[code]
FF 4C 17 00 49 58 38 36 4D 69 6E 64 56 69 73 69       .L..IX86MindVisi
6F 6E 2E 6D 70 71 00                                  on.mpq.
[/code]
Friend just got it on his bot, but doesnt seem to effect logging on?
Is it some kinda patch? :P

EDIT:
[quote]
[23:28:28] <sdf(KiLLer)> It's an 0x4C from the packet SID_OPTIONALWORK, and starcraft auto extracts it and includes it into broodat.mpq
[23:28:38] <sdf(KiLLer)> it's just a warden anti hack update
[/quote]
Hm, thats warden? Never seen it on the older protocol before -- warden has been evading me i guess :P and doesnt it go in the cache file like all the rest?

it's required work, meaning game will execute it no matter what unlike 0x4a is optional work. kind of like ix86BlueDrake on war3.  ix86BlueDrake.dll patches disconnect hack.  this is antihack/blizzards way of patching something without releasing an official patch.

Five minute examination: Well, it writes memory stuff (probably patch hacks), then it connects to 63.240.202.115:6112, and sends stuff there.  Interesting, looks war3 related only since there's serveral game.dll references.

63.240.202.115 isn't listening on  6112, interesting :P

looks like it's always running in a loop while it's connected sending it info, not sure.  Mindvision immediately made me think it sees what's going on in the client's side, which appears to be true.

Hmm, I was just doing somthing else, that involved my SC proxy and noticed the 0x4B so checked it with Bnetdocs.
They cant care to* much about 3rd party clients, because they could easy disconnect clients after X amount of seconds for not responding -- like with D2GS for example :(
Maybe that is what they are thinking :P

Full log:
[code]
[01:13:41] [Set 1] Filtering Unknown TCP Bnet Data
FF 51 09 00 00 00 00 00 00                            .Q.......

[01:13:41] [Set 1] Filtering Unknown TCP Bnet Data
FF 4C 17 00 49 58 38 36 4D 69 6E 64 56 69 73 69       .L..IX86MindVisi
6F 6E 2E 6D 70 71 00                                  on.mpq.

[01:13:41] [Set 1] Filtering Unknown TCP Client Data
FF 2D 04 00                                           .-..

[01:13:41] [Set 1] Filtering Unknown TCP Client Data
FF 33 1B 00 1D 00 00 00 00 00 00 00 69 63 6F 6E       .3..........icon
73 5F 53 54 41 52 2E 62 6E 69 00                      s_STAR.bni.

[01:13:41] [Set 1] Filtering Unknown TCP Client Data
FF 33 18 00 1A 00 00 00 00 00 00 00 74 6F 73 5F       .3..........tos_
55 53 41 2E 74 78 74 00                               USA.txt.

[01:13:41] [Set 1] Filtering Unknown TCP Client Data
FF 33 19 00 1B 00 00 00 00 00 00 00 62 6E 73 65       .3..........bnse
72 76 65 72 2E 69 6E 69 00                            rver.ini.

