Valhalla Legends Forums Archive | Battle.net Bot Development | BNLS

AuthorMessageTime
Denial
Has there been any changes to bnls since it came back up?

IE: limited amount of time to reconnect bots to bnls using the same ip address and such?
February 27, 2007, 5:21 AM
UserLoser
[quote author=Denial link=topic=16403.msg165923#msg165923 date=1172553718]
Has there been any changes to bnls since it came back up?

IE: limited amount of time to reconnect bots to bnls using the same ip address and such?
[/quote]

Why don't you spam it and find out?  :P
February 27, 2007, 10:36 PM
BreW
Yes yes there have been denial. You cannot maintain more then two connections to BNLS per ip. And I believe there is a way to "flood out" too. The packet you receive from BNLS to notify you that you were ipbanned has a header of 0xFF, and contains an ntstring saying "You have been banned from BNLS".
February 27, 2007, 11:02 PM
LockesRabb
Posted in the wrong forum.

Mod recommendation: move thread to bnet botdev forum.
February 28, 2007, 3:34 AM
Denial
Hmmm i wonder if we can make acceptions to this due to i load like 19 bots on all 4 realms for people to host bots and such.

So far ive gotten around it by waiting a little bit then connecting another bot but it does seem to be annoying at first.
February 28, 2007, 4:33 AM
MyStiCaL
[quote author=brew link=topic=16403.msg165964#msg165964 date=1172617367]
Yes yes there have been denial. You cannot maintain more then two connections to BNLS per ip. And I believe there is a way to "flood out" too. The packet you receive from BNLS to notify you that you were ipbanned has a header of 0xFF, and contains an ntstring saying "You have been banned from BNLS".
[/quote]

It sure would seem stupid if thats his way of protecting BNLS from getting loaded on, 2 bots per IP? most people use 1 proxy per bot well thats how it was when i use to load back n the day. also i've already still seen a load today.

anyways can anyone else confirm this?

EDIT: I just confirmed that i loaded 3 bots via BNLS @useast.
February 28, 2007, 12:05 PM
BreW
[quote author=Denial link=topic=16403.msg165983#msg165983 date=1172637184]
Hmmm i wonder if we can make acceptions to this due to i load like 19 bots on all 4 realms for people to host bots and such.

So far ive gotten around it by waiting a little bit then connecting another bot but it does seem to be annoying at first.
[/quote]

You really only need one bnls connection.... keep in mind that normally bots disconnect from bnls after receiving the data...
February 28, 2007, 11:15 PM
HdxBmx27
There haven't been any changes announced for BNLS no.
Ringo's server does IPBan people and send a message to them if they are banned.
Besides that theres nothing new (And that really isnt BNLS)
~Hdx
March 1, 2007, 12:08 AM
BreW
okay!?
March 1, 2007, 12:30 AM
Spht
[quote author=brew link=topic=16403.msg166028#msg166028 date=1172709018]
okay!?
Hdx, are you sure? I asked spht and he verified the changes to bnls I asked him about.
[/quote]

No I didn't.  As a matter of fact, I've never talked to you before

Edit:  I'm guessing this was you:

