Valhalla Legends Forums Archive | Battle.net Bot Development | starcraft2 bots

AuthorMessageTime
aton
i guess starcraft2 will have warden, as starcraft1 has with the latest patch (the 0x5e packets). they replace they SID_PING packets (0x25) almost completely, although not 100%.

these packets have to be answered correctly, otherwise you will be disconnected after about 2 minutes.

i found a way to get my bot online, but just through a trick. i cannot calculate the warden responses.
has anyone reversed the routines and could give an outline in a high level language?

thanks and greetings,

aton
June 26, 2007, 6:01 AM
FrostWraith
You logged onto the starcraft 2 server?
June 26, 2007, 6:15 AM
aton
no i didnt(is there one?), but just noticed the other post about 0x5e warden packets...
June 26, 2007, 6:48 AM
UserLoser
[quote author=aton link=topic=16820.msg170460#msg170460 date=1182837671]
i guess starcraft2 will have warden, as starcraft1 has with the latest patch (the 0x5e packets). they replace they SID_PING packets (0x25) almost completely, although not 100%.

these packets have to be answered correctly, otherwise you will be disconnected after about 2 minutes.

i found a way to get my bot online, but just through a trick. i cannot calculate the warden responses.
has anyone reversed the routines and could give an outline in a high level language?

thanks and greetings,

aton
[/quote]

what do you mean by replacing the ping msg?
June 26, 2007, 7:32 AM
aton
as you might have noticed, before warden was activated SID_PING (0x25) requests were sent pretty often, but now they are very rare. I think they reduced them (to some special situations) because warden does the keepalive checking anyways.
June 26, 2007, 12:57 PM
ProjecT
0x5E is called after loging into battle.net with an account,
so i guess 0x25 will be still there since you can stay before logon phase where you send 0x3D for creating accounts or change password packet.
June 26, 2007, 5:20 PM
devcode
I've looked at the dissasembly of the routines generating the bytes in the 0x5E packet off and on, and I'm slowly getting there but I'm not too focused on this project, cause you know, playin starcraft beats debugging :). Basic gist of what I see happening is a some sort of hash array being used and the input is being xored with certain elements in the hash array. I can't fully explain what's going on, it's kinda difficult but we'll see how it goes as time passes ;)
June 27, 2007, 2:35 AM
aton
as i understood, warden is capable of and does download binary code from blizzard and executes this code to do checks on the starcraft process itself and other processes. if thats the case, then this cannot possibly be tricked. even if the mighty bot would receive the binary code, execute it etc, it would not have the starcraft process to do checksums (the checksum'ed ranges might differ each minute).
so i guess warden means: log on only with starcraft.exe ?
June 27, 2007, 11:12 AM
warz
It might help to understand how Warden works before trying to trick it. Warden cannot be prevented.
June 27, 2007, 12:59 PM
Quarantine
To even begin to consider if it can be prevented or countered you need to do an in depth analysis of what exactly warden does line by line at the code level.

From a first look, it seems to look solid. Don't expect this to hold true once you start fully looking at it's innerworkings. It should then be possible to find a flaw in the implementation, and leverage that to your will.

Just how much leveraging and exploiting you can do remains to be seen, this will all change as Warden starts to get the eye of more and more reverse engineers. Same thing happened with Lockdown, same thing will happen here.
June 27, 2007, 4:44 PM
Denial
This topic should be split since everything except the beginning of the first topic is about starcraft and battle.net in general nothing else of it has to do with starcraft 2 bots. Infact starcraft 2 bots shouldn't even need to be discussed since there will be major changes to battle.net before starcraft 2 is made available on battle.net anyway.
June 27, 2007, 5:12 PM
moh.vze.com
[quote author=Denial link=topic=16820.msg170508#msg170508 date=1182964360]
This topic should be split since everything except the beginning of the first topic is about starcraft and battle.net in general nothing else of it has to do with starcraft 2 bots. Infact starcraft 2 bots shouldn't even need to be discussed since there will be major changes to battle.net before starcraft 2 is made available on battle.net anyway.
[/quote]

I agree.
June 28, 2007, 11:33 PM
aton
well what can we expect for starcraft2 bots?
bncs will be the same? or pretty much i guess.
for the game it will be tcp, the ladder games running over server connections (wc3 style) and the open games peer to peer, but tcp too, right?

July 1, 2007, 11:50 AM
Quarantine
[quote author=aton link=topic=16820.msg170616#msg170616 date=1183290635]
well what can we expect for starcraft2 bots?
bncs will be the same? or pretty much i guess.
for the game it will be tcp, the ladder games running over server connections (wc3 style) and the open games peer to peer, but tcp too, right?