[01:13:41] [Set 1] Filtering Unknown TCP Client Data
FF 26 AA 01 01 00 00 00 13 00 00 00 FC 15 71 09       .&............q.
49 2E 43 72 79 2E 57 68 65 6E 2E 4C 6F 73 73 00       I.Cry.When.Loss.
70 72 6F 66 69 6C 65 5C 73 65 78 00 70 72 6F 66       profile\sex.prof
69 6C 65 5C 61 67 65 00 70 72 6F 66 69 6C 65 5C       ile\age.profile\
6C 6F 63 61 74 69 6F 6E 00 70 72 6F 66 69 6C 65       location.profile
5C 64 65 73 63 72 69 70 74 69 6F 6E 00 52 65 63       \description.Rec
6F 72 64 5C 53 45 58 50 5C 30 5C 77 69 6E 73 00       ord\SEXP\0\wins.
52 65 63 6F 72 64 5C 53 45 58 50 5C 30 5C 6C 6F       Record\SEXP\0\lo
73 73 65 73 00 52 65 63 6F 72 64 5C 53 45 58 50       sses.Record\SEXP
5C 30 5C 64 69 73 63 6F 6E 6E 65 63 74 73 00 52       \0\disconnects.R
65 63 6F 72 64 5C 53 45 58 50 5C 30 5C 6C 61 73       ecord\SEXP\0\las
74 20 67 61 6D 65 00 52 65 63 6F 72 64 5C 53 45       t game.Record\SE
58 50 5C 30 5C 6C 61 73 74 20 67 61 6D 65 20 72       XP\0\last game r
65 73 75 6C 74 00 52 65 63 6F 72 64 5C 53 45 58       esult.Record\SEX
50 5C 31 5C 77 69 6E 73 00 52 65 63 6F 72 64 5C       P\1\wins.Record\
53 45 58 50 5C 31 5C 6C 6F 73 73 65 73 00 52 65       SEXP\1\losses.Re
63 6F 72 64 5C 53 45 58 50 5C 31 5C 64 69 73 63       cord\SEXP\1\disc
6F 6E 6E 65 63 74 73 00 52 65 63 6F 72 64 5C 53       onnects.Record\S
45 58 50 5C 31 5C 72 61 74 69 6E 67 00 52 65 63       EXP\1\rating.Rec
6F 72 64 5C 53 45 58 50 5C 31 5C 68 69 67 68 20       ord\SEXP\1\high
72 61 74 69 6E 67 00 44 79 6E 4B 65 79 5C 53 45       rating.DynKey\SE
58 50 5C 31 5C 72 61 6E 6B 00 52 65 63 6F 72 64       XP\1\rank.Record
5C 53 45 58 50 5C 31 5C 68 69 67 68 20 72 61 6E       \SEXP\1\high ran
6B 00 52 65 63 6F 72 64 5C 53 45 58 50 5C 31 5C       k.Record\SEXP\1\
6C 61 73 74 20 67 61 6D 65 00 52 65 63 6F 72 64       last game.Record
5C 53 45 58 50 5C 31 5C 6C 61 73 74 20 67 61 6D       \SEXP\1\last gam
65 20 72 65 73 75 6C 74 00 00                         e result..

[01:13:41] [Set 1] Filtering Unknown TCP Client Data
FF 33 1F 00 06 00 00 80 00 00 00 00 49 58 38 36       .3..........IX86
4D 69 6E 64 56 69 73 69 6F 6E 2E 6D 70 71 00          MindVision.mpq.

[01:13:41] [Set 1] Filtering Unknown TCP Bnet Data
FF 2D 16 00 00 08 16 BF E9 50 C3 01 69 63 6F 6E       .-.......P..icon
73 2E 62 6E 69 00                                     s.bni.

[01:13:41] [Set 1] Filtering Unknown TCP Bnet Data
FF 33 23 00 1D 00 00 00 00 00 00 00 00 EF E1 E3       .3#.............
FE 26 C4 01 69 63 6F 6E 73 5F 53 54 41 52 2E 62       .&..icons_STAR.b
6E 69 00                                              ni.

[01:13:41] [Set 1] Filtering Unknown TCP Bnet Data
FF 33 20 00 1A 00 00 00 00 00 00 00 00 DF 77 0F       .3 ...........w.
6C E8 C0 01 74 6F 73 5F 55 53 41 2E 74 78 74 00       l...tos_USA.txt.


[01:13:41] [Set 1] Filtering Unknown TCP Bnet Data
FF 33 21 00 1B 00 00 00 00 00 00 00 00 7D 2B 85       .3!..........}+.
63 E8 C0 01 62 6E 73 65 72 76 65 72 2E 69 6E 69       c...bnserver.ini
00                                                    .

[01:13:41] [Set 1] Filtering Unknown TCP Bnet Data
FF 33 27 00 06 00 00 80 00 00 00 00 00 0B CC DA       .3'.............
6D 3A C7 01 49 58 38 36 4D 69 6E 64 56 69 73 69       m:..IX86MindVisi
6F 6E 2E 6D 70 71 00                                  on.mpq.

[01:13:41] [Set 1] Filtering Unknown TCP Bnet Data
FF 26 3A 00 01 00 00 00 13 00 00 00 FC 15 71 09       .&:...........q.
00 00 00 00 00 00 00 32 39 38 32 33 32 31 35 20       .......29823215
33 37 39 39 34 33 33 33 36 30 00 44 52 41 57 00       3799433360.DRAW.
00 00 00 00 00 00 00 00 00 00                         ..........

[01:13:41] [Set 1] Filtering Unknown TCP Client Data
FF 4B 0C 00 03 00 04 00 00 00 00 5E                   .K.........^

[/code]

Are you talking about somthing differnt, in terms of the data been sent to 63.240.202.115?
Hm out comes etheral :P

EDIT: Ah, i see it.
After checking the file, it sends 4 bytes to that udp server 63.240.202.115:6112, which then sends a byte back to the client, which then sends 0x4B to bnet, from what I can see here.
In this log, SC Sent: 3B 40 98 09 and got back 1C, then sent 00 00 00 5E

It's name, Mind Vision, is probably a reference to the WoW Priest spell. It can be cast on anyone, friendly or otherwise, anywhere in the world (assuming you can set them as your target) and see out of their eyes for a minute or so. Sounds like it's doing kind of just that.