(2007-02-27)
[color=#FFFFFF][18:31:19] [/color][color=#32FF32]asdfasdf5364@USEast joined the channel using Starcraft: Brood War.
[/color][color=#FFFFFF][18:31:24] <[/color][color=#32FF96]asdfasdf5364@USEast[/color][color=#FFFFFF]> uhh.. hey spht you there
[18:33:04] <[/color][color=#50E6DC]Spht[/color][color=#FFFFFF]> hi
[18:33:54] <[/color][color=#32FF96]asdfasdf5364@USEast[/color][color=#FFFFFF]> hey
[18:34:06] <[/color][color=#32FF96]asdfasdf5364@USEast[/color][color=#FFFFFF]> could you get ipbanned from BNLS if you send too many packets too fast
[18:34:23] <[/color][color=#32FF96]asdfasdf5364@USEast[/color][color=#FFFFFF]> if so plz tell me what's the recommended send rate
[18:34:49] <[/color][color=#50E6DC]Spht[/color][color=#FFFFFF]> why woudl yuo be sending lots of packets?  you just use bnsl to get on bnet
[18:34:54] <[/color][color=#32FF96]asdfasdf5364@USEast[/color][color=#FFFFFF]> uh
[18:35:02] <[/color][color=#32FF96]asdfasdf5364@USEast[/color][color=#FFFFFF]> yes ^^ exactly i need to get on bnet
[18:35:16] <[/color][color=#32FF96]asdfasdf5364@USEast[/color][color=#FFFFFF]> lets say i have a bunch of checksum formulas. and i need to find the checksum to them.
[18:35:33] <[/color][color=#32FF96]asdfasdf5364@USEast[/color][color=#FFFFFF]> i would test them like 3-5 at a time
[18:35:36] <[/color][color=#50E6DC]Spht[/color][color=#FFFFFF]> so you're using bnls to map out all the possible results from lockdown?
[18:35:54] <[/color][color=#32FF96]asdfasdf5364@USEast[/color][color=#FFFFFF]> yes
[18:36:00] <[/color][color=#50E6DC]Spht[/color][color=#FFFFFF]> why are you on smurf account?
[18:36:03] <[/color][color=#32FF96]asdfasdf5364@USEast[/color][color=#FFFFFF]> im not
[18:36:06] <[/color][color=#32FF96]asdfasdf5364@USEast[/color][color=#FFFFFF]> this is my name
[18:36:09] [/color][color=#7F7F7F]<record>
[/color][color=#FFFFFF][18:36:09] [/color][color=#7F7F7F]Name = asdfasdf5364@USEast
[/color][color=#FFFFFF][18:36:09] [/color][color=#7F7F7F]</record>
[/color][color=#FFFFFF][18:36:21] <[/color][color=#32FF96]asdfasdf5364@USEast[/color][color=#FFFFFF]> everyone knows asdfasdf5364....
[18:36:25] [/color][color=#FFFF4B]asdfasdf5364@USEast was banned by Spht (yes bnls will probably ban you for doing that).
[/color][color=#FFFFFF][18:36:25] [/color][color=#32FF32]asdfasdf5364@USEast left the channel.
[/color][color=#FFFFFF][18:36:46] [/color][color=#BEBEBE]<From: [/color][color=#32FF96]asdfasdf5364@USEast[/color][color=#BEBEBE]> :-(
[/color]

I wouldn't call that confirming anything...
March 1, 2007, 12:47 AM
BreW
what?!?! That's not me.
March 1, 2007, 2:14 AM
HdxBmx27
Hehe, And acording to Sky (Long time ago)
It's better to have one connection with all the crevs you need.
What i'll be doing in my future bots is just having one connection to BNLS at all times.
And just passing info for all the clients there there.
Which, I *think* is the best way to go.
~Hdx
March 1, 2007, 3:10 AM
Ante
[quote author=Hdx link=topic=16403.msg166057#msg166057 date=1172718617]
Hehe, And acording to Sky (Long time ago)
It's better to have one connection with all the crevs you need.
What i'll be doing in my future bots is just having one connection to BNLS at all times.
And just passing info for all the clients there there.
Which, I *think* is the best way to go.
~Hdx
[/quote]
if about 10 crevs are sent in one connection, only about 5 crevs are returned.
i tested that myself.
March 4, 2007, 11:05 PM
Barabajagal
Ya, BNLS is getting more resistant to constant CRev requests... Maybe people won't abuse bot abilities anymore...
March 5, 2007, 12:03 AM
BreW
Here's an even better way to take stress off the bnls server: Release the checkrevision code, so formulating the checksum can be done locally.
March 5, 2007, 1:36 AM
Barabajagal
Wonderful. Then they change it because it's been released and everyone's screwed again. Keep your bright ideas to yourself.
March 5, 2007, 1:52 AM
LockesRabb
I disagree, RealityRipple. This was an anti-cheat move, not an anti-bot move. So most likely they would not change the Crev system just because it was released. The point of them forcing the Crev to run based on a hash from memory was to ensure that nothing was being injected into the game process at time of program execution. If you examine all of the latest hacks, you'll see their effort to clean up the initial execution was successful-- now hacks are forced to wait until AFTER the game has completed connecting to Battle.net before injecting themselves into the game process.

Now the only move Blizzard needs to do is add another timer packet that'd be sent every say, 5 minutes to the game client requesting that it run a hash of game memory, and it'd disconnect the client after two minutes of lack of response, if the client failed to send a valid hash of game memory and got disconnected three times in a row, an ip-ban would occur.

This would drastically reduce the amount and efficiency of the hacks out there. Of course, that's assuming that the Crev formula wasn't released, and also that's assuming the hacks don't become semi-bots running off the Crev bin that was released, and that BNLS would not support that specific anti-hack packet. :-\
March 5, 2007, 2:03 AM
Barabajagal
Except that it only checks when you first log in. If you enable your hacks after you log in, you're perfectly fine. I will never believe this was anti-hack, even if you dispute my proof. It affected bots much more than it ever affected hackers.
March 5, 2007, 2:09 AM
LockesRabb
If you say so. I believe that once they established a timer-based regime of memory hash request-response system, that'd ensure that hacks would be severely impaired. If Blizzard limited those timer-based hashing requests to in-game only, that'd certainly deliver a considerable blow against hackers and not further impair bots from being able to connect to Battle.net.
March 5, 2007, 2:14 AM
Barabajagal
Warden always checks for hacks and such, but lockdown is all during connection, which most hacks aren't enabled for, or don't need to be.
March 5, 2007, 3:00 AM
LockesRabb
[quote author=[RealityRipple] link=topic=16403.msg166238#msg166238 date=1173063600]
Warden always checks for hacks and such, but lockdown is all during connection, which most hacks aren't enabled for, or don't need to be.
[/quote]

