lockdown-
0020  49 58 38 36 2D 30 36 2E 6D 70 71 00 F3 DB BD C0    IX86-06.mpq.....
0030  54 0C 88 44 CD C8 DA 49 9E 30 75 D5 00            T..D...I.0u..

8  63.161.183.205:9367  192.168.0.100:30576  40  Recv 
0000  28 00 1A 01 00 00 00 01 00 0E 01 AC A3 45 D9 D9    (............E..
0010  42 25 09 96 E4 EA 6D F8 50 DF 58 51 A3 F6 56 00    B%....m.P.XQ..V.
0020  00 00 00 00 CF 00 00 00                            ........

9  192.168.0.100:30477  x.x.x.x:6112  70  Send 
0000  FF 51 46 00 D2 02 96 49 01 00 0E 01 AC A3 45 D9    .QF....I......E.
0010  01 00 00 00 00 00 00 00 0D 00 00 00 02 00 00 00    ................
0020  E1 30 1F 00 00 00 00 00 C7 04 2B EB B9 1F BD 9F    .0........+.....
0030  11 A3 C0 B6 B8 C8 D7 2D C2 F8 52 1F 00 7A 79 43    .......-..R..zyC
0040  75 20 71 5A 75 00                                  u qZu.

10  x.x.x.x:6112  192.168.0.100:30477  9  Recv 
0000  FF 51 09 00 01 01 00 00 00                        .Q.......

EXEVersion will be the same value until the game executable is modified.

any idea on why its giving me the invalid game ver?

Why are you x'ing out the Battle.net IP? lol..

[quote author=Joe[x86] link=topic=15960.msg161834#msg161834 date=1164578287]
Why are you x'ing out the Battle.net IP? lol..
[/quote]
Hackers.

If you dont have the proper exe info now you'll get invalid game ver. so now u cant like have for ur info "My Bot" or something.
so parse out the exe info from 0x1a also

[quote author=MysT_DooM link=topic=15960.msg161837#msg161837 date=1164578957]
If you dont have the proper exe info now you'll get invalid game ver. so now u cant like have for ur info "My Bot" or something.
so parse out the exe info from 0x1a also
[/quote]

Positive about this? Are you talking about the '01 00 0E 01' value returned from cr? As long as starcraft.exe is supplied properly, you should get correct results from this. Keep in mind the 'cdkey owner' string you send to bnet is not derived from cr, and so should not affect the cr results.

[quote author=warz link=topic=15960.msg161842#msg161842 date=1164580708]
[quote author=MysT_DooM link=topic=15960.msg161837#msg161837 date=1164578957]
If you dont have the proper exe info now you'll get invalid game ver. so now u cant like have for ur info "My Bot" or something.
so parse out the exe info from 0x1a also
[/quote]

Positive about this? Are you talking about the '01 00 0E 01' value returned from cr?
[/quote]

im talking about the exe info not the exe version
--------------------------------------------
ersan his exe hash is right (AC A3 45 D9) its after the exe version (01 00 0E 01)

Yeah I deleted my post before you said that.

Are you sending the right version byte in 0x50?

4  192.168.0.100:27334  63.240.202.127:6112  59  Send 
0000  FF 50 3A 00 00 00 00 00 36 38 58 49 52 41 54 53  .P:.....68XIRATS
0010  [u]CF[/u] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
0020  00 00 00 00 00 00 00 00 55 53 41 00 55 6E 69 74  ........USA.Unit
0030  65 64 20 53 74 61 74 65 73 00                                ed States.



also im just sending the checkrevision packet to bnls

[code]
Option Explicit
public BNLSchckver as string

Public Function CHECKREV(Data As String)
Dim vData As String
Dim ex2Buf As String
Dim ft As String
Dim mp As String
Dim cf As String
Dim Result As Long
Dim DATAlen As Integer
Dim bne As New BNLSEngine

Dim dataTEMP As String

dataTEMP = Data

DATAlen = Len(dataTEMP)
DATAlen = DATAlen - 17
dataTEMP = Mid$(dataTEMP, 17, DATAlen)
dataTEMP = dataTEMP & Chr$(0)
   
    Result = bne.BNLS_VERSIONCHECKEX2("RATS", dataTEMP, BNLSchckver)
EXEver = GetDWORD(Mid(BNLSchckver, 8, 4))
EXEhash = GetDWORD(Mid(BNLSchckver, 12, 4))
 
    Set bne = Nothing

Send0x51
End Function

[/code]
[code]
Public Function GetDWORD(Data As String) As Long
Dim lReturn As Long
    Call CopyMemory(lReturn, ByVal Data, 4)
    GetDWORD = lReturn
End Function
[/code]

[code]
BnetDocs 0x51
(DWORD) Client Token
(DWORD) EXE Version
(DWORD) EXE Hash
(DWORD) Number of keys in this packet
(BOOLEAN) Using Spawn (32-bit)

For Each Key:
(DWORD) Key Length
(DWORD) CD key's product value
(DWORD) CD key's public value
(DWORD) Unknown (0)
(DWORD[5]) Hashed Key Data

(STRING) Exe Information
(STRING) CD Key owner name
[/code]

Warz i wasnt talkin bout the Owner name i was talking about the Exe Information o.O    which you can get from 0x1A, like if he has for his exe info "Replaced`Bot" or something, that would return as invalid ver

replaced are you using the Exe Information from 0x1A

I thought he truncated 0x51...  lol yeah it's way incomplete.