Looks like there is a new one,
IX86FarSight.mpq
Anyone feel like looking into that one?
~-~(HDX)~-~

It's clearly a reference the the cheapest gun ever (from Perfect Dark 64, auto-locking-see-and-shoot-through-walls-one-hit-kill-sniper-rifle).

No way, it's definitely named after the creators of the VISE installer.

But seriously, that gun was total bullshit.

Or it's a reference to Orcs of Warcraft III?

Far sight is a technique used by Shamans in WoW.

[quote author=SNiFFeR link=topic=16186.msg163753#msg163753 date=1170377660]
Far sight is a technique used by Shamans in WoW.
[/quote]

Also used by a Far Seer in Warcraft III.

Anyone actually gona poke around on it? Or are you all jsut gona talk about old games? And yes that PD64 gun was cheap >.<
~-~(HDX)~-~

Looks like basically the same thing as IX86MindVision.dll

Is there even any reply for 0x4C or is it just sent to make sure it is run locally with no response from the client?

BOTS N OPS.

[quote author=rabbit link=topic=16186.msg163716#msg163716 date=1170303216]
It's clearly a reference the the cheapest gun ever (from Perfect Dark 64, auto-locking-see-and-shoot-through-walls-one-hit-kill-sniper-rifle).
[/quote]

That gun pwned hardcore. Almost as much as a deployed laptop gun + farsight. :D

[quote author=iCe link=topic=16186.msg163766#msg163766 date=1170394798]
Is there even any reply for 0x4C or is it just sent to make sure it is run locally with no response from the client?
[/quote]

@Savior, there is no reply for the 0x4C or 0x4A. It is simply a packet that tells client what the filename is of the file of which it is to request a download from Battle.net's FTP, which upon the finished download it then extracts the .dll from it and includes it in broodat.mpq, or stardat.mpq, whichever is installed.

iCe is not Savior. He deleted his account

ice is savior. savior is ice. Those two names are interchangable. Maybe you might not have caught on yet :)

[quote author=BreW link=topic=16186.msg163910#msg163910 date=1170555023]
[quote author=iCe link=topic=16186.msg163766#msg163766 date=1170394798]
Is there even any reply for 0x4C or is it just sent to make sure it is run locally with no response from the client?
[/quote]

@Savior, there is no reply for the 0x4C or 0x4A. It is simply a packet that tells client what the filename is of the file of which it is to request a download from Battle.net's FTP, which upon the finished download it then extracts the .dll from it and includes it in broodat.mpq, or stardat.mpq, whichever is installed.
[/quote]

Brew: 0x4A seems to make the client respond with 0x4B. I am not "savior"

[quote author=topaz link=topic=16186.msg163912#msg163912 date=1170555620]
iCe is not Savior. He deleted his account
[/quote]

Ice is savior on bnet now, can't play me dumb ahaha.

[quote author=iCe link=topic=16186.msg163928#msg163928 date=1170562979]Brew: 0x4A seems to make the client respond with 0x4B. I am not "savior"[/quote]Only with ExtraWork, not MindVision, or FarSight as far as ive seen.
~-~(HDX)~-~

[quote author=iCe link=topic=16186.msg163928#msg163928 date=1170562979]
Brew: 0x4A seems to make the client respond with 0x4B. I am not "savior"
[/quote]
Yes you are. And Pro_Tech@Europe is Ringo. Why do you even attempt to play this off...?
And @ the packet. I don't even have starcraft anymore, so I can't packetlog the client's repsonse to battle.net. Perhaps it is a response to battle.net whether or not Client will install the .dll. Among other problems with that, there are no optional work .mpqs being put into effect by blizzard at this time. How did you manage to even GET an 0x4a packet? Was this during It would be nice if you could post your findings here :)

oh wow ringo's pro_tech? haha i use to post up on his forums long ago =)

I used to also.

0x4A (commonly known as SID_OPTIONALWORK) always has a response to it in 0x4B (SID_EXTRAWORK).  However 0x4C (commonly known as SID_REQUIREDWORK) never has a response to it to the same server.

Both messages permit the client to download an ExtraWork archive from the server (a .mpq file).  Inside the .mpq file is a .dll file with the same filename as the .mpq.  The ExtraWork DLL file exports a function called "ExtraWork" (__fastcall caller type, one structure parameter which includes a copy buffer, system language, and game type) which executes the ExtraWork function.