Hacks [u]ORIGINALLY[/u] needed to be executed for injection [u]PRIOR[/u] to executing StarCraft. So Blizzard responded by requesting memory hashes instead of file hashes. This effectively crippled hacks. It was an unfortunate side effect that it also crippled bots. Because Battle.net now checks memory hashes, this meant hacks now have to be executed [u]AFTER[/u] connecting to Battle.net. Warden is also now weakened as hack-makers have figured out a way to bypass Warden. Now all Blizzard needs to do is require the memory hash checking server-side to be done every once  in a while during games and that'd pretty much put an end to injection for the long term, thus severely limiting what hacks can do.

Hacks will always be able to read from memory and also be able to alter their signatures to bypass Warden, but with the advent of lockdown, injection is very much crippled to as what it can do and writing to memory is now extremely difficult due to Warden.

If you took the time and effort to research what exactly Warden and Lockdown does and monitored popular hacking sites, you'd quickly see just what kind of effect Lockdown and Warden had on them.

Edit: Added emphasis.
March 5, 2007, 3:23 AM
UserLoser
[quote author=Kyro link=topic=16403.msg166234#msg166234 date=1173060180]
Now the only move Blizzard needs to do is add another timer packet that'd be sent every say, 5 minutes to the game client requesting that it run a hash of game memory, and it'd disconnect the client after two minutes of lack of response, if the client failed to send a valid hash of game memory and got disconnected three times in a row, an ip-ban would occur.
[/quote]

Hmm, that is called the WardenClient.  It doesn't check every 5 minutes, it's always checking :o
March 5, 2007, 3:28 AM
LockesRabb
[quote author=UserLoser link=topic=16403.msg166241#msg166241 date=1173065333]Hmm, that is called the WardenClient.  It doesn't check every 5 minutes, it's always checking :o[/quote]

I said server-side:

[quote author=Kyro link=topic=16403.msg166240#msg166240 date=1173065021]require the memory hash checking [u]server-side[/u] to be done every once in a while during games[/quote]

As Warden is being bypassed easily client-side. I suspect by every time Warden checks something, the hacks most likely replaces the resulting hash from Warden's check with a fake correct hash before Warden runs a comparison check. By just making a hash and sending it to Battle.net for server-side checking in-game, that'd ensure that it'd be even more harder to fake the hashes. The lockdown MPQs are seemingly random, so the hacks would not be able to predict which section of memory is being hashed and fabricate a fake hash in place.

Edit: Perhaps the hacks work by monitoring the Warden? Nicely ironic, wouldn't you say; the Warden is monitoring the hacks while the hacks are monitoring the Warden. Heh.
March 5, 2007, 3:36 AM
UserLoser
[quote author=Kyro link=topic=16403.msg166242#msg166242 date=1173065809]
[quote author=UserLoser link=topic=16403.msg166241#msg166241 date=1173065333]Hmm, that is called the WardenClient.  It doesn't check every 5 minutes, it's always checking :o[/quote]

I said server-side:

[quote author=Kyro link=topic=16403.msg166240#msg166240 date=1173065021]require the memory hash checking [u]server-side[/u] to be done every once in a while during games[/quote]

As Warden is being bypassed easily client-side. I suspect by every time Warden checks something, the hacks most likely replaces the resulting hash from Warden's check with a fake correct hash before Warden runs a comparison check. By just making a hash and sending it to Battle.net for server-side checking in-game, that'd ensure that it'd be even more harder to fake the hashes. The lockdown MPQs are seemingly random, so the hacks would not be able to predict which section of memory is being hashed and fabricate a fake hash in place.