[quote author=replaced link=topic=15960.msg161827#msg161827 date=1164572454]
now im no longer getting ipbanned from bnet lols.  However I keep on getting the invalid game version error, i guess ill check to see whats wrong now  :-[

edit: i've noticed that my EXEversion is always the same value of 17694721 in long.


6  x.x.x.x:6112  192.168.0.100:30477  62  Recv 
0000  FF 50 3E 00 00 00 00 00 36 74 97 41 EC 0A 4D 00    .P>.....6t.A..M.
0010  00 44 47 C9 72 FC C6 01 6C 6F 63 6B 64 6F 77 6E    .DG.r...lockdown
0020  2D 49 58 38 36 2D 30 36 2E 6D 70 71 00 F3 DB BD    -IX86-06.mpq....
0030  C0 54 0C 88 44 CD C8 DA 49 9E 30 75 D5 00          .T..D...I.0u..

7  192.168.0.100:30576  63.161.183.205:9367  61  Send 
0000  3D 00 1A 01 00 00 00 00 00 00 00 00 00 00 00 00    =...............
0010  44 47 C9 72 FC C6 01 6C 6F 63 6B 64 6F 77 6E 2D    DG.r...lockdown-
0020  49 58 38 36 2D 30 36 2E 6D 70 71 00 F3 DB BD C0    IX86-06.mpq.....
0030  54 0C 88 44 CD C8 DA 49 9E 30 75 D5 00            T..D...I.0u..

8  63.161.183.205:9367  192.168.0.100:30576  40  Recv 
0000  28 00 1A 01 00 00 00 01 00 0E 01 AC A3 45 D9 D9    (............E..
0010  42 25 09 96 E4 EA 6D F8 50 DF 58 51 A3 F6 56 00    B%....m.P.XQ..V.
0020  00 00 00 00 CF 00 00 00                            ........

9  192.168.0.100:30477  x.x.x.x:6112  70  Send 
0000  FF 51 46 00 D2 02 96 49 01 00 0E 01 AC A3 45 D9    .QF....I......E.
0010  01 00 00 00 00 00 00 00 0D 00 00 00 02 00 00 00    ................
0020  E1 30 1F 00 00 00 00 00 C7 04 2B EB B9 1F BD 9F    .0........+.....
0030  11 A3 C0 B6 B8 C8 D7 2D C2 F8 52 1F 00 7A 79 43    .......-..R..zyC
0040  75 20 71 5A 75 00                                  u qZu.

10  x.x.x.x:6112  192.168.0.100:30477  9  Recv 
0000  FF 51 09 00 01 01 00 00 00                        .Q.......

[/quote]

Your (STRING)  Exe Information is blank. You must supply the same string as returned from BNLS 0x1A for this field.

lol @ Replaced`Bot

Stolen code ftl

[code]FF 50 28 00 00 00 00 00 FE A2 B6 AE 32 F7 68 00  ÿP(.....þ¢¶®2÷h.
00 20 58 7D 99 CB C6 01 76 65 72 2D 49 58 38 36  . X}™ËÆ.ver-IX86
2D 30 2E 6D 70 71 00 00                          -0.mpq..........[/code]

Recieved about 2mins ago while useing sc.

[quote author=l)ragon link=topic=15960.msg161876#msg161876 date=1164608594]
[code]FF 50 28 00 00 00 00 00 FE A2 B6 AE 32 F7 68 00  ÿP(.....þ¢¶®2÷h.
00 20 58 7D 99 CB C6 01 76 65 72 2D 49 58 38 36  . X}™ËÆ.ver-IX86
2D 30 2E 6D 70 71 00 00                          -0.mpq..........[/code]

Recieved about 2mins ago while useing sc.
[/quote]

:o :o :o maybe a rare bug or fixing something with lockdown, i just relogged to a west server and got lockdown though.

[quote author=l2k-Shadow link=topic=15960.msg161877#msg161877 date=1164608744]
[quote author=l)ragon link=topic=15960.msg161876#msg161876 date=1164608594]
[code]FF 50 28 00 00 00 00 00 FE A2 B6 AE 32 F7 68 00   ÿP(.....þ¢¶®2÷h.
00 20 58 7D 99 CB C6 01 76 65 72 2D 49 58 38 36   . X}™ËÆ.ver-IX86
2D 30 2E 6D 70 71 00 00                           -0.mpq..........[/code]

Recieved about 2mins ago while useing sc.
[/quote]

:o :o :o maybe a rare bug or fixing something with lockdown, i just relogged to a west server and got lockdown though.
[/quote]
Looks like a bug in Battle.net itself, seen this a cupple times now not only on sc but with DSHR to.