On SID_OPTIONALWORK files, the ExtraWork function will only execute if your HKEY_CURRENT_USER\Software\Battle.net\Optimize\SysDesc is set to a non-zero value.  SID_OPTIONALWORK is used to survey for system specs so Blizzard can develop games that'll run the best to the end users.

SID_REQUIREDWORK is also downloaded no matter what.  This is generally used to detect/disable certain hacks from being used.  It is common for these libraries to report back various in-game memory values to a third-party Battle.net server that isn't always there.

Thank you for sharing, UserLoser. Does anyone know why the response to the 0x4a is an 0x4b and simply not a C > S 0x4a, like email registration packets? Also, what are the contents of the 0x4b packet? Can you provide us with any more documentation? Or perhaps add that tid bit of information to bnetdocs.

[quote author=BreW link=topic=16186.msg164196#msg164196 date=1170816954]
Thank you for sharing, UserLoser. Does anyone know why the response to the 0x4a is an 0x4b and simply not a C > S 0x4a, like email registration packets? Also, what are the contents of the 0x4b packet? Can you provide us with any more documentation? Or perhaps add that tid bit of information to bnetdocs.
[/quote]

Bnetdocs includes the info, the format of the response is the format of the structure passed to ExtraWork

[quote author=BreW link=topic=16186.msg163961#msg163961 date=1170613554]
[quote author=iCe link=topic=16186.msg163928#msg163928 date=1170562979]
Brew: 0x4A seems to make the client respond with 0x4B. I am not "savior"
[/quote]
Yes you are. And Pro_Tech@Europe is Ringo. Why do you even attempt to play this off...?
And @ the packet. I don't even have starcraft anymore, so I can't packetlog the client's repsonse to battle.net. Perhaps it is a response to battle.net whether or not Client will install the .dll. Among other problems with that, there are no optional work .mpqs being put into effect by blizzard at this time. How did you manage to even GET an 0x4a packet? Was this during It would be nice if you could post your findings here :)
[/quote]
And I am not "Pro_Tech@Europe", im flatterd you think you know me, but guess again.

Aside, has anyone looked into how the value returned from the UDP server (and maybe the dll) is used to compute the value for 0x4B?

http://rafb.net/p/gQQLyo41.html

[quote author=Ringo link=topic=16186.msg164218#msg164218 date=1170860317]
[quote author=BreW link=topic=16186.msg163961#msg163961 date=1170613554]
[quote author=iCe link=topic=16186.msg163928#msg163928 date=1170562979]
Brew: 0x4A seems to make the client respond with 0x4B. I am not "savior"
[/quote]
Yes you are. And Pro_Tech@Europe is Ringo. Why do you even attempt to play this off...?
And @ the packet. I don't even have starcraft anymore, so I can't packetlog the client's repsonse to battle.net. Perhaps it is a response to battle.net whether or not Client will install the .dll. Among other problems with that, there are no optional work .mpqs being put into effect by blizzard at this time. How did you manage to even GET an 0x4a packet? Was this during It would be nice if you could post your findings here :)
[/quote]
And I am not "Pro_Tech@Europe", im flatterd you think you know me, but guess again.

Aside, has anyone looked into how the value returned from the UDP server (and maybe the dll) is used to compute the value for 0x4B?
[/quote]

Show log of this 0x4B.  However, I'm fairly confident that it's going to be the same format as what BnetDocs currently has

[quote author=UserLoser link=topic=16186.msg164253#msg164253 date=1170892618]
Show log of this 0x4B.  However, I'm fairly confident that it's going to be the same format as what BnetDocs currently has
[/quote]
Well, that covers nothing about that UDP server :P
I was just wundering if anyone had looked into what the byte returned by the UDP server is used for, and if its used in 0x4B.
It just seems odd starcraft would send a dword to a UDP server, and that UDP server send a responce Back, and starcraft fire's off a 0x4B, or is the dll useing the said UDP server?
I only logged it once, so im thinking along what I see that day, but has anyone else looked into this?

Is the byte "02"? That's the FTP protocol byte, silly.....

[quote author=BreW link=topic=16186.msg164749#msg164749 date=1171414402]
Is the byte "02"? That's the FTP protocol byte, silly.....
[/quote]

What are you talking about?  Also, no, the FTP protocol descriptor is not "02", silly, it's actually far from that.

Please stop trolling and contribute with useful information or ask meaningful questions