Edit: Perhaps the hacks work by monitoring the Warden? Nicely ironic, wouldn't you say; the Warden is monitoring the hacks while the hacks are monitoring the Warden. Heh.
[/quote]

Be careful what you say.  Warden is a bit more complex than you may think (have you actually looked at it?)
March 5, 2007, 3:56 AM
LockesRabb
I haven't looked at the assembly code. But the main point here is that RealityRipple is saying this was an anti-bot action rather than an anti-hack one. I was trying to show that his theory is nothing more than a conspiracy theory, that Blizzard was just trying to combat hackers.
March 5, 2007, 4:01 AM
Barabajagal
Except that warden is much older than lockdown, and once again, lockdown only affects the connection, whereas warden is ingame.
March 5, 2007, 4:58 AM
warz
Currently, it does not matter what lockdown, or warden even, was designed to combat. Whatever it was aiming at, it disabled many emu bot developers along the way.
March 5, 2007, 5:02 AM
Barabajagal
It does matter what lockdown was designed to combat. The day Ringo released his listing, they changed the cache on us. If that's not a big enough hint, I don't know what is. If anyone releases a perfect workaround for lockdown to the public, they will change things around again. That is what makes it matter.
March 5, 2007, 5:13 AM
Sixen
[quote author=[RealityRipple] link=topic=16403.msg166247#msg166247 date=1173071597]
It does matter what lockdown was designed to combat. The day Ringo released his listing, they changed the cache on us. If that's not a big enough hint, I don't know what is. If anyone releases a perfect workaround for lockdown to the public, they will change things around again. [b]That is what makes it matter.[/b]
[/quote]

Right, that is what I was going to point out. I forgot who said it previously, to release a lockdown file workaround so all bot-authors can use it. This, would be a bad idea, and could in fact make Blizzard change the MPQ's once again. I'm not saying they are targeting Chat Bots, etc, but if bot-authors have these lockdown workarounds, so will hackers.
March 5, 2007, 5:17 AM
dRAgoN
The whole thing is what does hacking have to do with logging in.
March 5, 2007, 5:22 AM
Sixen
[quote author=l)ragon link=topic=16403.msg166249#msg166249 date=1173072166]
The whole thing is what does hacking have to do with logging in.
[/quote]

Most hacks used to have to be run before the game was executed and Warden checks your memory on login as far as I know. Of course, I don't hack, so I don't really know how they are used now-a-days.
March 5, 2007, 5:41 AM
UserLoser
[quote author=Sixen link=topic=16403.msg166252#msg166252 date=1173073313]
[quote author=l)ragon link=topic=16403.msg166249#msg166249 date=1173072166]
The whole thing is what does hacking have to do with logging in.
[/quote]

Most hacks used to have to be run before the game was executed and Warden checks your memory on login as far as I know. Of course, I don't hack, so I don't really know how they are used now-a-days.
[/quote]

Warden is always checking memory.  Lockdown is mostly an anti-hack thing I would say (others would agree too) due to the checksum is calculated.  Lockdown stops simple things from no-CD hacks to pplug114.bwl (IIRC it's called that)
March 5, 2007, 6:06 AM
Barabajagal
a well written no-cd that edits the memory directly can get around lockdown easily. I'll be releasing a new series (D1, SC, W2) of no-cds shortly that edit the memory and then put it back to normal.
March 5, 2007, 6:31 AM
LockesRabb
PowerISO.  ;)
March 5, 2007, 6:36 AM
HdxBmx27
Meh, Thats what most people do if indeed they have the CD to get the ISO off of.
But for example, I have Diablo 1 on my Jump drive, and I use Andy's No-cd for it, so I can play it at school.
I also have SC on my JD, with Andy's no-cd for it as well (Old ver, 1.12 IIRC)
Its just personal preferance and usage.
As for lockdown, I aint touching the 'Why was it made?' question with a 100 foot pole
~Hdx
March 5, 2007, 6:43 AM
Ante
[quote author=brew link=topic=16403.msg166232#msg166232 date=1173058593]
Here's an even better way to take stress off the bnls server: Release the checkrevision code, so formulating the checksum can be done locally.
[/quote]
then hacks can know  how to get past too, and theyd change it again...
March 5, 2007, 9:53 PM
l2k-Shadow
[quote author=Ante link=topic=16403.msg166290#msg166290 date=1173131582]
[quote author=brew link=topic=16403.msg166232#msg166232 date=1173058593]
Here's an even better way to take stress off the bnls server: Release the checkrevision code, so formulating the checksum can be done locally.
[/quote]
then hacks can know  how to get past too, and theyd change it again...
[/quote]

or just load the hack after logging in?
March 5, 2007, 9:57 PM
Ante
[quote author=l2k-Shadow link=topic=16403.msg166292#msg166292 date=1173131876]
[quote author=Ante link=topic=16403.msg166290#msg166290 date=1173131582]
[quote author=brew link=topic=16403.msg166232#msg166232 date=1173058593]
Here's an even better way to take stress off the bnls server: Release the checkrevision code, so formulating the checksum can be done locally.
[/quote]
then hacks can know  how to get past too, and theyd change it again...
[/quote]

or just load the hack after logging in?
[/quote]
that breaks the point of the current CREv system, but either way, once its released, itll be changed.