[quote author=l)ragon link=topic=15960.msg161879#msg161879 date=1164609202]
[quote author=l2k-Shadow link=topic=15960.msg161877#msg161877 date=1164608744]
[quote author=l)ragon link=topic=15960.msg161876#msg161876 date=1164608594]
[code]FF 50 28 00 00 00 00 00 FE A2 B6 AE 32 F7 68 00  ÿP(.....þ¢¶®2÷h.
00 20 58 7D 99 CB C6 01 76 65 72 2D 49 58 38 36  . X}™ËÆ.ver-IX86
2D 30 2E 6D 70 71 00 00                          -0.mpq..........[/code]

Recieved about 2mins ago while useing sc.
[/quote]

:o :o :o maybe a rare bug or fixing something with lockdown, i just relogged to a west server and got lockdown though.
[/quote]
[/quote]

I bet reps are molesting these forums, fixing this as we speak :P
Looks like a bug in Battle.net itself, seen this a cupple times now not only on sc but with DSHR to.

Interesting. Continue to keep an eye out for this. If it continues to happen for several days, possibly clients will switch between each method, depending on which dll is specified.

Hmm, I've received ver-xxxx-x.mpq too recently

[quote author=UserLoser link=topic=15960.msg161883#msg161883 date=1164610561]
Hmm, I've received ver-xxxx-x.mpq too recently
[/quote]
Interesting part if you check that packet dump there was no checksum formula.

[quote author=l)ragon link=topic=15960.msg161886#msg161886 date=1164611034]
[quote author=UserLoser link=topic=15960.msg161883#msg161883 date=1164610561]
Hmm, I've received ver-xxxx-x.mpq too recently
[/quote]
Interesting part if you check that packet dump there was no checksum formula.
[/quote]
Oh god, what are they up to now :\

I tried connecting to east and west over a hundred times and never got this.

i think sometimes changes are impletemented in 1 server ip, then they somehow transfer over to other servers. 
For example with cdkeys being muted.  Sometimes the rep mutes keys on 1 server ip.  Your able to use bnet not muted sometimes, then after a week ur muted on the realm, then 2 weeks and ur now muted on all 4 realms.

if they're impletementing more of this ix86 mpq bullshit its obvious there trying to stop all bots.

[quote author=replaced link=topic=15960.msg161892#msg161892 date=1164614754]
i think sometimes changes are impletemented in 1 server ip, then they somehow transfer over to other servers. 
For example with cdkeys being muted.  Sometimes the rep mutes keys on 1 server ip.  Your able to use bnet not muted sometimes, then after a week ur muted on the realm, then 2 weeks and ur now muted on all 4 realms.

if they're impletementing more of this ix86 mpq bullshit its obvious there trying to stop all bots.
[/quote]


Not exactly true. Hacks have countered this ix86 , lockdown stuff as well so the minor part is to do with bots but i doubt they could care about bots to much exactly the focus is on hacks for the current time but bots do have a small part to do with it just to annoy you.

[quote author=Denial link=topic=15960.msg161898#msg161898 date=1164641460]
Not exactly true. Hacks have countered this ix86 , lockdown stuff as well so the minor part is to do with bots but i doubt they could care about bots to much exactly the focus is on hacks for the current time but bots do have a small part to do with it just to annoy you.
[/quote]

http://www.bwhacks.com/forums/showthread.php?t=18738

ppl that use hacks get passed this by enabling there hacks after they login.
can you tell me why a blizz rep said one time that if you are unable to connect to battle.net after being disconnected, don't connect using third party programs?  That was when the ix86 format changed by adding " - ", not exactly used to stop bots...

Blizzard is freakin' serious, huh?

I've got both aspects of this project completed. I just need to combine them now! I'll just add a call to my checkrevision wrapper, and it will do the rest of the work for me. i also retrofitted my wrapper so that it works with all 19 other variations. check it :P

[img]http://torque.ircds.darkstarllc.com/images/almost.png[/img]

where in the 1a packet from bnls gives me the exe information?

FF 51 46 00 D2 02 96 49 01 00 0E 01 A4 E4 1C 05 01
00 00 00 00 00 00 00 0D 00 00 00 02 00 00 00 E1 30
1F 00 00 00 00 00 15 26 E4 D0 EF A6 B9 A3 50 DE 0E
7A F7 D9 B7 A3 83 D1 E7 EB 00 5A 4E 51 46 4B 79 6B
4D 00

Someone tell me which place is blank.  Im getting invalid game ver from bnet

ok works thx to post below lol

http://bnetdocs.valhallalegends.com/content.php?Section=m&Code=505

(STRING) Version check stat string.

Has anyone else even began to attempt reversing lockdown yet?

What level of knowledge of asm would you need in ur opinion

At least level 40.

I'd say level 29 if you have at least a level 9 reverse engineering skill.

dang, still cant beat the boss after level 1

[quote author=Ersan link=topic=15960.msg162333#msg162333 date=1165455895]
I'd say level 29 if you have at least a level 9 reverse engineering skill.
[/quote]Nah.  Even then you need to be at least level 33 to safely get by the noob spam.