[/quote]

Anything anyone says at this point is a stab in the dark.
July 1, 2007, 2:44 PM
Denial
From what has been going on i believe they plan to revamp battle.net. So anything is possible at the moment.
July 1, 2007, 7:49 PM
DDA-TriCk-E
No doubt there will be a better version of Warden on StarCraft 2 as well :'(
July 2, 2007, 1:20 AM
BreW
[quote author=Chriso link=topic=16820.msg170623#msg170623 date=1183339219]
No doubt there will be a better version of Warden on StarCraft 2 as well :'(
[/quote]
Uh, how is that even possible? I don't really see how they can improve on warden. They can change the way they check for any kinds of hacks at absolutely any time.
July 2, 2007, 1:47 AM
dlStevens
Always room for improvements.
July 2, 2007, 1:49 AM
DDA-TriCk-E
[quote author=brew link=topic=16820.msg170624#msg170624 date=1183340826]
[quote author=Chriso link=topic=16820.msg170623#msg170623 date=1183339219]
No doubt there will be a better version of Warden on StarCraft 2 as well :'(
[/quote]
Uh, how is that even possible? I don't really see how they can improve on warden. They can change the way they check for any kinds of hacks at absolutely any time.
[/quote]
Perhaps by running it sooner? or more often...
Doesn't warden only check for hacks when you login? Technically, couldn't a hack be run after warden is responded to?
July 2, 2007, 5:23 AM
squeegee
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░
░░░░░░░░░░░░░░░░░██████░░░░██████░░░░░░░░░░░░░░░░
░░░░░░░░░░░░░░░░░░░░░██░░░░██░░░░░░░░░░░░░░░░░░░░
░░░░░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒░░░░░░░░
░░░░░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒░░░░░░░░
░░░░░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒░░░░██░░
░░░░░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒░░░░██░░
░░░░░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒░░██░░░░
░░░░░░░░░░▒▒▒▒▒▒▒▒▒▒██████████▒▒▒▒▒▒▒▒▒▒▒██░░░░░░
░░████████▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒░░░░░░░░░░
░░██░░░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒░░░░░░░░░░
░░██░░░░░░░░▒██▒▒▒████▒▒▒▒▒████▒▒▒██▒▒▒░░░░░░░░░░
░░██░░░░░░░░▒▒▒██▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒██▒▒▒▒▒░░░░░░░░░░
░████░░░░░░░▒▒▒▒▒██▒▒▒▒▒▒▒▒▒▒▒██▒▒▒▒▒▒▒▒░░░░░░░░░
░░▌▐░░░░░░░░▒▒▒▒▒▒▒██▒▒▒▒▒▒▒██▒▒▒▒▒▒▒▒▒▒░░░░░░░░░
░░▌▐░░░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒░░░░░░░░░
░░░░░░░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒░░░░░░░░░
░░░░░░░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒░░▒▒▒▒▒▒▒▒░░░░░░░░░░░░░░░
░░░░░░░░░░░░▒▒▒▒▒▒░░░░░░░░▒▒▒▒▒▒▒▒░░░░░░░░░░░░░░░
░░░░░░░░░░░░▒▒▒▒▒▒░░░░░░░░▒▒▒▒▒▒▒▒░░░░░░░░░░░░░░░
░░░░░░░░░░░░▒▒▒▒▒▒░░░░░░░░░░▒▒▒▒▒▒░░░░░░░░░░░░░░░
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░
July 2, 2007, 5:49 AM
l2k-Shadow
[quote author=Chriso link=topic=16820.msg170627#msg170627 date=1183353815]
[quote author=brew link=topic=16820.msg170624#msg170624 date=1183340826]
[quote author=Chriso link=topic=16820.msg170623#msg170623 date=1183339219]
No doubt there will be a better version of Warden on StarCraft 2 as well :'(
[/quote]
Uh, how is that even possible? I don't really see how they can improve on warden. They can change the way they check for any kinds of hacks at absolutely any time.
[/quote]
Perhaps by running it sooner? or more often...
Doesn't warden only check for hacks when you login? Technically, couldn't a hack be run after warden is responded to?
[/quote]

warden performs a check every 5 seconds.
July 2, 2007, 7:14 AM
DDA-TriCk-E
I only ever receive one, unless they changed it?
July 2, 2007, 7:42 AM
BreW
[quote author=Chriso link=topic=16820.msg170630#msg170630 date=1183362153]
I only ever receive one, unless they changed it?
[/quote]
Are you responding correctly to the first packet? we're talking about what it does in starcraft, the actual game. After the first response (a single byte) a file is sent by battle.net, via BNCS protocol. Then after that, every 10 seconds or so another 0x5E packet is sent to you by battle.net. OK?
July 2, 2007, 4:44 PM
DDA-TriCk-E
[quote author=brew link=topic=16820.msg170634#msg170634 date=1183394668]
[quote author=Chriso link=topic=16820.msg170630#msg170630 date=1183362153]
I only ever receive one, unless they changed it?
[/quote]
Are you responding correctly to the first packet? we're talking about what it does in starcraft, the actual game. After the first response (a single byte) a file is sent by battle.net, via BNCS protocol. Then after that, every 10 seconds or so another 0x5E packet is sent to you by battle.net. OK?
[/quote]

Oh okay I was unaware of that, that is kinda hard to work around then lol ;\
July 3, 2007, 2:38 PM

Search