However, if it isn't released, more and more bots have to rely on BNLS.
March 5, 2007, 10:05 PM
BreW
It would indeed be a good idea to release the checkrevision. When Warcraft III was first released by Blizzard, Skywing solved the auth system for that, too. And he kept it a secret. It was just that other people solved it. To this day, skywing has NOT released his warcraft 3 functions. Yet the ability to logon warcraft 3 seems to be widely avalible without using bnls! Wait: So if Warcraft 3's logon system hasn't been changed, and it (along with diablo 2) are the only two clients with Warden client built in, then how come they haven't been switched to using lockdown, too!? Wait a minute! What's going on. Oh yeah, common sense. It says that releasing the checkrevision functions would do nothing but BENIFIT the battle.net community as a whole. And so what, if there's massloaders. They're not changing anything. Battle.net, up until the day of the new mpq names, have not done anything to the logon system! How come blizzard let them exist for so long? Might it be because they weren't worth it? Or perhaps because Blizzard's dev team was inexperienced, and wouldn't know where to start with making a lockdown system as sophisticated and complex as the current checkrevision until now? Hrmm.
March 5, 2007, 10:29 PM
warz
... or maybe they haven't made large scale changes to the core log on procedure because it works just fine as it is? it'd take a lot of time to switch things up completely every year, or so. i'm willing to bet that their intent from the beginning was to create a protocol that'd be easily extended for other games, but universal enough to work for all of them at the same time. when you're talking about being worried about checkrevision changing, it's not the same as being worried about the protocol itself changing. i highly doubt we'll see another change like we saw when battlenet switched over to the 'new log on system'.

just move to wow. it's much more fun. :)
March 5, 2007, 10:35 PM
Ante
[quote author=♥ link=topic=16403.msg166299#msg166299 date=1173134149]
i highly doubt we'll see another change like we saw when battlenet switched over to the 'new log on system'.
[/quote]
and that is why skywing should release his ways. now there are at least 3 supporters
March 5, 2007, 10:52 PM
Barabajagal
They've changed the DLLs easily before, they can do it again just as easily. What we need is not temporary fixes, but a reliable way to mimic the client, and update as it updates. I believe Blake and UL were discussing an idea I've also had, which is to make a memory save (store the memory values in some format or other) of the client for each new update, download and run the CheckRevision DLLs so that they perform the functions on the saved memory instead of real memory, and get the result that way. It's a bit complicated, but once you get a system done to save the memory well, and develop a DLL or something of the sort to run CheckRevision this way, we shouldn't have problems with future changes.
March 5, 2007, 11:07 PM
warz
[quote author=[RealityRipple] link=topic=16403.msg166307#msg166307 date=1173136048]
They've changed the DLLs easily before, they can do it again just as easily. What we need is not temporary fixes, but a reliable way to mimic the client, and update as it updates. I believe Blake and UL were discussing an idea I've also had, which is to make a memory save (store the memory values in some format or other) of the client for each new update, download and run the CheckRevision DLLs so that they perform the functions on the saved memory instead of real memory, and get the result that way. It's a bit complicated, but once you get a system done to save the memory well, and develop a DLL or something of the sort to run CheckRevision this way, we shouldn't have problems with future changes.
[/quote]

This is what I was doing prior to converting it to C. This was necessary when I was calling their checkrevision straight out of their dll files.

[quote author=Ante link=topic=16403.msg166304#msg166304 date=1173135138]and that is why skywing should release his ways. now there are at least 3 supporters[/quote]

Don't take what I said the wrong way. I'm not on your side, and I don't think that Skywing should do anything. If he wants to release stuff, so be it. I was just stating my opinion regarding the protocol, itself.
March 5, 2007, 11:32 PM
Ante
I see.
March 6, 2007, 12:07 AM
UserLoser
[quote author=brew link=topic=16403.msg166297#msg166297 date=1173133751]
It would indeed be a good idea to release the checkrevision. When Warcraft III was first released by Blizzard, Skywing solved the auth system for that, too. And he kept it a secret. It was just that other people solved it. To this day, skywing has NOT released his warcraft 3 functions. Yet the ability to logon warcraft 3 seems to be widely avalible without using bnls! Wait: So if Warcraft 3's logon system hasn't been changed, and it (along with diablo 2) are the only two clients with Warden client built in, then how come they haven't been switched to using lockdown, too!? Wait a minute! What's going on. Oh yeah, common sense. It says that releasing the checkrevision functions would do nothing but BENIFIT the battle.net community as a whole. And so what, if there's massloaders. They're not changing anything. Battle.net, up until the day of the new mpq names, have not done anything to the logon system! How come blizzard let them exist for so long? Might it be because they weren't worth it? Or perhaps because Blizzard's dev team was inexperienced, and wouldn't know where to start with making a lockdown system as sophisticated and complex as the current checkrevision until now? Hrmm.
[/quote]

Starcraft, as well as World of Warcraft have the Warden built in.  To my knowledge, the Starcraft one isn't active and anti-hack only is available through forced extra work libraries

[quote author=[RealityRipple] link=topic=16403.msg166307#msg166307 date=1173136048]
They've changed the DLLs easily before, they can do it again just as easily. What we need is not temporary fixes, but a reliable way to mimic the client, and update as it updates. I believe Blake and UL were discussing an idea I've also had, which is to make a memory save (store the memory values in some format or other) of the client for each new update, download and run the CheckRevision DLLs so that they perform the functions on the saved memory instead of real memory, and get the result that way. It's a bit complicated, but once you get a system done to save the memory well, and develop a DLL or something of the sort to run CheckRevision this way, we shouldn't have problems with future changes.
[/quote]

? ? ? ?
March 6, 2007, 12:20 AM
BreW
[quote author=[RealityRipple] link=topic=16403.msg166307#msg166307 date=1173136048]
They've changed the DLLs easily before, they can do it again just as easily. What we need is not temporary fixes, but a reliable way to mimic the client, and update as it updates. I believe Blake and UL were discussing an idea I've also had, which is to make a memory save (store the memory values in some format or other) of the client for each new update, download and run the CheckRevision DLLs so that they perform the functions on the saved memory instead of real memory, and get the result that way. It's a bit complicated, but once you get a system done to save the memory well, and develop a DLL or something of the sort to run CheckRevision this way, we shouldn't have problems with future changes.
[/quote]

What if the added dll changes a part of starcraft's memory which is taken into account during hashing? theoretically all they need to do is change the filetime, and gfg. gone. you have to make a new memory dump.
March 6, 2007, 12:26 AM
Barabajagal
If they change the file time, you change the file time. Besides, Lockdown supposedly only reads memory values from the locations of the three main hash files and the DirectX buffer.
March 6, 2007, 12:30 AM
BreW
[quote author=[RealityRipple] link=topic=16403.msg166314#msg166314 date=1173141029]
If they change the file time, you change the file time. Besides, Lockdown supposedly only reads memory values from the locations of the three main hash files and the DirectX buffer.
[/quote]

Where did you get that information from? I heard that it reads memory values from all over (a byte here, a byte there etc.) from WarZ who, has solved lockdown twice.
March 6, 2007, 12:51 AM
UserLoser
[quote author=[RealityRipple] link=topic=16403.msg166314#msg166314 date=1173141029]
If they change the file time, you change the file time. Besides, Lockdown supposedly only reads memory values from the locations of the three main hash files and the DirectX buffer.
[/quote]

Wrong.
March 6, 2007, 1:43 AM
MyStiCaL
[quote author=brew link=topic=16403.msg166316#msg166316 date=1173142286]
[quote author=[RealityRipple] link=topic=16403.msg166314#msg166314 date=1173141029]
If they change the file time, you change the file time. Besides, Lockdown supposedly only reads memory values from the locations of the three main hash files and the DirectX buffer.
[/quote]

Where did you get that information from? I heard that it reads memory values from all over (a byte here, a byte there etc.) from WarZ who, has solved lockdown twice.
[/quote]

Warz hasn't solved lockdown, his work is incomplelte.
March 6, 2007, 2:27 AM
dlStevens
He gave up on his work with lockdown due to lack of interest and no sense in continuing.
March 6, 2007, 2:42 AM
Barabajagal
I'm just relaying information. I said supposedly. I don't have any clue how it really works, my guess was a Broken SHA hash of certain sections of memory.

Side Note: I've re-released my DRTL and W2BN No-CD cracks that now work with lockdown. You can find them at http://realityripple.com/software/other . My attempts at making one for SC are temporarily on hold as I figure out how the hell to set memory permissions so I can actually edit SC's memory.

UL: Is my previous post (before the memory reading locations post) correct-ish?
March 6, 2007, 3:08 AM
BreW
[quote author=Crafty Craft Mc Pot link=topic=16403.msg166323#msg166323 date=1173148051]
[quote author=brew link=topic=16403.msg166316#msg166316 date=1173142286]
[quote author=[RealityRipple] link=topic=16403.msg166314#msg166314 date=1173141029]
If they change the file time, you change the file time. Besides, Lockdown supposedly only reads memory values from the locations of the three main hash files and the DirectX buffer.
[/quote]

Where did you get that information from? I heard that it reads memory values from all over (a byte here, a byte there etc.) from WarZ who, has solved lockdown twice.
[/quote]

Warz hasn't solved lockdown, his work is incomplelte.
[/quote]

He did solve it once, then his computer broke or something I forget the story But he ended up losing the work he did, then attempted to solve it again. and he lost intrest.
March 6, 2007, 8:36 PM
MyStiCaL
its not hard to remeber how u did somthing, he didn't get to that part he didn't solve it. other wise he'd know by mind exaclty what needs to be done then work with code later. =P
March 6, 2007, 9:37 PM
warz
Well, you're all wrong, sort of. The person closest to being correct is RealityRipple, in the sense that lockdown does hash data, selectively, ranging from the beginning to the end of the three main game files. Brew is also sort of correct, in the idea that it does skip data sections, somethings by a single byte, sometimes by an array of bytes, all the way to 1024 bytes (probably even larger gaps). Apparently brew thinks my computer broke? Nah. My computer is fine. I even still have access to all of my code, if I wanted it, but then again, so does everyone else. Crafty Mc Pot, you're right, the work I posted is incomplete - if you're talking about the conversion to C++. I posted a complete example of how to download, extract and call their checkrevision function out of a specific dll, and return a proper result. Although this method is not very practical, it seems people have over looked it while they look for a practical dll, ready for use. Crafty, you're also right about being able to remember things. I remember exactly how I did it, and could probably get back to where I was quick, hopefully even quicker. This is all by mind, mind you. I don't know what you mean by "getting to that part," or solving any certain part? It's probably better to look at this as a whole. Either you understand the new checkrevision, or you don't. For one, I understand it, which may be one reason why I feel that coding up a replacement isn't worth it, to me, considering I don't use bnet anymore. Like I've said a thousand times, I'd gladly help anyone that has questions, though. Hope this clears some things up.
March 6, 2007, 9:49 PM
JoeTheOdd
[quote author=Kyro link=topic=16403.msg166234#msg166234 date=1173060180]
Now the only move Blizzard needs to do is add another timer packet that'd be sent every say, 5 minutes to the game client requesting that it run a hash of game memory, and it'd disconnect the client after two minutes of lack of response, if the client failed to send a valid hash of game memory and got disconnected three times in a row, an ip-ban would occur.

This would drastically reduce the amount and efficiency of the hacks out there.
[/quote]

Nah. The hack can also hijack the sub that hashes the memory and hash a "known good" piece of memory, perhaps from a file. That way anyone who knows what they're doing can use a hack, and no idiots can. Let the people rejoyce, let the earth be glad, let the people of God sing his praise all over the land...
March 8, 2007, 7:08 AM
warz
[quote author=Joe[x86] link=topic=16403.msg166433#msg166433 date=1173337687]Nah. The hack can also hijack the sub that hashes the memory and hash a "known good" piece of memory, perhaps from a file. That way anyone who knows what they're doing can use a hack, and no idiots can. Let the people rejoyce, let the earth be glad, let the people of God sing his praise all over the land...[/quote]

This would have to be done after logging in, of course. Seeing as that this is the type of thing the new checkrevision is aimed at stopping. :P
March 8, 2007, 8:07 PM
JoeTheOdd
The hack could be applied before load and cause the call to LoadLibrary for the CheckRevision DLL to return the handle of your local hashing DLL. From there, if you have the same function declaration as the DLL itself, you're good to go and can spoof a non-hacked login.

Kludges, but they work.
March 8, 2007, 10:06 PM
BreW
[quote author=Joe[x86] link=topic=16403.msg166445#msg166445 date=1173391570]
The hack could be applied before load and cause the call to LoadLibrary for the CheckRevision DLL to return the handle of your local hashing DLL. From there, if you have the same function declaration as the DLL itself, you're good to go and can spoof a non-hacked login.

Kludges, but they work.
[/quote]
-.^? I don't really get what you mean.... and if it's that easy, why isn't there a solution for lockdown yet? Are you holding out on us.....!!
March 8, 2007, 10:43 PM
warz
[quote author=Joe[x86] link=topic=16403.msg166445#msg166445 date=1173391570]
The hack could be applied before load and cause the call to LoadLibrary for the CheckRevision DLL to return the handle of your local hashing DLL. From there, if you have the same function declaration as the DLL itself, you're good to go and can spoof a non-hacked login.

Kludges, but they work.
[/quote]

Well, this obviously assumes you've successfully created your own implementation of what checkrevision does.
March 9, 2007, 12:48 AM
UserLoser
Based on my experience, writing a work around for it is probably more work that reversing it
March 9, 2007, 1:28 AM
MyStiCaL
I wasn't thinkin but (Oblivion SC hack) can be loaded before login :P

when i first started writing my post i thought i had something to contribute then i forgot what im talkn about now oh well maybe later i can edit and remember.
March 9, 2007, 1:42 AM
BreW
Can you tell us who created this Oblivion hack? Will the creator share how he was able to accomplish this? Please do tell us, this would get us that much closer to solving lockdown.
March 9, 2007, 3:06 AM
MyStiCaL
warz knows, we post on the same fourms over there as well its a public hack create by Zynastor.
March 9, 2007, 4:06 AM
l2k-Shadow
[quote author=brew link=topic=16403.msg166461#msg166461 date=1173409563]
Can you tell us who created this Oblivion hack? Will the creator share how he was able to accomplish this? Please do tell us, this would get us that much closer to solving lockdown.
[/quote]

Based on the previous posts, wouldn't you be able to figure out your own solution? If it can get by lockdown, it obviously doesn't modify the game data that is worked with by lockdown, at least at the time of a version check request from the server.
March 9, 2007, 5:07 AM
JoeTheOdd
[quote author=♥ link=topic=16403.msg166452#msg166452 date=1173401308]
Well, this obviously assumes you've successfully created your own implementation of what checkrevision does.
[/quote]

I'm operating on what would happen if Skywing released the code for it.

[quote author=brew link=topic=16403.msg166446#msg166446 date=1173393800]
-.^? I don't really get what you mean.... and if it's that easy, why isn't there a solution for lockdown yet? Are you holding out on us.....!!
[/quote]

You don't understand it because you're a VB user, not a programmer. :P. It's easy once the setting this is for takes place, but Skywing hasn't, and won't (unless we've all overestimated his intelligence, which I know we haven't) release the code to run Lockdown (see above).

[quote author=UserLoser link=topic=16403.msg166455#msg166455 date=1173403725]
Based on my experience, writing a work around for it is probably more work that reversing it
[/quote]

As stated above, I was simply stating we should run our DLL instead of BnFtp's, which is already reversed and doesn't check for the hacks but instead hashes a legit memory image.

[quote author=Crafty Craft Mc Pot link=topic=16403.msg166456#msg166456 date=1173404533]
I wasn't thinkin but (Oblivion SC hack) can be loaded before login :P
[/quote]

That's impossible unless it uses an area lockdown doesn't touch, which, unless Blizzard forgot how they wrote their own program (known to happen in something as old as SC, example, Diablo 1 can't be patched anymore because Blizzard North left and nobody remembers how) will be uneffective at doing anything worth even hacking. Afterthought: -- It could also hook onto the Socket used by SC and notice when it sends C>S SID_AUTH_CHECK, and then inject it's code after it has passed. That way StarCraft doesn't notice it's being hacked unless it scans processes, because technically it isn't being hacked yet.

[quote author=Crafty Craft Mc Pot link=topic=16403.msg166456#msg166456 date=1173404533]
when i first started writing my post i thought i had something to contribute then i forgot what im talkn about now oh well maybe later i can edit and remember.
[/quote]

It's that point when you should close your browser, or choose another topic. :P

[quote author=brew link=topic=16403.msg166461#msg166461 date=1173409563]
Can you tell us who created this Oblivion hack? Will the creator share how he was able to accomplish this? Please do tell us, this would get us that much closer to solving lockdown.
[/quote]

Disassembling a hack will get us nowhere in passing lockdown, as it would have been ridiculously impracticle to implement lockdown into his hack when he could use an above method. If you want to reverse Lockdown yourself, head to the assembly board and ask for some resources on how to get started. You'll need to know how to find a function's start, what other functions it jumps to, how to know what variables it's passed and what types they are, what the functions that it calls return, and what it returns. Also, you'll need to learn C/C++ because I hope beyond all hope you aren't going to try running a lockdown implementation in native VB.
March 9, 2007, 5:35 AM
MyStiCaL
When lockdown is opened, my only goal is to get it implimented into BNCSutil.dll so i can start using it again. :)

I played around with the hack, I dunno it seems to work in each every way possible, I can unload client, load it, disconnect switch servers, still always loaded.. :|
March 9, 2007, 8:04 AM
warz
No. It's almost entirely likely that this Oblivion hack simply hooks where CheckRevision is called.. once it reaches this point, it most likely removes all hooks, and memory patches and then somewhere down the line it knows when to reapply the hooks, and memory patches. I remember there being specific interest in local.dll, as it's not hashed by checkrevision, but is loaded into memory by sc, i believe, so it may have something to do with that. This is the general idea behind this method, though. It's only helpful to hack writers, though. Like I think I've said before, probably - it's easier to get around checkrevision than it is to implement it in your own way.
March 9, 2007, 8:04 AM
Barabajagal
In the long run, it'd be easier to write a way to emulate the game no matter what they do to checkrevision. Which is why there's BNLS.
March 9, 2007, 8:20 AM

Search